diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 9ee61b0ad6..ef3741bb12 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -227,7 +227,12 @@
},
{
"source_path": "windows/manage/set-up-a-device-for-anyone-to-use.md",
-"redirect_url": "/windows/configuration/set-up-a-device-for-anyone-to-use",
+"redirect_url": "/windows/configuration/kiosk-shared-pc",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/configuration/set-up-a-device-for-anyone-to-use.md",
+"redirect_url": "/windows/configuration/kiosk-shared-pc",
"redirect_document_id": true
},
{
diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
index 91ea69d286..41b4b78342 100644
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@@ -114,6 +114,7 @@ Use this procedure if you use Exchange on-prem.
Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-prem](#skype-for-business-on-prem), or [Skype for Business hybrid](#skype-for-business-hybrid).
+
### Skype for Business Online
To enable Skype for Business online, your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). The following table explains which plans or additional services you need.
@@ -309,18 +310,10 @@ Use this procedure if you use Exchange online.
Next, you enable the device account with [Skype for Business Online](#sfb-online), [Skype for Business on-prem](#sfb-onprem), or [Skype for Business hybrid](#sfb-hybrid).
-
+
### Skype for Business Online
-In order to enable Skype for Business, your environment will need to meet the following prerequisites:
-
-- You'll need to have Lync Online (Plan 2) or higher in your O365 plan. The plan needs to support conferencing capability.
-
-- If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Lync Online (Plan 3).
-
-- Your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required).
-
-- Your Surface Hub account does require a Lync Online (Plan 2) or Lync Online (Plan 3) license, but it does not require an Exchange Online license.
+In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](#sfb-online).
1. Start by creating a remote PowerShell session to the Skype for Business online environment from a PC.
diff --git a/devices/surface-hub/images/mfa-options.png b/devices/surface-hub/images/mfa-options.png
index c91a2a5517..5bd3defd01 100644
Binary files a/devices/surface-hub/images/mfa-options.png and b/devices/surface-hub/images/mfa-options.png differ
diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
index 146dddaaa1..91423ffc82 100644
--- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
@@ -83,11 +83,8 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -PasswordNeverExpires $true
```
-7. Surface Hub requires a license for Skype for Business functionality.
- - Your Surface Hub account requires a Lync Online (Plan 2) or Lync Online (Plan 3) license, but it does not require an Exchange Online license.
- - You'll need to have Lync Online (Plan 2) or higher in your O365 plan. The plan needs to support conferencing capability.
- - If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Lync Online (Plan 3).
-
+7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online).
+
Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant.
Once you list out the SKUs, you can add a license using the `Set-MsolUserLicense` cmdlet. In this case, `$strLicense` is the SKU code that you see (for example, *contoso:STANDARDPACK*).
diff --git a/devices/surface-hub/surface-hub-authenticator-app.md b/devices/surface-hub/surface-hub-authenticator-app.md
index a501494419..d859d73c38 100644
--- a/devices/surface-hub/surface-hub-authenticator-app.md
+++ b/devices/surface-hub/surface-hub-authenticator-app.md
@@ -24,7 +24,7 @@ To let people in your organization sign in to Surface Hub with their phones and
- Make sure you have at minimum an Office 365 E3 subscription.
-- [Configure Multi-Factor Authentication](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication). Select **Allow users to create app passwords to sign in to non-browser apps**, and make sure **Notification through mobile app** is selected.
+- [Configure Multi-Factor Authentication](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication). Make sure **Notification through mobile app** is selected.
@@ -42,6 +42,8 @@ Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs tha
- The most recent version of the Microsoft Authenticator app from the appropriate app store
>[!NOTE]
+ >On iOS, the app version must be 5.4.0 or higher.
+ >
>The Microsoft Authenticator app on phones running a Windows operating system can't be used to sign in to Surface Hub.
- Passcode or screen lock on your device is enabled
@@ -53,11 +55,15 @@ Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs tha
>[!NOTE]
>If Company Portal is installed on your Android device, uninstall it before you set up Microsoft Authenticator. After you set up the app, you can reinstall Company Portal.
+>
+>If you have already set up Microsoft Authenticator on your phone and registered your device, go to the [sign-in instructions](#signin).
1. Add your work or school account to Microsoft Authenticator for Multi-Factor Authentication. You will need a QR code provided by your IT department. For help, see [Get started with the Microsoft Authenticator app](https://docs.microsoft.com/azure/multi-factor-authentication/end-user/microsoft-authenticator-app-how-to).
2. Go to **Settings** and register your device.
1. Return to the accounts page and choose **Enable phone sign-in** from the account dropdown menu.
+
+
## How to sign in to Surface Hub during a meeting
1. After you’ve set up a meeting, go to the Surface Hub and select **Sign in to see your meetings and files**.
diff --git a/education/get-started/TOC.md b/education/get-started/TOC.md
index 4d7123cb43..20de4cd93d 100644
--- a/education/get-started/TOC.md
+++ b/education/get-started/TOC.md
@@ -1,7 +1,6 @@
# [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
## [Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
## [Use School Data Sync to import student data](use-school-data-sync.md)
-## [Enable Microsoft Teams for your school](enable-microsoft-teams.md)
## [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
## [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
## [Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
diff --git a/education/get-started/configure-microsoft-store-for-education.md b/education/get-started/configure-microsoft-store-for-education.md
index 8b6ac1363e..0de78d8a9c 100644
--- a/education/get-started/configure-microsoft-store-for-education.md
+++ b/education/get-started/configure-microsoft-store-for-education.md
@@ -15,6 +15,10 @@ ms.date: 07/10/2017
# Configure Microsoft Store for Education
+> [!div class="step-by-step"]
+[<< Use School Data Sync to import student data](use-school-data-sync.md)
+[Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md)
+
You'll need to configure Microsoft Store for Education to accept the services agreement and make sure your Microsoft Store account is associated with Intune for Education.
You can watch the video to see how this is done, or follow the step-by-step guide.
@@ -58,7 +62,7 @@ Your Microsoft Store for Education account is now linked to Intune for Education
-->
> [!div class="step-by-step"]
-[<< Enable Microsoft Teams for your school](enable-microsoft-teams.md)
+[<< Use School Data Sync to import student data](use-school-data-sync.md)
[Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md)
diff --git a/education/get-started/finish-setup-and-other-tasks.md b/education/get-started/finish-setup-and-other-tasks.md
index df2fc44837..f7f99ded79 100644
--- a/education/get-started/finish-setup-and-other-tasks.md
+++ b/education/get-started/finish-setup-and-other-tasks.md
@@ -14,6 +14,10 @@ ms.date: 07/10/2017
---
# Finish Windows 10 device setup and other tasks
+
+> [!div class="step-by-step"]
+[<< Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
+
Once you've set up your Windows 10 education device, it's worth checking to verify the following:
> [!div class="checklist"]
@@ -70,6 +74,7 @@ You can follow the rest of the walkthrough to finish setup and complete other ta
> * Update group settings in Intune for Education
> * Configure Azure settings
> * Complete Office 365 for Education setup
+> * Enable Microsoft teams for your school
> * Add more users
> * Connect other devices, like BYOD devices, to your cloud infrastructure
@@ -136,6 +141,38 @@ Follow the steps in this section to ensure that settings for the each user follo
## Complete Office 365 for Education setup
Now that your basic cloud infrastructure is up and running, it's time to complete the rest of the Office 365 for Education setup. You can find detailed information about completing Office 365 setup, services and applications, troubleshooting, and more by reading the Office 365 admin documentation.
+## Enable Microsoft Teams for your school
+Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. Because it's built on Office 365, schools benefit from integration with their familiar Office apps and services. Your institution can use Microsoft Teams to create collaborative classrooms, connect in professional learning communities, and communicate with school staff all from a single experience in Office 365 for Education.
+
+To get started, IT administrators need to use the Office 365 Admin Center to enable Microsoft Teams for your school.
+
+**To enable Microsoft Teams for your school**
+
+1. Sign in to Office 365 with your work or school account.
+2. Click **Admin** to go to the Office 365 admin center.
+3. Go to **Settings > Services & add-ins**.
+4. On the **Services & add-ins** page, select **Microsoft Teams**.
+
+ **Figure 1** - Select Microsoft Teams from the list of services & add-ins
+
+ 
+
+5. On the Microsoft Teams settings screen, select the license that you want to configure, **Student** or **Faculty and Staff**. Select **Faculty and Staff**.
+
+ **Figure 2** - Select the license that you want to configure
+
+ 
+
+6. After you select the license type, set the toggle to turn on Microsoft Teams for your organization.
+
+ **Figure 3** - Turn on Microsoft Teams for your organization
+
+ 
+
+7. Click **Save**.
+
+You can find more info about how to control which users in your school can use Microsoft Teams, turn off group creation, configure tenant-level settings, and more by reading the *Guide for IT admins* getting started guide in the Meet Microsoft Teams page.
+
## Add more users
After your cloud infrastructure is set up and you have a device management strategy in place, you may need to add more users and you want the same policies to apply to these users. You can add new users to your tenant simply by adding them to the Office 365 groups. Adding new users to Office 365 groups automatically adds them to the corresponding groups in Intune for Education.
@@ -173,6 +210,10 @@ Adding a new device to your cloud-based tenant is easy. For new devices, you can
It may take several minutes before the new device shows up so check again later.
+
+> [!div class="step-by-step"]
+[<< Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
+
## Related topic
[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
diff --git a/education/get-started/get-started-with-microsoft-education.md b/education/get-started/get-started-with-microsoft-education.md
index 9d9e9b9a5a..51de907eef 100644
--- a/education/get-started/get-started-with-microsoft-education.md
+++ b/education/get-started/get-started-with-microsoft-education.md
@@ -10,7 +10,7 @@ ms.localizationpriority: high
ms.pagetype: edu
author: CelesteDG
ms.author: celested
-ms.date: 07/10/2017
+ms.date: 08/29/2017
---
# Get started: Deploy and manage a full cloud IT solution with Microsoft Education
@@ -43,21 +43,20 @@ With Microsoft Education, schools can:
Go to the Microsoft Education site to learn more. See How to buy to learn about pricing and purchasing options for schools, students, and teachers as well as academic pricing and offers for qualified K-12 and higher education institutions.
## What we're doing
-In this walkthrough, we'll show you the basics on how to:
-> [!div class="checklist"]
-> * Acquire an Office 365 for Education tenant, if you don't already have one
-> * Import school, student, teacher, and class data using School Data Sync (SDS)
-> * Deploy Microsoft Teams to enable groups and teams in your school to communicate and collaborate
-> * Manage apps and settings deployment with Intune for Education
-> * Acquire additional apps in Microsoft Store for Education
-> * Use the Set up School PCs app to quickly set up and provision your Windows 10 education devices
-> * Log in and use the devices
+The end-to-end process for deploying and managing a full cloud IT solution with Microsoft Education is outlined here. Depending on your [setup scenario](#setup-options), you may not need to implement all these steps.
-This diagram shows a high-level view of what we cover in this walkthrough. The numbers correspond to the sections in the walkthrough and roughly correspond to the flow of the overall process; but, note that not all sections in this walkthrough are shown in the diagram.
+Click the link to watch the video or follow the step-by-step guidance for each.
+
+1. [Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
+2. [Use School Data Sync to import student data](use-school-data-sync.md)
+3. [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
+4. [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
+5. [Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
+6. [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md)
**Figure 1** - Microsoft Education IT administrator workflow
-
+
## Prerequisites
Complete these tasks before you start the walkthrough:
@@ -130,19 +129,6 @@ Already have an Office 365 for Education verified tenant? Just sign in with your
3. Enter your Office 365 global admin credentials to apply the Intune for Education trial to your tenant.
4. If you don't already have Microsoft Teams deployed to your tenant, you can start with [Enable Microsoft Teams for your school](enable-microsoft-teams.md) and then follow the rest of the instructions in this walkthrough.
-## End-to-end process
-The end-to-end process for deploying and managing a full cloud IT solution with Microsoft Education is outlined here. Depending on scenario, you may not need to implement all these steps.
-
-Click the link to watch the video or follow the step-by-step guidance for each.
-
-1. [Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
-2. [Use School Data Sync to import student data](use-school-data-sync.md)
-3. [Enable Microsoft Teams for your school](enable-microsoft-teams.md)
-4. [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
-5. [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
-6. [Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
-7. [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md)
-
## Get more info
### Microsoft Education documentation and resources hub
diff --git a/education/get-started/images/MSES_Get_Started_IT_082917.png b/education/get-started/images/MSES_Get_Started_IT_082917.png
new file mode 100644
index 0000000000..5153524b43
Binary files /dev/null and b/education/get-started/images/MSES_Get_Started_IT_082917.png differ
diff --git a/education/get-started/set-up-office365-edu-tenant.md b/education/get-started/set-up-office365-edu-tenant.md
index 57a0a0a4ff..623b0c5e4e 100644
--- a/education/get-started/set-up-office365-edu-tenant.md
+++ b/education/get-started/set-up-office365-edu-tenant.md
@@ -15,6 +15,10 @@ ms.date: 07/10/2017
# Set up an Office 365 Education tenant
+> [!div class="step-by-step"]
+[<< Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
+[Use School Data Sync to import student data >>](use-school-data-sync.md)
+
Schools can use Office 365 to save time and be more productive. Built with powerful tools and accessible from any device, setting it up is the first step in getting your school to the cloud.
Don't have an Office 365 for Education verified tenant or just starting out? Follow these steps to set up an Office 365 for Education tenant. [Learn more about Office 365 for Education plans and pricing](https://products.office.com/en-us/academic/compare-office-365-education-plans).
diff --git a/education/get-started/set-up-windows-10-education-devices.md b/education/get-started/set-up-windows-10-education-devices.md
index d3f2f989b5..a77a9e2f89 100644
--- a/education/get-started/set-up-windows-10-education-devices.md
+++ b/education/get-started/set-up-windows-10-education-devices.md
@@ -15,6 +15,10 @@ ms.date: 07/10/2017
# Set up Windows 10 education devices
+> [!div class="step-by-step"]
+[<< Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
+[Finish setup and other tasks >>](finish-setup-and-other-tasks.md)
+
We recommend using the latest build of Windows 10, version 1703 on your education devices.
To set up new Windows 10 devices and enroll them to your education tenant, choose from one of these options and follow the link to watch the video or follow the step-by-step guide:
diff --git a/education/get-started/use-intune-for-education.md b/education/get-started/use-intune-for-education.md
index b2a9e67e9d..491a309866 100644
--- a/education/get-started/use-intune-for-education.md
+++ b/education/get-started/use-intune-for-education.md
@@ -15,6 +15,10 @@ ms.date: 07/10/2017
# Use Intune for Education to manage groups, apps, and settings
+> [!div class="step-by-step"]
+[<< Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
+[Set up Windows 10 education devices >>](set-up-windows-10-education-devices.md)
+
Intune for Education is a streamlined device management solution for educational institutions that can be used to quickly set up and manage Windows 10 devices for your school. It provides a new streamlined UI with the enterprise readiness and resiliency of the Intune service. You can learn more about Intune for Education by reading the Intune for Education documentation.
## Example - Set up Intune for Education, buy apps from the Store, and install the apps
diff --git a/education/get-started/use-school-data-sync.md b/education/get-started/use-school-data-sync.md
index 6c9b89cb9d..6065f9dfd0 100644
--- a/education/get-started/use-school-data-sync.md
+++ b/education/get-started/use-school-data-sync.md
@@ -15,6 +15,10 @@ ms.date: 07/10/2017
# Use School Data Sync to import student data
+> [!div class="step-by-step"]
+[<< Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
+[Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md)
+
School Data Sync (SDS) helps you import Student Information System (SIS) data into Office 365. It helps automate the process for importing and integrating SIS data that you can use with Office 365 and apps like OneNote Class Notebooks.
Follow all the steps in this section to use SDS and sample CSV files in a trial environment. To use SDS in a production environment, see step 2 in [Try out Microsoft Education in a production environment](https://docs.microsoft.com/en-us/education/get-started/get-started-with-microsoft-education#setup-options) instead.
@@ -177,7 +181,7 @@ That's it for importing sample school data using SDS.
> [!div class="step-by-step"]
[<< Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
-[Enable Microsoft Teams for your school >>](enable-microsoft-teams.md)
+[Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md)
## Related topic
[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md
index c7c048afcb..b4457fe264 100644
--- a/education/windows/configure-windows-for-education.md
+++ b/education/windows/configure-windows-for-education.md
@@ -26,7 +26,7 @@ In Windows 10, version 1703 (Creators Update), it is straightforward to configur
| Area | How to configure | What this does | Windows 10 Education | Windows 10 Pro Education | Windows 10 S |
| --- | --- | --- | --- | --- | --- |
-| **Diagnostic Data** | **SetEduPolicies** | Sets Diagnostic Data to [Basic](https://technet.microsoft.com/itpro/windows/configure/configure-windows-telemetry-in-your-organization) | This is already set | This is already set | The policy must be set |
+| **Diagnostic Data** | **AllowTelemetry** | Sets Diagnostic Data to [Basic](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization) | This is already set | This is already set | The policy must be set |
| **Microsoft consumer experiences** | **SetEduPolicies** | Disables suggested content from Windows such as app recommendations | This is already set | This is already set | The policy must be set |
| **Cortana** | **AllowCortana** | Disables Cortana * Cortana is enabled by default on all editions in Windows 10, version 1703 | If using Windows 10 Education, upgrading from Windows 10, version 1607 to Windows 10, version 1703 will enable Cortana. See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | If using Windows 10 Pro Education, upgrading from Windows 10, version 1607 to Windows 10, version 1703 will enable Cortana. See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. |
| **Safe search** | **SetEduPolicies** | Locks Bing safe search to Strict in Microsoft Edge | This is already set | This is already set | The policy must be set |
diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md
index f84864aaaf..087af433c9 100644
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.localizationpriority: high
author: CelesteDG
ms.author: celested
-ms.date: 08/07/2017
+ms.date: 08/30/2017
---
# Test Windows 10 S on existing Windows 10 education devices
@@ -77,32 +77,22 @@ Make sure all drivers are installed and working properly on your device running
Check with your device manufacturer before trying Windows 10 S on your device to see if the drivers are available and supported by the device manufacturer.
-
-
-| | | |
-| - | - | - |
-| Acer | American Future Tech | Asus |
-| Atec | Axdia | Casper |
-| Cyberpower | Daewoo | Daten |
-| Fujitsu | Global K | HP |
+| Acer | Alldocube | American Future Tech |
+| ASBISC | Asus | Atec |
+| Axdia | Casper | Cyberpower |
+| Daewoo | Daten | Dell |
+| Epson | EXO | Fujitsu |
+| Getac | Global K | HP |
+| Huawei | iNET | Intel |
| LANIT Trading | Lenovo | LG |
-| MCJ | Micro P/Exertis | Microsoft |
-| MSI | Panasonic | Positivo SA |
-| Positivo da Bahia | Samsung | Tongfang |
+| MCJ | Micro P/Exertis | Microsoft |
+| MSI | Panasonic | PC Arts |
+| Positivo SA | Positivo da Bahia | Samsung |
+| Teclast | Thirdwave | Tongfang |
| Toshiba | Trekstor | Trigem |
-| Vaio | Wortmann |
+| Vaio | Wortmann | Yifang |
> [!NOTE]
@@ -228,7 +218,7 @@ Common support questions for the Windows 10 S test program:
* **What if I want to move from Windows 10 S to Windows 10 Pro?**
- If you want to discontinue using Windows 10 S, follow the instructions to return to your previous installation of Windows 10. If you already had Windows 10 Pro or Windows 10 Pro Education on the device you are testing on, you should be able to move to Windows 10 Pro or Windows 10 Pro Education at no charge with the instructions in this document. Otherwise, ther emay be a cost to acquire a Windows 10 Pro license in the Store.
+ If you want to discontinue using Windows 10 S, follow the instructions to return to your previous installation of Windows 10. If you already had Windows 10 Pro or Windows 10 Pro Education on the device you are testing on, you should be able to move to Windows 10 Pro or Windows 10 Pro Education at no charge with the instructions in this document. Otherwise, there may be a cost to acquire a Windows 10 Pro license in the Store.
For help with activation issues, click on the appropriate link below for support options.
* For Volume Licensing Agreement or Shape the Future program customers, go to the [Microsoft Commercial Support](https://support.microsoft.com/gp/commercialsupport) website and select the country/region in which you are seeking commercial support to contact our commercial support team.
diff --git a/windows/access-protection/credential-guard/credential-guard-considerations.md b/windows/access-protection/credential-guard/credential-guard-considerations.md
index 185eecd968..6b15f98feb 100644
--- a/windows/access-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/access-protection/credential-guard/credential-guard-considerations.md
@@ -18,23 +18,77 @@ author: brianlic-msft
Prefer video? See [Credentials Protected by Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474)
in the **Deep Dive into Windows Defender Credential Guard** video series.
-- Passwords are still weak so we recommend that your organization deploy Windows Defender Credential Guard and move away from passwords and to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business.
-- Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Windows Defender Credential Guard because it does not allow third-party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested against Windows Defender Credential Guard to ensure that the SSPs and APs do not depend on any undocumented or unsupported behaviors. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. You should not replace the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](http://msdn.microsoft.com/library/windows/desktop/dn865014.aspx) on MSDN.
-- As the depth and breadth of protections provided by Windows Defender Credential Guard are increased, subsequent releases of Windows 10 with Windows Defender Credential Guard running may impact scenarios that were working in the past. For example, Windows Defender Credential Guard may block the use of a particular type of credential or a particular component to prevent malware from taking advantage of vulnerabilities. Therefore, we recommend that scenarios required for operations in an organization are tested before upgrading a device that has Windows Defender Credential Guard running.
-
-- Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Windows Defender Credential Guard. Credential Manager allows you to store credentials, such as user names and passwords that you use to log on to websites or other computers on a network. The following considerations apply to the Windows Defender Credential Guard protections for Credential Manager:
- - Credentials saved by Remote Desktop Services cannot be used to remotely connect to another machine without supplying the password. Attempts to use saved credentials will fail, displaying the error message "Logon attempt failed".
- - Applications that extract derived domain credentials from Credential Manager will no longer be able to use those credentials.
- - You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Windows Defender Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Windows Defender Credential Guard. Otherwise, you won't be able to restore those credentials.
- - Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, are not supported.
+Passwords are still weak. We recommend that in addition to deploying Windows Defender Credential Guard, organizations move away from passwords to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business.
+
+Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, are not supported.
## Wi-fi and VPN Considerations
-When you enable Windows Defender Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS.
-
+When you enable Windows Defender Credential Guard, you can no longer use NTLM classic deployment model authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS.
## Kerberos Considerations
-When you enable Windows Defender Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead.
+When you enable Windows Defender Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. Use constrained or resource-based Kerberos delegation instead.
+
+## 3rd Party Security Support Providers Considerations
+Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Windows Defender Credential Guard because it does not allow third-party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested with Windows Defender Credential Guard. SSPs and APs that depend on any undocumented or unsupported behaviors fail. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. Replacing the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](http://msdn.microsoft.com/library/windows/desktop/dn865014.aspx) on MSDN.
+
+## Upgrade Considerations
+As the depth and breadth of protections provided by Windows Defender Credential Guard are increased, subsequent releases of Windows 10 with Windows Defender Credential Guard running may impact scenarios that were working in the past. For example, Windows Defender Credential Guard may block the use of a particular type of credential or a particular component to prevent malware from taking advantage of vulnerabilities. Test scenarios required for operations in an organization before upgrading a device using Windows Defender Credential Guard.
+
+### Saved Windows Credentials Protected
+
+Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Windows Defender Credential Guard. Credential Manager allows you to store three types of credentials: Windows credentials, certificate-based credentials, and generic credentials. Generic credentials such as user names and passwords that you use to log on to websites are not protected since the applications require your cleartext password. If the application does not need a copy of the password, they can save domain credentials as Windows credentials that are protected. Windows credentials are used to connect to other computers on a network. The following considerations apply to the Windows Defender Credential Guard protections for Credential Manager:
+ - Windows credentials saved by Remote Desktop Client cannot be sent to a remote host. Attempts to use saved Windows credentials fail, displaying the error message "Logon attempt failed."
+ - Applications that extract Windows credentials fail.
+ - When credentials are backed up from a PC that has Windows Defender Credential Guard enabled, the Windows credentials cannot be restored. If you need to back up your credentials, you must do this before you enable Windows Defender Credential Guard. Otherwise, you cannot restore those credentials.
+
+## Clearing TPM Considerations
+Virtualization-based Security (VBS) uses the TPM to protect its key. So when the TPM is cleared then the TPM protected key used to encrypt VBS secrets is lost.
+
+>[!WARNING]
+> Clearing the TPM results in loss of protected data for all features that use VBS to protect data.
+> When a TPM is cleared ALL features, which use VBS to protect data can no longer decrypt their protected data.
+
+As a result Credential Guard can no longer decrypt protected data. VBS creates a new TPM protected key for Credential Guard. Credential Guard uses the new key to protect new data. However, the previously protected data is lost forever.
+
+>[!NOTE]
+> Credential Guard obtains the key during initialization. So the data loss will only impact persistent data and occur after the next system startup.
+
+### Windows credentials saved to Credential Manager
+Since Credential Manager cannot decrypt saved Windows Credentials, they are deleted. Applications should prompt for credentials that were previously saved. If saved again, then Windows credentials are protected Credential Guard.
+
+### Domain-joined device’s automatically provisioned public key
+Beginning with Windows 10 and Windows Server 2016, domain-devices automatically provision a bound public key, for more information about automatic public key provisioning, see [Domain-joined Device Public Key Authentication](https://docs.microsoft.com/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
+
+Since Credential Guard cannot decrypt the protected private key, Windows uses the domain-joined computer's password for authentication to the domain. Unless additional policies are deployed, there should not be a loss of functionality. If a device is configured to only use public key, then it cannot authenticate with password until that policy disabled. For more information on Configuring device to only use public key, see [Domain-joined Device Public Key Authentication](https://docs.microsoft.com/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
+
+Also if any access control checks including authentication policies require devices to have either the KEY TRUST IDENTITY (S-1-18-4) or FRESH PUBLIC KEY IDENTITY (S-1-18-3) well-known SIDs, then those access checks fail. For more information about authentication policies, see [Authentication Policies and Authentication Policy Silos](https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos). For more information about well-known SIDs, see [[MS-DTYP] Section 2.4.2.4 Well-known SID Structures](https://msdn.microsoft.com/en-us/library/cc980032.aspx).
+
+### Breaking DPAPI on domain-joined devices
+On domain-joined devices, DPAPI can recover user keys using a domain controller from the user's domain. If a domain-joined device has no connectivity to a domain controller, then recovery is not possible.
+
+>[!IMPORTANT]
+> Best practice when clearing a TPM on a domain-joined device is to be on a network with connectivity to domain controllers. This ensures DPAPI functions and the user does not experience strange behavior.
+Auto VPN configuration is protected with user DPAPI. User may not be able to use VPN to connect to domain controllers since the VPN configurations are lost.
+
+If you must clear the TPM on a domain-joined device without connectivity to domain controllers, then you should consider the following.
+
+Domain user sign-in on a domain-joined device after clearing a TPM for as long as there is no connectivity to a domain controller:
+
+|Credential Type | Windows 10 version | Behavior
+|---|---|---|
+| Certificate (smart card or Windows Hello for Business) | All | All data protected with user DPAPI is unusable and user DPAPI does not work at all. |
+| Password | Windows 10 v1709 or later | If the user signed-in with a certificate or password prior to clearing the TPM, then they can sign-in with password and user DPAPI is unaffected.
+| Password | Windows 10 v1703 | If the user signed-in with a password prior to clearing the TPM, then they can sign-in with that password and are unaffected.
+| Password | Windows 10 v1607 or earlier | Existing user DPAPI protected data is unusable. User DPAPI is able to protect new data.
+
+Once the device has connectivity to the domain controllers, DPAPI recovers the user's key and data protected prior to clearing the TPM can be decrypted.
+
+#### Impact of DPAPI failures on Windows Information Protection
+When data protected with user DPAPI is unusable, then the user loses access to all work data protected by Windows Information Protection. The impact includes: Outlook 2016 is unable to start and work protected documents cannot be opened. If DPAPI is working, then newly created work data is protected and can be accessed.
+
+**Workaround:** Users can resolve the problem by connecting their device to the domain and rebooting or using their Encrypting File System Data Recovery Agent certificate. For more information about Encrypting File System Data Recovery Agent certificate, see [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate).
+
## See also
diff --git a/windows/access-protection/images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png b/windows/access-protection/images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png
new file mode 100644
index 0000000000..f7767ac5f0
Binary files /dev/null and b/windows/access-protection/images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png differ
diff --git a/windows/access-protection/images/windows-defender-remote-credential-guard-with-remote-admin-mode.png b/windows/access-protection/images/windows-defender-remote-credential-guard-with-remote-admin-mode.png
new file mode 100644
index 0000000000..56021d820e
Binary files /dev/null and b/windows/access-protection/images/windows-defender-remote-credential-guard-with-remote-admin-mode.png differ
diff --git a/windows/access-protection/remote-credential-guard.md b/windows/access-protection/remote-credential-guard.md
index f57a685f07..c4498dd47b 100644
--- a/windows/access-protection/remote-credential-guard.md
+++ b/windows/access-protection/remote-credential-guard.md
@@ -13,62 +13,108 @@ author: brianlic-msft
- Windows 10
- Windows Server 2016
-Introduced in Windows 10, version 1607, Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. It also provides single sign on experiences for Remote Desktop sessions. If the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never sent to the target device.
+Introduced in Windows 10, version 1607, Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting Kerberos requests back to the device that's requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions.
-You can use Remote Credential Guard in the following ways:
+Administrator credentials are highly privileged and must be protected. By using Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, if the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never passed over the network to the target device.
-- Administrator credentials are highly privileged and must be protected. By using Remote Credential Guard to connect, you can be assured that your credentials are not passed over the network to the target device.
+> [!IMPORTANT]
+> For information on Remote Desktop connection scenarios involving helpdesk support, see [Remote Desktop connections and helpdesk support scenarios](#helpdesk) in this article.
-- Helpdesk employees in your organization must connect to domain-joined devices that could be compromised. With Windows Defender Remote Credential Guard, the helpdesk employee can use RDP to connect to the target device without compromising their credentials to malware.
-
-## Comparing Windows Defender Remote Credential Guard with a server protected with Credential Guard
-
-Use the following diagrams to help understand how Windows Defender Remote Credential Guard works, what it helps protect against, and how it compares with using a server protected with Credential Guard. As the diagram shows, Windows Defender Remote Credential Guard blocks NTLM (allowing only Kerberos), prevents Pass the Hash, and prevents usage of a credential after disconnection.
-
-
+
## Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options
-Use the following table to compare different security options for Remote Desktop connections.
+The following diagram helps you to understand how a standard Remote Desktop session to a server without Windows Defender Remote Credential Guard works:
-> [!NOTE]
-> This table compares different options than are shown in the previous diagram.
+
-| Remote Desktop | Windows Defender Remote Credential Guard | Restricted Admin mode |
-|---|---|---|
-| Protection: Provides **less protection** than other modes in this table. | Protection: Provides **moderate protection**, compared to other modes in this table. | Protection: Provides **the most protection** of the modes in this table. However, it also requires you to be in the local “Administrators” group on the remote computer. |
-| Version support: The remote computer can be running **any operating system that supports credential delegation**, which was introduced in Windows Vista. | Version support: The remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**. | Version support: The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**.
For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](https://technet.microsoft.com/library/security/2871997.aspx). |
-| NA | Helps prevent:
- **Pass the Hash** - Usage of a **credential after disconnection** | Prevents:
- **Pass the Hash** - Usage of **domain identity during connection** |
-| Credentials supported from the remote desktop client device:
- **Signed on** credentials - **Supplied** credentials - **Saved** credentials | Credentials supported from the remote desktop client device:
- **Signed on** credentials only | Credentials supported from the remote desktop client device:
- **Signed on** credentials - **Supplied** credentials - **Saved** credentials |
-| Access: **Users allowed**, that is, members of remote desktop users group of remote host. | Access: **Users allowed**, that is, members of remote desktop users group of remote host. | Access: **Administrators only**, that is, only members in administrators group of remote host. |
-| Network identity: Remote desktop session **connects to other resources as signed on user**. | Network identity: Remote desktop session **connects to other resources as signed on user**. | Network identity: Remote desktop session **connects to other resources as remote host’s identity**. |
-| Multi-hop: From the remote desktop, you **can connect through Remote Desktop to another computer**. | Multi-hop: From the remote desktop, you **can connect through Remote Desktop to another computer**. | No multi-hop: From the remote desktop, you **cannot connect through Remote Desktop to another computer**. |
-| Supported authentication protocol: **Any negotiable protocol**. | Supported authentication protocol: **Kerberos only**. | Supported authentication protocol: **Any negotiable protocol**. |
+
-## Hardware and software requirements
+The following diagram helps you to understand how Windows Defender Remote Credential Guard works, what it helps to protect against, and compares it with the [Restricted Admin mode](http://social.technet.microsoft.com/wiki/contents/articles/32905.how-to-enable-restricted-admin-mode-for-remote-desktop.aspx) option:
-To use Windows Defender Remote Credential Guard, the Remote Desktop client and server must meet the following requirements:
+
-- In order to connect using credentials other than signed-in credentials, the Remote Desktop client device must be running at least Windows 10, version 1703.
+
+As illustrated, Windows Defender Remote Credential Guard blocks NTLM (allowing only Kerberos), prevents Pass-the-Hash (PtH) attacks, and also prevents use of credentials after disconnection.
+
+
+
+Use the following table to compare different Remote Desktop connection security options:
+
+
+
+
+|**Feature** | **Remote Desktop** | **Windows Defender Remote Credential Guard** | **Restricted Admin mode** |
+|---|---|---|---|
+| **Protection benefits** | Credentials on the server are not protected from Pass-the-Hash attacks. |User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing | User logs on to the server as local administrator, so an attacker cannot act on behalf of the “domain user”. Any attack is local to the server|
+| **Version support** | The remote computer can run any Windows operating system|Both the client and the remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**.|The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**.
For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](https://technet.microsoft.com/library/security/2871997.aspx).
+|**Helps prevent** | N/A |
Pass-the-Hash
Use of a credential after disconnection
|
Pass-the-Hash
Use of domain identity during connection
|
+|**Credentials supported from the remote desktop client device**|
**Signed on** credentials
**Supplied** credentials
**Saved** credentials
|
**Signed on** credentials only |
**Signed on** credentials
**Supplied** credentials
**Saved** credentials
+|**Access**|**Users allowed**, that is, members of Remote Desktop Users group of remote host.|**Users allowed**, that is, members of Remote Desktop Users of remote host.|**Administrators only**, that is, only members of Administrators group of remote host.
+|**Network identity**|Remote Desktop session **connects to other resources as signed-in user**. | Remote Desktop session **connects to other resources as signed-in user**. |Remote Desktop session **connects to other resources as remote host’s identity**.|
+|**Multi-hop**|From the remote desktop, **you can connect through Remote Desktop to another computer** | From the remote desktop, you **can connect through Remote Desktop to another computer**.|Not allowed for user as the session is running as a local host account|
+|**Supported authentication** |Any negotiable protocol.| Kerberos only.|Any negotiable protocol|
+
+
+For further technical information, see [Remote Desktop Protocol](https://msdn.microsoft.com/library/aa383015(v=vs.85).aspx)
+and [How Kerberos works](https://technet.microsoft.com/en-us/library/cc961963.aspx(d=robot))
+
+
+
+
+
+## Remote Desktop connections and helpdesk support scenarios
+
+For helpdesk support scenarios in which personnel require administrative access to provide remote assistance to computer users via Remote Desktop sessions, Microsoft recommends that Windows Defender Remote Credential Guard should not be used in that context. This is because if an RDP session is initiated to a compromised client that an attacker already controls, the attacker could use that open channel to create sessions on the user's behalf (without compromising credentials) to access any of the user’s resources for a limited time (a few hours) after the session disconnects.
+
+Therefore, we recommend instead that you use the Restricted Admin mode option. For helpdesk support scenarios, RDP connections should only be initiated using the /RestrictedAdmin switch. This helps ensure that credentials and other user resources are not exposed to compromised remote hosts. For more information, see [Mitigating Pass-the-Hash and Other Credential Theft v2](http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf).
+
+To further harden security, we also recommend that you implement Local Administrator Password Solution (LAPS), a Group Policy client-side extension (CSE) introduced in Windows 8.1 that automates local administrator password management. LAPS mitigates the risk of lateral escalation and other cyberattacks facilitated when customers use the same administrative local account and password combination on all their computers. You can download and install LAPS [here](https://www.microsoft.com/en-us/download/details.aspx?id=46899).
+
+For further information on LAPS, see [Microsoft Security Advisory 3062591](https://technet.microsoft.com/en-us/library/security/3062591.aspx).
+
+
+
+
+## Remote Credential Guard requirements
+
+To use Windows Defender Remote Credential Guard, the Remote Desktop client and remote host must meet the following requirements:
+
+The Remote Desktop client device:
+
+- Must be running at least Windows 10, version 1703 to be able to supply credentials.
+- Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user’s signed-in credentials. This requires the user’s account be able to sign in to both the client device and the remote host.
+- Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard.
+- Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk.
+
+The Remote Desktop remote host:
+
+- Must be running at least Windows 10, version 1607 or Windows Server 2016.
+- Must allow Restricted Admin connections.
+- Must allow the client’s domain user to access Remote Desktop connections.
+- Must allow delegation of non-exportable credentials.
+
+There are no hardware requirements for Windows Defender Remote Credential Guard.
> [!NOTE]
> Remote Desktop client devices running earlier versions, at minimum Windows 10 version 1607, only support signed-in credentials, so the client device must also be joined to an Active Directory domain. Both Remote Desktop client and server must either be joined to the same domain, or the Remote Desktop server can be joined to a domain that has a trust relationship to the client device's domain.
-- For Windows Defender Remote Credential Guard to be supported, the user must authenticate to the remote host using Kerberos authentication
+- For Windows Defender Remote Credential Guard to be supported, the user must authenticate to the remote host using Kerberos authentication.
- The remote host must be running at least Windows 10 version 1607, or Windows Server 2016.
- The Remote Desktop classic Windows app is required. The Remote Desktop Universal Windows Platform app doesn't support Windows Defender Remote Credential Guard.
## Enable Windows Defender Remote Credential Guard
-You must enable Windows Defender Remote Credential Guard on the target device by using the registry.
+You must enable Restricted Admin or Windows Defender Remote Credential Guard on the remote host by using the Registry.
-1. Open Registry Editor.
-2. Enable Windows Defender Remote Credential Guard:
+1. Open Registry Editor on the remote host.
+2. Enable Restricted Admin and Windows Defender Remote Credential Guard:
- Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa.
- - Add a new DWORD value named **DisableRestrictedAdmin**. Set the value of this registry setting to 0 to turn on Windows Defender Remote Credential Guard.
+ - Add a new DWORD value named **DisableRestrictedAdmin**.
+ - To turn on Restricted Admin and Windows Defender Remote Credential Guard, set the value of this registry setting to 0 to turn on Windows Defender Remote Credential Guard.
3. Close Registry Editor.
-You can add this by running the following from an elevated command prompt:
+You can add this by running the following command from an elevated command prompt:
```
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0 /t REG_DWORD
@@ -76,7 +122,7 @@ reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0
## Using Windows Defender Remote Credential Guard
-You can use Windows Defender Remote Credential Guard on the client device by setting a Group Policy or by using a parameter with Remote Desktop Connection.
+Beginning with Windows 10 version 1703, you can enable Windows Defender Remote Credential Guard on the client device either by using Group Policy or by using a parameter with the Remote Desktop Connection.
### Turn on Windows Defender Remote Credential Guard by using Group Policy
@@ -91,9 +137,9 @@ You can use Windows Defender Remote Credential Guard on the client device by set
> **Note:** Neither Windows Defender Remote Credential Guard nor Restricted Admin mode will send credentials in clear text to the Remote Desktop server.
- - If you want to require Windows Defender Remote Credential Guard, choose **Require Windows Defender Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [Hardware and software requirements](#hardware-and-software-requirements) listed earlier in this topic.
+ - If you want to require Windows Defender Remote Credential Guard, choose **Require Windows Defender Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [requirements](#reqs) listed earlier in this topic.
- - If you want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in [Comparing Windows Defender Remote Credential Guard with other options for Remote Desktop connections](#comparing-remote-credential-guard-with-other-options-for-remote-desktop-connections), earlier in this topic.
+ - If you want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in [Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options](#comparing-remote-credential-guard-with-other-remote-desktop-connection-options), earlier in this topic.
4. Click **OK**.
@@ -104,7 +150,7 @@ You can use Windows Defender Remote Credential Guard on the client device by set
### Use Windows Defender Remote Credential Guard with a parameter to Remote Desktop Connection
-If you don't use Group Policy in your organization, you can add the remoteGuard parameter when you start Remote Desktop Connection to turn on Windows Defender Remote Credential Guard for that connection.
+If you don't use Group Policy in your organization, or if not all your remote hosts support Remote Credential Guard, you can add the remoteGuard parameter when you start Remote Desktop Connection to turn on Windows Defender Remote Credential Guard for that connection.
```
mstsc.exe /remoteGuard
@@ -113,18 +159,12 @@ mstsc.exe /remoteGuard
## Considerations when using Windows Defender Remote Credential Guard
-- Windows Defender Remote Credential Guard does not include device claims. For example, if you’re trying to access a file server from the remote and the file server requires device claim, access will be denied.
+- Windows Defender Remote Credential Guard does not support compound authentication. For example, if you’re trying to access a file server from a remote host that requires a device claim, access will be denied.
-- Windows Defender Remote Credential Guard cannot be used to connect to a device that is joined to Azure Active Directory.
+- Windows Defender Remote Credential Guard cannot be used to connect to a device that is not domain-joined to Active Directory, for example, remote hosts joined to Azure Active Directory.
- Remote Desktop Credential Guard only works with the RDP protocol.
-- No credentials are sent to the target device, but the target device still acquires the Kerberos Service Tickets on its own.
-
-- Remote Desktop Gateway is not compatible with Windows Defender Remote Credential Guard.
-
-- You cannot use saved credentials or credentials that are different than yours. You must use the credentials of the user who is logged into the device.
-
-- Both the client and the server must be joined to the same domain or the domains must have a trust relationship.
+- No credentials are sent to the target device, but the target device still acquires Kerberos Service Tickets on its own.
- The server and client must authenticate using Kerberos.
\ No newline at end of file
diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
index d205a19291..aeea498de9 100644
--- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
@@ -634,7 +634,6 @@ Alert sample:
com.microsoft/MDM/AADUserToken
- chr
UserToken inserted here
@@ -664,7 +663,6 @@ Here's an example.
com.microsoft/MDM/LoginStatus
- chr
user
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 979c1f9105..6b49909e86 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/14/2017
+ms.date: 08/28/2017
---
# BitLocker CSP
@@ -211,6 +211,9 @@ The following diagram shows the BitLocker configuration service provider in tree
On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.
+> [!Note]
+> In Windows 10, version 1709, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.
+
If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.
If you disable or do not configure this setting, users can configure only basic options on computers with a TPM.
@@ -298,6 +301,11 @@ The following diagram shows the BitLocker configuration service provider in tree
This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.
+> [!Note]
+> In Windows 10, version 1709, you can use a minimum PIN length of 4 digits.
+>
+>In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2.
+
If you enable this setting, you can require a minimum number of digits to be used when setting the startup PIN.
If you disable or do not configure this setting, users can configure a startup PIN of any length between 6 and 20 digits.
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 45e1aa1d54..5eb786803f 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -150,32 +150,32 @@ The following diagram shows the DevDetail configuration service provider managem
> [!NOTE]
> This is not supported in Windows 10 for desktop editions.
-**VoLTEServiceSetting**
+**Ext/VoLTEServiceSetting**
Returns the VoLTE service to on or off. This is only exposed to mobile operator OMA-DM servers.
Supported operation is Get.
-**WlanIPv4Address**
+**Ext/WlanIPv4Address**
Returns the IPv4 address of the active Wi-Fi connection. This is only exposed to enterprise OMA DM servers.
Supported operation is Get.
-**WlanIPv6Address**
+**Ext/WlanIPv6Address**
Returns the IPv6 address of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
Supported operation is Get.
-**WlanDnsSuffix**
+**Ext/WlanDnsSuffix**
Returns the DNS suffix of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
Supported operation is Get.
-**WlanSubnetMask**
+**Ext/WlanSubnetMask**
Returns the subnet mask for the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
Supported operation is Get.
-**DeviceHardwareData**
+**Ext/DeviceHardwareData**
Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.
> [!Note]
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 24d8e2a40f..8d2e232161 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/21/2017
+ms.date: 08/31/2017
---
# What's new in MDM enrollment and management
@@ -52,7 +52,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
## What's new in Windows 10, version 1511
-
+
@@ -184,7 +184,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
## What's new in Windows 10, version 1607
-
+
@@ -495,7 +495,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
## What's new in Windows 10, version 1703
-
+
@@ -916,7 +916,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
## What's new in Windows 10, version 1709
-
+
@@ -981,14 +981,25 @@ For details about Microsoft mobile device management protocols for Windows 10 s
+
[Bitlocker CSP](bitlocker-csp.md)
+
Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
+
+
+
[ADMX-backed policies in Policy CSP](policy-configuration-service-provider.md#admx-backed-policies)
@@ -1324,7 +1337,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
### August 2017
-
+
@@ -1382,7 +1395,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
[BitLocker CSP](bitlocker-csp.md)
-
Added information to the ADMX-backed policies.
+
Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
[Firewall CSP](firewall-csp.md)
@@ -1394,11 +1407,23 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
Added default values.
+
+
[Policy DDF file](policy-ddf-file.md)
+
Added another Policy DDF file [download](http://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:
+
Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutoPilotResetCredentials.
Changed the names of the following policies:
@@ -1434,6 +1461,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess
Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).
+
There were issues reported with the previous release of the following policies. These issues were fixed in Window 10, version 1709:
@@ -3359,7 +3371,6 @@ The following diagram shows the Policy configuration service provider in tree fo
- [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon)
- [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword)
- [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess)
-- [Privacy/EnableActivityFeed](#privacy-enableactivityfeed)
- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)
- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)
- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)
@@ -3368,7 +3379,6 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)
- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)
- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)
-- [Privacy/PublishUserActivities](#privacy-publishuseractivities)
- [Security/AllowAddProvisioningPackage](#security-allowaddprovisioningpackage)
- [Security/AllowRemoveProvisioningPackage](#security-allowremoveprovisioningpackage)
- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
@@ -3414,7 +3424,6 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Experience/AllowCortana](#experience-allowcortana)
- [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment)
- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
-- [Privacy/EnableActivityFeed](#privacy-enableactivityfeed)
- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)
- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)
- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)
@@ -3423,7 +3432,6 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)
- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)
- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)
-- [Privacy/PublishUserActivities](#privacy-publishuseractivities)
- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
- [Settings/AllowDateTime](#settings-allowdatetime)
@@ -3514,6 +3522,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders)
- [DeviceGuard/AllowKernelControlFlowGuard](#deviceguard-allowkernelcontrolflowguard)
+- [Privacy/EnableActivityFeed](#privacy-enableactivityfeed)
- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)
- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)
- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)
@@ -3522,6 +3531,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)
- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)
- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)
+- [Privacy/PublishUserActivities](#privacy-publishuseractivities)
- [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature)
- [Security/RequireRetrieveHealthCertificateOnBoot](#security-requireretrievehealthcertificateonboot)
- [System/AllowFontProviders](#system-allowfontproviders)
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index eb8cd4abc7..2268695665 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - AboveLock
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 53ea6582a5..f2e678427b 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Accounts
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index e67542f66b..755aeb5a2e 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - ActiveXControls
@@ -64,7 +64,7 @@ Note: Wild card characters cannot be used when specifying the host URLs.
ADMX Info:
-- GP english name: *Approved Installation Sites for ActiveX Controls*
+- GP English name: *Approved Installation Sites for ActiveX Controls*
- GP name: *ApprovedActiveXInstallSites*
- GP path: *Windows Components/ActiveX Installer Service*
- GP ADMX file name: *ActiveXInstallService.admx*
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 11297a57df..838ad9fbc8 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - ApplicationDefaults
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 5d72ba16b5..db13ecc123 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - ApplicationManagement
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 01bd1dd68e..e44fda0b34 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - AppVirtualization
@@ -58,9 +58,9 @@ This policy setting allows you to enable or disable Microsoft Application Virtua
ADMX Info:
-- GP english name: *Enable App-V Client*
+- GP English name: *Enable App-V Client*
- GP name: *EnableAppV*
-- GP path: *Administrative Templates/System/App-V*
+- GP path: *System/App-V*
- GP ADMX file name: *appv.admx*
@@ -104,9 +104,9 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj
ADMX Info:
-- GP english name: *Enable Dynamic Virtualization*
+- GP English name: *Enable Dynamic Virtualization*
- GP name: *Virtualization_JITVEnable*
-- GP path: *Administrative Templates/System/App-V/Virtualization*
+- GP path: *System/App-V/Virtualization*
- GP ADMX file name: *appv.admx*
@@ -150,9 +150,9 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv
ADMX Info:
-- GP english name: *Enable automatic cleanup of unused appv packages*
+- GP English name: *Enable automatic cleanup of unused appv packages*
- GP name: *PackageManagement_AutoCleanupEnable*
-- GP path: *Administrative Templates/System/App-V/PackageManagement*
+- GP path: *System/App-V/PackageManagement*
- GP ADMX file name: *appv.admx*
@@ -196,9 +196,9 @@ Enables scripts defined in the package manifest of configuration files that shou
ADMX Info:
-- GP english name: *Enable Package Scripts*
+- GP English name: *Enable Package Scripts*
- GP name: *Scripting_Enable_Package_Scripts*
-- GP path: *Administrative Templates/System/App-V/Scripting*
+- GP path: *System/App-V/Scripting*
- GP ADMX file name: *appv.admx*
@@ -242,9 +242,9 @@ Enables a UX to display to the user when a publishing refresh is performed on th
ADMX Info:
-- GP english name: *Enable Publishing Refresh UX*
+- GP English name: *Enable Publishing Refresh UX*
- GP name: *Enable_Publishing_Refresh_UX*
-- GP path: *Administrative Templates/System/App-V/Publishing*
+- GP path: *System/App-V/Publishing*
- GP ADMX file name: *appv.admx*
@@ -298,9 +298,9 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t
ADMX Info:
-- GP english name: *Reporting Server*
+- GP English name: *Reporting Server*
- GP name: *Reporting_Server_Policy*
-- GP path: *Administrative Templates/System/App-V/Reporting*
+- GP path: *System/App-V/Reporting*
- GP ADMX file name: *appv.admx*
@@ -344,9 +344,9 @@ Specifies the file paths relative to %userprofile% that do not roam with a user'
ADMX Info:
-- GP english name: *Roaming File Exclusions*
+- GP English name: *Roaming File Exclusions*
- GP name: *Integration_Roaming_File_Exclusions*
-- GP path: *Administrative Templates/System/App-V/Integration*
+- GP path: *System/App-V/Integration*
- GP ADMX file name: *appv.admx*
@@ -390,9 +390,9 @@ Specifies the registry paths that do not roam with a user profile. Example usage
ADMX Info:
-- GP english name: *Roaming Registry Exclusions*
+- GP English name: *Roaming Registry Exclusions*
- GP name: *Integration_Roaming_Registry_Exclusions*
-- GP path: *Administrative Templates/System/App-V/Integration*
+- GP path: *System/App-V/Integration*
- GP ADMX file name: *appv.admx*
@@ -436,9 +436,9 @@ Specifies how new packages should be loaded automatically by App-V on a specific
ADMX Info:
-- GP english name: *Specify what to load in background (aka AutoLoad)*
+- GP English name: *Specify what to load in background (aka AutoLoad)*
- GP name: *Steaming_Autoload*
-- GP path: *Administrative Templates/System/App-V/Streaming*
+- GP path: *System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
@@ -482,9 +482,9 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package
ADMX Info:
-- GP english name: *Enable Migration Mode*
+- GP English name: *Enable Migration Mode*
- GP name: *Client_Coexistence_Enable_Migration_mode*
-- GP path: *Administrative Templates/System/App-V/Client Coexistence*
+- GP path: *System/App-V/Client Coexistence*
- GP ADMX file name: *appv.admx*
@@ -528,9 +528,9 @@ Specifies the location where symbolic links are created to the current version o
ADMX Info:
-- GP english name: *Integration Root User*
+- GP English name: *Integration Root User*
- GP name: *Integration_Root_User*
-- GP path: *Administrative Templates/System/App-V/Integration*
+- GP path: *System/App-V/Integration*
- GP ADMX file name: *appv.admx*
@@ -574,9 +574,9 @@ Specifies the location where symbolic links are created to the current version o
ADMX Info:
-- GP english name: *Integration Root Global*
+- GP English name: *Integration Root Global*
- GP name: *Integration_Root_Global*
-- GP path: *Administrative Templates/System/App-V/Integration*
+- GP path: *System/App-V/Integration*
- GP ADMX file name: *appv.admx*
@@ -638,9 +638,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
ADMX Info:
-- GP english name: *Publishing Server 1 Settings*
+- GP English name: *Publishing Server 1 Settings*
- GP name: *Publishing_Server1_Policy*
-- GP path: *Administrative Templates/System/App-V/Publishing*
+- GP path: *System/App-V/Publishing*
- GP ADMX file name: *appv.admx*
@@ -704,7 +704,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
ADMX Info:
- GP English name: *Publishing Server 2 Settings*
- GP name: *Publishing_Server2_Policy*
-- GP path: *Administrative Templates/System/App-V/Publishing*
+- GP path: *System/App-V/Publishing*
- GP ADMX file name: *appv.admx*
@@ -766,9 +766,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
ADMX Info:
-- GP english name: *Publishing Server 3 Settings*
+- GP English name: *Publishing Server 3 Settings*
- GP name: *Publishing_Server3_Policy*
-- GP path: *Administrative Templates/System/App-V/Publishing*
+- GP path: *System/App-V/Publishing*
- GP ADMX file name: *appv.admx*
@@ -830,9 +830,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
ADMX Info:
-- GP english name: *Publishing Server 4 Settings*
+- GP English name: *Publishing Server 4 Settings*
- GP name: *Publishing_Server4_Policy*
-- GP path: *Administrative Templates/System/App-V/Publishing*
+- GP path: *System/App-V/Publishing*
- GP ADMX file name: *appv.admx*
@@ -894,9 +894,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
ADMX Info:
-- GP english name: *Publishing Server 5 Settings*
+- GP English name: *Publishing Server 5 Settings*
- GP name: *Publishing_Server5_Policy*
-- GP path: *Administrative Templates/System/App-V/Publishing*
+- GP path: *System/App-V/Publishing*
- GP ADMX file name: *appv.admx*
@@ -940,9 +940,9 @@ Specifies the path to a valid certificate in the certificate store.
ADMX Info:
-- GP english name: *Certificate Filter For Client SSL*
+- GP English name: *Certificate Filter For Client SSL*
- GP name: *Streaming_Certificate_Filter_For_Client_SSL*
-- GP path: *Administrative Templates/System/App-V/Streaming*
+- GP path: *System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
@@ -986,9 +986,9 @@ This setting controls whether virtualized applications are launched on Windows 8
ADMX Info:
-- GP english name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection*
+- GP English name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection*
- GP name: *Streaming_Allow_High_Cost_Launch*
-- GP path: *Administrative Templates/System/App-V/Streaming*
+- GP path: *System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
@@ -1032,9 +1032,9 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP
ADMX Info:
-- GP english name: *Location Provider*
+- GP English name: *Location Provider*
- GP name: *Streaming_Location_Provider*
-- GP path: *Administrative Templates/System/App-V/Streaming*
+- GP path: *System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
@@ -1078,9 +1078,9 @@ Specifies directory where all new applications and updates will be installed.
ADMX Info:
-- GP english name: *Package Installation Root*
+- GP English name: *Package Installation Root*
- GP name: *Streaming_Package_Installation_Root*
-- GP path: *Administrative Templates/System/App-V/Streaming*
+- GP path: *System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
@@ -1124,9 +1124,9 @@ Overrides source location for downloading package content.
ADMX Info:
-- GP english name: *Package Source Root*
+- GP English name: *Package Source Root*
- GP name: *Streaming_Package_Source_Root*
-- GP path: *Administrative Templates/System/App-V/Streaming*
+- GP path: *System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
@@ -1170,9 +1170,9 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio
ADMX Info:
-- GP english name: *Reestablishment Interval*
+- GP English name: *Reestablishment Interval*
- GP name: *Streaming_Reestablishment_Interval*
-- GP path: *Administrative Templates/System/App-V/Streaming*
+- GP path: *System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
@@ -1216,9 +1216,9 @@ Specifies the number of times to retry a dropped session.
ADMX Info:
-- GP english name: *Reestablishment Retries*
+- GP English name: *Reestablishment Retries*
- GP name: *Streaming_Reestablishment_Retries*
-- GP path: *Administrative Templates/System/App-V/Streaming*
+- GP path: *System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
@@ -1262,9 +1262,9 @@ Specifies that streamed package contents will be not be saved to the local hard
ADMX Info:
-- GP english name: *Shared Content Store (SCS) mode*
+- GP English name: *Shared Content Store (SCS) mode*
- GP name: *Streaming_Shared_Content_Store_Mode*
-- GP path: *Administrative Templates/System/App-V/Streaming*
+- GP path: *System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
@@ -1308,9 +1308,9 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming
ADMX Info:
-- GP english name: *Enable Support for BranchCache*
+- GP English name: *Enable Support for BranchCache*
- GP name: *Streaming_Support_Branch_Cache*
-- GP path: *Administrative Templates/System/App-V/Streaming*
+- GP path: *System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
@@ -1354,9 +1354,9 @@ Verifies Server certificate revocation status before streaming using HTTPS.
ADMX Info:
-- GP english name: *Verify certificate revocation list*
+- GP English name: *Verify certificate revocation list*
- GP name: *Streaming_Verify_Certificate_Revocation_List*
-- GP path: *Administrative Templates/System/App-V/Streaming*
+- GP path: *System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
@@ -1400,9 +1400,9 @@ Specifies a list of process paths (may contain wildcards) which are candidates f
ADMX Info:
-- GP english name: *Virtual Component Process Allow List*
+- GP English name: *Virtual Component Process Allow List*
- GP name: *Virtualization_JITVAllowList*
-- GP path: *Administrative Templates/System/App-V/Virtualization*
+- GP path: *System/App-V/Virtualization*
- GP ADMX file name: *appv.admx*
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index 0d4c2f7055..202f7f324a 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - AttachmentManager
@@ -64,7 +64,7 @@ If you do not configure this policy setting, Windows marks file attachments with
ADMX Info:
-- GP english name: *Do not preserve zone information in file attachments*
+- GP English name: *Do not preserve zone information in file attachments*
- GP name: *AM_MarkZoneOnSavedAtttachments*
- GP path: *Windows Components/Attachment Manager*
- GP ADMX file name: *AttachmentManager.admx*
@@ -116,7 +116,7 @@ If you do not configure this policy setting, Windows hides the check box and Unb
ADMX Info:
-- GP english name: *Hide mechanisms to remove zone information*
+- GP English name: *Hide mechanisms to remove zone information*
- GP name: *AM_RemoveZoneInfo*
- GP path: *Windows Components/Attachment Manager*
- GP ADMX file name: *AttachmentManager.admx*
@@ -168,7 +168,7 @@ If you do not configure this policy setting, Windows does not call the registere
ADMX Info:
-- GP english name: *Notify antivirus programs when opening attachments*
+- GP English name: *Notify antivirus programs when opening attachments*
- GP name: *AM_CallIOfficeAntiVirus*
- GP path: *Windows Components/Attachment Manager*
- GP ADMX file name: *AttachmentManager.admx*
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 2b74810ed1..fcc6506c15 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Authentication
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index 8198ac815b..daac26b55d 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Autoplay
@@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, AutoPlay is enabled for
ADMX Info:
-- GP english name: *Disallow Autoplay for non-volume devices*
+- GP English name: *Disallow Autoplay for non-volume devices*
- GP name: *NoAutoplayfornonVolume*
- GP path: *Windows Components/AutoPlay Policies*
- GP ADMX file name: *AutoPlay.admx*
@@ -121,7 +121,7 @@ If you disable or not configure this policy setting, Windows Vista or later will
ADMX Info:
-- GP english name: *Set the default behavior for AutoRun*
+- GP English name: *Set the default behavior for AutoRun*
- GP name: *NoAutorun*
- GP path: *Windows Components/AutoPlay Policies*
- GP ADMX file name: *AutoPlay.admx*
@@ -181,7 +181,7 @@ Note: This policy setting appears in both the Computer Configuration and User Co
ADMX Info:
-- GP english name: *Turn off Autoplay*
+- GP English name: *Turn off Autoplay*
- GP name: *Autorun*
- GP path: *Windows Components/AutoPlay Policies*
- GP ADMX file name: *AutoPlay.admx*
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index ea9430a79c..1220f63607 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Bitlocker
@@ -85,6 +85,7 @@ ms.date: 08/09/2017
BitLocker/SystemDrivesRequireStartupAuthentication
+
@@ -95,4 +96,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
-
\ No newline at end of file
+
+
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index 69445abb1a..7bd2ea4992 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Bluetooth
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index f0d50ff7ac..82c992e8eb 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Browser
@@ -679,6 +679,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
3. Click **Settings** in the drop down list, and select **View Advanced Settings**.
4. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is greyed out.
+
+
+
+**Browser/AlwaysEnableBooksLibrary**
+
+
+
+
+
This is only a placeholder.
+
@@ -965,6 +975,51 @@ Employees cannot remove these search engines, but they can set any one as the de
> [!NOTE]
> Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings.
+
+
+
+**Browser/LockdownFavorites**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
3
+
3
+
3
+
3
+
3
+
3
+
+
+
+
+
+
Added in Windows 10, version 1709. This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
+
+
If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
+
+> [!Important]
+> Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+
+
+
0 - Disabled. Do not lockdown Favorites.
+
1 - Enabled. Lockdown Favorites.
+
+
+
If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.
+
+
Data type is integer.
+
@@ -1191,6 +1246,50 @@ Employees cannot remove these search engines, but they can set any one as the de
- 0 (default) – The localhost IP address is shown.
- 1 – The localhost IP address is hidden.
+
+
+
+**Browser/ProvisionFavorites**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
3
+
3
+
3
+
3
+
3
+
3
+
+
+
+
+
+
Added in Windows 10, version 1709. This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Edge and use that html file for provisioning user machines.
+
+
URL can be specified as:
+
+- HTTP location: "SiteList"="http://localhost:8080/URLs.html"
+- Local network: "SiteList"="\\network\shares\URLs.html"
+- Local file: "SiteList"="file:///c:\\Users\\\\Documents\\URLs.html"
+
+> [!Important]
+> Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+
+
If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.
+
+
Data type is string.
+
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 5235998a62..ca7b98ecc5 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Camera
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 0afb973431..b1c206e118 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Cellular
@@ -56,7 +56,7 @@ ms.date: 08/09/2017
ADMX Info:
-- GP english name: *Set Per-App Cellular Access UI Visibility*
+- GP English name: *Set Per-App Cellular Access UI Visibility*
- GP name: *ShowAppCellularAccessUI*
- GP path: *Network/WWAN Service/WWAN UI Settings*
- GP ADMX file name: *wwansvc.admx*
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index d766ef3c9d..5ffa503ab6 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Connectivity
@@ -386,8 +386,9 @@ ms.date: 08/09/2017
ADMX Info:
-- GP english name: *Turn off printing over HTTP*
+- GP English name: *Turn off printing over HTTP*
- GP name: *DisableHTTPPrinting_2*
+- GP path: *Internet Communication settings*
- GP ADMX file name: *ICM.admx*
@@ -429,8 +430,9 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn off downloading of print drivers over HTTP*
+- GP English name: *Turn off downloading of print drivers over HTTP*
- GP name: *DisableWebPnPDownload_2*
+- GP path: *Internet Communication settings*
- GP ADMX file name: *ICM.admx*
@@ -472,8 +474,9 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn off Internet download for Web publishing and online ordering wizards*
+- GP English name: *Turn off Internet download for Web publishing and online ordering wizards*
- GP name: *ShellPreventWPWDownload_2*
+- GP path: *Internet Communication settings*
- GP ADMX file name: *ICM.admx*
@@ -519,7 +522,7 @@ If you enable this policy, Windows only allows access to the specified UNC paths
ADMX Info:
-- GP english name: *Hardened UNC Paths*
+- GP English name: *Hardened UNC Paths*
- GP name: *Pol_HardenedPaths*
- GP path: *Network/Network Provider*
- GP ADMX file name: *networkprovider.admx*
@@ -563,7 +566,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Prohibit installation and configuration of Network Bridge on your DNS domain network*
+- GP English name: *Prohibit installation and configuration of Network Bridge on your DNS domain network*
- GP name: *NC_AllowNetBridge_NLA*
- GP path: *Network/Network Connections*
- GP ADMX file name: *NetworkConnections.admx*
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index afa69b9477..e253febdf8 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - CredentialProviders
@@ -66,8 +66,9 @@ To configure Windows Hello for Business, use the Administrative Template policie
ADMX Info:
-- GP english name: *Turn on convenience PIN sign-in*
+- GP English name: *Turn on convenience PIN sign-in*
- GP name: *AllowDomainPINLogon*
+- GP path: *System/Logon*
- GP ADMX file name: *credentialproviders.admx*
@@ -117,8 +118,9 @@ Note that the user's domain password will be cached in the system vault when usi
ADMX Info:
-- GP english name: *Turn off picture password sign-in*
+- GP English name: *Turn off picture password sign-in*
- GP name: *BlockDomainPicturePassword*
+- GP path: *System/Logon*
- GP ADMX file name: *credentialproviders.admx*
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index 728275e01e..15d68cf69e 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - CredentialsUI
@@ -66,7 +66,7 @@ The policy applies to all Windows components and applications that use the Windo
ADMX Info:
-- GP english name: *Do not display the password reveal button*
+- GP English name: *Do not display the password reveal button*
- GP name: *DisablePasswordReveal*
- GP path: *Windows Components/Credential User Interface*
- GP ADMX file name: *credui.admx*
@@ -116,7 +116,7 @@ If you disable this policy setting, users will always be required to type a user
ADMX Info:
-- GP english name: *Enumerate administrator accounts on elevation*
+- GP English name: *Enumerate administrator accounts on elevation*
- GP name: *EnumerateAdministrators*
- GP path: *Windows Components/Credential User Interface*
- GP ADMX file name: *credui.admx*
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 5365025f58..eef7cdeba4 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Cryptography
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index ebe61e6295..edba750722 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - DataProtection
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index 7398cdb094..a8724cc2f6 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - DataUsage
@@ -68,7 +68,7 @@ If this policy setting is disabled or is not configured, the cost of 3G connecti
ADMX Info:
-- GP english name: *Set 3G Cost*
+- GP English name: *Set 3G Cost*
- GP name: *SetCost3G*
- GP path: *Network/WWAN Service/WWAN Media Cost*
- GP ADMX file name: *wwansvc.admx*
@@ -124,7 +124,7 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti
ADMX Info:
-- GP english name: *Set 4G Cost*
+- GP English name: *Set 4G Cost*
- GP name: *SetCost4G*
- GP path: *Network/WWAN Service/WWAN Media Cost*
- GP ADMX file name: *wwansvc.admx*
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 2ab2afa893..81e87eb957 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Defender
@@ -740,6 +740,74 @@ Value type is string.
> [!Note]
> This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required".
+
+
+
+**Defender/ControlledFolderAccessAllowedApplications**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
3
+
3
+
3
+
3
+
+
+
+
+
+
+
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications.
+
+
Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the Unicode as the substring separator.
+
+
+
+
+**Defender/ControlledFolderAccessProtectedFolders**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
3
+
3
+
3
+
3
+
+
+
+
+
+
+
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders.
+
+
Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the Unicode as the substring separator.
+
@@ -974,74 +1042,6 @@ Value type is string.
Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe".
-
-
-
-**Defender/ControlledFolderAccessAllowedApplications**
-
-
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
-
-
-
-
3
-
3
-
3
-
3
-
-
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications.
-
-
Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the Unicode as the substring separator.
-
-
-
-
-**Defender/ControlledFolderAccessProtectedFolders**
-
-
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
-
-
-
-
3
-
3
-
3
-
3
-
-
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders.
-
-
Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the Unicode as the substring separator.
-
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index a80a113695..e352718a5d 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - DeliveryOptimization
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 2f095c7e16..8a3b89d0f5 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Desktop
@@ -62,8 +62,9 @@ If you enable this setting, users are unable to type a new location in the Targe
ADMX Info:
-- GP english name: *Prohibit User from manually redirecting Profile Folders*
+- GP English name: *Prohibit User from manually redirecting Profile Folders*
- GP name: *DisablePersonalDirChange*
+- GP path: *Desktop*
- GP ADMX file name: *desktop.admx*
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index a613939a89..df77a218e7 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - DeviceGuard
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index b9e3b22182..4b04c4567d 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - DeviceInstallation
@@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, devices can be installed
ADMX Info:
-- GP english name: *Prevent installation of devices that match any of these device IDs*
+- GP English name: *Prevent installation of devices that match any of these device IDs*
- GP name: *DeviceInstall_IDs_Deny*
- GP path: *System/Device Installation/Device Installation Restrictions*
- GP ADMX file name: *deviceinstallation.admx*
@@ -112,7 +112,7 @@ If you disable or do not configure this policy setting, Windows can install and
ADMX Info:
-- GP english name: *Prevent installation of devices using drivers that match these device setup classes*
+- GP English name: *Prevent installation of devices using drivers that match these device setup classes*
- GP name: *DeviceInstall_Classes_Deny*
- GP path: *System/Device Installation/Device Installation Restrictions*
- GP ADMX file name: *deviceinstallation.admx*
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 3e3e9a0a12..dcfc34f488 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - DeviceLock
@@ -767,7 +767,7 @@ If you enable this setting, users will no longer be able to modify slide show se
ADMX Info:
-- GP english name: *Prevent enabling lock screen slide show*
+- GP English name: *Prevent enabling lock screen slide show*
- GP name: *CPL_Personalization_NoLockScreenSlideshow*
- GP path: *Control Panel/Personalization*
- GP ADMX file name: *ControlPanelDisplay.admx*
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index 173a2e7f02..7af8189ba0 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Display
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index 8c563ece39..6be666c341 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Education
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index aac0cea10c..c11c6d066d 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - EnterpriseCloudPrint
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index 88177e71c6..98c03c6579 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - ErrorReporting
@@ -72,8 +72,9 @@ If you disable or do not configure this policy setting, then the default consent
ADMX Info:
-- GP english name: *Customize consent settings*
+- GP English name: *Customize consent settings*
- GP name: *WerConsentCustomize_2*
+- GP path: *Windows Components/Windows Error Reporting/Consent*
- GP ADMX file name: *ErrorReporting.admx*
@@ -121,7 +122,7 @@ If you disable or do not configure this policy setting, the Turn off Windows Err
ADMX Info:
-- GP english name: *Disable Windows Error Reporting*
+- GP English name: *Disable Windows Error Reporting*
- GP name: *WerDisable_2*
- GP path: *Windows Components/Windows Error Reporting*
- GP ADMX file name: *ErrorReporting.admx*
@@ -175,7 +176,7 @@ See also the Configure Error Reporting policy setting.
ADMX Info:
-- GP english name: *Display Error Notification*
+- GP English name: *Display Error Notification*
- GP name: *PCH_ShowUI*
- GP path: *Windows Components/Windows Error Reporting*
- GP ADMX file name: *ErrorReporting.admx*
@@ -225,7 +226,7 @@ If you disable or do not configure this policy setting, then consent policy sett
ADMX Info:
-- GP english name: *Do not send additional data*
+- GP English name: *Do not send additional data*
- GP name: *WerNoSecondLevelData_2*
- GP path: *Windows Components/Windows Error Reporting*
- GP ADMX file name: *ErrorReporting.admx*
@@ -275,7 +276,7 @@ If you disable or do not configure this policy setting, Windows Error Reporting
ADMX Info:
-- GP english name: *Prevent display of the user interface for critical errors*
+- GP English name: *Prevent display of the user interface for critical errors*
- GP name: *WerDoNotShowUI*
- GP path: *Windows Components/Windows Error Reporting*
- GP ADMX file name: *ErrorReporting.admx*
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index 8ded981267..a73f5c2b18 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - EventLogService
@@ -64,7 +64,7 @@ Note: Old events may or may not be retained according to the "Backup log automat
ADMX Info:
-- GP english name: *Control Event Log behavior when the log file reaches its maximum size*
+- GP English name: *Control Event Log behavior when the log file reaches its maximum size*
- GP name: *Channel_Log_Retention_1*
- GP path: *Windows Components/Event Log Service/Application*
- GP ADMX file name: *eventlog.admx*
@@ -114,7 +114,7 @@ If you disable or do not configure this policy setting, the maximum size of the
ADMX Info:
-- GP english name: *Specify the maximum log file size (KB)*
+- GP English name: *Specify the maximum log file size (KB)*
- GP name: *Channel_LogMaxSize_1*
- GP path: *Windows Components/Event Log Service/Application*
- GP ADMX file name: *eventlog.admx*
@@ -164,7 +164,7 @@ If you disable or do not configure this policy setting, the maximum size of the
ADMX Info:
-- GP english name: *Specify the maximum log file size (KB)*
+- GP English name: *Specify the maximum log file size (KB)*
- GP name: *Channel_LogMaxSize_2*
- GP path: *Windows Components/Event Log Service/Security*
- GP ADMX file name: *eventlog.admx*
@@ -214,7 +214,7 @@ If you disable or do not configure this policy setting, the maximum size of the
ADMX Info:
-- GP english name: *Specify the maximum log file size (KB)*
+- GP English name: *Specify the maximum log file size (KB)*
- GP name: *Channel_LogMaxSize_4*
- GP path: *Windows Components/Event Log Service/System*
- GP ADMX file name: *eventlog.admx*
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 82e380c156..b5e7a8bfe2 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Experience
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index cf06c60c3e..292dfa31bc 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/11/2017
+ms.date: 08/30/2017
---
# Policy CSP - ExploitGuard
@@ -14,6 +14,11 @@ ms.date: 08/11/2017
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML.
+
Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits with Windows Defender Exploit Guard](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml).
The system settings require a reboot; the application settings do not require a reboot.
+
@@ -55,4 +85,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
-
\ No newline at end of file
+
+
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index 9e5de02b1b..f6fc32cc9f 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/31/2017
---
# Policy CSP - Games
@@ -22,9 +22,36 @@ ms.date: 08/09/2017
**Games/AllowAdvancedGamingServices**
-
-
Placeholder only. Currently not supported.
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
3
+
3
+
3
+
3
+
+
+
+
+
+
+
Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer.
+
+- 0 - Not Allowed
+- 1 (default) - Allowed
+
+
This policy can only be turned off in Windows 10 Education and Enterprise editions.
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index cd051e0e91..7be92bcfc1 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - InternetExplorer
@@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, the user can configure t
ADMX Info:
-- GP english name: *Add a specific list of search providers to the user's list of search providers*
+- GP English name: *Add a specific list of search providers to the user's list of search providers*
- GP name: *AddSearchProvider*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -112,7 +112,7 @@ If you disable or do not configure this policy setting, ActiveX Filtering is not
ADMX Info:
-- GP english name: *Turn on ActiveX Filtering*
+- GP English name: *Turn on ActiveX Filtering*
- GP name: *TurnOnActiveXFiltering*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -168,7 +168,7 @@ If you disable this policy setting, the list is deleted. The 'Deny all add-ons u
ADMX Info:
-- GP english name: *Add-on List*
+- GP English name: *Add-on List*
- GP name: *AddonManagement_AddOnList*
- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -212,7 +212,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn on the auto-complete feature for user names and passwords on forms*
+- GP English name: *Turn on the auto-complete feature for user names and passwords on forms*
- GP name: *RestrictFormSuggestPW*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -256,7 +256,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn on certificate address mismatch warning*
+- GP English name: *Turn on certificate address mismatch warning*
- GP name: *IZ_PolicyWarnCertMismatch*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -300,7 +300,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow deleting browsing history on exit*
+- GP English name: *Allow deleting browsing history on exit*
- GP name: *DBHDisableDeleteOnExit*
- GP path: *Windows Components/Internet Explorer/Delete Browsing History*
- GP ADMX file name: *inetres.admx*
@@ -352,7 +352,7 @@ If you do not configure this policy, users will be able to turn on or turn off E
ADMX Info:
-- GP english name: *Turn on Enhanced Protected Mode*
+- GP English name: *Turn on Enhanced Protected Mode*
- GP name: *Advanced_EnableEnhancedProtectedMode*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -402,7 +402,7 @@ If you disable or don't configure this policy setting, the menu option won't app
ADMX Info:
-- GP english name: *Let users turn on and use Enterprise Mode from the Tools menu*
+- GP English name: *Let users turn on and use Enterprise Mode from the Tools menu*
- GP name: *EnterpriseModeEnable*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -452,7 +452,7 @@ If you disable or don't configure this policy setting, Internet Explorer opens a
ADMX Info:
-- GP english name: *Use the Enterprise Mode IE website list*
+- GP English name: *Use the Enterprise Mode IE website list*
- GP name: *EnterpriseModeSiteList*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -496,7 +496,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow fallback to SSL 3.0 (Internet Explorer)*
+- GP English name: *Allow fallback to SSL 3.0 (Internet Explorer)*
- GP name: *Advanced_EnableSSL3Fallback*
- GP path: *Windows Components/Internet Explorer/Security Features*
- GP ADMX file name: *inetres.admx*
@@ -546,7 +546,7 @@ If you disable or do not configure this policy setting, the user can add and rem
ADMX Info:
-- GP english name: *Use Policy List of Internet Explorer 7 sites*
+- GP English name: *Use Policy List of Internet Explorer 7 sites*
- GP name: *CompatView_UsePolicyList*
- GP path: *Windows Components/Internet Explorer/Compatibility View*
- GP ADMX file name: *inetres.admx*
@@ -598,7 +598,7 @@ If you do not configure this policy setting, Internet Explorer uses an Internet
ADMX Info:
-- GP english name: *Turn on Internet Explorer Standards Mode for local intranet*
+- GP English name: *Turn on Internet Explorer Standards Mode for local intranet*
- GP name: *CompatView_IntranetSites*
- GP path: *Windows Components/Internet Explorer/Compatibility View*
- GP ADMX file name: *inetres.admx*
@@ -654,7 +654,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
-- GP english name: *Internet Zone Template*
+- GP English name: *Internet Zone Template*
- GP name: *IZ_PolicyInternetZoneTemplate*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -710,7 +710,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
-- GP english name: *Intranet Zone Template*
+- GP English name: *Intranet Zone Template*
- GP name: *IZ_PolicyIntranetZoneTemplate*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -766,7 +766,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
-- GP english name: *Local Machine Zone Template*
+- GP English name: *Local Machine Zone Template*
- GP name: *IZ_PolicyLocalMachineZoneTemplate*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -822,7 +822,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
-- GP english name: *Locked-Down Internet Zone Template*
+- GP English name: *Locked-Down Internet Zone Template*
- GP name: *IZ_PolicyInternetZoneLockdownTemplate*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -878,7 +878,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
-- GP english name: *Locked-Down Intranet Zone Template*
+- GP English name: *Locked-Down Intranet Zone Template*
- GP name: *IZ_PolicyIntranetZoneLockdownTemplate*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -934,7 +934,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
-- GP english name: *Locked-Down Local Machine Zone Template*
+- GP English name: *Locked-Down Local Machine Zone Template*
- GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -990,7 +990,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
-- GP english name: *Locked-Down Restricted Sites Zone Template*
+- GP English name: *Locked-Down Restricted Sites Zone Template*
- GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -1040,7 +1040,7 @@ If you disable or do not configure this policy setting, Internet Explorer does n
ADMX Info:
-- GP english name: *Go to an intranet site for a one-word entry in the Address bar*
+- GP English name: *Go to an intranet site for a one-word entry in the Address bar*
- GP name: *UseIntranetSiteForOneWordEntry*
- GP path: *Windows Components/Internet Explorer/Internet Settings/Advanced settings/Browsing*
- GP ADMX file name: *inetres.admx*
@@ -1096,7 +1096,7 @@ If you disable or do not configure this policy, users may choose their own site-
ADMX Info:
-- GP english name: *Site to Zone Assignment List*
+- GP English name: *Site to Zone Assignment List*
- GP name: *IZ_Zonemaps*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -1140,7 +1140,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow software to run or install even if the signature is invalid*
+- GP English name: *Allow software to run or install even if the signature is invalid*
- GP name: *Advanced_InvalidSignatureBlock*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -1192,7 +1192,7 @@ If you do not configure this policy setting, the user can turn on and turn off t
ADMX Info:
-- GP english name: *Turn on Suggested Sites*
+- GP English name: *Turn on Suggested Sites*
- GP name: *EnableSuggestedSites*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -1248,7 +1248,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
-- GP english name: *Trusted Sites Zone Template*
+- GP English name: *Trusted Sites Zone Template*
- GP name: *IZ_PolicyTrustedSitesZoneTemplate*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -1304,7 +1304,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
-- GP english name: *Locked-Down Trusted Sites Zone Template*
+- GP English name: *Locked-Down Trusted Sites Zone Template*
- GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -1360,7 +1360,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
-- GP english name: *Restricted Sites Zone Template*
+- GP English name: *Restricted Sites Zone Template*
- GP name: *IZ_PolicyRestrictedSitesZoneTemplate*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -1404,7 +1404,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Check for server certificate revocation*
+- GP English name: *Check for server certificate revocation*
- GP name: *Advanced_CertificateRevocation*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -1448,7 +1448,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Check for signatures on downloaded programs*
+- GP English name: *Check for signatures on downloaded programs*
- GP name: *Advanced_DownloadSignatures*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -1492,7 +1492,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Internet Explorer Processes*
+- GP English name: *Internet Explorer Processes*
- GP name: *IESF_PolicyExplorerProcesses_2*
- GP path: *Windows Components/Internet Explorer/Security Features/Binary Behavior Security Restriction*
- GP ADMX file name: *inetres.admx*
@@ -1544,7 +1544,7 @@ Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny
ADMX Info:
-- GP english name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects*
+- GP English name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects*
- GP name: *DisableFlashInIE*
- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -1588,7 +1588,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer*
+- GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer*
- GP name: *VerMgmtDisable*
- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -1638,7 +1638,7 @@ If you disable or do not configure this policy setting, the user can bypass Smar
ADMX Info:
-- GP english name: *Prevent bypassing SmartScreen Filter warnings*
+- GP English name: *Prevent bypassing SmartScreen Filter warnings*
- GP name: *DisableSafetyFilterOverride*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -1688,7 +1688,7 @@ If you disable or do not configure this policy setting, the user can bypass Smar
ADMX Info:
-- GP english name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet*
+- GP English name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet*
- GP name: *DisableSafetyFilterOverrideForAppRepUnknown*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -1732,7 +1732,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Disable "Configuring History"*
+- GP English name: *Disable "Configuring History"*
- GP name: *RestrictHistory*
- GP path: *Windows Components/Internet Explorer/Delete Browsing History*
- GP ADMX file name: *inetres.admx*
@@ -1776,7 +1776,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn off Crash Detection*
+- GP English name: *Turn off Crash Detection*
- GP name: *AddonManagement_RestrictCrashDetection*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -1828,7 +1828,7 @@ If you do not configure this policy setting, the user can choose to participate
ADMX Info:
-- GP english name: *Prevent participation in the Customer Experience Improvement Program*
+- GP English name: *Prevent participation in the Customer Experience Improvement Program*
- GP name: *SQM_DisableCEIP*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -1872,7 +1872,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Prevent deleting websites that the user has visited*
+- GP English name: *Prevent deleting websites that the user has visited*
- GP name: *DBHDisableDeleteHistory*
- GP path: *Windows Components/Internet Explorer/Delete Browsing History*
- GP ADMX file name: *inetres.admx*
@@ -1922,7 +1922,7 @@ If you disable or do not configure this policy setting, the user can set the Fee
ADMX Info:
-- GP english name: *Prevent downloading of enclosures*
+- GP English name: *Prevent downloading of enclosures*
- GP name: *Disable_Downloading_of_Enclosures*
- GP path: *Windows Components/RSS Feeds*
- GP ADMX file name: *inetres.admx*
@@ -1974,7 +1974,7 @@ Note: SSL 2.0 is off by default and is no longer supported starting with Windows
ADMX Info:
-- GP english name: *Turn off encryption support*
+- GP English name: *Turn off encryption support*
- GP name: *Advanced_SetWinInetProtocols*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -2028,7 +2028,7 @@ If you disable or do not configure this policy setting, Internet Explorer may ru
ADMX Info:
-- GP english name: *Prevent running First Run wizard*
+- GP English name: *Prevent running First Run wizard*
- GP name: *NoFirstRunCustomise*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2082,7 +2082,7 @@ If you don't configure this setting, users can turn this behavior on or off, usi
ADMX Info:
-- GP english name: *Turn off the flip ahead with page prediction feature*
+- GP English name: *Turn off the flip ahead with page prediction feature*
- GP name: *Advanced_DisableFlipAhead*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -2132,7 +2132,7 @@ If you disable or do not configure this policy setting, the Home page box is ena
ADMX Info:
-- GP english name: *Disable changing home page settings*
+- GP English name: *Disable changing home page settings*
- GP name: *RestrictHomePage*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2176,7 +2176,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Prevent ignoring certificate errors*
+- GP English name: *Prevent ignoring certificate errors*
- GP name: *NoCertError*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel*
- GP ADMX file name: *inetres.admx*
@@ -2220,7 +2220,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn off InPrivate Browsing*
+- GP English name: *Turn off InPrivate Browsing*
- GP name: *DisableInPrivateBrowsing*
- GP path: *Windows Components/Internet Explorer/Privacy*
- GP ADMX file name: *inetres.admx*
@@ -2264,7 +2264,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows*
+- GP English name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows*
- GP name: *Advanced_EnableEnhancedProtectedMode64Bit*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -2314,7 +2314,7 @@ If you disable or do not configure this policy setting, the user can configure p
ADMX Info:
-- GP english name: *Prevent changing proxy settings*
+- GP English name: *Prevent changing proxy settings*
- GP name: *RestrictProxy*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2364,7 +2364,7 @@ If you disable or do not configure this policy setting, the user can change the
ADMX Info:
-- GP english name: *Prevent changing the default search provider*
+- GP English name: *Prevent changing the default search provider*
- GP name: *NoSearchProvider*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2416,7 +2416,7 @@ Note: If the Disable Changing Home Page Settings policy is enabled, the user can
ADMX Info:
-- GP english name: *Disable changing secondary home page settings*
+- GP English name: *Disable changing secondary home page settings*
- GP name: *SecondaryHomePages*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2460,7 +2460,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn off the Security Settings Check feature*
+- GP English name: *Turn off the Security Settings Check feature*
- GP name: *Disable_Security_Settings_Check*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2512,7 +2512,7 @@ This policy is intended to help the administrator maintain version control for I
ADMX Info:
-- GP english name: *Disable Periodic Check for Internet Explorer software updates*
+- GP English name: *Disable Periodic Check for Internet Explorer software updates*
- GP name: *NoUpdateCheck*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2556,7 +2556,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled*
+- GP English name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled*
- GP name: *Advanced_DisableEPMCompat*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -2612,7 +2612,7 @@ Also, see the "Security zones: Use only machine settings" policy.
ADMX Info:
-- GP english name: *Security Zones: Do not allow users to add/delete sites*
+- GP English name: *Security Zones: Do not allow users to add/delete sites*
- GP name: *Security_zones_map_edit*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2668,7 +2668,7 @@ Also, see the "Security zones: Use only machine settings" policy.
ADMX Info:
-- GP english name: *Security Zones: Do not allow users to change policies*
+- GP English name: *Security Zones: Do not allow users to change policies*
- GP name: *Security_options_edit*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2720,7 +2720,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
ADMX Info:
-- GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer*
+- GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer*
- GP name: *VerMgmtDisable*
- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -2776,7 +2776,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
ADMX Info:
-- GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains*
+- GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains*
- GP name: *VerMgmtDomainAllowlist*
- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -2828,7 +2828,7 @@ If you do not configure this policy setting, users choose whether to force local
ADMX Info:
-- GP english name: *Intranet Sites: Include all local (intranet) sites not listed in other zones*
+- GP English name: *Intranet Sites: Include all local (intranet) sites not listed in other zones*
- GP name: *IZ_IncludeUnspecifiedLocalSites*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -2880,7 +2880,7 @@ If you do not configure this policy setting, users choose whether network paths
ADMX Info:
-- GP english name: *Intranet Sites: Include all network paths (UNCs)*
+- GP English name: *Intranet Sites: Include all network paths (UNCs)*
- GP name: *IZ_UNCAsIntranet*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -2932,7 +2932,7 @@ If you do not configure this policy setting, users cannot load a page in the zon
ADMX Info:
-- GP english name: *Access data sources across domains*
+- GP English name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -2984,7 +2984,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
-- GP english name: *Automatic prompting for ActiveX controls*
+- GP English name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3034,7 +3034,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
-- GP english name: *Automatic prompting for file downloads*
+- GP English name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3078,7 +3078,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow cut, copy or paste operations from the clipboard via script*
+- GP English name: *Allow cut, copy or paste operations from the clipboard via script*
- GP name: *IZ_PolicyAllowPasteViaScript_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3122,7 +3122,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow drag and drop or copy and paste files*
+- GP English name: *Allow drag and drop or copy and paste files*
- GP name: *IZ_PolicyDropOrPasteFiles_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3174,7 +3174,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
-- GP english name: *Allow font downloads*
+- GP English name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3226,7 +3226,7 @@ If you do not configure this policy setting, Web sites from less privileged zone
ADMX Info:
-- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+- GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3270,7 +3270,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow loading of XAML files*
+- GP English name: *Allow loading of XAML files*
- GP name: *IZ_Policy_XAML_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3322,7 +3322,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3366,7 +3366,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow only approved domains to use ActiveX controls without prompt*
+- GP English name: *Allow only approved domains to use ActiveX controls without prompt*
- GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3410,7 +3410,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow only approved domains to use the TDC ActiveX control*
+- GP English name: *Allow only approved domains to use the TDC ActiveX control*
- GP name: *IZ_PolicyAllowTDCControl_Both_Internet*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3454,7 +3454,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow script-initiated windows without size or position constraints*
+- GP English name: *Allow script-initiated windows without size or position constraints*
- GP name: *IZ_PolicyWindowsRestrictionsURLaction_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3498,7 +3498,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow scripting of Internet Explorer WebBrowser controls*
+- GP English name: *Allow scripting of Internet Explorer WebBrowser controls*
- GP name: *IZ_Policy_WebBrowserControl_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3550,7 +3550,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
-- GP english name: *Allow scriptlets*
+- GP English name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3604,7 +3604,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
-- GP english name: *Turn on SmartScreen Filter scan*
+- GP English name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3648,7 +3648,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow updates to status bar via script*
+- GP English name: *Allow updates to status bar via script*
- GP name: *IZ_Policy_ScriptStatusBar_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3700,7 +3700,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
-- GP english name: *Userdata persistence*
+- GP English name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3744,7 +3744,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Don't run antimalware programs against ActiveX controls*
+- GP English name: *Don't run antimalware programs against ActiveX controls*
- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3788,7 +3788,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Download signed ActiveX controls*
+- GP English name: *Download signed ActiveX controls*
- GP name: *IZ_PolicyDownloadSignedActiveX_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3832,7 +3832,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Download unsigned ActiveX controls*
+- GP English name: *Download unsigned ActiveX controls*
- GP name: *IZ_PolicyDownloadUnsignedActiveX_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3876,7 +3876,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn on Cross-Site Scripting Filter*
+- GP English name: *Turn on Cross-Site Scripting Filter*
- GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3920,7 +3920,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Enable dragging of content from different domains across windows*
+- GP English name: *Enable dragging of content from different domains across windows*
- GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3964,7 +3964,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Enable dragging of content from different domains within a window*
+- GP English name: *Enable dragging of content from different domains within a window*
- GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4008,7 +4008,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Enable MIME Sniffing*
+- GP English name: *Enable MIME Sniffing*
- GP name: *IZ_PolicyMimeSniffingURLaction_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4052,7 +4052,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn on Protected Mode*
+- GP English name: *Turn on Protected Mode*
- GP name: *IZ_Policy_TurnOnProtectedMode_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4096,7 +4096,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Include local path when user is uploading files to a server*
+- GP English name: *Include local path when user is uploading files to a server*
- GP name: *IZ_Policy_LocalPathForUpload_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4150,7 +4150,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4223,7 +4223,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Java permissions*
+- GP English name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4267,7 +4267,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Launching applications and files in an IFRAME*
+- GP English name: *Launching applications and files in an IFRAME*
- GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4311,7 +4311,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Logon options*
+- GP English name: *Logon options*
- GP name: *IZ_PolicyLogon_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4363,7 +4363,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
-- GP english name: *Navigate windows and frames across different domains*
+- GP English name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4407,7 +4407,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4451,7 +4451,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components signed with Authenticode*
- GP name: *IZ_PolicySignedFrameworkComponentsURLaction_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4495,7 +4495,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Show security warning for potentially unsafe files*
+- GP English name: *Show security warning for potentially unsafe files*
- GP name: *IZ_Policy_UnsafeFiles_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4539,7 +4539,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Use Pop-up Blocker*
+- GP English name: *Use Pop-up Blocker*
- GP name: *IZ_PolicyBlockPopupWindows_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4583,7 +4583,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+- GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_1*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4635,7 +4635,7 @@ If you do not configure this policy setting, users are queried to choose whether
ADMX Info:
-- GP english name: *Access data sources across domains*
+- GP English name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4687,7 +4687,7 @@ If you do not configure this policy setting, users will receive a prompt when a
ADMX Info:
-- GP english name: *Automatic prompting for ActiveX controls*
+- GP English name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4737,7 +4737,7 @@ If you disable or do not configure this setting, users will receive a file downl
ADMX Info:
-- GP english name: *Automatic prompting for file downloads*
+- GP English name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4789,7 +4789,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
-- GP english name: *Allow font downloads*
+- GP English name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4841,7 +4841,7 @@ If you do not configure this policy setting, Web sites from less privileged zone
ADMX Info:
-- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+- GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4893,7 +4893,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4945,7 +4945,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
-- GP english name: *Allow scriptlets*
+- GP English name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4999,7 +4999,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
-- GP english name: *Turn on SmartScreen Filter scan*
+- GP English name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5051,7 +5051,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
-- GP english name: *Userdata persistence*
+- GP English name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5095,7 +5095,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Don't run antimalware programs against ActiveX controls*
+- GP English name: *Don't run antimalware programs against ActiveX controls*
- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5149,7 +5149,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5193,7 +5193,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5237,7 +5237,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Java permissions*
+- GP English name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5289,7 +5289,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
-- GP english name: *Navigate windows and frames across different domains*
+- GP English name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5341,7 +5341,7 @@ If you do not configure this policy setting, users can load a page in the zone t
ADMX Info:
-- GP english name: *Access data sources across domains*
+- GP English name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5393,7 +5393,7 @@ If you do not configure this policy setting, users will receive a prompt when a
ADMX Info:
-- GP english name: *Automatic prompting for ActiveX controls*
+- GP English name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5443,7 +5443,7 @@ If you disable or do not configure this setting, users will receive a file downl
ADMX Info:
-- GP english name: *Automatic prompting for file downloads*
+- GP English name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5495,7 +5495,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
-- GP english name: *Allow font downloads*
+- GP English name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5547,7 +5547,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
-- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+- GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5599,7 +5599,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5651,7 +5651,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
-- GP english name: *Allow scriptlets*
+- GP English name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5705,7 +5705,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
-- GP english name: *Turn on SmartScreen Filter scan*
+- GP English name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5757,7 +5757,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
-- GP english name: *Userdata persistence*
+- GP English name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5801,7 +5801,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Don't run antimalware programs against ActiveX controls*
+- GP English name: *Don't run antimalware programs against ActiveX controls*
- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5855,7 +5855,7 @@ If you do not configure this policy setting, users are queried whether to allow
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5899,7 +5899,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Java permissions*
+- GP English name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5951,7 +5951,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
-- GP english name: *Navigate windows and frames across different domains*
+- GP English name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -6003,7 +6003,7 @@ If you do not configure this policy setting, users cannot load a page in the zon
ADMX Info:
-- GP english name: *Access data sources across domains*
+- GP English name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6055,7 +6055,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
-- GP english name: *Automatic prompting for ActiveX controls*
+- GP English name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_2*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6105,7 +6105,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
-- GP english name: *Automatic prompting for file downloads*
+- GP English name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_2*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6157,7 +6157,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
-- GP english name: *Allow font downloads*
+- GP English name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_2*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6209,7 +6209,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
-- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+- GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_2*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6261,7 +6261,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6313,7 +6313,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
-- GP english name: *Allow scriptlets*
+- GP English name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_2*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6367,7 +6367,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
-- GP english name: *Turn on SmartScreen Filter scan*
+- GP English name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_2*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6419,7 +6419,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
-- GP english name: *Userdata persistence*
+- GP English name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_2*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6473,7 +6473,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6517,7 +6517,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Java permissions*
+- GP English name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_2*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6569,7 +6569,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
-- GP english name: *Navigate windows and frames across different domains*
+- GP English name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6621,7 +6621,7 @@ If you do not configure this policy setting, users are queried to choose whether
ADMX Info:
-- GP english name: *Access data sources across domains*
+- GP English name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6673,7 +6673,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
-- GP english name: *Automatic prompting for ActiveX controls*
+- GP English name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_4*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6723,7 +6723,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
-- GP english name: *Automatic prompting for file downloads*
+- GP English name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_4*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6775,7 +6775,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
-- GP english name: *Allow font downloads*
+- GP English name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_4*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6827,7 +6827,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
-- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+- GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_4*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6879,7 +6879,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6931,7 +6931,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
-- GP english name: *Allow scriptlets*
+- GP English name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_4*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6985,7 +6985,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
-- GP english name: *Turn on SmartScreen Filter scan*
+- GP English name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_4*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -7037,7 +7037,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
-- GP english name: *Userdata persistence*
+- GP English name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_4*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -7091,7 +7091,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -7143,7 +7143,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
-- GP english name: *Navigate windows and frames across different domains*
+- GP English name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -7195,7 +7195,7 @@ If you do not configure this policy setting, users can load a page in the zone t
ADMX Info:
-- GP english name: *Access data sources across domains*
+- GP English name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7247,7 +7247,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
-- GP english name: *Automatic prompting for ActiveX controls*
+- GP English name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_10*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7297,7 +7297,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
-- GP english name: *Automatic prompting for file downloads*
+- GP English name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_10*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7349,7 +7349,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
-- GP english name: *Allow font downloads*
+- GP English name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_10*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7401,7 +7401,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
-- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+- GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_10*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7453,7 +7453,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7505,7 +7505,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
-- GP english name: *Allow scriptlets*
+- GP English name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_10*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7559,7 +7559,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
-- GP english name: *Turn on SmartScreen Filter scan*
+- GP English name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_10*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7611,7 +7611,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
-- GP english name: *Userdata persistence*
+- GP English name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_10*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7665,7 +7665,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7709,7 +7709,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Java permissions*
+- GP English name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_10*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7761,7 +7761,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
-- GP english name: *Navigate windows and frames across different domains*
+- GP English name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7813,7 +7813,7 @@ If you do not configure this policy setting, users cannot load a page in the zon
ADMX Info:
-- GP english name: *Access data sources across domains*
+- GP English name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -7865,7 +7865,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
-- GP english name: *Automatic prompting for ActiveX controls*
+- GP English name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_8*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -7915,7 +7915,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
-- GP english name: *Automatic prompting for file downloads*
+- GP English name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_8*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -7967,7 +7967,7 @@ If you do not configure this policy setting, users are queried whether to allow
ADMX Info:
-- GP english name: *Allow font downloads*
+- GP English name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_8*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8019,7 +8019,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
-- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+- GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_8*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8071,7 +8071,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8123,7 +8123,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
-- GP english name: *Allow scriptlets*
+- GP English name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_8*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8177,7 +8177,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
-- GP english name: *Turn on SmartScreen Filter scan*
+- GP English name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_8*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8229,7 +8229,7 @@ If you do not configure this policy setting, users cannot preserve information i
ADMX Info:
-- GP english name: *Userdata persistence*
+- GP English name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_8*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8283,7 +8283,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8327,7 +8327,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Java permissions*
+- GP English name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_8*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8379,7 +8379,7 @@ If you do not configure this policy setting, users cannot open other windows and
ADMX Info:
-- GP english name: *Navigate windows and frames across different domains*
+- GP English name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8431,7 +8431,7 @@ If you do not configure this policy setting, users can load a page in the zone t
ADMX Info:
-- GP english name: *Access data sources across domains*
+- GP English name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8483,7 +8483,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
-- GP english name: *Automatic prompting for ActiveX controls*
+- GP English name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_6*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8533,7 +8533,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
-- GP english name: *Automatic prompting for file downloads*
+- GP English name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_6*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8585,7 +8585,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
-- GP english name: *Allow font downloads*
+- GP English name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_6*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8637,7 +8637,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
-- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+- GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_6*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8689,7 +8689,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8741,7 +8741,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
-- GP english name: *Allow scriptlets*
+- GP English name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_6*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8795,7 +8795,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
-- GP english name: *Turn on SmartScreen Filter scan*
+- GP English name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_6*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8847,7 +8847,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
-- GP english name: *Userdata persistence*
+- GP English name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_6*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8901,7 +8901,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8945,7 +8945,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Java permissions*
+- GP English name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_6*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8997,7 +8997,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
-- GP english name: *Navigate windows and frames across different domains*
+- GP English name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9041,7 +9041,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Internet Explorer Processes*
+- GP English name: *Internet Explorer Processes*
- GP name: *IESF_PolicyExplorerProcesses_3*
- GP path: *Windows Components/Internet Explorer/Security Features/MK Protocol Security Restriction*
- GP ADMX file name: *inetres.admx*
@@ -9085,7 +9085,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Internet Explorer Processes*
+- GP English name: *Internet Explorer Processes*
- GP name: *IESF_PolicyExplorerProcesses_6*
- GP path: *Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature*
- GP ADMX file name: *inetres.admx*
@@ -9129,7 +9129,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Internet Explorer Processes*
+- GP English name: *Internet Explorer Processes*
- GP name: *IESF_PolicyExplorerProcesses_10*
- GP path: *Windows Components/Internet Explorer/Security Features/Notification bar*
- GP ADMX file name: *inetres.admx*
@@ -9173,7 +9173,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Prevent managing SmartScreen Filter*
+- GP English name: *Prevent managing SmartScreen Filter*
- GP name: *Disable_Managing_Safety_Filter_IE9*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -9217,7 +9217,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Prevent per-user installation of ActiveX controls*
+- GP English name: *Prevent per-user installation of ActiveX controls*
- GP name: *DisablePerUserActiveXInstall*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -9261,7 +9261,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *All Processes*
+- GP English name: *All Processes*
- GP name: *IESF_PolicyAllProcesses_9*
- GP path: *Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation*
- GP ADMX file name: *inetres.admx*
@@ -9305,7 +9305,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer *
+- GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer *
- GP name: *VerMgmtDisableRunThisTime*
- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -9349,7 +9349,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *All Processes*
+- GP English name: *All Processes*
- GP name: *IESF_PolicyAllProcesses_11*
- GP path: *Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install*
- GP ADMX file name: *inetres.admx*
@@ -9393,7 +9393,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *All Processes*
+- GP English name: *All Processes*
- GP name: *IESF_PolicyAllProcesses_12*
- GP path: *Windows Components/Internet Explorer/Security Features/Restrict File Download*
- GP ADMX file name: *inetres.admx*
@@ -9445,7 +9445,7 @@ If you do not configure this policy setting, users cannot load a page in the zon
ADMX Info:
-- GP english name: *Access data sources across domains*
+- GP English name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9489,7 +9489,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow active scripting*
+- GP English name: *Allow active scripting*
- GP name: *IZ_PolicyActiveScripting_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9541,7 +9541,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
-- GP english name: *Automatic prompting for ActiveX controls*
+- GP English name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9591,7 +9591,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
-- GP english name: *Automatic prompting for file downloads*
+- GP English name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9635,7 +9635,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow binary and script behaviors*
+- GP English name: *Allow binary and script behaviors*
- GP name: *IZ_PolicyBinaryBehaviors_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9679,7 +9679,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow cut, copy or paste operations from the clipboard via script*
+- GP English name: *Allow cut, copy or paste operations from the clipboard via script*
- GP name: *IZ_PolicyAllowPasteViaScript_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9723,7 +9723,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow drag and drop or copy and paste files*
+- GP English name: *Allow drag and drop or copy and paste files*
- GP name: *IZ_PolicyDropOrPasteFiles_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9767,7 +9767,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow file downloads*
+- GP English name: *Allow file downloads*
- GP name: *IZ_PolicyFileDownload_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9819,7 +9819,7 @@ If you do not configure this policy setting, users are queried whether to allow
ADMX Info:
-- GP english name: *Allow font downloads*
+- GP English name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9871,7 +9871,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
-- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+- GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9915,7 +9915,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow loading of XAML files*
+- GP English name: *Allow loading of XAML files*
- GP name: *IZ_Policy_XAML_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9959,7 +9959,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow META REFRESH*
+- GP English name: *Allow META REFRESH*
- GP name: *IZ_PolicyAllowMETAREFRESH_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10011,7 +10011,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10055,7 +10055,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow only approved domains to use ActiveX controls without prompt*
+- GP English name: *Allow only approved domains to use ActiveX controls without prompt*
- GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10099,7 +10099,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow only approved domains to use the TDC ActiveX control*
+- GP English name: *Allow only approved domains to use the TDC ActiveX control*
- GP name: *IZ_PolicyAllowTDCControl_Both_Restricted*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10143,7 +10143,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow script-initiated windows without size or position constraints*
+- GP English name: *Allow script-initiated windows without size or position constraints*
- GP name: *IZ_PolicyWindowsRestrictionsURLaction_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10187,7 +10187,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow scripting of Internet Explorer WebBrowser controls*
+- GP English name: *Allow scripting of Internet Explorer WebBrowser controls*
- GP name: *IZ_Policy_WebBrowserControl_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10239,7 +10239,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
-- GP english name: *Allow scriptlets*
+- GP English name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10293,7 +10293,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
-- GP english name: *Turn on SmartScreen Filter scan*
+- GP English name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10337,7 +10337,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow updates to status bar via script*
+- GP English name: *Allow updates to status bar via script*
- GP name: *IZ_Policy_ScriptStatusBar_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10389,7 +10389,7 @@ If you do not configure this policy setting, users cannot preserve information i
ADMX Info:
-- GP english name: *Userdata persistence*
+- GP English name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10433,7 +10433,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Don't run antimalware programs against ActiveX controls*
+- GP English name: *Don't run antimalware programs against ActiveX controls*
- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10477,7 +10477,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Download signed ActiveX controls*
+- GP English name: *Download signed ActiveX controls*
- GP name: *IZ_PolicyDownloadSignedActiveX_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10521,7 +10521,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Download unsigned ActiveX controls*
+- GP English name: *Download unsigned ActiveX controls*
- GP name: *IZ_PolicyDownloadUnsignedActiveX_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10565,7 +10565,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn on Cross-Site Scripting Filter*
+- GP English name: *Turn on Cross-Site Scripting Filter*
- GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10609,7 +10609,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Enable dragging of content from different domains across windows*
+- GP English name: *Enable dragging of content from different domains across windows*
- GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10653,7 +10653,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Enable dragging of content from different domains within a window*
+- GP English name: *Enable dragging of content from different domains within a window*
- GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10697,7 +10697,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Enable MIME Sniffing*
+- GP English name: *Enable MIME Sniffing*
- GP name: *IZ_PolicyMimeSniffingURLaction_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10741,7 +10741,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Include local path when user is uploading files to a server*
+- GP English name: *Include local path when user is uploading files to a server*
- GP name: *IZ_Policy_LocalPathForUpload_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10795,7 +10795,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10839,7 +10839,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Java permissions*
+- GP English name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10883,7 +10883,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Launching applications and files in an IFRAME*
+- GP English name: *Launching applications and files in an IFRAME*
- GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10927,7 +10927,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Logon options*
+- GP English name: *Logon options*
- GP name: *IZ_PolicyLogon_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10979,7 +10979,7 @@ If you do not configure this policy setting, users cannot open other windows and
ADMX Info:
-- GP english name: *Navigate windows and frames across different domains*
+- GP English name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11023,7 +11023,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Navigate windows and frames across different domains*
+- GP English name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11067,7 +11067,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Run ActiveX controls and plugins*
+- GP English name: *Run ActiveX controls and plugins*
- GP name: *IZ_PolicyRunActiveXControls_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11111,7 +11111,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components signed with Authenticode*
- GP name: *IZ_PolicySignedFrameworkComponentsURLaction_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11155,7 +11155,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Script ActiveX controls marked safe for scripting*
+- GP English name: *Script ActiveX controls marked safe for scripting*
- GP name: *IZ_PolicyScriptActiveXMarkedSafe_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11199,7 +11199,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Scripting of Java applets*
+- GP English name: *Scripting of Java applets*
- GP name: *IZ_PolicyScriptingOfJavaApplets_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11243,7 +11243,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Show security warning for potentially unsafe files*
+- GP English name: *Show security warning for potentially unsafe files*
- GP name: *IZ_Policy_UnsafeFiles_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11287,7 +11287,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn on Cross-Site Scripting Filter*
+- GP English name: *Turn on Cross-Site Scripting Filter*
- GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11331,7 +11331,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn on Protected Mode*
+- GP English name: *Turn on Protected Mode*
- GP name: *IZ_Policy_TurnOnProtectedMode_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11375,7 +11375,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Use Pop-up Blocker*
+- GP English name: *Use Pop-up Blocker*
- GP name: *IZ_PolicyBlockPopupWindows_7*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11419,7 +11419,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *All Processes*
+- GP English name: *All Processes*
- GP name: *IESF_PolicyAllProcesses_8*
- GP path: *Windows Components/Internet Explorer/Security Features/Scripted Window Security Restrictions*
- GP ADMX file name: *inetres.admx*
@@ -11469,7 +11469,7 @@ If you disable or do not configure this policy setting, the user can configure h
ADMX Info:
-- GP english name: *Restrict search providers to a specific list*
+- GP English name: *Restrict search providers to a specific list*
- GP name: *SpecificSearchProvider*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -11513,7 +11513,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Security Zones: Use only machine settings *
+- GP English name: *Security Zones: Use only machine settings *
- GP name: *Security_HKLM_only*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -11557,7 +11557,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Specify use of ActiveX Installer Service for installation of ActiveX controls*
+- GP English name: *Specify use of ActiveX Installer Service for installation of ActiveX controls*
- GP name: *OnlyUseAXISForActiveXInstall*
- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -11609,7 +11609,7 @@ If you do not configure this policy setting, users can load a page in the zone t
ADMX Info:
-- GP english name: *Access data sources across domains*
+- GP English name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11661,7 +11661,7 @@ If you do not configure this policy setting, users will receive a prompt when a
ADMX Info:
-- GP english name: *Automatic prompting for ActiveX controls*
+- GP English name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11711,7 +11711,7 @@ If you disable or do not configure this setting, users will receive a file downl
ADMX Info:
-- GP english name: *Automatic prompting for file downloads*
+- GP English name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11763,7 +11763,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
-- GP english name: *Allow font downloads*
+- GP English name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11815,7 +11815,7 @@ If you do not configure this policy setting, a warning is issued to the user tha
ADMX Info:
-- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+- GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11867,7 +11867,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi
ADMX Info:
-- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+- GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11919,7 +11919,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
-- GP english name: *Allow scriptlets*
+- GP English name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11973,7 +11973,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
-- GP english name: *Turn on SmartScreen Filter scan*
+- GP English name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -12025,7 +12025,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
-- GP english name: *Userdata persistence*
+- GP English name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -12069,7 +12069,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Don't run antimalware programs against ActiveX controls*
+- GP English name: *Don't run antimalware programs against ActiveX controls*
- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -12113,7 +12113,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Don't run antimalware programs against ActiveX controls*
+- GP English name: *Don't run antimalware programs against ActiveX controls*
- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -12167,7 +12167,7 @@ If you do not configure this policy setting, users are queried whether to allow
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -12211,7 +12211,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -12255,7 +12255,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Initialize and script ActiveX controls not marked as safe*
+- GP English name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -12299,7 +12299,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Java permissions*
+- GP English name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -12351,7 +12351,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
-- GP english name: *Navigate windows and frames across different domains*
+- GP English name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5*
- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index f415128684..d4683f4ded 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Kerberos
@@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, the Kerberos client does
ADMX Info:
-- GP english name: *Use forest search order*
+- GP English name: *Use forest search order*
- GP name: *ForestSearch*
- GP path: *System/Kerberos*
- GP ADMX file name: *Kerberos.admx*
@@ -111,7 +111,7 @@ If you disable or do not configure this policy setting, the client devices will
ADMX Info:
-- GP english name: *Kerberos client support for claims, compound authentication and Kerberos armoring*
+- GP English name: *Kerberos client support for claims, compound authentication and Kerberos armoring*
- GP name: *EnableCbacAndArmor*
- GP path: *System/Kerberos*
- GP ADMX file name: *Kerberos.admx*
@@ -165,7 +165,7 @@ If you disable or do not configure this policy setting, the client computers in
ADMX Info:
-- GP english name: *Fail authentication requests when Kerberos armoring is not available*
+- GP English name: *Fail authentication requests when Kerberos armoring is not available*
- GP name: *ClientRequireFast*
- GP path: *System/Kerberos*
- GP ADMX file name: *Kerberos.admx*
@@ -215,7 +215,7 @@ If you disable or do not configure this policy setting, the Kerberos client requ
ADMX Info:
-- GP english name: *Require strict KDC validation*
+- GP English name: *Require strict KDC validation*
- GP name: *ValidateKDC*
- GP path: *System/Kerberos*
- GP ADMX file name: *Kerberos.admx*
@@ -269,7 +269,7 @@ Note: This policy setting configures the existing MaxTokenSize registry value in
ADMX Info:
-- GP english name: *Set maximum Kerberos SSPI context token buffer size*
+- GP English name: *Set maximum Kerberos SSPI context token buffer size*
- GP name: *MaxTokenSize*
- GP path: *System/Kerberos*
- GP ADMX file name: *Kerberos.admx*
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index e0cc238f3e..a8f855bc5e 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Licensing
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 627363f336..5eb02ceae2 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - LocalPoliciesSecurityOptions
@@ -672,46 +672,6 @@ Valid values:
- 0 - disabled
- 1 - enabled (allow system to be shut down without having to log on)
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
-
-
-
-
-**LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode**
-
-
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
-
-
-
-
3
-
3
-
3
-
3
-
-
-
-
-
-
-
-User Account Control: Turn on Admin Approval Mode
-
-This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
-
-The options are:
-- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
-- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
-
-
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
@@ -931,6 +891,46 @@ The options are:
- 0 - Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.
- 1 - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+
+
+
+**LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
3
+
3
+
3
+
3
+
+
+
+
+
+
+
+User Account Control: Turn on Admin Approval Mode
+
+This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
+
+The options are:
+- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
+
+
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md
index 2b3d3a2b35..130111a793 100644
--- a/windows/client-management/mdm/policy-csp-location.md
+++ b/windows/client-management/mdm/policy-csp-location.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Location
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index c207e57f39..ff2b494dee 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - LockDown
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index 9e719e5b3b..40abac41bc 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Maps
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index 1734984fd4..edaff6765e 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Messaging
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index fba5342cac..3196840a3b 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - NetworkIsolation
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index a1c092d0df..2a291f8ba6 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Notifications
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 24bb80fa7e..17298b3cdf 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Power
@@ -62,7 +62,7 @@ If you disable this policy setting, standby states (S1-S3) are not allowed.
ADMX Info:
-- GP english name: *Allow standby states (S1-S3) when sleeping (plugged in)*
+- GP English name: *Allow standby states (S1-S3) when sleeping (plugged in)*
- GP name: *AllowStandbyStatesAC_2*
- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
@@ -114,7 +114,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn off the display (on battery)*
+- GP English name: *Turn off the display (on battery)*
- GP name: *VideoPowerDownTimeOutDC_2*
- GP path: *System/Power Management/Video and Display Settings*
- GP ADMX file name: *power.admx*
@@ -166,7 +166,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn off the display (plugged in)*
+- GP English name: *Turn off the display (plugged in)*
- GP name: *VideoPowerDownTimeOutAC_2*
- GP path: *System/Power Management/Video and Display Settings*
- GP ADMX file name: *power.admx*
@@ -219,7 +219,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Specify the system hibernate timeout (on battery)*
+- GP English name: *Specify the system hibernate timeout (on battery)*
- GP name: *DCHibernateTimeOut_2*
- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
@@ -271,7 +271,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Specify the system hibernate timeout (plugged in)*
+- GP English name: *Specify the system hibernate timeout (plugged in)*
- GP name: *ACHibernateTimeOut_2*
- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
@@ -321,7 +321,7 @@ If you disable this policy setting, the user is not prompted for a password when
ADMX Info:
-- GP english name: *Require a password when a computer wakes (on battery)*
+- GP English name: *Require a password when a computer wakes (on battery)*
- GP name: *DCPromptForPasswordOnResume_2*
- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
@@ -371,7 +371,7 @@ If you disable this policy setting, the user is not prompted for a password when
ADMX Info:
-- GP english name: *Require a password when a computer wakes (plugged in)*
+- GP English name: *Require a password when a computer wakes (plugged in)*
- GP name: *ACPromptForPasswordOnResume_2*
- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
@@ -423,7 +423,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Specify the system sleep timeout (on battery)*
+- GP English name: *Specify the system sleep timeout (on battery)*
- GP name: *DCStandbyTimeOut_2*
- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
@@ -475,7 +475,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Specify the system sleep timeout (plugged in)*
+- GP English name: *Specify the system sleep timeout (plugged in)*
- GP name: *ACStandbyTimeOut_2*
- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 7d17fff50b..ffd1d93c3c 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Printers
@@ -75,8 +75,9 @@ If you disable this policy setting:
ADMX Info:
-- GP english name: *Point and Print Restrictions*
+- GP English name: *Point and Print Restrictions*
- GP name: *PointAndPrint_Restrictions_Win7*
+- GP path: *Printers*
- GP ADMX file name: *Printing.admx*
@@ -137,7 +138,7 @@ If you disable this policy setting:
ADMX Info:
-- GP english name: *Point and Print Restrictions*
+- GP English name: *Point and Print Restrictions*
- GP name: *PointAndPrint_Restrictions*
- GP path: *Control Panel/Printers*
- GP ADMX file name: *Printing.admx*
@@ -189,8 +190,9 @@ Note: This settings takes priority over the setting "Automatically publish new p
ADMX Info:
-- GP english name: *Allow printers to be published*
+- GP English name: *Allow printers to be published*
- GP name: *PublishPrinters*
+- GP path: *Printers*
- GP ADMX file name: *Printing2.admx*
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index a390391af7..fae39d1341 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/21/2017
+ms.date: 08/30/2017
---
# Policy CSP - Privacy
@@ -34,11 +34,11 @@ ms.date: 08/21/2017
Mobile Enterprise
-
1
-
1
+
3
+
3
-
1
-
1
+
3
+
3
@@ -48,6 +48,9 @@ ms.date: 08/21/2017
Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
+> [!Note]
+> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
+
The following list shows the supported values:
- 0 (default)– Not allowed.
@@ -2590,7 +2593,7 @@ Footnote:
## Privacy policies supported by Windows Holographic for Business
-- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
+- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)
- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)
- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)
@@ -2627,6 +2630,5 @@ Footnote:
- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)
- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)
- [Privacy/PublishUserActivities](#privacy-publishuseractivities)
-
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index b8964b01a1..61751bca3b 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - RemoteAssistance
@@ -68,7 +68,7 @@ If you do not configure this policy setting, the user sees the default warning m
ADMX Info:
-- GP english name: *Customize warning messages*
+- GP English name: *Customize warning messages*
- GP name: *RA_Options*
- GP path: *System/Remote Assistance*
- GP ADMX file name: *remoteassistance.admx*
@@ -120,7 +120,7 @@ If you do not configure this setting, application-based settings are used.
ADMX Info:
-- GP english name: *Turn on session logging*
+- GP English name: *Turn on session logging*
- GP name: *RA_Logging*
- GP path: *System/Remote Assistance*
- GP ADMX file name: *remoteassistance.admx*
@@ -180,7 +180,7 @@ If you enable this policy setting you should also enable appropriate firewall ex
ADMX Info:
-- GP english name: *Configure Solicited Remote Assistance*
+- GP English name: *Configure Solicited Remote Assistance*
- GP name: *RA_Solicit*
- GP path: *System/Remote Assistance*
- GP ADMX file name: *remoteassistance.admx*
@@ -263,7 +263,7 @@ Allow Remote Desktop Exception
ADMX Info:
-- GP english name: *Configure Offer Remote Assistance*
+- GP English name: *Configure Offer Remote Assistance*
- GP name: *RA_Unsolicit*
- GP path: *System/Remote Assistance*
- GP ADMX file name: *remoteassistance.admx*
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index fc802cbca7..411214069f 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - RemoteDesktopServices
@@ -68,7 +68,7 @@ You can limit the number of users who can connect simultaneously by configuring
ADMX Info:
-- GP english name: *Allow users to connect remotely by using Remote Desktop Services*
+- GP English name: *Allow users to connect remotely by using Remote Desktop Services*
- GP name: *TS_DISABLE_CONNECTIONS*
- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections*
- GP ADMX file name: *terminalserver.admx*
@@ -128,7 +128,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
ADMX Info:
-- GP english name: *Set client connection encryption level*
+- GP English name: *Set client connection encryption level*
- GP name: *TS_ENCRYPTION_POLICY*
- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
- GP ADMX file name: *terminalserver.admx*
@@ -182,7 +182,7 @@ If you do not configure this policy setting, client drive redirection and Clipbo
ADMX Info:
-- GP english name: *Do not allow drive redirection*
+- GP English name: *Do not allow drive redirection*
- GP name: *TS_CLIENT_DRIVE_M*
- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection*
- GP ADMX file name: *terminalserver.admx*
@@ -232,7 +232,7 @@ If you disable this setting or leave it not configured, the user will be able to
ADMX Info:
-- GP english name: *Do not allow passwords to be saved*
+- GP English name: *Do not allow passwords to be saved*
- GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2*
- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client*
- GP ADMX file name: *terminalserver.admx*
@@ -288,7 +288,7 @@ If you do not configure this policy setting, automatic logon is not specified at
ADMX Info:
-- GP english name: *Always prompt for password upon connection*
+- GP English name: *Always prompt for password upon connection*
- GP name: *TS_PASSWORD*
- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
- GP ADMX file name: *terminalserver.admx*
@@ -344,7 +344,7 @@ Note: The RPC interface is used for administering and configuring Remote Desktop
ADMX Info:
-- GP english name: *Require secure RPC communication*
+- GP English name: *Require secure RPC communication*
- GP name: *TS_RPC_ENCRYPTION*
- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
- GP ADMX file name: *terminalserver.admx*
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index b1cd0e9207..d084b5d609 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - RemoteManagement
@@ -56,7 +56,7 @@ ms.date: 08/09/2017
ADMX Info:
-- GP english name: *Allow Basic authentication*
+- GP English name: *Allow Basic authentication*
- GP name: *AllowBasic_2*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -100,7 +100,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow Basic authentication*
+- GP English name: *Allow Basic authentication*
- GP name: *AllowBasic_1*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -144,7 +144,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow CredSSP authentication*
+- GP English name: *Allow CredSSP authentication*
- GP name: *AllowCredSSP_2*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -188,7 +188,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow CredSSP authentication*
+- GP English name: *Allow CredSSP authentication*
- GP name: *AllowCredSSP_1*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -232,7 +232,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow remote server management through WinRM*
+- GP English name: *Allow remote server management through WinRM*
- GP name: *AllowAutoConfig*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -276,7 +276,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow unencrypted traffic*
+- GP English name: *Allow unencrypted traffic*
- GP name: *AllowUnencrypted_2*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -320,7 +320,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Allow unencrypted traffic*
+- GP English name: *Allow unencrypted traffic*
- GP name: *AllowUnencrypted_1*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -364,7 +364,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Disallow Digest authentication*
+- GP English name: *Disallow Digest authentication*
- GP name: *DisallowDigest*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -408,7 +408,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Disallow Negotiate authentication*
+- GP English name: *Disallow Negotiate authentication*
- GP name: *DisallowNegotiate_2*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -452,7 +452,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Disallow Negotiate authentication*
+- GP English name: *Disallow Negotiate authentication*
- GP name: *DisallowNegotiate_1*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -496,7 +496,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Disallow WinRM from storing RunAs credentials*
+- GP English name: *Disallow WinRM from storing RunAs credentials*
- GP name: *DisableRunAs*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -540,7 +540,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Specify channel binding token hardening level*
+- GP English name: *Specify channel binding token hardening level*
- GP name: *CBTHardeningLevel_1*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -584,7 +584,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Trusted Hosts*
+- GP English name: *Trusted Hosts*
- GP name: *TrustedHosts*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -628,7 +628,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn On Compatibility HTTP Listener*
+- GP English name: *Turn On Compatibility HTTP Listener*
- GP name: *HttpCompatibilityListener*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -672,7 +672,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Turn On Compatibility HTTPS Listener*
+- GP English name: *Turn On Compatibility HTTPS Listener*
- GP name: *HttpsCompatibilityListener*
- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index 00dd1a5001..dc1dab2c86 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - RemoteProcedureCall
@@ -66,7 +66,7 @@ Note: This policy will not be applied until the system is rebooted.
ADMX Info:
-- GP english name: *Enable RPC Endpoint Mapper Client Authentication*
+- GP English name: *Enable RPC Endpoint Mapper Client Authentication*
- GP name: *RpcEnableAuthEpResolution*
- GP path: *System/Remote Procedure Call*
- GP ADMX file name: *rpc.admx*
@@ -128,7 +128,7 @@ Note: This policy setting will not be applied until the system is rebooted.
ADMX Info:
-- GP english name: *Restrict Unauthenticated RPC clients*
+- GP English name: *Restrict Unauthenticated RPC clients*
- GP name: *RpcRestrictRemoteClients*
- GP path: *System/Remote Procedure Call*
- GP ADMX file name: *rpc.admx*
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index ddc13e6c8e..32309bdf9d 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - RemoteShell
@@ -56,7 +56,7 @@ ms.date: 08/09/2017
ADMX Info:
-- GP english name: *Allow Remote Shell Access*
+- GP English name: *Allow Remote Shell Access*
- GP name: *AllowRemoteShellAccess*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
@@ -100,7 +100,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *MaxConcurrentUsers*
+- GP English name: *MaxConcurrentUsers*
- GP name: *MaxConcurrentUsers*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
@@ -144,7 +144,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Specify idle Timeout*
+- GP English name: *Specify idle Timeout*
- GP name: *IdleTimeout*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
@@ -188,7 +188,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Specify maximum amount of memory in MB per Shell*
+- GP English name: *Specify maximum amount of memory in MB per Shell*
- GP name: *MaxMemoryPerShellMB*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
@@ -232,7 +232,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Specify maximum number of processes per Shell*
+- GP English name: *Specify maximum number of processes per Shell*
- GP name: *MaxProcessesPerShell*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
@@ -276,7 +276,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Specify maximum number of remote shells per user*
+- GP English name: *Specify maximum number of remote shells per user*
- GP name: *MaxShellsPerUser*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
@@ -320,7 +320,7 @@ ADMX Info:
ADMX Info:
-- GP english name: *Specify Shell Timeout*
+- GP English name: *Specify Shell Timeout*
- GP name: *ShellTimeOut*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index d5f5c4ad2d..8c510ae5c1 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Search
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index 0472962b49..229903014f 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Security
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 66b1036ad7..50a3295347 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Settings
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index f9c43718a4..adc515f986 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - SmartScreen
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index a8f70bedb6..833057f11a 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Speech
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 6c0dd2a75b..75e90f86a0 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Start
@@ -448,10 +448,10 @@ ms.date: 08/09/2017
-
2
+
3
-
2
-
2
+
3
+
3
@@ -462,7 +462,10 @@ ms.date: 08/09/2017
> [!NOTE]
> This policy requires reboot to take effect.
-
Added in Windows 10, version 1703. Allows IT Admins to configure Start by collapsing or removing the all apps list.
+
Allows IT Admins to configure Start by collapsing or removing the all apps list.
+
+> [!Note]
+> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
The following list shows the supported values:
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index b0dcf3a30b..e73be79d8b 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Storage
@@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, Windows will activate un
ADMX Info:
-- GP english name: *Do not allow Windows to activate Enhanced Storage devices*
+- GP English name: *Do not allow Windows to activate Enhanced Storage devices*
- GP name: *TCGSecurityActivationDisabled*
- GP path: *System/Enhanced Storage Access*
- GP ADMX file name: *enhancedstorage.admx*
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index bd2ca894b5..53b9ec2f30 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - System
@@ -546,7 +546,7 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu
ADMX Info:
-- GP english name: *Turn off System Restore*
+- GP English name: *Turn off System Restore*
- GP name: *SR_DisableSR*
- GP path: *System/System Restore*
- GP ADMX file name: *systemrestore.admx*
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 8f0523789d..08041394b9 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - TextInput
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 2ccd9541ad..5eba1aac1c 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - TimeLanguageSettings
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index f057cd47c6..e3a796b41d 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Update
@@ -46,10 +46,6 @@ ms.date: 08/09/2017
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
> [!NOTE]
@@ -88,10 +84,6 @@ ms.date: 08/09/2017
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
Supported values are 8-18.
@@ -127,10 +119,6 @@ ms.date: 08/09/2017
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
> [!NOTE]
@@ -169,10 +157,6 @@ ms.date: 08/09/2017
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Enables the IT admin to manage automatic update behavior to scan, download, and install updates.
Supported operations are Get and Replace.
@@ -192,6 +176,43 @@ ms.date: 08/09/2017
If the policy is not configured, end-users get the default behavior (Auto install and restart).
+
+
+
+**Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
3
+
3
+
3
+
3
+
+
+
+
+
+
+
+
Added in Windows 10, version 1709. Option to download updates automatically over metered connections (off by default). Value type is integer.
+
+- 0 (default) - Not allowed
+- 1 - Allowed
+
+A significant number of devices primarily use cellular data and do not have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates.
+
+This policy is accessible through the Update setting in the user interface or Group Policy.
@@ -221,10 +242,6 @@ ms.date: 08/09/2017
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
-
-
Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
The following list shows the supported values:
@@ -261,10 +278,6 @@ ms.date: 08/09/2017
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution.
Supported operations are Get and Replace.
@@ -305,10 +318,6 @@ ms.date: 08/09/2017
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Windows Store.
Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Windows Store
@@ -387,10 +396,6 @@ ms.date: 08/09/2017
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.
Supported values are 15, 30, 60, 120, and 240 (minutes).
@@ -426,10 +431,6 @@ ms.date: 08/09/2017
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed.
The following list shows the supported values:
@@ -466,10 +467,6 @@ ms.date: 08/09/2017
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
The following list shows the supported values:
@@ -506,8 +503,6 @@ ms.date: 08/09/2017
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days.
@@ -546,10 +541,6 @@ ms.date: 08/09/2017
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.
Supported values are 0-30.
@@ -584,8 +575,6 @@ ms.date: 08/09/2017
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
->
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
@@ -683,8 +672,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
->
> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
>
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
@@ -729,6 +716,46 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours.
+
+
+
+**Update/DisableDualScan**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
3
+
3
+
3
+
3
+
+
+
+
+
+
+
+
Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
+
+
For more information about dual scan, see [Demystifying "Dual Scan"](https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan/) and [Improving Dual Scan on 1607](https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/).
+
+- 0 - allow scan against Windows Update
+- 1 - do not allow update deferral policies to cause scans against Windows Update
+
+
This is the same as the Group Policy in Windows Components > Window Update "Do not allow update deferral policies to cause scans against Windows Update."
+
+
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
@@ -758,10 +785,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling).
Supported values are 2-30 days.
@@ -797,10 +820,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications.
Supported values are 1-3 days.
@@ -836,10 +855,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
Supported values are 2-30 days.
@@ -876,7 +891,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates.
@@ -1051,8 +1065,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
->
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices.
@@ -1096,8 +1108,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
@@ -1170,9 +1180,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates.
The following list shows the supported values:
@@ -1243,8 +1250,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
->
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
@@ -1284,11 +1289,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-
> [!NOTE]
> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
@@ -1331,10 +1331,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.
Supported values are 15, 30, or 60 (minutes).
@@ -1409,10 +1405,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Enables the IT admin to schedule the day of the update installation.
The data type is a integer.
@@ -1677,10 +1669,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations.
The following list shows the supported values:
@@ -1753,9 +1741,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
> [!Important]
> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile.
@@ -1815,8 +1800,6 @@ Example
-> **Note** This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
-
Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 20616a5dfd..7d019f9c35 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - Wifi
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index b7a99ac6a7..ba85960f84 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - WindowsDefenderSecurityCenter
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index d196f035a8..32d34d88ec 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - WindowsInkWorkspace
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index cab3989529..22b96181e5 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - WindowsLogon
@@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, users can choose which a
ADMX Info:
-- GP english name: *Turn off app notifications on the lock screen*
+- GP English name: *Turn off app notifications on the lock screen*
- GP name: *DisableLockScreenAppNotifications*
- GP path: *System/Logon*
- GP ADMX file name: *logon.admx*
@@ -112,7 +112,7 @@ If you disable or don't configure this policy setting, any user can disconnect t
ADMX Info:
-- GP english name: *Do not display network selection UI*
+- GP English name: *Do not display network selection UI*
- GP name: *DontDisplayNetworkSelectionUI*
- GP path: *System/Logon*
- GP ADMX file name: *logon.admx*
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index 3086c439d8..ea09c4b3c7 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/09/2017
+ms.date: 08/30/2017
---
# Policy CSP - WirelessDisplay
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index ec16e08ca7..3e242783d4 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 06/30/2017
+ms.date: 08/23/2017
---
# Policy DDF file
@@ -21,6 +21,7 @@ You can download the DDF files from the links below:
- [Download the Policy DDF file for Windows 10, version 1703](http://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)
- [Download the Policy DDF file for Windows 10, version 1607](http://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml)
+- [Download the Policy DDF file for Windows 10, version 1607 release 8C](http://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)
- [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
The XML below is the DDF for Windows 10, version 1709.
@@ -353,6 +354,941 @@ The XML below is the DDF for Windows 10, version 1709.
+
+ Browser
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ AllowAddressBarDropdown
+
+
+
+
+
+
+
+ This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowAutofill
+
+
+
+
+
+
+
+ This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowBrowser
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowCookies
+
+
+
+
+
+
+
+ This setting lets you configure how your company deals with cookies.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowDeveloperTools
+
+
+
+
+
+
+
+ This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowDoNotTrack
+
+
+
+
+
+
+
+ This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowExtensions
+
+
+
+
+
+
+
+ This setting lets you decide whether employees can load extensions in Microsoft Edge.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowFlash
+
+
+
+
+
+
+
+ This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowFlashClickToRun
+
+
+
+
+
+
+
+ Configure the Adobe Flash Click-to-Run setting.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowInPrivate
+
+
+
+
+
+
+
+ This setting lets you decide whether employees can browse using InPrivate website browsing.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowMicrosoftCompatibilityList
+
+
+
+
+
+
+
+ This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat.
+
+If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
+
+If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowPasswordManager
+
+
+
+
+
+
+
+ This setting lets you decide whether employees can save their passwords locally, using Password Manager.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowPopups
+
+
+
+
+
+
+
+ This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowSearchEngineCustomization
+
+
+
+
+
+
+
+ Allow search engine customization for MDM enrolled devices. Users can change their default search engine.
+
+If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings.
+If this setting is disabled, users will be unable to add search engines or change the default used in the address bar.
+
+This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy).
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowSearchSuggestionsinAddressBar
+
+
+
+
+
+
+
+ This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowSmartScreen
+
+
+
+
+
+
+
+ This setting lets you decide whether to turn on Windows Defender SmartScreen.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AlwaysEnableBooksLibrary
+
+
+
+
+
+
+
+ Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ClearBrowsingDataOnExit
+
+
+
+
+
+
+
+ Specifies whether to always clear browsing history on exiting Microsoft Edge.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ConfigureAdditionalSearchEngines
+
+
+
+
+
+
+
+ Allows you to add up to 5 additional search engines for MDM-enrolled devices.
+
+If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default.
+
+If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine.
+
+Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableLockdownOfStartPages
+
+
+
+
+
+
+
+ Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect.
+
+Note: This policy has no effect when Browser/HomePages is not configured.
+
+Important
+This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ EnterpriseModeSiteList
+
+
+
+
+
+
+
+ This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ EnterpriseSiteListServiceUrl
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ FirstRunURL
+
+
+
+
+
+
+
+ Configure first run URL.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ HomePages
+
+
+
+
+
+
+
+ Configure the Start page URLs for your employees.
+Example:
+If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support.
+Encapsulate each string with greater than and less than characters like any other XML tag.
+
+Version 1703 or later: If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LockdownFavorites
+
+
+
+
+
+
+
+ This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
+
+If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
+
+Important
+Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+
+If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PreventAccessToAboutFlagsInMicrosoftEdge
+
+
+
+
+
+
+
+ Prevent access to the about:flags page in Microsoft Edge.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PreventFirstRunPage
+
+
+
+
+
+
+
+ Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop.
+
+Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PreventLiveTileDataCollection
+
+
+
+
+
+
+
+ This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
+
+Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PreventSmartScreenPromptOverride
+
+
+
+
+
+
+
+ Don't allow Windows Defender SmartScreen warning overrides
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PreventSmartScreenPromptOverrideForFiles
+
+
+
+
+
+
+
+ Don't allow Windows Defender SmartScreen warning overrides for unverified files.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PreventUsingLocalHostIPAddressForWebRTC
+
+
+
+
+
+
+
+ Prevent using localhost IP address for WebRTC
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ProvisionFavorites
+
+
+
+
+
+
+
+ This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
+
+If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
+
+Important
+Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+
+If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SendIntranetTraffictoInternetExplorer
+
+
+
+
+
+
+
+ Sends all intranet traffic over to Internet Explorer.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SetDefaultSearchEngine
+
+
+
+
+
+
+
+ Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine.
+
+If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING.
+
+If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market.
+
+Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ShowMessageWhenOpeningSitesInInternetExplorer
+
+
+
+
+
+
+
+ Show message when opening sites in Internet Explorer
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SyncFavoritesBetweenIEAndMicrosoftEdge
+
+
+
+
+
+
+
+ Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+ CredentialsUI
@@ -467,7 +1403,7 @@ The XML below is the DDF for Windows 10, version 1709.
- AllowUserPrinterInstallation
+ DefaultPrinterName
@@ -475,9 +1411,9 @@ The XML below is the DDF for Windows 10, version 1709.
- Boolean that specifies whether or not to allow user to install new printers
+ This policy sets user's default printer
-
+
@@ -491,7 +1427,7 @@ The XML below is the DDF for Windows 10, version 1709.
- DefaultPrinterName
+ PreventAddingNewPrinters
@@ -499,9 +1435,9 @@ The XML below is the DDF for Windows 10, version 1709.
- This policy sets user's default printer
+ Boolean that specifies whether or not to prevent user to install new printers
-
+
@@ -1133,7 +2069,7 @@ The XML below is the DDF for Windows 10, version 1709.
- AllowInternetExplorer7PolicyList
+ AllowInternetExplorer7PolicyList
@@ -1757,7 +2693,7 @@ The XML below is the DDF for Windows 10, version 1709.
- DisableDeletingUserVisitedWebsites
+ DisableDeletingUserVisitedWebsites
@@ -2357,7 +3293,7 @@ The XML below is the DDF for Windows 10, version 1709.
- InternetZoneAllowLoadingOfXAMLFilesWRONG
+ InternetZoneAllowLoadingOfXAMLFiles
@@ -2597,31 +3533,7 @@ The XML below is the DDF for Windows 10, version 1709.
- InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2
+ InternetZoneDoNotRunAntimalwareAgainstActiveXControls
@@ -2861,55 +3773,7 @@ The XML below is the DDF for Windows 10, version 1709.
- InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- InternetZoneJavaPermissionsWRONG1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- InternetZoneJavaPermissionsWRONG2
+ InternetZoneJavaPermissions
@@ -3340,6 +4204,30 @@ The XML below is the DDF for Windows 10, version 1709.
+
+ IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ IntranetZoneInitializeAndScriptActiveXControls
@@ -3364,6 +4252,54 @@ The XML below is the DDF for Windows 10, version 1709.
+
+ IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IntranetZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ IntranetZoneNavigateWindowsAndFrames
@@ -5501,31 +6437,7 @@ The XML below is the DDF for Windows 10, version 1709.
- RestrictedSitesZoneAllowFontDownloadsWRONG1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- RestrictedSitesZoneAllowFontDownloadsWRONG2
+ RestrictedSitesZoneAllowFontDownloads
@@ -5908,6 +6820,30 @@ The XML below is the DDF for Windows 10, version 1709.
+
+ RestrictedSitesZoneEnableCrossSiteScriptingFilter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
@@ -6221,7 +7157,7 @@ The XML below is the DDF for Windows 10, version 1709.
- RestrictedSitesZoneWRONG
+ RestrictedSitesZoneScriptingOfJavaApplets
@@ -6245,7 +7181,7 @@ The XML below is the DDF for Windows 10, version 1709.
- RestrictedSitesZoneWRONG2
+ RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
@@ -6269,7 +7205,7 @@ The XML below is the DDF for Windows 10, version 1709.
- RestrictedSitesZoneWRONG3
+ RestrictedSitesZoneTurnOnCrossSiteScriptingFilter
@@ -6293,7 +7229,7 @@ The XML below is the DDF for Windows 10, version 1709.
- RestrictedSitesZoneWRONG4
+ RestrictedSitesZoneTurnOnProtectedMode
@@ -6317,7 +7253,7 @@ The XML below is the DDF for Windows 10, version 1709.
- RestrictedSitesZoneWRONG5
+ RestrictedSitesZoneUsePopupBlocker
@@ -6652,6 +7588,54 @@ The XML below is the DDF for Windows 10, version 1709.
+
+ TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ TrustedSitesZoneInitializeAndScriptActiveXControls
@@ -6676,6 +7660,54 @@ The XML below is the DDF for Windows 10, version 1709.
+
+ TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ TrustedSitesZoneJavaPermissions
@@ -6724,54 +7756,6 @@ The XML below is the DDF for Windows 10, version 1709.
-
- TrustedSitesZoneWRONG1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- TrustedSitesZoneWRONG2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
- Notifications
@@ -7062,6 +8046,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ HighestValueMostSecure
@@ -7108,6 +8093,7 @@ The XML below is the DDF for Windows 10, version 1709.
AttachmentManager.admxAttachmentManager~AT~WindowsComponents~AM_AMAM_MarkZoneOnSavedAtttachments
+ LastWrite
@@ -7134,6 +8120,7 @@ The XML below is the DDF for Windows 10, version 1709.
AttachmentManager.admxAttachmentManager~AT~WindowsComponents~AM_AMAM_RemoveZoneInfo
+ LastWrite
@@ -7160,6 +8147,7 @@ The XML below is the DDF for Windows 10, version 1709.
AttachmentManager.admxAttachmentManager~AT~WindowsComponents~AM_AMAM_CallIOfficeAntiVirus
+ LastWrite
@@ -7202,6 +8190,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LowestValueMostSecure
@@ -7248,6 +8237,7 @@ The XML below is the DDF for Windows 10, version 1709.
AutoPlay.admxAutoPlay~AT~WindowsComponents~AutoPlayNoAutoplayfornonVolume
+ LastWrite
@@ -7274,6 +8264,7 @@ The XML below is the DDF for Windows 10, version 1709.
AutoPlay.admxAutoPlay~AT~WindowsComponents~AutoPlayNoAutorun
+ LastWrite
@@ -7300,6 +8291,921 @@ The XML below is the DDF for Windows 10, version 1709.
AutoPlay.admxAutoPlay~AT~WindowsComponents~AutoPlayAutorun
+ LastWrite
+
+
+
+
+ Browser
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ AllowAddressBarDropdown
+
+
+
+
+ This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LowestValueMostSecure
+
+
+
+ AllowAutofill
+
+
+
+
+ This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
+
+
+
+ AllowBrowser
+
+
+
+
+
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ desktop
+ LowestValueMostSecure
+
+
+
+ AllowCookies
+
+
+
+
+ This setting lets you configure how your company deals with cookies.
+ 2
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
+
+
+
+ AllowDeveloperTools
+
+
+
+
+ This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LowestValueMostSecure
+
+
+
+ AllowDoNotTrack
+
+
+
+
+ This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
+
+
+
+ AllowExtensions
+
+
+
+
+ This setting lets you decide whether employees can load extensions in Microsoft Edge.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LowestValueMostSecure
+
+
+
+ AllowFlash
+
+
+
+
+ This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ HighestValueMostSecure
+
+
+
+ AllowFlashClickToRun
+
+
+
+
+ Configure the Adobe Flash Click-to-Run setting.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ HighestValueMostSecure
+
+
+
+ AllowInPrivate
+
+
+
+
+ This setting lets you decide whether employees can browse using InPrivate website browsing.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
+
+
+
+ AllowMicrosoftCompatibilityList
+
+
+
+
+ This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat.
+
+If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
+
+If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
+
+
+
+ AllowPasswordManager
+
+
+
+
+ This setting lets you decide whether employees can save their passwords locally, using Password Manager.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
+
+
+
+ AllowPopups
+
+
+
+
+ This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LowestValueMostSecure
+
+
+
+ AllowSearchEngineCustomization
+
+
+
+
+ Allow search engine customization for MDM enrolled devices. Users can change their default search engine.
+
+If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings.
+If this setting is disabled, users will be unable to add search engines or change the default used in the address bar.
+
+This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy).
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
+
+
+
+ AllowSearchSuggestionsinAddressBar
+
+
+
+
+ This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
+
+
+
+ AllowSmartScreen
+
+
+
+
+ This setting lets you decide whether to turn on Windows Defender SmartScreen.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
+
+
+
+ AlwaysEnableBooksLibrary
+
+
+
+
+ Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
+
+
+
+ ClearBrowsingDataOnExit
+
+
+
+
+ Specifies whether to always clear browsing history on exiting Microsoft Edge.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LowestValueMostSecure
+
+
+
+ ConfigureAdditionalSearchEngines
+
+
+
+
+ Allows you to add up to 5 additional search engines for MDM-enrolled devices.
+
+If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default.
+
+If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine.
+
+Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LastWrite
+
+
+
+ DisableLockdownOfStartPages
+
+
+
+
+ Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect.
+
+Note: This policy has no effect when Browser/HomePages is not configured.
+
+Important
+This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LowestValueMostSecure
+
+
+
+ EnterpriseModeSiteList
+
+
+
+
+ This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
+
+
+
+ EnterpriseSiteListServiceUrl
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
+
+
+
+ FirstRunURL
+
+
+
+
+ Configure first run URL.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ desktop
+ LastWrite
+
+
+
+ HomePages
+
+
+
+
+ Configure the Start page URLs for your employees.
+Example:
+If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support.
+Encapsulate each string with greater than and less than characters like any other XML tag.
+
+Version 1703 or later: If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
+
+
+
+ LockdownFavorites
+
+
+
+
+ This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
+
+If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
+
+Important
+Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+
+If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
+
+
+
+ PreventAccessToAboutFlagsInMicrosoftEdge
+
+
+
+
+ Prevent access to the about:flags page in Microsoft Edge.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ HighestValueMostSecure
+
+
+
+ PreventFirstRunPage
+
+
+
+
+ Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop.
+
+Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ HighestValueMostSecure
+
+
+
+ PreventLiveTileDataCollection
+
+
+
+
+ This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
+
+Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ HighestValueMostSecure
+
+
+
+ PreventSmartScreenPromptOverride
+
+
+
+
+ Don't allow Windows Defender SmartScreen warning overrides
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ HighestValueMostSecure
+
+
+
+ PreventSmartScreenPromptOverrideForFiles
+
+
+
+
+ Don't allow Windows Defender SmartScreen warning overrides for unverified files.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ HighestValueMostSecure
+
+
+
+ PreventUsingLocalHostIPAddressForWebRTC
+
+
+
+
+ Prevent using localhost IP address for WebRTC
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ HighestValueMostSecure
+
+
+
+ ProvisionFavorites
+
+
+
+
+ This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
+
+If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
+
+Important
+Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+
+If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LastWrite
+
+
+
+ SendIntranetTraffictoInternetExplorer
+
+
+
+
+ Sends all intranet traffic over to Internet Explorer.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ HighestValueMostSecure
+
+
+
+ SetDefaultSearchEngine
+
+
+
+
+ Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine.
+
+If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING.
+
+If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market.
+
+Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LastWrite
+
+
+
+ ShowMessageWhenOpeningSitesInInternetExplorer
+
+
+
+
+ Show message when opening sites in Internet Explorer
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ HighestValueMostSecure
+
+
+
+ SyncFavoritesBetweenIEAndMicrosoftEdge
+
+
+
+
+ Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LowestValueMostSecure
@@ -7346,6 +9252,7 @@ The XML below is the DDF for Windows 10, version 1709.
credui.admxCredUI~AT~WindowsComponents~CredUIDisablePasswordReveal
+ LastWrite
@@ -7392,6 +9299,7 @@ The XML below is the DDF for Windows 10, version 1709.
desktop.admxdesktop~AT~DesktopDisablePersonalDirChange
+ LastWrite
@@ -7414,28 +9322,6 @@ The XML below is the DDF for Windows 10, version 1709.
-
- AllowUserPrinterInstallation
-
-
-
-
- Boolean that specifies whether or not to allow user to install new printers
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
- DefaultPrinterName
@@ -7456,6 +9342,30 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LastWrite
+
+
+
+ PreventAddingNewPrinters
+
+
+
+
+ Boolean that specifies whether or not to prevent user to install new printers
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ HighestValueMostSecure
@@ -7478,6 +9388,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LastWrite
@@ -7520,6 +9431,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LastWrite
@@ -7542,6 +9454,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LastWrite
@@ -7551,7 +9464,7 @@ The XML below is the DDF for Windows 10, version 1709.
A GUID identifying the client application authorized to retrieve OAuth tokens from the OAuthAuthority
- E1CF1107-FF90-4228-93BF-26052DD2C714
+
@@ -7564,6 +9477,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LastWrite
@@ -7586,6 +9500,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LastWrite
@@ -7608,6 +9523,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LastWrite
@@ -7630,6 +9546,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LastWrite
@@ -7672,6 +9589,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LowestValueMostSecure
@@ -7695,6 +9613,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plainphone
+ LowestValueMostSecure
@@ -7718,6 +9637,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plainphone
+ LowestValueMostSecure
@@ -7741,6 +9661,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plainphone
+ LowestValueMostSecure
@@ -7763,6 +9684,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LowestValueMostSecure
@@ -7785,6 +9707,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LowestValueMostSecure
@@ -7808,6 +9731,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plainphone
+ LowestValueMostSecure
@@ -7854,6 +9778,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerAddSearchProvider
+ LastWrite
@@ -7880,6 +9805,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerTurnOnActiveXFiltering
+ LastWrite
@@ -7906,6 +9832,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagementAddonManagement_AddOnList
+ LastWrite
@@ -7932,6 +9859,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerRestrictFormSuggestPW
+ LastWrite
@@ -7958,6 +9886,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyWarnCertMismatch
+ LastWrite
@@ -7984,6 +9913,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistoryDBHDisableDeleteOnExit
+ LastWrite
@@ -8010,6 +9940,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_EnableEnhancedProtectedMode
+ LastWrite
@@ -8036,6 +9967,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerEnterpriseModeEnable
+ LastWrite
@@ -8062,10 +9994,11 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerEnterpriseModeSiteList
+ LastWrite
- AllowInternetExplorer7PolicyList
+ AllowInternetExplorer7PolicyList
@@ -8088,6 +10021,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~CategoryCompatViewCompatView_UsePolicyList
+ LastWrite
@@ -8114,6 +10048,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~CategoryCompatViewCompatView_IntranetSites
+ LastWrite
@@ -8140,6 +10075,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyInternetZoneTemplate
+ LastWrite
@@ -8166,6 +10102,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyIntranetZoneTemplate
+ LastWrite
@@ -8192,6 +10129,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyLocalMachineZoneTemplate
+ LastWrite
@@ -8218,6 +10156,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyInternetZoneLockdownTemplate
+ LastWrite
@@ -8244,6 +10183,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyIntranetZoneLockdownTemplate
+ LastWrite
@@ -8270,6 +10210,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyLocalMachineZoneLockdownTemplate
+ LastWrite
@@ -8296,6 +10237,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyRestrictedSitesZoneLockdownTemplate
+ LastWrite
@@ -8322,6 +10264,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetSettings~Advanced~BrowsingUseIntranetSiteForOneWordEntry
+ LastWrite
@@ -8348,6 +10291,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_Zonemaps
+ LastWrite
@@ -8374,6 +10318,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyTrustedSitesZoneLockdownTemplate
+ LastWrite
@@ -8400,6 +10345,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_InvalidSignatureBlock
+ LastWrite
@@ -8426,6 +10372,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyRestrictedSitesZoneTemplate
+ LastWrite
@@ -8452,6 +10399,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerEnableSuggestedSites
+ LastWrite
@@ -8478,6 +10426,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyTrustedSitesZoneTemplate
+ LastWrite
@@ -8504,6 +10453,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_CertificateRevocation
+ LastWrite
@@ -8530,6 +10480,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_DownloadSignatures
+ LastWrite
@@ -8556,6 +10507,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryBinaryBehaviorSecurityRestrictionIESF_PolicyExplorerProcesses_2
+ LastWrite
@@ -8582,6 +10534,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagementDisableFlashInIE
+ LastWrite
@@ -8608,6 +10561,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagementVerMgmtDisable
+ LastWrite
@@ -8634,6 +10588,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerDisableSafetyFilterOverride
+ LastWrite
@@ -8660,6 +10615,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerDisableSafetyFilterOverrideForAppRepUnknown
+ LastWrite
@@ -8686,6 +10642,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistoryRestrictHistory
+ LastWrite
@@ -8712,6 +10669,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerAddonManagement_RestrictCrashDetection
+ LastWrite
@@ -8738,10 +10696,11 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerSQM_DisableCEIP
+ LastWrite
- DisableDeletingUserVisitedWebsites
+ DisableDeletingUserVisitedWebsites
@@ -8764,6 +10723,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistoryDBHDisableDeleteHistory
+ LastWrite
@@ -8790,6 +10750,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~RSS_FeedsDisable_Downloading_of_Enclosures
+ LastWrite
@@ -8816,6 +10777,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_SetWinInetProtocols
+ LastWrite
@@ -8842,6 +10804,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerNoFirstRunCustomise
+ LastWrite
@@ -8868,6 +10831,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_DisableFlipAhead
+ LastWrite
@@ -8894,6 +10858,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerRestrictHomePage
+ LastWrite
@@ -8920,6 +10885,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPLNoCertError
+ LastWrite
@@ -8946,6 +10912,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~CategoryPrivacyDisableInPrivateBrowsing
+ LastWrite
@@ -8972,6 +10939,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_EnableEnhancedProtectedMode64Bit
+ LastWrite
@@ -8998,6 +10966,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerRestrictProxy
+ LastWrite
@@ -9024,6 +10993,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerNoSearchProvider
+ LastWrite
@@ -9050,6 +11020,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerSecondaryHomePages
+ LastWrite
@@ -9076,6 +11047,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerDisable_Security_Settings_Check
+ LastWrite
@@ -9102,6 +11074,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_DisableEPMCompat
+ LastWrite
@@ -9128,6 +11101,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagementVerMgmtDisable
+ LastWrite
@@ -9154,6 +11128,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagementVerMgmtDomainAllowlist
+ LastWrite
@@ -9180,6 +11155,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_IncludeUnspecifiedLocalSites
+ LastWrite
@@ -9206,6 +11182,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_UNCAsIntranet
+ LastWrite
@@ -9232,6 +11209,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyAccessDataSourcesAcrossDomains_1
+ LastWrite
@@ -9258,6 +11236,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyNotificationBarActiveXURLaction_1
+ LastWrite
@@ -9284,6 +11263,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyNotificationBarDownloadURLaction_1
+ LastWrite
@@ -9310,6 +11290,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyAllowPasteViaScript_1
+ LastWrite
@@ -9336,6 +11317,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyDropOrPasteFiles_1
+ LastWrite
@@ -9362,6 +11344,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyFontDownload_1
+ LastWrite
@@ -9388,10 +11371,11 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyZoneElevationURLaction_1
+ LastWrite
- InternetZoneAllowLoadingOfXAMLFilesWRONG
+ InternetZoneAllowLoadingOfXAMLFiles
@@ -9414,6 +11398,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_XAML_1
+ LastWrite
@@ -9440,6 +11425,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_1
+ LastWrite
@@ -9464,8 +11450,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
- IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Intranet
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet
+ LastWrite
@@ -9490,8 +11477,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
- IZ_PolicyAllowTDCControl_Both_LocalMachine
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyAllowTDCControl_Both_Internet
+ LastWrite
@@ -9518,6 +11506,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_WebBrowserControl_1
+ LastWrite
@@ -9542,8 +11531,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
- IZ_PolicyWindowsRestrictionsURLaction_6
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyWindowsRestrictionsURLaction_1
+ LastWrite
@@ -9570,6 +11560,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_AllowScriptlets_1
+ LastWrite
@@ -9596,6 +11587,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_Phishing_1
+ LastWrite
@@ -9622,6 +11614,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_ScriptStatusBar_1
+ LastWrite
@@ -9648,10 +11641,11 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyUserdataPersistence_1
+ LastWrite
- InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1
+ InternetZoneDoNotRunAntimalwareAgainstActiveXControls
@@ -9674,32 +11668,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyAntiMalwareCheckingOfActiveXControls_1
-
-
-
- InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
- IZ_PolicyAntiMalwareCheckingOfActiveXControls_3
+ LastWrite
@@ -9724,8 +11693,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
- IZ_PolicyDownloadSignedActiveX_3
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyDownloadSignedActiveX_1
+ LastWrite
@@ -9752,6 +11722,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyDownloadUnsignedActiveX_1
+ LastWrite
@@ -9776,8 +11747,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
- IZ_PolicyTurnOnXSSFilter_Both_LocalMachine
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyTurnOnXSSFilter_Both_Internet
+ LastWrite
@@ -9804,6 +11776,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet
+ LastWrite
@@ -9830,6 +11803,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet
+ LastWrite
@@ -9856,6 +11830,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyMimeSniffingURLaction_1
+ LastWrite
@@ -9880,8 +11855,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
- IZ_Policy_TurnOnProtectedMode_2
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_Policy_TurnOnProtectedMode_1
+ LastWrite
@@ -9908,6 +11884,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_LocalPathForUpload_1
+ LastWrite
@@ -9934,36 +11911,11 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyScriptActiveXNotMarkedSafe_1
+ LastWrite
- InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyScriptActiveXNotMarkedSafe_1
-
-
-
- InternetZoneJavaPermissionsWRONG1
+ InternetZoneJavaPermissions
@@ -9986,32 +11938,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyJavaPermissions_1
-
-
-
- InternetZoneJavaPermissionsWRONG2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
- IZ_PolicyJavaPermissions_3
+ LastWrite
@@ -10038,6 +11965,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyLaunchAppsAndFilesInIFRAME_1
+ LastWrite
@@ -10064,6 +11992,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyLogon_1
+ LastWrite
@@ -10090,6 +12019,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyNavigateSubframesAcrossDomains_1
+ LastWrite
@@ -10116,6 +12046,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_1
+ LastWrite
@@ -10142,6 +12073,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicySignedFrameworkComponentsURLaction_1
+ LastWrite
@@ -10168,6 +12100,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_UnsafeFiles_1
+ LastWrite
@@ -10194,6 +12127,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyBlockPopupWindows_1
+ LastWrite
@@ -10220,6 +12154,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyZoneElevationURLaction_1
+ LastWrite
@@ -10246,6 +12181,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyAccessDataSourcesAcrossDomains_3
+ LastWrite
@@ -10272,6 +12208,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyNotificationBarActiveXURLaction_3
+ LastWrite
@@ -10298,6 +12235,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyNotificationBarDownloadURLaction_3
+ LastWrite
@@ -10324,6 +12262,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyFontDownload_3
+ LastWrite
@@ -10350,6 +12289,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyZoneElevationURLaction_3
+ LastWrite
@@ -10376,6 +12316,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_3
+ LastWrite
@@ -10402,6 +12343,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_Policy_AllowScriptlets_3
+ LastWrite
@@ -10428,6 +12370,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_Policy_Phishing_3
+ LastWrite
@@ -10454,6 +12397,34 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyUserdataPersistence_3
+ LastWrite
+
+
+
+ IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_3
+ LastWrite
@@ -10480,6 +12451,61 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyScriptActiveXNotMarkedSafe_3
+ LastWrite
+
+
+
+ IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyScriptActiveXNotMarkedSafe_3
+ LastWrite
+
+
+
+ IntranetZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyJavaPermissions_3
+ LastWrite
@@ -10506,6 +12532,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyNavigateSubframesAcrossDomains_3
+ LastWrite
@@ -10532,6 +12559,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyAccessDataSourcesAcrossDomains_9
+ LastWrite
@@ -10558,6 +12586,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyNotificationBarActiveXURLaction_9
+ LastWrite
@@ -10584,6 +12613,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyNotificationBarDownloadURLaction_9
+ LastWrite
@@ -10610,6 +12640,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyFontDownload_9
+ LastWrite
@@ -10636,6 +12667,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyZoneElevationURLaction_9
+ LastWrite
@@ -10662,6 +12694,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_9
+ LastWrite
@@ -10688,6 +12721,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_Policy_AllowScriptlets_9
+ LastWrite
@@ -10714,6 +12748,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_Policy_Phishing_9
+ LastWrite
@@ -10740,6 +12775,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyUserdataPersistence_9
+ LastWrite
@@ -10764,8 +12800,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone~IZ_LocalMachineZone
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyAntiMalwareCheckingOfActiveXControls_9
+ LastWrite
@@ -10792,6 +12829,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyScriptActiveXNotMarkedSafe_9
+ LastWrite
@@ -10818,6 +12856,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyJavaPermissions_9
+ LastWrite
@@ -10844,6 +12883,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyNavigateSubframesAcrossDomains_9
+ LastWrite
@@ -10870,6 +12910,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyAccessDataSourcesAcrossDomains_2
+ LastWrite
@@ -10896,6 +12937,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyNotificationBarActiveXURLaction_2
+ LastWrite
@@ -10922,6 +12964,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyNotificationBarDownloadURLaction_2
+ LastWrite
@@ -10948,6 +12991,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyFontDownload_2
+ LastWrite
@@ -10974,6 +13018,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyZoneElevationURLaction_2
+ LastWrite
@@ -11000,6 +13045,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyUnsignedFrameworkComponentsURLaction_2
+ LastWrite
@@ -11026,6 +13072,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_Policy_AllowScriptlets_2
+ LastWrite
@@ -11052,6 +13099,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_Policy_Phishing_2
+ LastWrite
@@ -11078,6 +13126,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyUserdataPersistence_2
+ LastWrite
@@ -11104,6 +13153,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyScriptActiveXNotMarkedSafe_2
+ LastWrite
@@ -11130,6 +13180,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyJavaPermissions_2
+ LastWrite
@@ -11156,6 +13207,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyNavigateSubframesAcrossDomains_2
+ LastWrite
@@ -11182,6 +13234,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyAccessDataSourcesAcrossDomains_4
+ LastWrite
@@ -11208,6 +13261,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyNotificationBarActiveXURLaction_4
+ LastWrite
@@ -11234,6 +13288,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyNotificationBarDownloadURLaction_4
+ LastWrite
@@ -11260,6 +13315,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyFontDownload_4
+ LastWrite
@@ -11286,6 +13342,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyZoneElevationURLaction_4
+ LastWrite
@@ -11312,6 +13369,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyUnsignedFrameworkComponentsURLaction_4
+ LastWrite
@@ -11338,6 +13396,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_Policy_AllowScriptlets_4
+ LastWrite
@@ -11364,6 +13423,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_Policy_Phishing_4
+ LastWrite
@@ -11390,6 +13450,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyUserdataPersistence_4
+ LastWrite
@@ -11416,6 +13477,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyScriptActiveXNotMarkedSafe_4
+ LastWrite
@@ -11442,6 +13504,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyNavigateSubframesAcrossDomains_4
+ LastWrite
@@ -11468,6 +13531,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyAccessDataSourcesAcrossDomains_10
+ LastWrite
@@ -11494,6 +13558,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyNotificationBarActiveXURLaction_10
+ LastWrite
@@ -11520,6 +13585,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyNotificationBarDownloadURLaction_10
+ LastWrite
@@ -11546,6 +13612,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyFontDownload_10
+ LastWrite
@@ -11572,6 +13639,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyZoneElevationURLaction_10
+ LastWrite
@@ -11598,6 +13666,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyUnsignedFrameworkComponentsURLaction_10
+ LastWrite
@@ -11624,6 +13693,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_Policy_AllowScriptlets_10
+ LastWrite
@@ -11650,6 +13720,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_Policy_Phishing_10
+ LastWrite
@@ -11676,6 +13747,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyUserdataPersistence_10
+ LastWrite
@@ -11702,6 +13774,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyScriptActiveXNotMarkedSafe_10
+ LastWrite
@@ -11728,6 +13801,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyJavaPermissions_10
+ LastWrite
@@ -11754,6 +13828,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyNavigateSubframesAcrossDomains_10
+ LastWrite
@@ -11780,6 +13855,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyAccessDataSourcesAcrossDomains_8
+ LastWrite
@@ -11806,6 +13882,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyNotificationBarActiveXURLaction_8
+ LastWrite
@@ -11832,6 +13909,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyNotificationBarDownloadURLaction_8
+ LastWrite
@@ -11858,6 +13936,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyFontDownload_8
+ LastWrite
@@ -11884,6 +13963,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyZoneElevationURLaction_8
+ LastWrite
@@ -11910,6 +13990,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyUnsignedFrameworkComponentsURLaction_8
+ LastWrite
@@ -11936,6 +14017,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_Policy_AllowScriptlets_8
+ LastWrite
@@ -11962,6 +14044,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_Policy_Phishing_8
+ LastWrite
@@ -11988,6 +14071,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyUserdataPersistence_8
+ LastWrite
@@ -12014,6 +14098,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyScriptActiveXNotMarkedSafe_8
+ LastWrite
@@ -12040,6 +14125,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyJavaPermissions_8
+ LastWrite
@@ -12066,6 +14152,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyNavigateSubframesAcrossDomains_8
+ LastWrite
@@ -12092,6 +14179,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyAccessDataSourcesAcrossDomains_6
+ LastWrite
@@ -12118,6 +14206,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyNotificationBarActiveXURLaction_6
+ LastWrite
@@ -12144,6 +14233,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyNotificationBarDownloadURLaction_6
+ LastWrite
@@ -12170,6 +14260,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyFontDownload_6
+ LastWrite
@@ -12196,6 +14287,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyZoneElevationURLaction_6
+ LastWrite
@@ -12222,6 +14314,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyUnsignedFrameworkComponentsURLaction_6
+ LastWrite
@@ -12248,6 +14341,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_Policy_AllowScriptlets_6
+ LastWrite
@@ -12274,6 +14368,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_Policy_Phishing_6
+ LastWrite
@@ -12300,6 +14395,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyUserdataPersistence_6
+ LastWrite
@@ -12326,6 +14422,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyScriptActiveXNotMarkedSafe_6
+ LastWrite
@@ -12352,6 +14449,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyJavaPermissions_6
+ LastWrite
@@ -12378,6 +14476,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyNavigateSubframesAcrossDomains_6
+ LastWrite
@@ -12404,6 +14503,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMimeSniffingSafetyFeatureIESF_PolicyExplorerProcesses_6
+ LastWrite
@@ -12430,6 +14530,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMKProtocolSecurityRestrictionIESF_PolicyExplorerProcesses_3
+ LastWrite
@@ -12456,6 +14557,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryInformationBarIESF_PolicyExplorerProcesses_10
+ LastWrite
@@ -12480,8 +14582,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyDownloadSignedActiveX_1
+ inetres~AT~WindowsComponents~InternetExplorer
+ Disable_Managing_Safety_Filter_IE9
+ LastWrite
@@ -12508,6 +14611,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerDisablePerUserActiveXInstall
+ LastWrite
@@ -12534,6 +14638,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryProtectionFromZoneElevationIESF_PolicyAllProcesses_9
+ LastWrite
@@ -12560,6 +14665,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagementVerMgmtDisableRunThisTime
+ LastWrite
@@ -12586,6 +14692,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictActiveXInstallIESF_PolicyAllProcesses_11
+ LastWrite
@@ -12612,6 +14719,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyAccessDataSourcesAcrossDomains_7
+ LastWrite
@@ -12636,8 +14744,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyActiveScripting_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyActiveScripting_7
+ LastWrite
@@ -12664,6 +14773,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyNotificationBarActiveXURLaction_7
+ LastWrite
@@ -12690,6 +14800,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyNotificationBarDownloadURLaction_7
+ LastWrite
@@ -12714,8 +14825,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyBinaryBehaviors_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyBinaryBehaviors_7
+ LastWrite
@@ -12742,6 +14854,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyAllowPasteViaScript_7
+ LastWrite
@@ -12768,6 +14881,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyDropOrPasteFiles_7
+ LastWrite
@@ -12792,12 +14906,13 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyFileDownload_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyFileDownload_7
+ LastWrite
- RestrictedSitesZoneAllowFontDownloadsWRONG1
+ RestrictedSitesZoneAllowFontDownloads
@@ -12820,32 +14935,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyFontDownload_7
-
-
-
- RestrictedSitesZoneAllowFontDownloadsWRONG2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyFontDownload_1
+ LastWrite
@@ -12872,6 +14962,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyZoneElevationURLaction_7
+ LastWrite
@@ -12898,6 +14989,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_XAML_7
+ LastWrite
@@ -12922,8 +15014,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyAllowMETAREFRESH_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyAllowMETAREFRESH_7
+ LastWrite
@@ -12950,6 +15043,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_7
+ LastWrite
@@ -12976,6 +15070,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted
+ LastWrite
@@ -13002,6 +15097,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyAllowTDCControl_Both_Restricted
+ LastWrite
@@ -13028,6 +15124,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_WebBrowserControl_7
+ LastWrite
@@ -13054,6 +15151,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyWindowsRestrictionsURLaction_7
+ LastWrite
@@ -13080,6 +15178,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_AllowScriptlets_7
+ LastWrite
@@ -13106,6 +15205,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_Phishing_7
+ LastWrite
@@ -13132,6 +15232,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_ScriptStatusBar_7
+ LastWrite
@@ -13158,6 +15259,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyUserdataPersistence_7
+ LastWrite
@@ -13184,6 +15286,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyAntiMalwareCheckingOfActiveXControls_7
+ LastWrite
@@ -13210,6 +15313,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyDownloadSignedActiveX_7
+ LastWrite
@@ -13236,6 +15340,34 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyDownloadUnsignedActiveX_7
+ LastWrite
+
+
+
+ RestrictedSitesZoneEnableCrossSiteScriptingFilter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyTurnOnXSSFilter_Both_Restricted
+ LastWrite
@@ -13262,6 +15394,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted
+ LastWrite
@@ -13288,6 +15421,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted
+ LastWrite
@@ -13314,6 +15448,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyMimeSniffingURLaction_7
+ LastWrite
@@ -13340,6 +15475,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_LocalPathForUpload_7
+ LastWrite
@@ -13366,6 +15502,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyScriptActiveXNotMarkedSafe_7
+ LastWrite
@@ -13392,6 +15529,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyJavaPermissions_7
+ LastWrite
@@ -13418,6 +15556,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyLaunchAppsAndFilesInIFRAME_7
+ LastWrite
@@ -13444,6 +15583,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyLogon_7
+ LastWrite
@@ -13470,6 +15610,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyNavigateSubframesAcrossDomains_7
+ LastWrite
@@ -13494,8 +15635,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyNavigateSubframesAcrossDomains_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyNavigateSubframesAcrossDomains_7
+ LastWrite
@@ -13520,8 +15662,9 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyRunActiveXControls_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyRunActiveXControls_7
+ LastWrite
@@ -13548,6 +15691,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicySignedFrameworkComponentsURLaction_7
+ LastWrite
@@ -13572,12 +15716,13 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyScriptActiveXMarkedSafe_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyScriptActiveXMarkedSafe_7
+ LastWrite
- RestrictedSitesZoneWRONG
+ RestrictedSitesZoneScriptingOfJavaApplets
@@ -13598,12 +15743,13 @@ The XML below is the DDF for Windows 10, version 1709.
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
- IZ_PolicyScriptingOfJavaApplets_6
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyScriptingOfJavaApplets_7
+ LastWrite
- RestrictedSitesZoneWRONG2
+ RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
@@ -13626,10 +15772,11 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_UnsafeFiles_7
+ LastWrite
- RestrictedSitesZoneWRONG3
+ RestrictedSitesZoneTurnOnCrossSiteScriptingFilter
@@ -13652,10 +15799,11 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyTurnOnXSSFilter_Both_Restricted
+ LastWrite
- RestrictedSitesZoneWRONG4
+ RestrictedSitesZoneTurnOnProtectedMode
@@ -13678,10 +15826,11 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_TurnOnProtectedMode_7
+ LastWrite
- RestrictedSitesZoneWRONG5
+ RestrictedSitesZoneUsePopupBlocker
@@ -13704,6 +15853,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyBlockPopupWindows_7
+ LastWrite
@@ -13730,6 +15880,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictFileDownloadIESF_PolicyAllProcesses_12
+ LastWrite
@@ -13756,6 +15907,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryScriptedWindowSecurityRestrictionsIESF_PolicyAllProcesses_8
+ LastWrite
@@ -13782,6 +15934,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerSpecificSearchProvider
+ LastWrite
@@ -13808,6 +15961,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorerOnlyUseAXISForActiveXInstall
+ LastWrite
@@ -13834,6 +15988,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyAccessDataSourcesAcrossDomains_5
+ LastWrite
@@ -13860,6 +16015,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyNotificationBarActiveXURLaction_5
+ LastWrite
@@ -13886,6 +16042,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyNotificationBarDownloadURLaction_5
+ LastWrite
@@ -13912,6 +16069,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyFontDownload_5
+ LastWrite
@@ -13938,6 +16096,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyZoneElevationURLaction_5
+ LastWrite
@@ -13964,6 +16123,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_5
+ LastWrite
@@ -13990,6 +16150,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_Policy_AllowScriptlets_5
+ LastWrite
@@ -14016,6 +16177,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_Policy_Phishing_5
+ LastWrite
@@ -14042,6 +16204,61 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyUserdataPersistence_5
+ LastWrite
+
+
+
+ TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_5
+ LastWrite
+
+
+
+ TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_5
+ LastWrite
@@ -14068,6 +16285,61 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyScriptActiveXNotMarkedSafe_5
+ LastWrite
+
+
+
+ TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyScriptActiveXNotMarkedSafe_5
+ LastWrite
+
+
+
+ TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyScriptActiveXNotMarkedSafe_5
+ LastWrite
@@ -14094,6 +16366,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyJavaPermissions_5
+ LastWrite
@@ -14120,58 +16393,7 @@ The XML below is the DDF for Windows 10, version 1709.
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyNavigateSubframesAcrossDomains_5
-
-
-
- TrustedSitesZoneWRONG1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
- IZ_PolicyAntiMalwareCheckingOfActiveXControls_5
-
-
-
- TrustedSitesZoneWRONG2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
- IZ_PolicyScriptActiveXNotMarkedSafe_5
+ LastWrite
@@ -14214,6 +16436,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LowestValueMostSecure
@@ -14260,6 +16483,7 @@ The XML below is the DDF for Windows 10, version 1709.
Printing.admxPrinting~AT~ControlPanel~CplPrintersPointAndPrint_Restrictions
+ LastWrite
@@ -14302,6 +16526,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LastWrite
@@ -14345,6 +16570,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plainphone
+ LastWrite
@@ -14387,6 +16613,7 @@ The XML below is the DDF for Windows 10, version 1709.
text/plain
+ LowestValueMostSecure
@@ -14642,87 +16869,6 @@ The XML below is the DDF for Windows 10, version 1709.
-
- AccountPolicies
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- MinDevicePasswordLength
-
-
-
-
-
-
-
- This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- PasswordMustMeetComplexityRequirement
-
-
-
-
-
-
-
- This security setting determines whether passwords must meet complexity requirements.
-
-If this policy is enabled, passwords must meet the following minimum requirements:
-
-Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
-Be at least six characters in length
-Contain characters from three of the following four categories:
-English uppercase characters (A through Z)
-English lowercase characters (a through z)
-Base 10 digits (0 through 9)
-Non-alphabetic characters (for example, !, $, #, %)
-Complexity requirements are enforced when passwords are changed or created.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
- Accounts
@@ -15910,6 +18056,30 @@ Complexity requirements are enforced when passwords are changed or created.
+
+ AllowAadPasswordReset
+
+
+
+
+
+
+
+ Specifies whether password reset is enabled for AAD accounts.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ AllowFastReconnect
@@ -16537,7 +18707,7 @@ Complexity requirements are enforced when passwords are changed or created.
This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat.
-If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
+If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation.
@@ -16679,6 +18849,30 @@ This policy will only apply on domain joined machines or when the device is MDM
+
+ AlwaysEnableBooksLibrary
+
+
+
+
+
+
+
+ Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ ClearBrowsingDataOnExit
@@ -16848,7 +19042,7 @@ Example:
If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support.
Encapsulate each string with greater than and less than characters like any other XML tag.
-Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.
+Version 1703 or later: If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.
@@ -16863,6 +19057,37 @@ Version 1703 or later:  If you don't want to send traffic to Microsoft, yo
+
+ LockdownFavorites
+
+
+
+
+
+
+
+ This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
+
+If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
+
+Important
+Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+
+If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ PreventAccessToAboutFlagsInMicrosoftEdge
@@ -17011,6 +19236,37 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ ProvisionFavorites
+
+
+
+
+
+
+
+ This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
+
+If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
+
+Important
+Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+
+If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ SendIntranetTraffictoInternetExplorer
@@ -17181,6 +19437,102 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ LetAppsAccessCellularData
+
+
+
+
+
+
+
+ This policy setting specifies whether Windows apps can access cellular data.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LetAppsAccessCellularData_ForceAllowTheseApps
+
+
+
+
+
+
+
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LetAppsAccessCellularData_ForceDenyTheseApps
+
+
+
+
+
+
+
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LetAppsAccessCellularData_UserInControlOfTheseApps
+
+
+
+
+
+
+
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ ShowAppCellularAccessUI
@@ -17633,6 +19985,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ EnableWindowsAutoPilotResetCredentials
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ CredentialsUI
@@ -18845,6 +21221,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ DOCacheHost
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ DODownloadMode
@@ -19520,7 +21920,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- Specifies how many passwords can be stored in the history that can’t be used.
+ Specifies how many passwords can be stored in the history that can’t be used.
@@ -20468,6 +22868,52 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
+
+ ExploitGuard
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ExploitProtectionSettings
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+ Games
@@ -20514,6 +22960,52 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
+
+ Handwriting
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ PanelDefaultModeDocked
+
+
+
+
+
+
+
+ Specifies whether the handwriting panel comes up floating near the text box or attached to the bottom of the screen
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+ InternetExplorer
@@ -20752,7 +23244,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
- AllowInternetExplorer7PolicyList
+ AllowInternetExplorer7PolicyList
@@ -21376,7 +23868,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
- DisableDeletingUserVisitedWebsites
+ DisableDeletingUserVisitedWebsites
@@ -22024,7 +24516,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
- InternetZoneAllowLoadingOfXAMLFilesWRONG
+ InternetZoneAllowLoadingOfXAMLFiles
@@ -22264,31 +24756,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
- InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2
+ InternetZoneDoNotRunAntimalwareAgainstActiveXControls
@@ -22528,55 +24996,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
- InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- InternetZoneJavaPermissionsWRONG1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- InternetZoneJavaPermissionsWRONG2
+ InternetZoneJavaPermissions
@@ -23007,6 +25427,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
+
+ IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ IntranetZoneInitializeAndScriptActiveXControls
@@ -23031,6 +25475,54 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
+
+ IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IntranetZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ IntranetZoneNavigateWindowsAndFrames
@@ -25168,31 +27660,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
- RestrictedSitesZoneAllowFontDownloadsWRONG1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- RestrictedSitesZoneAllowFontDownloadsWRONG2
+ RestrictedSitesZoneAllowFontDownloads
@@ -25575,6 +28043,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
+
+ RestrictedSitesZoneEnableCrossSiteScriptingFilter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
@@ -25888,7 +28380,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
- RestrictedSitesZoneWRONG
+ RestrictedSitesZoneScriptingOfJavaApplets
@@ -25912,7 +28404,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
- RestrictedSitesZoneWRONG2
+ RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
@@ -25936,7 +28428,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
- RestrictedSitesZoneWRONG3
+ RestrictedSitesZoneTurnOnCrossSiteScriptingFilter
@@ -25960,7 +28452,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
- RestrictedSitesZoneWRONG4
+ RestrictedSitesZoneTurnOnProtectedMode
@@ -25984,7 +28476,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
- RestrictedSitesZoneWRONG5
+ RestrictedSitesZoneUsePopupBlocker
@@ -26080,7 +28572,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
- SecurityZonesUseOnlyMachineSettings
+ SecurityZonesUseOnlyMachineSettings
@@ -26343,6 +28835,54 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
+
+ TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ TrustedSitesZoneInitializeAndScriptActiveXControls
@@ -26367,6 +28907,54 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
+
+ TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ TrustedSitesZoneJavaPermissions
@@ -26415,54 +29003,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
-
- TrustedSitesZoneWRONG1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- TrustedSitesZoneWRONG2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
- Kerberos
@@ -26708,9 +29248,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
This policy setting prevents users from adding new Microsoft accounts on this computer.
-If you select the "Users can’t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
+If you select the "Users can’t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
-If you select the "Users can’t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
+If you select the "Users can’t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows.
@@ -26883,6 +29423,130 @@ Default: Guest.
+
+ Devices_AllowedToFormatAndEjectRemovableMedia
+
+
+
+
+
+
+
+ Devices: Allowed to format and eject removable media
+
+This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to:
+
+Administrators
+Administrators and Interactive Users
+
+Default: This policy is not defined and only Administrators have this ability.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Devices_AllowUndockWithoutHavingToLogon
+
+
+
+
+
+
+
+ Devices: Allow undock without having to log on
+This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer.
+Default: Enabled.
+
+Caution
+Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
+
+
+
+
+
+
+
+ Devices: Prevent users from installing printer drivers when connecting to shared printers
+
+For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer.
+
+Default on servers: Enabled.
+Default on workstations: Disabled
+
+Notes
+
+This setting does not affect the ability to add a local printer.
+This setting does not affect Administrators.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
+
+
+
+
+
+
+
+ Devices: Restrict CD-ROM access to locally logged-on user only
+
+This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously.
+
+If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can be accessed over the network.
+
+Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
@@ -26911,7 +29575,7 @@ Do not display user information (3)
- Interactivelogon_DoNotDisplayLastSignedIn
+ InteractiveLogon_DoNotDisplayLastSignedIn
@@ -26941,7 +29605,7 @@ Default: Disabled.
- Interactivelogon_DoNotDisplayUsernameAtSignIn
+ InteractiveLogon_DoNotDisplayUsernameAtSignIn
@@ -26971,7 +29635,7 @@ Default: Disabled.
- Interactivelogon_DoNotRequireCTRLALTDEL
+ InteractiveLogon_DoNotRequireCTRLALTDEL
@@ -27233,6 +29897,39 @@ Default: This policy is not defined and automatic administrative logon is not al
+
+ Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
+
+
+
+
+
+
+
+ Shutdown: Allow system to be shut down without having to log on
+
+This security setting determines whether a computer can be shut down without having to log on to Windows.
+
+When this policy is enabled, the Shut Down command is available on the Windows logon screen.
+
+When this policy is disabled, the option to shut down the computer does not appear on the Windows logon screen. In this case, users must be able to log on to the computer successfully and have the Shut down the system user right before they can perform a system shutdown.
+
+Default on workstations: Enabled.
+Default on servers: Disabled.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ Shutdown_ClearVirtualMemoryPageFile
@@ -27278,9 +29975,9 @@ Default: Disabled.
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
-• Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
+• Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
-• Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
+• Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
@@ -27310,17 +30007,17 @@ This policy setting controls the behavior of the elevation prompt for administra
The options are:
-• Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments.
+• Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments.
-• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
+• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
-• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
-• Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+• Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
-• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
@@ -27349,11 +30046,43 @@ This policy setting controls the behavior of the elevation prompt for standard u
The options are:
-• Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+• Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-• Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
+• Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
-• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
+
+
+
+
+
+
+
+ User Account Control: Detect application installations and prompt for elevation
+
+This policy setting controls the behavior of application installation detection for the computer.
+
+The options are:
+
+Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+
+Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.
@@ -27383,9 +30112,9 @@ This policy setting enforces public key infrastructure (PKI) signature checks fo
The options are:
-• Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run.
+• Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run.
-• Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.
+• Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.
@@ -27413,17 +30142,17 @@ The options are:
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:
-- …\Program Files\, including subfolders
-- …\Windows\system32\
-- …\Program Files (x86)\, including subfolders for 64-bit versions of Windows
+- …\Program Files\, including subfolders
+- …\Windows\system32\
+- …\Program Files (x86)\, including subfolders for 64-bit versions of Windows
Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting.
The options are:
-• Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
+• Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
-• Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.
+• Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.
@@ -27453,9 +30182,9 @@ This policy setting controls the behavior of all User Account Control (UAC) poli
The options are:
-• Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
+• Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
-• Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+• Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
@@ -27485,9 +30214,9 @@ This policy setting controls whether the elevation request prompt is displayed o
The options are:
-• Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
+• Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
-• Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
+• Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
@@ -27517,9 +30246,9 @@ This policy setting controls the behavior of Admin Approval Mode for the built-i
The options are:
-• Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation.
+• Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation.
-• Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.
+• Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.
@@ -27549,9 +30278,9 @@ This policy setting controls whether application write failures are redirected t
The options are:
-• Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry.
+• Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry.
-• Disabled: Applications that write data to protected locations fail.
+• Disabled: Applications that write data to protected locations fail.
@@ -28846,102 +31575,6 @@ The options are:
-
- LetAppsAccessCellularData
-
-
-
-
-
-
-
- This policy setting specifies whether Windows apps can access cellular data.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- LetAppsAccessCellularData_ForceAllowTheseApps
-
-
-
-
-
-
-
- List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- LetAppsAccessCellularData_ForceDenyTheseApps
-
-
-
-
-
-
-
- List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- LetAppsAccessCellularData_UserInControlOfTheseApps
-
-
-
-
-
-
-
- List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data privacy setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
- LetAppsAccessContacts
@@ -30199,7 +32832,7 @@ The options are:
- This policy setting specifies whether Windows apps can sync with devices.
+ This policy setting specifies whether Windows apps can communicate with unpaired wireless devices.
@@ -30223,7 +32856,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -30247,7 +32880,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -30271,7 +32904,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -31258,6 +33891,30 @@ The options are:
+
+ AllowCloudSearch
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ AllowIndexingEncryptedStoresOrItems
@@ -32950,6 +35607,30 @@ The options are:
+
+ AllowDiskHealthModelUpdates
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ EnhancedStorageDevices
@@ -33221,7 +35902,7 @@ The options are:
- This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
+ This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
@@ -33260,6 +35941,30 @@ The options are:
+
+ FeedbackHubAlwaysSaveDiagnosticsLocally
+
+
+
+
+
+
+
+ Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy is not present or set to false, users will be presented with the option to save locally. The default is to not save locally.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ TelemetryProxy
@@ -34070,6 +36775,30 @@ The options are:
+
+ DisableDualScan
+
+
+
+
+
+
+
+ Do not allow update deferral policies to cause scans against Windows Update
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ EngagedRestartDeadline
@@ -34239,7 +36968,7 @@ The options are:
- ManageBuildPreview
+ ManagePreviewBuilds
@@ -35739,6 +38468,7 @@ The options are:
text/plaindesktop
+ LowestValueMostSecure
@@ -35761,6 +38491,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -35783,83 +38514,7 @@ The options are:
text/plain
-
-
-
-
- AccountPolicies
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- MinDevicePasswordLength
-
-
-
-
- This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0.
- 7
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
-
-
-
- PasswordMustMeetComplexityRequirement
-
-
-
-
- This security setting determines whether passwords must meet complexity requirements.
-
-If this policy is enabled, passwords must meet the following minimum requirements:
-
-Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
-Be at least six characters in length
-Contain characters from three of the following four categories:
-English uppercase characters (A through Z)
-English lowercase characters (a through z)
-Base 10 digits (0 through 9)
-Non-alphabetic characters (for example, !, $, #, %)
-Complexity requirements are enforced when passwords are changed or created.
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
+ LowestValueMostSecure
@@ -35902,6 +38557,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -35924,6 +38580,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -35946,6 +38603,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LastWrite
@@ -35968,6 +38626,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LastWrite
@@ -36014,6 +38673,7 @@ Complexity requirements are enforced when passwords are changed or created.ActiveXInstallService.admx
ActiveXInstallService~AT~WindowsComponents~AxInstSvApprovedActiveXInstallSites
+ LastWrite
@@ -36057,6 +38717,7 @@ Complexity requirements are enforced when passwords are changed or created.text/plain
phone
+ LastWrite
@@ -36099,6 +38760,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -36121,6 +38783,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -36143,6 +38806,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -36166,6 +38830,7 @@ Complexity requirements are enforced when passwords are changed or created.text/plain
phone
+ LowestValueMostSecure
@@ -36188,6 +38853,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -36211,6 +38877,7 @@ Complexity requirements are enforced when passwords are changed or created.text/plain
desktop
+ LowestValueMostSecure
@@ -36234,6 +38901,7 @@ Complexity requirements are enforced when passwords are changed or created.text/plain
desktop
+ LastWrite
@@ -36256,6 +38924,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -36278,6 +38947,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -36300,6 +38970,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -36346,6 +39017,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppVEnableAppV
+ LastWrite
@@ -36372,6 +39044,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_VirtualizationVirtualization_JITVEnable
+ LastWrite
@@ -36398,6 +39071,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_PackageManagementPackageManagement_AutoCleanupEnable
+ LastWrite
@@ -36424,6 +39098,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_ScriptingScripting_Enable_Package_Scripts
+ LastWrite
@@ -36450,6 +39125,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_PublishingEnable_Publishing_Refresh_UX
+ LastWrite
@@ -36476,6 +39152,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_ReportingReporting_Server_Policy
+ LastWrite
@@ -36502,6 +39179,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_IntegrationIntegration_Roaming_File_Exclusions
+ LastWrite
@@ -36528,6 +39206,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_IntegrationIntegration_Roaming_Registry_Exclusions
+ LastWrite
@@ -36554,6 +39233,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_StreamingSteaming_Autoload
+ LastWrite
@@ -36580,6 +39260,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_Client_CoexistenceClient_Coexistence_Enable_Migration_mode
+ LastWrite
@@ -36606,6 +39287,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_IntegrationIntegration_Root_User
+ LastWrite
@@ -36632,6 +39314,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_IntegrationIntegration_Root_Global
+ LastWrite
@@ -36658,6 +39341,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_PublishingPublishing_Server1_Policy
+ LastWrite
@@ -36684,6 +39368,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_PublishingPublishing_Server2_Policy
+ LastWrite
@@ -36710,6 +39395,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_PublishingPublishing_Server3_Policy
+ LastWrite
@@ -36736,6 +39422,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_PublishingPublishing_Server4_Policy
+ LastWrite
@@ -36762,6 +39449,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_PublishingPublishing_Server5_Policy
+ LastWrite
@@ -36788,6 +39476,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_StreamingStreaming_Certificate_Filter_For_Client_SSL
+ LastWrite
@@ -36814,6 +39503,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_StreamingStreaming_Allow_High_Cost_Launch
+ LastWrite
@@ -36840,6 +39530,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_StreamingStreaming_Location_Provider
+ LastWrite
@@ -36866,6 +39557,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_StreamingStreaming_Package_Installation_Root
+ LastWrite
@@ -36892,6 +39584,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_StreamingStreaming_Package_Source_Root
+ LastWrite
@@ -36918,6 +39611,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_StreamingStreaming_Reestablishment_Interval
+ LastWrite
@@ -36944,6 +39638,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_StreamingStreaming_Reestablishment_Retries
+ LastWrite
@@ -36970,6 +39665,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_StreamingStreaming_Shared_Content_Store_Mode
+ LastWrite
@@ -36996,6 +39692,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_StreamingStreaming_Support_Branch_Cache
+ LastWrite
@@ -37022,6 +39719,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_StreamingStreaming_Verify_Certificate_Revocation_List
+ LastWrite
@@ -37048,6 +39746,7 @@ Complexity requirements are enforced when passwords are changed or created.appv.admx
appv~AT~System~CAT_AppV~CAT_VirtualizationVirtualization_JITVAllowList
+ LastWrite
@@ -37070,6 +39769,30 @@ Complexity requirements are enforced when passwords are changed or created.
+
+ AllowAadPasswordReset
+
+
+
+
+ Specifies whether password reset is enabled for AAD accounts.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LowestValueMostSecure
+
+ AllowFastReconnect
@@ -37090,6 +39813,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -37113,6 +39837,7 @@ Complexity requirements are enforced when passwords are changed or created.text/plain
phone
+ LowestValueMostSecure
@@ -37135,6 +39860,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -37181,6 +39907,7 @@ Complexity requirements are enforced when passwords are changed or created.AutoPlay.admx
AutoPlay~AT~WindowsComponents~AutoPlayNoAutoplayfornonVolume
+ LastWrite
@@ -37207,6 +39934,7 @@ Complexity requirements are enforced when passwords are changed or created.AutoPlay.admx
AutoPlay~AT~WindowsComponents~AutoPlayNoAutorun
+ LastWrite
@@ -37233,6 +39961,7 @@ Complexity requirements are enforced when passwords are changed or created.AutoPlay.admx
AutoPlay~AT~WindowsComponents~AutoPlayAutorun
+ LastWrite
@@ -37275,6 +40004,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LastWrite
@@ -37317,6 +40047,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -37339,6 +40070,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -37361,6 +40093,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -37383,6 +40116,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LastWrite
@@ -37405,6 +40139,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LastWrite
@@ -37448,6 +40183,7 @@ Complexity requirements are enforced when passwords are changed or created.text/plain
phone
+ LowestValueMostSecure
@@ -37470,6 +40206,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -37493,6 +40230,7 @@ Complexity requirements are enforced when passwords are changed or created.text/plain
desktop
+ LowestValueMostSecure
@@ -37515,6 +40253,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -37538,6 +40277,7 @@ Complexity requirements are enforced when passwords are changed or created.text/plain
phone
+ LowestValueMostSecure
@@ -37560,6 +40300,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -37583,6 +40324,7 @@ Complexity requirements are enforced when passwords are changed or created.text/plain
phone
+ LowestValueMostSecure
@@ -37606,6 +40348,7 @@ Complexity requirements are enforced when passwords are changed or created.text/plain
phone
+ HighestValueMostSecure
@@ -37629,6 +40372,7 @@ Complexity requirements are enforced when passwords are changed or created.text/plain
phone
+ HighestValueMostSecure
@@ -37651,6 +40395,7 @@ Complexity requirements are enforced when passwords are changed or created.
text/plain
+ LowestValueMostSecure
@@ -37661,7 +40406,7 @@ Complexity requirements are enforced when passwords are changed or created.
This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat.
-If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
+If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation.1
@@ -37677,6 +40422,7 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
text/plain
+ LowestValueMostSecure
@@ -37699,6 +40445,7 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
text/plain
+ LowestValueMostSecure
@@ -37722,6 +40469,7 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
text/plainphone
+ LowestValueMostSecure
@@ -37749,6 +40497,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+ LowestValueMostSecure
@@ -37771,6 +40520,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+ LowestValueMostSecure
@@ -37793,6 +40543,30 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+ LowestValueMostSecure
+
+
+
+ AlwaysEnableBooksLibrary
+
+
+
+
+ Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
@@ -37816,6 +40590,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plainphone
+ LowestValueMostSecure
@@ -37844,6 +40619,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LastWrite
@@ -37872,6 +40648,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
text/plainphone
+ LowestValueMostSecure
@@ -37895,6 +40672,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
text/plainphone
+ LastWrite
@@ -37918,6 +40696,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
text/plainphone
+ LastWrite
@@ -37941,6 +40720,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
text/plaindesktop
+ LastWrite
@@ -37954,7 +40734,7 @@ Example:
If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support.
Encapsulate each string with greater than and less than characters like any other XML tag.
-Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.
+Version 1703 or later: If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.
@@ -37969,6 +40749,37 @@ Version 1703 or later:  If you don't want to send traffic to Microsoft, yo
text/plainphone
+ LastWrite
+
+
+
+ LockdownFavorites
+
+
+
+
+ This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
+
+If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
+
+Important
+Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+
+If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
@@ -37991,6 +40802,7 @@ Version 1703 or later:  If you don't want to send traffic to Microsoft, yo
text/plain
+ HighestValueMostSecure
@@ -38016,6 +40828,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -38040,6 +40853,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ HighestValueMostSecure
@@ -38062,6 +40876,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ HighestValueMostSecure
@@ -38084,6 +40899,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ HighestValueMostSecure
@@ -38106,6 +40922,37 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ HighestValueMostSecure
+
+
+
+ ProvisionFavorites
+
+
+
+
+ This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
+
+If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
+
+Important
+Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+
+If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LastWrite
@@ -38129,6 +40976,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -38157,6 +41005,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LastWrite
@@ -38180,6 +41029,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -38203,6 +41053,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LowestValueMostSecure
@@ -38245,6 +41096,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecure
@@ -38267,6 +41119,101 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ LetAppsAccessCellularData
+
+
+
+
+ This policy setting specifies whether Windows apps can access cellular data.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ HighestValueMostSecure
+
+
+
+ LetAppsAccessCellularData_ForceAllowTheseApps
+
+
+
+
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LastWrite
+ ;
+
+
+
+ LetAppsAccessCellularData_ForceDenyTheseApps
+
+
+
+
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LastWrite
+ ;
+
+
+
+ LetAppsAccessCellularData_UserInControlOfTheseApps
+
+
+
+
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LastWrite
+ ;
+
+ ShowAppCellularAccessUI
@@ -38290,6 +41237,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
wwansvc.admxwwansvc~AT~Network~WwanSvc_Category~UISettings_CategoryShowAppCellularAccessUI
+ LastWrite
@@ -38332,6 +41280,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecure
@@ -38354,6 +41303,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecure
@@ -38376,6 +41326,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecure
@@ -38398,6 +41349,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecure
@@ -38421,6 +41373,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plaindesktop
+ LowestValueMostSecure
@@ -38444,6 +41397,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plaindesktop
+ LowestValueMostSecure
@@ -38466,6 +41420,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecure
@@ -38488,6 +41443,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecure
@@ -38514,6 +41470,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
ICM.admxICM~AT~System~InternetManagement~InternetManagement_SettingsDisableHTTPPrinting_2
+ LastWrite
@@ -38540,6 +41497,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
ICM.admxICM~AT~System~InternetManagement~InternetManagement_SettingsDisableWebPnPDownload_2
+ LastWrite
@@ -38566,6 +41524,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
ICM.admxICM~AT~System~InternetManagement~InternetManagement_SettingsShellPreventWPWDownload_2
+ LastWrite
@@ -38588,6 +41547,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ HighestValueMostSecure
@@ -38614,6 +41574,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
networkprovider.admxNetworkProvider~AT~Network~Cat_NetworkProviderPol_HardenedPaths
+ LastWrite
@@ -38640,6 +41601,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
NetworkConnections.admxNetworkConnections~AT~Network~NetworkConnectionsNC_AllowNetBridge_NLA
+ LastWrite
@@ -38686,6 +41648,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
credentialproviders.admxCredentialProviders~AT~System~LogonAllowDomainPINLogon
+ LastWrite
@@ -38712,6 +41675,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
credentialproviders.admxCredentialProviders~AT~System~LogonBlockDomainPicturePassword
+ LastWrite
+
+
+
+ EnableWindowsAutoPilotResetCredentials
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
@@ -38758,6 +41745,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
credui.admxCredUI~AT~WindowsComponents~CredUIDisablePasswordReveal
+ LastWrite
@@ -38784,6 +41772,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
credui.admxCredUI~AT~WindowsComponents~CredUIEnumerateAdministrators
+ LastWrite
@@ -38826,6 +41815,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LastWrite
@@ -38848,6 +41838,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LastWrite
@@ -38890,6 +41881,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecure
@@ -38912,6 +41904,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LastWrite
@@ -38957,6 +41950,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
wwansvc.admxwwansvc~AT~Network~WwanSvc_Category~NetworkCost_CategorySetCost3G
+ LastWrite
@@ -38982,6 +41976,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
wwansvc.admxwwansvc~AT~Network~WwanSvc_Category~NetworkCost_CategorySetCost4G
+ LastWrite
@@ -39025,6 +42020,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39048,6 +42044,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39071,6 +42068,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39094,6 +42092,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39117,6 +42116,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39140,6 +42140,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39163,6 +42164,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39186,6 +42188,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39209,6 +42212,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39232,6 +42236,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39255,6 +42260,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39278,6 +42284,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39301,6 +42308,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39324,6 +42332,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39347,6 +42356,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39370,6 +42380,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39393,6 +42404,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39416,6 +42428,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39439,6 +42452,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39462,6 +42476,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39485,6 +42500,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39508,6 +42524,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39531,6 +42548,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39554,6 +42572,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39577,6 +42596,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39600,6 +42620,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39623,6 +42644,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39646,6 +42668,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LowestValueMostSecure
@@ -39669,6 +42692,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39692,6 +42716,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39715,6 +42740,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39738,6 +42764,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39761,6 +42788,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39784,6 +42812,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -39807,6 +42836,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39850,6 +42880,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39873,6 +42904,31 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LowestValueMostSecure
+
+
+
+ DOCacheHost
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
@@ -39896,6 +42952,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39919,6 +42976,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39942,6 +43000,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39965,6 +43024,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -39988,6 +43048,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -40011,6 +43072,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -40034,6 +43096,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -40057,6 +43120,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -40080,6 +43144,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -40103,6 +43168,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -40126,6 +43192,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -40149,6 +43216,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -40172,6 +43240,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -40195,6 +43264,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -40238,6 +43308,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -40261,6 +43332,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LowestValueMostSecureZeroHasNoLimits
@@ -40284,6 +43356,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ HighestValueMostSecure
@@ -40330,6 +43403,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
deviceinstallation.admxDeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_CategoryDeviceInstall_IDs_Deny
+ LastWrite
@@ -40356,6 +43430,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
deviceinstallation.admxDeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_CategoryDeviceInstall_Classes_Deny
+ LastWrite
@@ -40399,6 +43474,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plaindesktop
+ LowestValueMostSecure
@@ -40421,6 +43497,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LastWrite
@@ -40443,6 +43520,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecure
@@ -40465,6 +43543,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecure
@@ -40487,6 +43566,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecure
@@ -40509,6 +43589,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecureZeroHasNoLimits
@@ -40517,7 +43598,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- Specifies how many passwords can be stored in the history that can’t be used.
+ Specifies how many passwords can be stored in the history that can’t be used.0
@@ -40531,6 +43612,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ HighestValueMostSecure
@@ -40554,6 +43636,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plainphone
+ LastWrite
@@ -40576,6 +43659,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LastWrite
@@ -40598,6 +43682,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecureZeroHasNoLimits
@@ -40620,6 +43705,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ LowestValueMostSecureZeroHasNoLimits
@@ -40643,6 +43729,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plaindesktop
+ LowestValueMostSecure
@@ -40665,6 +43752,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ HighestValueMostSecure
@@ -40687,6 +43775,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+ HighestValueMostSecureZeroHasNoLimits
@@ -40714,6 +43803,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plainphone
+ HighestValueMostSecure
@@ -40740,6 +43830,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
ControlPanelDisplay.admxControlPanelDisplay~AT~ControlPanel~PersonalizationCPL_Personalization_NoLockScreenSlideshow
+ LastWrite
@@ -40762,6 +43853,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+ LastWrite
@@ -40805,6 +43897,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plainphone
+ LastWrite
@@ -40828,6 +43921,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plainphone
+ LastWrite
@@ -40874,6 +43968,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
ErrorReporting.admxErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReportingWerConsentCustomize_2
+ LastWrite
@@ -40900,6 +43995,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
ErrorReporting.admxErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReportingWerDisable_2
+ LastWrite
@@ -40926,6 +44022,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
ErrorReporting.admxErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReportingPCH_ShowUI
+ LastWrite
@@ -40952,6 +44049,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
ErrorReporting.admxErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReportingWerNoSecondLevelData_2
+ LastWrite
@@ -40978,6 +44076,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
ErrorReporting.admxErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReportingWerDoNotShowUI
+ LastWrite
@@ -41024,6 +44123,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
eventlog.admxEventLog~AT~WindowsComponents~EventLogCategory~EventLog_ApplicationChannel_Log_Retention_1
+ LastWrite
@@ -41050,6 +44150,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
eventlog.admxEventLog~AT~WindowsComponents~EventLogCategory~EventLog_ApplicationChannel_LogMaxSize_1
+ LastWrite
@@ -41076,6 +44177,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
eventlog.admxEventLog~AT~WindowsComponents~EventLogCategory~EventLog_SecurityChannel_LogMaxSize_2
+ LastWrite
@@ -41102,6 +44204,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
eventlog.admxEventLog~AT~WindowsComponents~EventLogCategory~EventLog_SystemChannel_LogMaxSize_4
+ LastWrite
@@ -41145,6 +44248,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plaindesktop
+ LowestValueMostSecure
@@ -41167,6 +44271,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+ LowestValueMostSecure
@@ -41189,6 +44294,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+ LowestValueMostSecure
@@ -41211,6 +44317,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+ LowestValueMostSecure
@@ -41233,6 +44340,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+ LowestValueMostSecure
@@ -41255,6 +44363,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+ LowestValueMostSecure
@@ -41277,6 +44386,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+ LowestValueMostSecure
@@ -41299,6 +44409,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+ LowestValueMostSecure
@@ -41321,6 +44432,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+ HighestValueMostSecure
@@ -41343,6 +44455,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+ LowestValueMostSecure
@@ -41366,6 +44479,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plaindesktop
+ LowestValueMostSecure
@@ -41389,6 +44503,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plaindesktop
+ LowestValueMostSecure
@@ -41412,6 +44527,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plainphone
+ LowestValueMostSecure
@@ -41434,6 +44550,50 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+ HighestValueMostSecure
+
+
+
+
+ ExploitGuard
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ExploitProtectionSettings
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LastWrite
@@ -41476,6 +44636,51 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+ LowestValueMostSecure
+
+
+
+
+ Handwriting
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ PanelDefaultModeDocked
+
+
+
+
+ Specifies whether the handwriting panel comes up floating near the text box or attached to the bottom of the screen
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LowestValueMostSecure
@@ -41522,6 +44727,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerAddSearchProvider
+ LastWrite
@@ -41548,6 +44754,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerTurnOnActiveXFiltering
+ LastWrite
@@ -41574,6 +44781,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagementAddonManagement_AddOnList
+ LastWrite
@@ -41600,6 +44808,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyWarnCertMismatch
+ LastWrite
@@ -41626,6 +44835,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistoryDBHDisableDeleteOnExit
+ LastWrite
@@ -41652,6 +44862,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_EnableEnhancedProtectedMode
+ LastWrite
@@ -41678,6 +44889,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerEnterpriseModeEnable
+ LastWrite
@@ -41704,6 +44916,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerEnterpriseModeSiteList
+ LastWrite
@@ -41730,10 +44943,11 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeaturesAdvanced_EnableSSL3Fallback
+ LastWrite
- AllowInternetExplorer7PolicyList
+ AllowInternetExplorer7PolicyList
@@ -41756,6 +44970,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~CategoryCompatViewCompatView_UsePolicyList
+ LastWrite
@@ -41782,6 +44997,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~CategoryCompatViewCompatView_IntranetSites
+ LastWrite
@@ -41808,6 +45024,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyInternetZoneTemplate
+ LastWrite
@@ -41834,6 +45051,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyIntranetZoneTemplate
+ LastWrite
@@ -41860,6 +45078,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyLocalMachineZoneTemplate
+ LastWrite
@@ -41886,6 +45105,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyInternetZoneLockdownTemplate
+ LastWrite
@@ -41912,6 +45132,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyIntranetZoneLockdownTemplate
+ LastWrite
@@ -41938,6 +45159,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyLocalMachineZoneLockdownTemplate
+ LastWrite
@@ -41964,6 +45186,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyRestrictedSitesZoneLockdownTemplate
+ LastWrite
@@ -41990,6 +45213,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetSettings~Advanced~BrowsingUseIntranetSiteForOneWordEntry
+ LastWrite
@@ -42016,6 +45240,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_Zonemaps
+ LastWrite
@@ -42042,6 +45267,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyTrustedSitesZoneLockdownTemplate
+ LastWrite
@@ -42068,6 +45294,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_InvalidSignatureBlock
+ LastWrite
@@ -42094,6 +45321,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyRestrictedSitesZoneTemplate
+ LastWrite
@@ -42120,6 +45348,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerEnableSuggestedSites
+ LastWrite
@@ -42146,6 +45375,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_PolicyTrustedSitesZoneTemplate
+ LastWrite
@@ -42172,6 +45402,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_CertificateRevocation
+ LastWrite
@@ -42198,6 +45429,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_DownloadSignatures
+ LastWrite
@@ -42224,6 +45456,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryBinaryBehaviorSecurityRestrictionIESF_PolicyExplorerProcesses_2
+ LastWrite
@@ -42250,6 +45483,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagementDisableFlashInIE
+ LastWrite
@@ -42276,6 +45510,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagementVerMgmtDisable
+ LastWrite
@@ -42300,6 +45535,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ DisableSafetyFilterOverride
+ LastWrite
@@ -42324,6 +45562,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ DisableSafetyFilterOverrideForAppRepUnknown
+ LastWrite
@@ -42350,6 +45591,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistoryRestrictHistory
+ LastWrite
@@ -42374,6 +45616,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ AddonManagement_RestrictCrashDetection
+ LastWrite
@@ -42400,10 +45645,11 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerSQM_DisableCEIP
+ LastWrite
- DisableDeletingUserVisitedWebsites
+ DisableDeletingUserVisitedWebsites
@@ -42426,6 +45672,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistoryDBHDisableDeleteHistory
+ LastWrite
@@ -42452,6 +45699,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~RSS_FeedsDisable_Downloading_of_Enclosures
+ LastWrite
@@ -42478,6 +45726,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_SetWinInetProtocols
+ LastWrite
@@ -42504,6 +45753,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerNoFirstRunCustomise
+ LastWrite
@@ -42530,6 +45780,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_DisableFlipAhead
+ LastWrite
@@ -42556,6 +45807,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPLNoCertError
+ LastWrite
@@ -42582,6 +45834,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~CategoryPrivacyDisableInPrivateBrowsing
+ LastWrite
@@ -42608,6 +45861,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_EnableEnhancedProtectedMode64Bit
+ LastWrite
@@ -42632,6 +45886,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ RestrictProxy
+ LastWrite
@@ -42658,6 +45915,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerNoSearchProvider
+ LastWrite
@@ -42684,6 +45942,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerSecondaryHomePages
+ LastWrite
@@ -42710,6 +45969,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerDisable_Security_Settings_Check
+ LastWrite
@@ -42736,6 +45996,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerNoUpdateCheck
+ LastWrite
@@ -42762,6 +46023,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPageAdvanced_DisableEPMCompat
+ LastWrite
@@ -42788,6 +46050,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerSecurity_zones_map_edit
+ LastWrite
@@ -42814,6 +46077,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerSecurity_options_edit
+ LastWrite
@@ -42840,6 +46104,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagementVerMgmtDisable
+ LastWrite
@@ -42866,6 +46131,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagementVerMgmtDomainAllowlist
+ LastWrite
@@ -42892,6 +46158,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_IncludeUnspecifiedLocalSites
+ LastWrite
@@ -42918,6 +46185,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPageIZ_UNCAsIntranet
+ LastWrite
@@ -42944,6 +46212,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyAccessDataSourcesAcrossDomains_1
+ LastWrite
@@ -42970,6 +46239,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyNotificationBarActiveXURLaction_1
+ LastWrite
@@ -42996,6 +46266,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyNotificationBarDownloadURLaction_1
+ LastWrite
@@ -43022,6 +46293,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyAllowPasteViaScript_1
+ LastWrite
@@ -43048,6 +46320,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyDropOrPasteFiles_1
+ LastWrite
@@ -43074,6 +46347,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyFontDownload_1
+ LastWrite
@@ -43100,10 +46374,11 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyZoneElevationURLaction_1
+ LastWrite
- InternetZoneAllowLoadingOfXAMLFilesWRONG
+ InternetZoneAllowLoadingOfXAMLFiles
@@ -43126,6 +46401,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_XAML_1
+ LastWrite
@@ -43152,6 +46428,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_1
+ LastWrite
@@ -43176,8 +46453,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
- IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Intranet
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet
+ LastWrite
@@ -43202,8 +46480,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
- IZ_PolicyAllowTDCControl_Both_LocalMachine
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyAllowTDCControl_Both_Internet
+ LastWrite
@@ -43230,6 +46509,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_WebBrowserControl_1
+ LastWrite
@@ -43254,8 +46534,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
- IZ_PolicyWindowsRestrictionsURLaction_6
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyWindowsRestrictionsURLaction_1
+ LastWrite
@@ -43282,6 +46563,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_AllowScriptlets_1
+ LastWrite
@@ -43308,6 +46590,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_Phishing_1
+ LastWrite
@@ -43334,6 +46617,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_ScriptStatusBar_1
+ LastWrite
@@ -43360,10 +46644,11 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyUserdataPersistence_1
+ LastWrite
- InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1
+ InternetZoneDoNotRunAntimalwareAgainstActiveXControls
@@ -43386,32 +46671,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyAntiMalwareCheckingOfActiveXControls_1
-
-
-
- InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
- IZ_PolicyAntiMalwareCheckingOfActiveXControls_3
+ LastWrite
@@ -43436,8 +46696,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
- IZ_PolicyDownloadSignedActiveX_3
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyDownloadSignedActiveX_1
+ LastWrite
@@ -43464,6 +46725,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyDownloadUnsignedActiveX_1
+ LastWrite
@@ -43488,8 +46750,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
- IZ_PolicyTurnOnXSSFilter_Both_LocalMachine
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyTurnOnXSSFilter_Both_Internet
+ LastWrite
@@ -43516,6 +46779,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet
+ LastWrite
@@ -43542,6 +46806,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet
+ LastWrite
@@ -43568,6 +46833,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyMimeSniffingURLaction_1
+ LastWrite
@@ -43592,8 +46858,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
- IZ_Policy_TurnOnProtectedMode_2
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_Policy_TurnOnProtectedMode_1
+ LastWrite
@@ -43620,6 +46887,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_LocalPathForUpload_1
+ LastWrite
@@ -43646,36 +46914,11 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyScriptActiveXNotMarkedSafe_1
+ LastWrite
- InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyScriptActiveXNotMarkedSafe_1
-
-
-
- InternetZoneJavaPermissionsWRONG1
+ InternetZoneJavaPermissions
@@ -43698,32 +46941,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyJavaPermissions_1
-
-
-
- InternetZoneJavaPermissionsWRONG2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
- IZ_PolicyJavaPermissions_3
+ LastWrite
@@ -43750,6 +46968,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyLaunchAppsAndFilesInIFRAME_1
+ LastWrite
@@ -43776,6 +46995,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyLogon_1
+ LastWrite
@@ -43802,6 +47022,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyNavigateSubframesAcrossDomains_1
+ LastWrite
@@ -43828,6 +47049,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_1
+ LastWrite
@@ -43854,6 +47076,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicySignedFrameworkComponentsURLaction_1
+ LastWrite
@@ -43880,6 +47103,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_Policy_UnsafeFiles_1
+ LastWrite
@@ -43906,6 +47130,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyBlockPopupWindows_1
+ LastWrite
@@ -43932,6 +47157,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneIZ_PolicyZoneElevationURLaction_1
+ LastWrite
@@ -43958,6 +47184,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyAccessDataSourcesAcrossDomains_3
+ LastWrite
@@ -43984,6 +47211,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyNotificationBarActiveXURLaction_3
+ LastWrite
@@ -44010,6 +47238,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyNotificationBarDownloadURLaction_3
+ LastWrite
@@ -44036,6 +47265,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyFontDownload_3
+ LastWrite
@@ -44062,6 +47292,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyZoneElevationURLaction_3
+ LastWrite
@@ -44088,6 +47319,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_3
+ LastWrite
@@ -44114,6 +47346,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_Policy_AllowScriptlets_3
+ LastWrite
@@ -44140,6 +47373,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_Policy_Phishing_3
+ LastWrite
@@ -44166,6 +47400,34 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyUserdataPersistence_3
+ LastWrite
+
+
+
+ IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_3
+ LastWrite
@@ -44192,6 +47454,61 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyScriptActiveXNotMarkedSafe_3
+ LastWrite
+
+
+
+ IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyScriptActiveXNotMarkedSafe_3
+ LastWrite
+
+
+
+ IntranetZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyJavaPermissions_3
+ LastWrite
@@ -44218,6 +47535,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneIZ_PolicyNavigateSubframesAcrossDomains_3
+ LastWrite
@@ -44244,6 +47562,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyAccessDataSourcesAcrossDomains_9
+ LastWrite
@@ -44270,6 +47589,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyNotificationBarActiveXURLaction_9
+ LastWrite
@@ -44296,6 +47616,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyNotificationBarDownloadURLaction_9
+ LastWrite
@@ -44322,6 +47643,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyFontDownload_9
+ LastWrite
@@ -44348,6 +47670,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyZoneElevationURLaction_9
+ LastWrite
@@ -44374,6 +47697,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_9
+ LastWrite
@@ -44400,6 +47724,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_Policy_AllowScriptlets_9
+ LastWrite
@@ -44426,6 +47751,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_Policy_Phishing_9
+ LastWrite
@@ -44452,6 +47778,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyUserdataPersistence_9
+ LastWrite
@@ -44476,8 +47803,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone~IZ_LocalMachineZone
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyAntiMalwareCheckingOfActiveXControls_9
+ LastWrite
@@ -44504,6 +47832,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyScriptActiveXNotMarkedSafe_9
+ LastWrite
@@ -44530,6 +47859,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyJavaPermissions_9
+ LastWrite
@@ -44556,6 +47886,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneIZ_PolicyNavigateSubframesAcrossDomains_9
+ LastWrite
@@ -44582,6 +47913,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyAccessDataSourcesAcrossDomains_2
+ LastWrite
@@ -44608,6 +47940,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyNotificationBarActiveXURLaction_2
+ LastWrite
@@ -44634,6 +47967,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyNotificationBarDownloadURLaction_2
+ LastWrite
@@ -44660,6 +47994,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyFontDownload_2
+ LastWrite
@@ -44686,6 +48021,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyZoneElevationURLaction_2
+ LastWrite
@@ -44712,6 +48048,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyUnsignedFrameworkComponentsURLaction_2
+ LastWrite
@@ -44738,6 +48075,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_Policy_AllowScriptlets_2
+ LastWrite
@@ -44764,6 +48102,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_Policy_Phishing_2
+ LastWrite
@@ -44790,6 +48129,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyUserdataPersistence_2
+ LastWrite
@@ -44816,6 +48156,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyScriptActiveXNotMarkedSafe_2
+ LastWrite
@@ -44842,6 +48183,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyJavaPermissions_2
+ LastWrite
@@ -44868,6 +48210,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdownIZ_PolicyNavigateSubframesAcrossDomains_2
+ LastWrite
@@ -44894,6 +48237,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyAccessDataSourcesAcrossDomains_4
+ LastWrite
@@ -44920,6 +48264,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyNotificationBarActiveXURLaction_4
+ LastWrite
@@ -44946,6 +48291,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyNotificationBarDownloadURLaction_4
+ LastWrite
@@ -44972,6 +48318,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyFontDownload_4
+ LastWrite
@@ -44998,6 +48345,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyZoneElevationURLaction_4
+ LastWrite
@@ -45024,6 +48372,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyUnsignedFrameworkComponentsURLaction_4
+ LastWrite
@@ -45050,6 +48399,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_Policy_AllowScriptlets_4
+ LastWrite
@@ -45076,6 +48426,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_Policy_Phishing_4
+ LastWrite
@@ -45102,6 +48453,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyUserdataPersistence_4
+ LastWrite
@@ -45128,6 +48480,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyScriptActiveXNotMarkedSafe_4
+ LastWrite
@@ -45154,6 +48507,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdownIZ_PolicyNavigateSubframesAcrossDomains_4
+ LastWrite
@@ -45180,6 +48534,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyAccessDataSourcesAcrossDomains_10
+ LastWrite
@@ -45206,6 +48561,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyNotificationBarActiveXURLaction_10
+ LastWrite
@@ -45232,6 +48588,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyNotificationBarDownloadURLaction_10
+ LastWrite
@@ -45258,6 +48615,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyFontDownload_10
+ LastWrite
@@ -45284,6 +48642,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyZoneElevationURLaction_10
+ LastWrite
@@ -45310,6 +48669,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyUnsignedFrameworkComponentsURLaction_10
+ LastWrite
@@ -45336,6 +48696,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_Policy_AllowScriptlets_10
+ LastWrite
@@ -45362,6 +48723,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_Policy_Phishing_10
+ LastWrite
@@ -45388,6 +48750,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyUserdataPersistence_10
+ LastWrite
@@ -45414,6 +48777,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyScriptActiveXNotMarkedSafe_10
+ LastWrite
@@ -45440,6 +48804,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyJavaPermissions_10
+ LastWrite
@@ -45466,6 +48831,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdownIZ_PolicyNavigateSubframesAcrossDomains_10
+ LastWrite
@@ -45492,6 +48858,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyAccessDataSourcesAcrossDomains_8
+ LastWrite
@@ -45518,6 +48885,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyNotificationBarActiveXURLaction_8
+ LastWrite
@@ -45544,6 +48912,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyNotificationBarDownloadURLaction_8
+ LastWrite
@@ -45570,6 +48939,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyFontDownload_8
+ LastWrite
@@ -45596,6 +48966,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyZoneElevationURLaction_8
+ LastWrite
@@ -45622,6 +48993,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyUnsignedFrameworkComponentsURLaction_8
+ LastWrite
@@ -45648,6 +49020,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_Policy_AllowScriptlets_8
+ LastWrite
@@ -45674,6 +49047,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_Policy_Phishing_8
+ LastWrite
@@ -45700,6 +49074,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyUserdataPersistence_8
+ LastWrite
@@ -45726,6 +49101,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyScriptActiveXNotMarkedSafe_8
+ LastWrite
@@ -45752,6 +49128,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyJavaPermissions_8
+ LastWrite
@@ -45778,6 +49155,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdownIZ_PolicyNavigateSubframesAcrossDomains_8
+ LastWrite
@@ -45804,6 +49182,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyAccessDataSourcesAcrossDomains_6
+ LastWrite
@@ -45830,6 +49209,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyNotificationBarActiveXURLaction_6
+ LastWrite
@@ -45856,6 +49236,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyNotificationBarDownloadURLaction_6
+ LastWrite
@@ -45882,6 +49263,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyFontDownload_6
+ LastWrite
@@ -45908,6 +49290,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyZoneElevationURLaction_6
+ LastWrite
@@ -45934,6 +49317,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyUnsignedFrameworkComponentsURLaction_6
+ LastWrite
@@ -45960,6 +49344,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_Policy_AllowScriptlets_6
+ LastWrite
@@ -45986,6 +49371,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_Policy_Phishing_6
+ LastWrite
@@ -46012,6 +49398,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyUserdataPersistence_6
+ LastWrite
@@ -46038,6 +49425,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyScriptActiveXNotMarkedSafe_6
+ LastWrite
@@ -46064,6 +49452,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyJavaPermissions_6
+ LastWrite
@@ -46090,6 +49479,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdownIZ_PolicyNavigateSubframesAcrossDomains_6
+ LastWrite
@@ -46116,6 +49506,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMimeSniffingSafetyFeatureIESF_PolicyExplorerProcesses_6
+ LastWrite
@@ -46142,6 +49533,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMKProtocolSecurityRestrictionIESF_PolicyExplorerProcesses_3
+ LastWrite
@@ -46168,6 +49560,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryInformationBarIESF_PolicyExplorerProcesses_10
+ LastWrite
@@ -46192,8 +49585,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyDownloadSignedActiveX_1
+ inetres~AT~WindowsComponents~InternetExplorer
+ Disable_Managing_Safety_Filter_IE9
+ LastWrite
@@ -46220,6 +49614,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerDisablePerUserActiveXInstall
+ LastWrite
@@ -46246,6 +49641,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryProtectionFromZoneElevationIESF_PolicyAllProcesses_9
+ LastWrite
@@ -46272,6 +49668,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagementVerMgmtDisableRunThisTime
+ LastWrite
@@ -46298,6 +49695,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictActiveXInstallIESF_PolicyAllProcesses_11
+ LastWrite
@@ -46324,6 +49722,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyAccessDataSourcesAcrossDomains_7
+ LastWrite
@@ -46348,8 +49747,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyActiveScripting_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyActiveScripting_7
+ LastWrite
@@ -46376,6 +49776,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyNotificationBarActiveXURLaction_7
+ LastWrite
@@ -46402,6 +49803,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyNotificationBarDownloadURLaction_7
+ LastWrite
@@ -46426,8 +49828,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyBinaryBehaviors_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyBinaryBehaviors_7
+ LastWrite
@@ -46454,6 +49857,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyAllowPasteViaScript_7
+ LastWrite
@@ -46480,6 +49884,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyDropOrPasteFiles_7
+ LastWrite
@@ -46504,12 +49909,13 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyFileDownload_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyFileDownload_7
+ LastWrite
- RestrictedSitesZoneAllowFontDownloadsWRONG1
+ RestrictedSitesZoneAllowFontDownloads
@@ -46532,32 +49938,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyFontDownload_7
-
-
-
- RestrictedSitesZoneAllowFontDownloadsWRONG2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyFontDownload_1
+ LastWrite
@@ -46584,6 +49965,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyZoneElevationURLaction_7
+ LastWrite
@@ -46610,6 +49992,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_XAML_7
+ LastWrite
@@ -46634,8 +50017,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyAllowMETAREFRESH_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyAllowMETAREFRESH_7
+ LastWrite
@@ -46662,6 +50046,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_7
+ LastWrite
@@ -46688,6 +50073,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted
+ LastWrite
@@ -46714,6 +50100,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyAllowTDCControl_Both_Restricted
+ LastWrite
@@ -46740,6 +50127,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_WebBrowserControl_7
+ LastWrite
@@ -46766,6 +50154,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyWindowsRestrictionsURLaction_7
+ LastWrite
@@ -46792,6 +50181,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_AllowScriptlets_7
+ LastWrite
@@ -46818,6 +50208,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_Phishing_7
+ LastWrite
@@ -46844,6 +50235,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_ScriptStatusBar_7
+ LastWrite
@@ -46870,6 +50262,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyUserdataPersistence_7
+ LastWrite
@@ -46896,6 +50289,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyAntiMalwareCheckingOfActiveXControls_7
+ LastWrite
@@ -46922,6 +50316,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyDownloadSignedActiveX_7
+ LastWrite
@@ -46948,6 +50343,34 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyDownloadUnsignedActiveX_7
+ LastWrite
+
+
+
+ RestrictedSitesZoneEnableCrossSiteScriptingFilter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyTurnOnXSSFilter_Both_Restricted
+ LastWrite
@@ -46974,6 +50397,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted
+ LastWrite
@@ -47000,6 +50424,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted
+ LastWrite
@@ -47026,6 +50451,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyMimeSniffingURLaction_7
+ LastWrite
@@ -47052,6 +50478,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_LocalPathForUpload_7
+ LastWrite
@@ -47078,6 +50505,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyScriptActiveXNotMarkedSafe_7
+ LastWrite
@@ -47104,6 +50532,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyJavaPermissions_7
+ LastWrite
@@ -47130,6 +50559,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyLaunchAppsAndFilesInIFRAME_7
+ LastWrite
@@ -47156,6 +50586,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyLogon_7
+ LastWrite
@@ -47182,6 +50613,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyNavigateSubframesAcrossDomains_7
+ LastWrite
@@ -47206,8 +50638,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyNavigateSubframesAcrossDomains_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyNavigateSubframesAcrossDomains_7
+ LastWrite
@@ -47232,8 +50665,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyRunActiveXControls_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyRunActiveXControls_7
+ LastWrite
@@ -47260,6 +50694,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicySignedFrameworkComponentsURLaction_7
+ LastWrite
@@ -47284,12 +50719,13 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyScriptActiveXMarkedSafe_1
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyScriptActiveXMarkedSafe_7
+ LastWrite
- RestrictedSitesZoneWRONG
+ RestrictedSitesZoneScriptingOfJavaApplets
@@ -47310,12 +50746,13 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
phoneinetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
- IZ_PolicyScriptingOfJavaApplets_6
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyScriptingOfJavaApplets_7
+ LastWrite
- RestrictedSitesZoneWRONG2
+ RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
@@ -47338,10 +50775,11 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_UnsafeFiles_7
+ LastWrite
- RestrictedSitesZoneWRONG3
+ RestrictedSitesZoneTurnOnCrossSiteScriptingFilter
@@ -47364,10 +50802,11 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyTurnOnXSSFilter_Both_Restricted
+ LastWrite
- RestrictedSitesZoneWRONG4
+ RestrictedSitesZoneTurnOnProtectedMode
@@ -47390,10 +50829,11 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_Policy_TurnOnProtectedMode_7
+ LastWrite
- RestrictedSitesZoneWRONG5
+ RestrictedSitesZoneUsePopupBlocker
@@ -47416,6 +50856,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneIZ_PolicyBlockPopupWindows_7
+ LastWrite
@@ -47442,6 +50883,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictFileDownloadIESF_PolicyAllProcesses_12
+ LastWrite
@@ -47468,6 +50910,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryScriptedWindowSecurityRestrictionsIESF_PolicyAllProcesses_8
+ LastWrite
@@ -47494,10 +50937,11 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerSpecificSearchProvider
+ LastWrite
- SecurityZonesUseOnlyMachineSettings
+ SecurityZonesUseOnlyMachineSettings
@@ -47520,6 +50964,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerSecurity_HKLM_only
+ LastWrite
@@ -47546,6 +50991,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorerOnlyUseAXISForActiveXInstall
+ LastWrite
@@ -47572,6 +51018,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyAccessDataSourcesAcrossDomains_5
+ LastWrite
@@ -47598,6 +51045,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyNotificationBarActiveXURLaction_5
+ LastWrite
@@ -47624,6 +51072,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyNotificationBarDownloadURLaction_5
+ LastWrite
@@ -47650,6 +51099,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyFontDownload_5
+ LastWrite
@@ -47676,6 +51126,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyZoneElevationURLaction_5
+ LastWrite
@@ -47702,6 +51153,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyUnsignedFrameworkComponentsURLaction_5
+ LastWrite
@@ -47728,6 +51180,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_Policy_AllowScriptlets_5
+ LastWrite
@@ -47754,6 +51207,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_Policy_Phishing_5
+ LastWrite
@@ -47780,6 +51234,61 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyUserdataPersistence_5
+ LastWrite
+
+
+
+ TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_5
+ LastWrite
+
+
+
+ TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_5
+ LastWrite
@@ -47806,6 +51315,61 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyScriptActiveXNotMarkedSafe_5
+ LastWrite
+
+
+
+ TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyScriptActiveXNotMarkedSafe_5
+ LastWrite
+
+
+
+ TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyScriptActiveXNotMarkedSafe_5
+ LastWrite
@@ -47832,6 +51396,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyJavaPermissions_5
+ LastWrite
@@ -47858,58 +51423,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
inetres.admxinetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneIZ_PolicyNavigateSubframesAcrossDomains_5
-
-
-
- TrustedSitesZoneWRONG1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
- IZ_PolicyAntiMalwareCheckingOfActiveXControls_5
-
-
-
- TrustedSitesZoneWRONG2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
- IZ_PolicyScriptActiveXNotMarkedSafe_5
+ LastWrite
@@ -47956,6 +51470,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
Kerberos.admxKerberos~AT~System~kerberosForestSearch
+ LastWrite
@@ -47982,6 +51497,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
Kerberos.admxKerberos~AT~System~kerberosEnableCbacAndArmor
+ LastWrite
@@ -48008,6 +51524,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
Kerberos.admxKerberos~AT~System~kerberosClientRequireFast
+ LastWrite
@@ -48034,6 +51551,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
Kerberos.admxKerberos~AT~System~kerberosValidateKDC
+ LastWrite
@@ -48060,6 +51578,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
Kerberos.admxKerberos~AT~System~kerberosMaxTokenSize
+ LastWrite
@@ -48103,6 +51622,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plainphone
+ LowestValueMostSecure
@@ -48126,6 +51646,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plainphone
+ LowestValueMostSecure
@@ -48156,9 +51677,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
This policy setting prevents users from adding new Microsoft accounts on this computer.
-If you select the "Users can’t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
+If you select the "Users can’t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
-If you select the "Users can’t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
+If you select the "Users can’t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows.0
@@ -48175,6 +51696,7 @@ If you disable or do not configure this policy (recommended), users will be able
text/plainphone
+ LastWrite
@@ -48206,7 +51728,8 @@ Default: Disabled.
text/plain
- desktop
+ phone
+ LastWrite
@@ -48233,7 +51756,8 @@ Note: If the Guest account is disabled and the security option Network Access: S
text/plain
- desktop
+ phone
+ LastWrite
@@ -48272,6 +51796,7 @@ It is possible for applications that use remote interactive logons to bypass thi
text/plainphone
+ LastWrite
@@ -48285,7 +51810,7 @@ It is possible for applications that use remote interactive logons to bypass thi
This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination.
Default: Administrator.
-
+ Administrator
@@ -48299,6 +51824,7 @@ Default: Administrator.
text/plainphone
+ LastWrite
@@ -48312,7 +51838,7 @@ Default: Administrator.
This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.
Default: Guest.
-
+ Guest
@@ -48326,6 +51852,131 @@ Default: Guest.
text/plainphone
+ LastWrite
+
+
+
+ Devices_AllowedToFormatAndEjectRemovableMedia
+
+
+
+
+ Devices: Allowed to format and eject removable media
+
+This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to:
+
+Administrators
+Administrators and Interactive Users
+
+Default: This policy is not defined and only Administrators have this ability.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
+
+
+
+ Devices_AllowUndockWithoutHavingToLogon
+
+
+
+
+ Devices: Allow undock without having to log on
+This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer.
+Default: Enabled.
+
+Caution
+Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
+
+
+
+ Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
+
+
+
+
+ Devices: Prevent users from installing printer drivers when connecting to shared printers
+
+For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer.
+
+Default on servers: Enabled.
+Default on workstations: Disabled
+
+Notes
+
+This setting does not affect the ability to add a local printer.
+This setting does not affect Administrators.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
+
+
+
+ Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
+
+
+
+
+ Devices: Restrict CD-ROM access to locally logged-on user only
+
+This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously.
+
+If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can be accessed over the network.
+
+Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
@@ -48352,10 +52003,11 @@ Do not display user information (3)
text/plainphone
+ LastWrite
- Interactivelogon_DoNotDisplayLastSignedIn
+ InteractiveLogon_DoNotDisplayLastSignedIn
@@ -48381,10 +52033,11 @@ Default: Disabled.
text/plainphone
+ LastWrite
- Interactivelogon_DoNotDisplayUsernameAtSignIn
+ InteractiveLogon_DoNotDisplayUsernameAtSignIn
@@ -48396,7 +52049,7 @@ If this policy is enabled, the username will not be shown.
If this policy is disabled, the username will be shown.
Default: Disabled.
- 0
+ 1
@@ -48410,10 +52063,11 @@ Default: Disabled.
text/plainphone
+ LastWrite
- Interactivelogon_DoNotRequireCTRLALTDEL
+ InteractiveLogon_DoNotRequireCTRLALTDEL
@@ -48442,6 +52096,7 @@ Default on stand-alone computers: Enabled.
text/plainphone
+ LastWrite
@@ -48468,6 +52123,8 @@ Default: not enforced.
text/plain
+ phone
+ LastWrite
@@ -48497,6 +52154,8 @@ Default: No message.
text/plainphone
+ LastWrite
+ 0xF000
@@ -48524,6 +52183,7 @@ Default: No message.
text/plainphone
+ LastWrite
@@ -48553,6 +52213,7 @@ Default: Disabled.
text/plainphone
+ LastWrite
@@ -48582,6 +52243,7 @@ Default: Enabled.
text/plainphone
+ LastWrite
@@ -48611,6 +52273,7 @@ This policy is supported on at least Windows Server 2016.
text/plainphone
+ LastWrite
@@ -48636,6 +52299,7 @@ This policy will be turned off by default on domain joined machines. This would
text/plainphone
+ LastWrite
@@ -48663,6 +52327,40 @@ Default: This policy is not defined and automatic administrative logon is not al
text/plainphone
+ LastWrite
+
+
+
+ Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
+
+
+
+
+ Shutdown: Allow system to be shut down without having to log on
+
+This security setting determines whether a computer can be shut down without having to log on to Windows.
+
+When this policy is enabled, the Shut Down command is available on the Windows logon screen.
+
+When this policy is disabled, the option to shut down the computer does not appear on the Windows logon screen. In this case, users must be able to log on to the computer successfully and have the Shut down the system user right before they can perform a system shutdown.
+
+Default on workstations: Enabled.
+Default on servers: Disabled.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
@@ -48694,6 +52392,7 @@ Default: Disabled.
text/plainphone
+ LastWrite
@@ -48706,10 +52405,10 @@ Default: Disabled.
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
-• Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
+• Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
-• Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
- 1
+• Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
+ 0
@@ -48723,6 +52422,7 @@ This policy setting controls whether User Interface Accessibility (UIAccess or U
text/plainphone
+ LastWrite
@@ -48737,18 +52437,18 @@ This policy setting controls the behavior of the elevation prompt for administra
The options are:
-• Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments.
+• Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments.
-• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
+• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
-• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
-• Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+• Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
-• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
- 0
+• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+ 5
@@ -48762,6 +52462,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -48775,12 +52476,12 @@ This policy setting controls the behavior of the elevation prompt for standard u
The options are:
-• Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+• Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-• Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
+• Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
-• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
- 0
+• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+ 3
@@ -48794,6 +52495,39 @@ The options are:
text/plainphone
+ LastWrite
+
+
+
+ UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
+
+
+
+
+ User Account Control: Detect application installations and prompt for elevation
+
+This policy setting controls the behavior of application installation detection for the computer.
+
+The options are:
+
+Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+
+Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
@@ -48808,77 +52542,9 @@ This policy setting enforces public key infrastructure (PKI) signature checks fo
The options are:
-• Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run.
+• Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run.
-• Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.
- 1
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
-
-
-
- UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
-
-
-
-
- User Account Control: Only elevate UIAccess applications that are installed in secure locations
-
-This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:
-
-- …\Program Files\, including subfolders
-- …\Windows\system32\
-- …\Program Files (x86)\, including subfolders for 64-bit versions of Windows
-
-Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting.
-
-The options are:
-
-• Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
-
-• Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.
- 1
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
-
-
-
- UserAccountControl_RunAllAdministratorsInAdminApprovalMode
-
-
-
-
- User Account Control: Turn on Admin Approval Mode
-
-This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
-
-The options are:
-
-• Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
-
-• Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+• Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.
0
@@ -48893,6 +52559,77 @@ The options are:
text/plainphone
+ LastWrite
+
+
+
+ UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
+
+
+
+
+ User Account Control: Only elevate UIAccess applications that are installed in secure locations
+
+This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:
+
+- …\Program Files\, including subfolders
+- …\Windows\system32\
+- …\Program Files (x86)\, including subfolders for 64-bit versions of Windows
+
+Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting.
+
+The options are:
+
+• Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
+
+• Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
+
+
+
+ UserAccountControl_RunAllAdministratorsInAdminApprovalMode
+
+
+
+
+ User Account Control: Turn on Admin Approval Mode
+
+This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
+
+The options are:
+
+• Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
+
+• Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
@@ -48907,9 +52644,9 @@ This policy setting controls whether the elevation request prompt is displayed o
The options are:
-• Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
+• Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
-• Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
+• Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
1
@@ -48924,6 +52661,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -48938,10 +52676,10 @@ This policy setting controls the behavior of Admin Approval Mode for the built-i
The options are:
-• Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation.
+• Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation.
-• Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.
- 1
+• Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.
+ 0
@@ -48955,6 +52693,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -48969,9 +52708,9 @@ This policy setting controls whether application write failures are redirected t
The options are:
-• Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry.
+• Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry.
-• Disabled: Applications that write data to protected locations fail.
+• Disabled: Applications that write data to protected locations fail.
1
@@ -48986,6 +52725,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -49028,6 +52768,7 @@ The options are:
text/plain
+ LastWrite
@@ -49071,6 +52812,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -49113,6 +52855,7 @@ The options are:
text/plain
+ LastWrite
@@ -49135,6 +52878,7 @@ The options are:
text/plain
+ LastWrite
@@ -49178,6 +52922,7 @@ The options are:
text/plaindesktop
+ LowestValueMostSecure
@@ -49201,6 +52946,7 @@ The options are:
text/plaindesktop
+ LowestValueMostSecure
@@ -49224,6 +52970,7 @@ The options are:
text/plaindesktop
+ LowestValueMostSecure
@@ -49266,6 +53013,7 @@ The options are:
text/plain
+ LastWrite
@@ -49288,6 +53036,7 @@ The options are:
text/plain
+ LastWrite
@@ -49310,6 +53059,7 @@ The options are:
text/plain
+ LastWrite
@@ -49332,6 +53082,7 @@ The options are:
text/plain
+ LastWrite
@@ -49354,6 +53105,7 @@ The options are:
text/plain
+ LastWrite
@@ -49376,6 +53128,7 @@ The options are:
text/plain
+ LastWrite
@@ -49398,6 +53151,7 @@ The options are:
text/plain
+ LastWrite
@@ -49420,6 +53174,7 @@ The options are:
text/plain
+ LastWrite
@@ -49466,6 +53221,7 @@ The options are:
power.admxPower~AT~System~PowerManagementCat~PowerSleepSettingsCatAllowStandbyStatesAC_2
+ LastWrite
@@ -49492,6 +53248,7 @@ The options are:
power.admxPower~AT~System~PowerManagementCat~PowerVideoSettingsCatVideoPowerDownTimeOutDC_2
+ LastWrite
@@ -49518,6 +53275,7 @@ The options are:
power.admxPower~AT~System~PowerManagementCat~PowerVideoSettingsCatVideoPowerDownTimeOutAC_2
+ LastWrite
@@ -49544,6 +53302,7 @@ The options are:
power.admxPower~AT~System~PowerManagementCat~PowerSleepSettingsCatDCHibernateTimeOut_2
+ LastWrite
@@ -49570,6 +53329,7 @@ The options are:
power.admxPower~AT~System~PowerManagementCat~PowerSleepSettingsCatACHibernateTimeOut_2
+ LastWrite
@@ -49596,6 +53356,7 @@ The options are:
power.admxPower~AT~System~PowerManagementCat~PowerSleepSettingsCatDCPromptForPasswordOnResume_2
+ LastWrite
@@ -49622,6 +53383,7 @@ The options are:
power.admxPower~AT~System~PowerManagementCat~PowerSleepSettingsCatACPromptForPasswordOnResume_2
+ LastWrite
@@ -49648,6 +53410,7 @@ The options are:
power.admxPower~AT~System~PowerManagementCat~PowerSleepSettingsCatDCStandbyTimeOut_2
+ LastWrite
@@ -49674,6 +53437,7 @@ The options are:
power.admxPower~AT~System~PowerManagementCat~PowerSleepSettingsCatACStandbyTimeOut_2
+ LastWrite
@@ -49720,6 +53484,7 @@ The options are:
Printing.admxPrinting~AT~ControlPanel~CplPrintersPointAndPrint_Restrictions_Win7
+ LastWrite
@@ -49746,6 +53511,7 @@ The options are:
Printing2.admxPrinting2~AT~PrintersPublishPrinters
+ LastWrite
@@ -49788,7 +53554,7 @@ The options are:
text/plain
- desktop
+ LowestValueMostSecure
@@ -49812,6 +53578,7 @@ The options are:
text/plain10.0.10240
+ LowestValueMostSecure
@@ -49834,6 +53601,7 @@ The options are:
text/plain
+ LowestValueMostSecureZeroHasNoLimits
@@ -49856,6 +53624,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -49878,6 +53647,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -49900,6 +53670,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -49922,6 +53694,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -49944,6 +53718,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -49966,6 +53742,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -49988,6 +53765,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50010,6 +53789,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50032,6 +53813,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50054,6 +53837,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -50076,6 +53860,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50098,6 +53884,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50120,6 +53908,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50142,6 +53932,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -50164,6 +53955,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50186,6 +53979,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50208,94 +54003,8 @@ The options are:
text/plain
-
-
-
- LetAppsAccessCellularData
-
-
-
-
- This policy setting specifies whether Windows apps can access cellular data.
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- LetAppsAccessCellularData_ForceAllowTheseApps
-
-
-
-
- List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- LetAppsAccessCellularData_ForceDenyTheseApps
-
-
-
-
- List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- LetAppsAccessCellularData_UserInControlOfTheseApps
-
-
-
-
- List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data privacy setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
+ LastWrite
+ ;
@@ -50318,6 +54027,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -50340,6 +54050,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50362,6 +54074,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50384,6 +54098,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50406,6 +54122,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -50428,6 +54145,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50450,6 +54169,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50472,6 +54193,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50494,6 +54217,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -50516,6 +54240,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50538,6 +54264,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50560,6 +54288,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50582,6 +54312,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -50604,6 +54335,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50626,6 +54359,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50648,6 +54383,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50670,6 +54407,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -50692,6 +54430,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50714,6 +54454,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50736,6 +54478,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50758,6 +54502,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -50780,6 +54525,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50802,6 +54549,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50824,6 +54573,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50846,6 +54597,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -50868,6 +54620,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50890,6 +54644,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50912,6 +54668,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50934,6 +54692,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -50956,6 +54715,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -50978,6 +54739,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51000,6 +54763,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51022,6 +54787,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -51044,6 +54810,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51066,6 +54834,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51088,6 +54858,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51110,6 +54882,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -51132,6 +54905,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51154,6 +54929,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51176,6 +54953,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51198,6 +54977,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -51220,6 +55000,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51242,6 +55024,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51264,6 +55048,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51286,6 +55072,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -51308,6 +55095,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51330,6 +55119,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51352,6 +55143,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51374,6 +55167,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -51396,6 +55190,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51418,6 +55214,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51440,6 +55238,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51448,7 +55248,7 @@ The options are:
- This policy setting specifies whether Windows apps can sync with devices.
+ This policy setting specifies whether Windows apps can communicate with unpaired wireless devices.0
@@ -51462,6 +55262,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -51470,7 +55271,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -51484,6 +55285,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51492,7 +55295,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -51506,6 +55309,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51514,7 +55319,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -51528,6 +55333,8 @@ The options are:
text/plain
+ LastWrite
+ ;
@@ -51550,6 +55357,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -51596,6 +55404,7 @@ The options are:
remoteassistance.admxRemoteAssistance~AT~System~RemoteAssistRA_Options
+ LastWrite
@@ -51622,6 +55431,7 @@ The options are:
remoteassistance.admxRemoteAssistance~AT~System~RemoteAssistRA_Logging
+ LastWrite
@@ -51648,6 +55458,7 @@ The options are:
remoteassistance.admxRemoteAssistance~AT~System~RemoteAssistRA_Solicit
+ LastWrite
@@ -51674,6 +55485,7 @@ The options are:
remoteassistance.admxRemoteAssistance~AT~System~RemoteAssistRA_Unsolicit
+ LastWrite
@@ -51720,6 +55532,7 @@ The options are:
terminalserver.admxTerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_CONNECTIONSTS_DISABLE_CONNECTIONS
+ LastWrite
@@ -51746,6 +55559,7 @@ The options are:
terminalserver.admxTerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITYTS_ENCRYPTION_POLICY
+ LastWrite
@@ -51772,6 +55586,7 @@ The options are:
terminalserver.admxTerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_REDIRECTIONTS_CLIENT_DRIVE_M
+ LastWrite
@@ -51798,6 +55613,7 @@ The options are:
terminalserver.admxTerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_CLIENTTS_CLIENT_DISABLE_PASSWORD_SAVING_2
+ LastWrite
@@ -51824,6 +55640,7 @@ The options are:
terminalserver.admxTerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITYTS_PASSWORD
+ LastWrite
@@ -51850,6 +55667,7 @@ The options are:
terminalserver.admxTerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITYTS_RPC_ENCRYPTION
+ LastWrite
@@ -51896,6 +55714,7 @@ The options are:
WindowsRemoteManagement.admxWindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClientAllowBasic_2
+ LastWrite
@@ -51922,6 +55741,7 @@ The options are:
WindowsRemoteManagement.admxWindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMServiceAllowBasic_1
+ LastWrite
@@ -51946,8 +55766,9 @@ The options are:
phoneWindowsRemoteManagement.admx
- WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
- AllowCredSSP_1
+ WindowsRemoteManagement~AT~WindowsComponents~WinRMClient
+ AllowCredSSP_2
+ LastWrite
@@ -51973,7 +55794,8 @@ The options are:
phoneWindowsRemoteManagement.admxWindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
- AllowCredSSP_2
+ AllowCredSSP_1
+ LastWrite
@@ -52000,6 +55822,7 @@ The options are:
WindowsRemoteManagement.admxWindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMServiceAllowAutoConfig
+ LastWrite
@@ -52026,6 +55849,7 @@ The options are:
WindowsRemoteManagement.admxWindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClientAllowUnencrypted_2
+ LastWrite
@@ -52052,6 +55876,7 @@ The options are:
WindowsRemoteManagement.admxWindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMServiceAllowUnencrypted_1
+ LastWrite
@@ -52078,6 +55903,7 @@ The options are:
WindowsRemoteManagement.admxWindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClientDisallowDigest
+ LastWrite
@@ -52102,8 +55928,9 @@ The options are:
phoneWindowsRemoteManagement.admx
- WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
- DisallowNegotiate_1
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient
+ DisallowNegotiate_2
+ LastWrite
@@ -52128,8 +55955,9 @@ The options are:
phoneWindowsRemoteManagement.admx
- WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient
- DisallowNegotiate_2
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
+ DisallowNegotiate_1
+ LastWrite
@@ -52156,6 +55984,7 @@ The options are:
WindowsRemoteManagement.admxWindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMServiceDisableRunAs
+ LastWrite
@@ -52182,6 +56011,7 @@ The options are:
WindowsRemoteManagement.admxWindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMServiceCBTHardeningLevel_1
+ LastWrite
@@ -52208,6 +56038,7 @@ The options are:
WindowsRemoteManagement.admxWindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClientTrustedHosts
+ LastWrite
@@ -52234,6 +56065,7 @@ The options are:
WindowsRemoteManagement.admxWindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMServiceHttpCompatibilityListener
+ LastWrite
@@ -52260,6 +56092,7 @@ The options are:
WindowsRemoteManagement.admxWindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMServiceHttpsCompatibilityListener
+ LastWrite
@@ -52306,6 +56139,7 @@ The options are:
rpc.admxRPC~AT~System~RpcRpcRestrictRemoteClients
+ LastWrite
@@ -52332,6 +56166,7 @@ The options are:
rpc.admxRPC~AT~System~RpcRpcEnableAuthEpResolution
+ LastWrite
@@ -52378,6 +56213,7 @@ The options are:
WindowsRemoteShell.admxWindowsRemoteShell~AT~WindowsComponents~WinRSAllowRemoteShellAccess
+ LastWrite
@@ -52404,6 +56240,7 @@ The options are:
WindowsRemoteShell.admxWindowsRemoteShell~AT~WindowsComponents~WinRSMaxConcurrentUsers
+ LastWrite
@@ -52430,6 +56267,7 @@ The options are:
WindowsRemoteShell.admxWindowsRemoteShell~AT~WindowsComponents~WinRSIdleTimeout
+ LastWrite
@@ -52456,6 +56294,7 @@ The options are:
WindowsRemoteShell.admxWindowsRemoteShell~AT~WindowsComponents~WinRSMaxMemoryPerShellMB
+ LastWrite
@@ -52482,6 +56321,7 @@ The options are:
WindowsRemoteShell.admxWindowsRemoteShell~AT~WindowsComponents~WinRSMaxProcessesPerShell
+ LastWrite
@@ -52508,6 +56348,7 @@ The options are:
WindowsRemoteShell.admxWindowsRemoteShell~AT~WindowsComponents~WinRSMaxShellsPerUser
+ LastWrite
@@ -52534,6 +56375,7 @@ The options are:
WindowsRemoteShell.admxWindowsRemoteShell~AT~WindowsComponents~WinRSShellTimeOut
+ LastWrite
@@ -52556,6 +56398,29 @@ The options are:
+
+ AllowCloudSearch
+
+
+
+
+
+ 2
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LowestValueMostSecure
+
+ AllowIndexingEncryptedStoresOrItems
@@ -52576,6 +56441,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -52598,6 +56464,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -52620,6 +56487,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -52642,6 +56510,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -52664,6 +56533,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -52686,6 +56556,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -52708,6 +56579,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -52730,6 +56602,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -52752,6 +56625,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -52774,6 +56648,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -52797,6 +56672,7 @@ The options are:
text/plaindesktop
+ HighestValueMostSecure
@@ -52839,6 +56715,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -52862,6 +56739,7 @@ The options are:
text/plaindesktop
+ LowestValueMostSecure
@@ -52884,6 +56762,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -52907,6 +56786,7 @@ The options are:
text/plaindesktop
+ LowestValueMostSecure
@@ -52930,6 +56810,7 @@ The options are:
text/plainphone
+ HighestValueMostSecure
@@ -52952,6 +56833,7 @@ The options are:
text/plain
+ LastWrite
@@ -52974,6 +56856,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -52996,6 +56879,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -53018,6 +56902,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -53061,6 +56946,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53083,6 +56969,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -53105,6 +56992,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -53127,6 +57015,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -53150,6 +57039,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53173,6 +57063,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53196,6 +57087,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53219,6 +57111,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53241,6 +57134,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -53264,6 +57158,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53286,6 +57181,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -53308,6 +57204,7 @@ The options are:
text/plain
+ LastWrite
@@ -53351,6 +57248,7 @@ The options are:
text/plainphone
+ HighestValueMostSecure
@@ -53374,6 +57272,7 @@ The options are:
text/plainphone
+ HighestValueMostSecure
@@ -53397,6 +57296,7 @@ The options are:
text/plainphone
+ HighestValueMostSecure
@@ -53439,6 +57339,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -53482,6 +57383,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53505,6 +57407,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53528,6 +57431,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53551,6 +57455,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53574,6 +57479,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53597,6 +57503,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53620,6 +57527,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53643,6 +57551,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53666,6 +57575,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53689,6 +57599,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53712,6 +57623,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -53735,6 +57647,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -53757,6 +57670,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -53780,6 +57694,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53802,6 +57717,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -53824,6 +57740,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -53847,6 +57764,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53869,6 +57787,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -53892,6 +57811,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53915,6 +57835,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -53937,6 +57858,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -53959,6 +57881,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -53981,6 +57904,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54003,6 +57927,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54025,6 +57950,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54047,6 +57973,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54070,6 +57997,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -54093,6 +58021,7 @@ The options are:
text/plainphone
+ HighestValueMostSecure
@@ -54116,6 +58045,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -54138,6 +58068,30 @@ The options are:
+
+ AllowDiskHealthModelUpdates
+
+
+
+
+
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
+
+ EnhancedStorageDevices
@@ -54162,6 +58116,7 @@ The options are:
enhancedstorage.admxEnhancedStorage~AT~System~EnStorDeviceAccessTCGSecurityActivationDisabled
+ LastWrite
@@ -54204,6 +58159,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54226,6 +58182,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54248,6 +58205,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54270,6 +58228,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54292,6 +58251,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54314,6 +58274,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54336,6 +58297,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54358,6 +58320,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54384,6 +58347,7 @@ The options are:
earlylauncham.admxEarlyLaunchAM~AT~System~ELAMCategoryPOL_DriverLoadPolicy_Name
+ LastWrite
@@ -54392,7 +58356,7 @@ The options are:
- This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
+ This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.0
@@ -54406,6 +58370,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -54432,6 +58397,30 @@ The options are:
systemrestore.admxSystemRestore~AT~System~SRSR_DisableSR
+ LastWrite
+
+
+
+ FeedbackHubAlwaysSaveDiagnosticsLocally
+
+
+
+
+ Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy is not present or set to false, users will be presented with the option to save locally. The default is to not save locally.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LastWrite
@@ -54454,6 +58443,7 @@ The options are:
text/plain
+ LastWrite
@@ -54497,6 +58487,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -54520,6 +58511,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -54543,6 +58535,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -54566,6 +58559,7 @@ The options are:
text/plainphone
+ HighestValueMostSecure
@@ -54589,6 +58583,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -54612,6 +58607,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -54635,6 +58631,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -54657,6 +58654,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54680,6 +58678,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -54702,6 +58701,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -54725,6 +58725,7 @@ The options are:
text/plainphone
+ HighestValueMostSecure
@@ -54748,6 +58749,7 @@ The options are:
text/plainphone
+ HighestValueMostSecure
@@ -54791,6 +58793,7 @@ The options are:
text/plaindesktop
+ LowestValueMostSecure
@@ -54833,6 +58836,7 @@ The options are:
text/plain
+ LastWrite
@@ -54855,6 +58859,7 @@ The options are:
text/plain
+ LastWrite
@@ -54877,6 +58882,7 @@ The options are:
text/plain
+ LastWrite
@@ -54899,6 +58905,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54921,6 +58928,7 @@ The options are:
text/plain
+ LastWrite
@@ -54944,6 +58952,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -54966,6 +58975,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -54988,6 +58998,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55010,6 +59021,7 @@ The options are:
text/plain
+ LastWrite
@@ -55032,6 +59044,7 @@ The options are:
text/plain
+ LastWrite
@@ -55054,6 +59067,7 @@ The options are:
text/plain
+ LastWrite
@@ -55076,6 +59090,7 @@ The options are:
text/plain
+ LastWrite
@@ -55098,6 +59113,7 @@ The options are:
text/plain
+ LastWrite
@@ -55120,6 +59136,7 @@ The options are:
text/plain
+ LastWrite
@@ -55142,6 +59159,7 @@ The options are:
text/plain
+ LastWrite
@@ -55164,6 +59182,7 @@ The options are:
text/plain
+ LastWrite
@@ -55186,6 +59205,30 @@ The options are:
text/plain
+ LastWrite
+
+
+
+ DisableDualScan
+
+
+
+
+ Do not allow update deferral policies to cause scans against Windows Update
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ LastWrite
@@ -55208,6 +59251,7 @@ The options are:
text/plain
+ LastWrite
@@ -55230,6 +59274,7 @@ The options are:
text/plain
+ LastWrite
@@ -55252,6 +59297,7 @@ The options are:
text/plain
+ LastWrite
@@ -55274,6 +59320,7 @@ The options are:
text/plain
+ LastWrite
@@ -55296,6 +59343,7 @@ The options are:
text/plain
+ LastWrite
@@ -55318,6 +59366,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55340,10 +59389,11 @@ The options are:
text/plain
+ LowestValueMostSecure
- ManageBuildPreview
+ ManagePreviewBuilds
@@ -55362,6 +59412,7 @@ The options are:
text/plain
+ LastWrite
@@ -55384,6 +59435,7 @@ The options are:
text/plain
+ LastWrite
@@ -55406,6 +59458,7 @@ The options are:
text/plain
+ LastWrite
@@ -55428,6 +59481,7 @@ The options are:
text/plain
+ LastWrite
@@ -55450,6 +59504,7 @@ The options are:
text/plain
+ LastWrite
@@ -55472,6 +59527,7 @@ The options are:
text/plain
+ LastWrite
@@ -55494,6 +59550,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55516,6 +59573,7 @@ The options are:
text/plain
+ LastWrite
@@ -55538,6 +59596,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -55560,6 +59619,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55582,6 +59642,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55604,6 +59665,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55626,6 +59688,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55648,6 +59711,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55670,6 +59734,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55692,6 +59757,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55714,6 +59780,7 @@ The options are:
text/plain
+ LastWrite
@@ -55736,6 +59803,7 @@ The options are:
text/plain
+ LastWrite
@@ -55758,6 +59826,7 @@ The options are:
text/plain
+ LastWrite
@@ -55780,6 +59849,7 @@ The options are:
text/plain
+ LastWrite
@@ -55802,6 +59872,7 @@ The options are:
text/plain
+ LastWrite
@@ -55825,6 +59896,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -55867,6 +59939,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55889,6 +59962,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55911,6 +59985,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55933,6 +60008,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55955,6 +60031,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -55977,6 +60054,7 @@ The options are:
text/plain
+ HighestValueMostSecureZeroHasNoLimits
@@ -56020,6 +60098,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56043,6 +60122,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56066,6 +60146,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56089,6 +60170,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56112,6 +60194,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56135,6 +60218,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56158,6 +60242,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56181,6 +60266,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56204,6 +60290,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56227,6 +60314,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56250,6 +60338,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56273,6 +60362,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56296,6 +60386,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56319,6 +60410,7 @@ The options are:
text/plainphone
+ LastWrite
@@ -56362,6 +60454,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -56385,6 +60478,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -56431,6 +60525,7 @@ The options are:
logon.admxLogon~AT~System~LogonDisableLockScreenAppNotifications
+ LastWrite
@@ -56457,6 +60552,7 @@ The options are:
logon.admxLogon~AT~System~LogonDontDisplayNetworkSelectionUI
+ LastWrite
@@ -56479,6 +60575,7 @@ The options are:
text/plain
+ HighestValueMostSecure
@@ -56521,6 +60618,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -56543,6 +60641,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -56567,6 +60666,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -56591,6 +60691,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -56616,6 +60717,7 @@ The options are:
text/plainphone
+ LowestValueMostSecure
@@ -56640,6 +60742,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -56662,6 +60765,7 @@ The options are:
text/plain
+ LowestValueMostSecure
@@ -56686,6 +60790,7 @@ The options are:
text/plain
+ LowestValueMostSecure
diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 2f2bd2b989..e5ebed0c80 100644
--- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -457,7 +457,7 @@ To turn off Live Tiles:
- Create a REG\_DWORD registry setting called **HKEY\_CURRENT\_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications!NoCloudApplicationNotification**, with a value of 1 (one).
-You must also unpin all tiles that are pinned to Start.
+In Windows 10 Mobile, you must also unpin all tiles that are pinned to Start.
### 10. Mail synchronization
@@ -1261,7 +1261,7 @@ To turn off **Let apps read or send messages (text or MMS)**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMessaging**, with a value of 2 (two).
+- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMessaging**, with a value of 2 (two).
To turn off **Choose apps that can read or send messages**:
diff --git a/windows/configuration/set-up-a-device-for-anyone-to-use.md b/windows/configuration/set-up-a-device-for-anyone-to-use.md
deleted file mode 100644
index af7765d2f8..0000000000
--- a/windows/configuration/set-up-a-device-for-anyone-to-use.md
+++ /dev/null
@@ -1,89 +0,0 @@
----
-title: Set up a device for anyone to use in kiosk mode (Windows 10)
-description: You can configure Windows 10 as a kiosk device, so that users can only interact with a single app.
-ms.assetid: F1F4FF19-188C-4CDC-AABA-977639C53CA8
-keywords: ["kiosk", "lockdown", "assigned access"]
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: jdeckerms
-ms.localizationpriority: high
----
-
-# Set up a device for anyone to use (kiosk mode)
-
-
-**Applies to**
-
-- Windows 10
-- Windows 10 Mobile
-
-**Looking for Windows Embedded 8.1 Industry information?**
-
-- [Assigned Access]( https://go.microsoft.com/fwlink/p/?LinkId=613653)
-
-You can configure a device running Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile, or Windows 10 Mobile Enterprise as a kiosk device, so that users can only interact with a single application that you select.
-
-Do you need a computer that can only do one thing? For example:
-
-- A device in the lobby that customers can use to view your product catalog.
-
-- A portable device that drivers can use to check a route on a map.
-
-- A device that a temporary worker uses to enter data.
-
-The following table identifies the type of application that can be used on each Windows 10 edition to create a kiosk device.
-
-> [!NOTE]
-> A Universal Windows app is built on the Universal Windows Platform (UWP), which was first introduced in Windows 8 as the Windows Runtime. A Classic Windows application uses the Classic Windows Platform (CWP) (e.g., COM, Win32, WPF, WinForms, etc.) and is typically launched using an .EXE or .DLL file.
-
-
-
-| Windows 10 edition | Universal Windows app | Classic Windows application |
-|--------------------|------------------------------------|--------------------------------------|
-| Mobile |  |  |
-| Mobile Enterprise |  |  |
-| Pro |  |  |
-| Enterprise |  |  |
-| Education |  |  |
-
-
-
-## In this section
-
-
-
-
-
-
-
-
-
-
Topic
-
Description
-
-
-
-
-
[Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md)
-
A single-use device is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education). For a kiosk device to run a Universal Windows app, use the assigned access feature. For a kiosk device (Windows 10 Enterprise or Education) to run a Classic Windows application, use Shell Launcher to set a custom user interface as the shell.
-
-
-
[Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md)
-
A device in kiosk mode runs a specified app with no access to other device functions, menus, or settings. You configure a device running Windows 10 Mobile or Windows 10 Mobile Enterprise for kiosk mode by using the Apps Corner feature. You can also use the Enterprise Assigned Access configuration service provider (CSP) to configure a kiosk experience.
-
-
-
-
- ## Learn more
-
-[Customizing Your Device Experience with Assigned Access](https://channel9.msdn.com/Events/Build/2016/P508)
-
-
-
-
-
-
-
-
-
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 4c6db249d6..b070057f1d 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -221,6 +221,9 @@
### [Windows Insider Program for Business](update/waas-windows-insider-for-business.md)
#### [Windows Insider Program for Business using Azure Active Directory](update/waas-windows-insider-for-business-aad.md)
#### [Windows Insider Program for Business Frequently Asked Questions](update/waas-windows-insider-for-business-faq.md)
+#### [Olympia Corp enrollment](update/olympia/olympia-enrollment-guidelines.md)
+##### [Keep your current Windows 10 edition](update/olympia/enrollment-keep-current-edition.md)
+##### [Upgrade your Windows 10 edition from Pro to Enterprise](update/olympia/enrollment-upgrade-to-enterprise.md)
### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md)
## Windows Analytics
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index 40f279e10f..a05a03bbe9 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
+ms.date: 08/23/2017
author: greg-lindsay
---
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
index fddacf3a05..e11c92867c 100644
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@@ -7,6 +7,7 @@ ms.localizationpriority: high
ms.prod: w10
ms.sitesec: library
ms.pagetype: deploy
+ms.date: 08/23/2017
author: greg-lindsay
---
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
index aa4243f2cf..d493765134 100644
--- a/windows/deployment/deploy.md
+++ b/windows/deployment/deploy.md
@@ -6,6 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: high
+ms.date: 09/05/2017
author: greg-lindsay
---
diff --git a/windows/deployment/images/ua-step2-blades.png b/windows/deployment/images/ua-step2-blades.png
new file mode 100644
index 0000000000..c86f7a4338
Binary files /dev/null and b/windows/deployment/images/ua-step2-blades.png differ
diff --git a/windows/deployment/images/ua-step2-low-risk.png b/windows/deployment/images/ua-step2-low-risk.png
new file mode 100644
index 0000000000..6e9daf0233
Binary files /dev/null and b/windows/deployment/images/ua-step2-low-risk.png differ
diff --git a/windows/deployment/index.md b/windows/deployment/index.md
index 7d139ec69e..6841274b4c 100644
--- a/windows/deployment/index.md
+++ b/windows/deployment/index.md
@@ -6,6 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: high
+ms.date: 09/05/2017
author: greg-lindsay
---
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index c87802238e..f828bce6a8 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
+ms.date: 09/05/2017
ms.localizationpriority: high
---
@@ -17,28 +18,41 @@ ms.localizationpriority: high
## Summary
-**MBR2GPT.EXE** converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS).
+**MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option.
-MBR2GPT.EXE is located in the **Windows\\System32** directory on a Windows 10 computer running Windows 10 version 1703 or later.
+See the following video for a detailed description and demonstration of MBR2GPT.
-You can use MBR2GPT to perform the following:
+
-- \[Within the Windows PE environment\]: Convert any attached MBR-formatted system disk to the GPT partition format.
-- \[From within the currently running OS\]: Convert any attached MBR-formatted system disk to the GPT partition format.
-
->MBR2GPT is available in Windows 10 version 1703, also known as Windows 10 Creator's Update, and later versions.
+>MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
>The tool is available in both the full OS environment and Windows PE.
-You can use MBR2GPT to convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them.
+You can use MBR2GPT to:
-The MBR2GPT tool can convert operating system disks that have earlier versions of Windows 10 installed, such as versions 1507, 1511, and 1607. However, you must run the tool while booted into Windows 10 version 1703 or later, and perform an offline conversion.
+- Convert any attached MBR-formatted system disk to the GPT partition format. You cannot use the tool to convert non-system disks from MBR to GPT.
+- Convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them.
+- Convert operating system disks that have earlier versions of Windows 10 installed, such as versions 1507, 1511, and 1607. However, you must run the tool while booted into Windows 10 version 1703 or later, and perform an offline conversion.
Offline conversion of system disks with earlier versions of Windows installed, such as Windows 7, 8, or 8.1 are not officially supported. The recommended method to convert these disks is to upgrade the operating system to Windows 10 first, then perform the MBR to GPT conversion.
>[!IMPORTANT]
>After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode. Make sure that your device supports UEFI before attempting to convert the disk.
-
+## Prerequisites
+
+Before any change to the disk is made, MBR2GPT validates the layout and geometry of the selected disk to ensure that:
+- The disk is currently using MBR
+- There is enough space not occupied by partitions to store the primary and secondary GPTs:
+ - 16KB + 2 sectors at the front of the disk
+ - 16KB + 1 sector at the end of the disk
+- There are at most 3 primary partitions in the MBR partition table
+- One of the partitions is set as active and is the system partition
+- The disk does not have any extended/logical partition
+- The BCD store on the system partition contains a default OS entry pointing to an OS partition
+- The volume IDs can be retrieved for each volume which has a drive letter assigned
+- All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option
+
+If any of these checks fails, the conversion will not proceed and an error will be returned.
## Syntax
@@ -217,22 +231,6 @@ The following steps illustrate high-level phases of the MBR-to-GPT conversion pr
5. The boot configuration data (BCD) store is updated.
6. Drive letter assignments are restored.
-### Disk validation
-
-Before any change to the disk is made, MBR2GPT validates the layout and geometry of the selected disk to ensure that:
-- The disk is currently using MBR
-- There is enough space not occupied by partitions to store the primary and secondary GPTs:
- - 16KB + 2 sectors at the front of the disk
- - 16KB + 1 sector at the end of the disk
-- There are at most 3 primary partitions in the MBR partition table
-- One of the partitions is set as active and is the system partition
-- The disk does not have any extended/logical partition
-- The BCD store on the system partition contains a default OS entry pointing to an OS partition
-- The volume IDs can be retrieved for each volume which has a drive letter assigned
-- All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option
-
-If any of these checks fails, the conversion will not proceed and an error will be returned.
-
### Creating an EFI system partition
For Windows to remain bootable after the conversion, an EFI system partition (ESP) must be in place. MBR2GPT creates the ESP using the following rules:
diff --git a/windows/deployment/update/device-health-get-started.md b/windows/deployment/update/device-health-get-started.md
index eaf38c75d5..9df4b51c9b 100644
--- a/windows/deployment/update/device-health-get-started.md
+++ b/windows/deployment/update/device-health-get-started.md
@@ -39,37 +39,37 @@ Online Crash Analysis | oca.telemetry.microsoft.com
Device Health is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
-**If you are already using OMS**, you’ll find Device Health in the Solutions Gallery. Select the **Device Health** tile in the gallery and then click **Add** on the solution's details page. Device Health is now visible in your workspace.
+**If you are already using OMS**, you’ll find Device Health in the Solutions Gallery. Select the **Device Health** tile in the gallery and then click **Add** on the solution's details page. Device Health is now visible in your workspace. While you're in the Solutions Gallery, you should consider installing the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) and [Update Compliance](update-compliance-monitor.md) solutions as well, if you haven't already.
**If you are not yet using OMS**, use the following steps to subscribe to OMS Device Health:
1. Go to [Operations Management Suite](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**.
- [](images/uc-02.png)
+ [](images/uc-02.png)
2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
- [](images/uc-03.png)
+ [](images/uc-03.png)
3. Create a new OMS workspace.
- [](images/uc-04.png)
+ [](images/uc-04.png)
4. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Click **Create**.
- [](images/uc-05.png)
+ [](images/uc-05.png)
5. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. If you do not yet have an Azure subscription, follow [this guide](https://blogs.technet.microsoft.com/upgradeanalytics/2016/11/08/linking-operations-management-suite-workspaces-to-microsoft-azure/) to create and link an Azure subscription to an OMS workspace.
- [](images/uc-06.png)
+ [](images/uc-06.png)
-6. To add Device Health to your workspace, go to the Solution Gallery, Select the **Device Health** tile and then select **Add** on the solution's detail page.
+6. To add Device Health to your workspace, go to the Solution Gallery, Select the **Device Health** tile and then select **Add** on the solution's detail page. While you have this dialog open, you should also consider adding the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) and [Update Compliance](update-compliance-monitor.md) solutions as well, if you haven't already. To do so, just select the check boxes for those solutions.
- [](images/uc-08.png)
+ [](images/solution-bundle.png)
-7. Click the **Device Health** tile to configure the solution. The **Settings Dashboard** opens.
+7. Click the **Device Health** tile to configure the solution. The **Settings Dashboard** opens. In this example, both Upgrade Readiness and Device Health solutions have been added.
- [](images/uc-09.png)
+ [](images/OMS-after-adding-solution.jpg)
@@ -89,7 +89,7 @@ In order for your devices to show up in Windows Analytics: Device Health, they m
3. In the **Options** box, under **Commercial Id**, type the Commercial ID GUID, and then click **OK**.
- Using Microsoft Mobile Device Management (MDM)
-Microsoft’s Mobile Device Management can be used to deploy your Commercial ID to your organization’s devices. The Commercial ID is listed under **Provider/ProviderID/CommercialID**. More information on deployment using MDM can be found [here](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/dmclient-csp).
+Microsoft’s Mobile Device Management can be used to deploy your Commercial ID to your organization’s devices. The Commercial ID is listed under **Provider/ProviderID/CommercialID**. You can find more information on deployment using MDM at the [DMClient Configuration Service Provider topic](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/dmclient-csp).
## Perform checks to ensure and verify successful deployment
diff --git a/windows/deployment/update/images/OMS-after-adding-solution.jpg b/windows/deployment/update/images/OMS-after-adding-solution.jpg
new file mode 100644
index 0000000000..d06a896f6e
Binary files /dev/null and b/windows/deployment/update/images/OMS-after-adding-solution.jpg differ
diff --git a/windows/deployment/update/images/solution-bundle.png b/windows/deployment/update/images/solution-bundle.png
new file mode 100644
index 0000000000..70cec8d8f4
Binary files /dev/null and b/windows/deployment/update/images/solution-bundle.png differ
diff --git a/windows/deployment/update/olympia/enrollment-keep-current-edition.md b/windows/deployment/update/olympia/enrollment-keep-current-edition.md
new file mode 100644
index 0000000000..b0016c44ee
--- /dev/null
+++ b/windows/deployment/update/olympia/enrollment-keep-current-edition.md
@@ -0,0 +1,44 @@
+---
+title: Keep your current Windows 10 edition
+description: Olympia Corp enrollment - Keep your current Windows 10 edition
+ms.author: nibr
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 09/01/2017
+---
+
+# Olympia Corp enrollment
+
+## Keep your current Windows 10 edition
+
+1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
+
+ 
+
+2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**.
+
+3. Click **Connect** and enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
+
+ 
+
+4. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password.
+
+ > [!NOTE]
+ > Passwords should contain 8-16 characters, including at least one special character or number.
+
+ 
+
+5. Read the **Terms and Conditions**. Click **Accept** to participate in the program.
+
+6. If this is the first time you are logging in, please fill in the additional information to help you retrieve your account details.
+
+7. Create a PIN for signing into your Olympia corporate account.
+
+8. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**.
+
+ > [!NOTE]
+ > To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness).
+
+9. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**.
diff --git a/windows/deployment/update/olympia/enrollment-upgrade-to-enterprise.md b/windows/deployment/update/olympia/enrollment-upgrade-to-enterprise.md
new file mode 100644
index 0000000000..6643971428
--- /dev/null
+++ b/windows/deployment/update/olympia/enrollment-upgrade-to-enterprise.md
@@ -0,0 +1,57 @@
+---
+title: Upgrade your Windows 10 edition from Pro to Enterprise
+description: Olympia Corp enrollment - Upgrade your Windows 10 edition from Pro to Enterprise
+ms.author: nibr
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 09/01/2017
+---
+
+# Olympia Corp enrollment
+
+## Upgrade your Windows 10 edition from Pro to Enterprise
+
+1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
+
+ 
+
+2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**.
+
+3. Click **Connect**, then click **Join this device to Azure Active Directory**.
+
+ 
+
+4. Enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
+
+ 
+
+5. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password.
+
+ > [!NOTE]
+ > Passwords should contain 8-16 characters, including at least one special character or number.
+
+ 
+
+6. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
+
+7. If this is the first time you are signing in, please fill in the additional information to help you retrieve your account details.
+
+8. Create a PIN for signing into your Olympia corporate account.
+
+9. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
+
+10. Restart your PC.
+
+11. In the sign-in screen, choose **Other User** and sign in with your **Olympia corporate account**. Your PC will upgrade to Windows 10 Enterprise*.
+
+12. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**.
+
+ > [!NOTE]
+ > To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness).
+
+13. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**.
+
+\* Please note that your Windows 10 Enterprise license will not be renewed if your PC is not connected to Olympia.
+
diff --git a/windows/deployment/update/olympia/images/1-1.png b/windows/deployment/update/olympia/images/1-1.png
new file mode 100644
index 0000000000..ee06527529
Binary files /dev/null and b/windows/deployment/update/olympia/images/1-1.png differ
diff --git a/windows/deployment/update/olympia/images/1-3.png b/windows/deployment/update/olympia/images/1-3.png
new file mode 100644
index 0000000000..807e895aa5
Binary files /dev/null and b/windows/deployment/update/olympia/images/1-3.png differ
diff --git a/windows/deployment/update/olympia/images/1-4.png b/windows/deployment/update/olympia/images/1-4.png
new file mode 100644
index 0000000000..3e63d1c078
Binary files /dev/null and b/windows/deployment/update/olympia/images/1-4.png differ
diff --git a/windows/deployment/update/olympia/images/2-3.png b/windows/deployment/update/olympia/images/2-3.png
new file mode 100644
index 0000000000..7006da4179
Binary files /dev/null and b/windows/deployment/update/olympia/images/2-3.png differ
diff --git a/windows/deployment/update/olympia/images/2-4.png b/windows/deployment/update/olympia/images/2-4.png
new file mode 100644
index 0000000000..677679a000
Binary files /dev/null and b/windows/deployment/update/olympia/images/2-4.png differ
diff --git a/windows/deployment/update/olympia/images/2-5.png b/windows/deployment/update/olympia/images/2-5.png
new file mode 100644
index 0000000000..cfec6f7ce0
Binary files /dev/null and b/windows/deployment/update/olympia/images/2-5.png differ
diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
new file mode 100644
index 0000000000..17b87bd7b0
--- /dev/null
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -0,0 +1,22 @@
+---
+title: Olympia Corp enrollment guidelines
+description: Olympia Corp enrollment guidelines
+ms.author: nibr
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 09/01/2017
+---
+
+# Olympia Corp enrollment guidelines
+
+Welcome to Olympia Corp. Here are the steps to add your account to your PC.
+
+As part of Windows Insider Lab for Enterprise, you can upgrade to Windows 10 Enterprise from Windows 10 Pro. This upgrade is optional. Since certain features such as Windows Defender Application Guard are only available on Windows 10 Enterprise, we recommend you to upgrade.
+
+Choose one of the following two enrollment options:
+
+1. [Keep your current Windows 10 edition](./enrollment-keep-current-edition.md)
+
+2. [Upgrade your Windows 10 edition from Pro to Enterprise](./enrollment-upgrade-to-enterprise.md)
diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index 822dbf7bd1..5e3c80f9c4 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
-author: greg-lindsay
+author: jaimeo
---
# Get started with Update Compliance
@@ -39,61 +39,61 @@ Online Crash Analysis | oca.telemetry.microsoft.com
Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
-If you are already using OMS, you’ll find Update Compliance in the Solutions Gallery. Select the **Update Compliance** tile in the gallery and then click **Add** on the solution's details page. Update Compliance is now visible in your workspace.
+If you are already using OMS, you’ll find Update Compliance in the Solutions Gallery. Select the **Update Compliance** tile in the gallery and then click **Add** on the solution's details page. Update Compliance is now visible in your workspace. While you're in the Solutions Gallery, you should consider installing the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) and [Device Health](device-health-monitor.md) solutions as well, if you haven't already.
If you are not yet using OMS, use the following steps to subscribe to OMS Update Compliance:
1. Go to [Operations Management Suite](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**.
- [](images/uc-02.png)
+ [](images/uc-02.png)
2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
- [](images/uc-03.png)
+ [](images/uc-03.png)
3. Create a new OMS workspace.
- [](images/uc-04.png)
+ [](images/uc-04.png)
4. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Click **Create**.
- [](images/uc-05.png)
+ [](images/uc-05.png)
5. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. If you do not yet have an Azure subscription, follow [this guide](https://blogs.technet.microsoft.com/upgradeanalytics/2016/11/08/linking-operations-management-suite-workspaces-to-microsoft-azure/) to create and link an Azure subscription to an OMS workspace.
- [](images/uc-06.png)
+ [](images/uc-06.png)
-6. To add the Update Compliance solution to your workspace, go to the Solutions Gallery.
+6. To add the Update Compliance solution to your workspace, go to the Solutions Gallery. While you have this dialog open, you should also consider adding the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) and [Device Health](device-health-monitor.md) solutions as well, if you haven't already. To do so, just select the check boxes for those solutions.
- [](images/uc-07.png)
+ [](images/uc-07.png)
7. Select the **Update Compliance** tile in the gallery and then select **Add** on the solution’s details page. You might need to scroll to find **Update Compliance**. The solution is now visible in your workspace.
- [](images/uc-08.png)
+ [](images/uc-08.png)
8. Click the **Update Compliance** tile to configure the solution. The **Settings Dashboard** opens.
- [](images/uc-09.png)
+ [](images/uc-09.png)
9. Click **Subscribe** to subscribe to OMS Update Compliance. You will then need to distribute your Commercial ID across all your organization’s devices. More information on the Commercial ID is provided below.
- [](images/uc-10.png)
+ [](images/uc-10.png)
After you are subscribed to OMS Update Compliance and your devices have a Commercial ID, you will begin receiving data. It will typically take 24 hours for the first data to begin appearing. The following section explains how to deploy your Commercial ID to your Windows 10 devices.
diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
index dd5cbaf8b7..cddacc1917 100644
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@@ -181,12 +181,12 @@ During the life of a device, it may be necessary or desirable to switch between
Use media to upgrade to the latest Windows Insider Program build.
-
Long-Term Servicing Channel (Targeted)
-
Use media to upgrade to a later Long-Term Servicing Channel build. (Note that the Long-Term Servicing Channel build must be a later build.)
+
Semi-Annual Channel (Targeted)
+
Use media to upgrade. Note that the Semi-Annual Channel build must be a later build.
-
Long-Term Servicing Channel
-
Use media to upgrade to a later Long-Term Servicing Channel for Business build (Long-Term Servicing Channel build plus fixes). Note that it must be a later build.
+
Semi-Annual Channel
+
Use media to upgrade. Note that the Semi-Annual Channel build must be a later build.
diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md
index 8681080388..29a27310e4 100644
--- a/windows/deployment/upgrade/upgrade-readiness-get-started.md
+++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md
@@ -5,7 +5,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
-author: greg-lindsay
+author: jaimeo
---
# Get started with Upgrade Readiness
@@ -43,7 +43,7 @@ Upgrade Readiness is offered as a solution in the Microsoft Operations Managemen
>[!IMPORTANT]
>Upgrade Readiness is a free solution. When configured correctly, all data associated with the Upgrade Readiness solution are exempt from billing in both OMS and Azure. Upgrade Readiness data **do not** count toward OMS daily upload limits.
-If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace.
+If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace. While you have this dialog open, you should also consider adding the [Device Health](../update/device-health-monitor.md) and [Update Compliance](../update/update-compliance-monitor.md) solutions as well, if you haven't already. To do so, just select the check boxes for those solutions.
If you are not using OMS:
@@ -54,9 +54,9 @@ If you are not using OMS:
> If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
-1. To add the Upgrade Readiness solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Readiness** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Readiness.
+5. To add the Upgrade Readiness solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Readiness** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Readiness.
-2. Click the **Upgrade Readiness** tile to configure the solution. The **Settings Dashboard** opens.
+6. Click the **Upgrade Readiness** tile to configure the solution. The **Settings Dashboard** opens.
### Generate your commercial ID key
@@ -64,7 +64,7 @@ Microsoft uses a unique commercial ID to map information from user computers to
1. On the Settings Dashboard, navigate to the **Windows telemetry** panel.
- 
+ 
2. On the Windows telemetry panel, copy and save your commercial ID key. You’ll need to insert this key into the Upgrade Readiness deployment script later so it can be deployed to user computers.
diff --git a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md
index 9ca055c5f5..731feea00e 100644
--- a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md
+++ b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md
@@ -2,7 +2,7 @@
title: Upgrade Readiness - Resolve application and driver issues (Windows 10)
description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Readiness.
ms.prod: w10
-author: greg-lindsay
+author: jaimeo
---
# Upgrade Readiness - Step 2: Resolve app and driver issues
@@ -14,8 +14,8 @@ This section of the Upgrade Readiness workflow reports application and driver in
The blades in the **Step 2: Resolve issues** section are:
- [Review applications with known issues](#review-applications-with-known-issues)
-- [Review applications with no known issues](#review-applications-with-no-known-issues)
- [Review known driver issues](#review-known-driver-issues)
+- [Review low-risk apps and drivers](#review-low-risk-apps-and-drivers)
- [Prioritize app and driver testing](#prioritize-app-and-driver-testing)
>You can change an application’s upgrade decision and a driver’s upgrade decision from the blades in this section. To change an application’s or a driver’s importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list.
@@ -48,7 +48,7 @@ To change an application's upgrade decision:
4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
5. Click **Save** when finished.
-IMORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information.
+IMPORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information.
For applications assessed as **Attention needed**, review the table below for details about known issues and for guidance about how to resolve them, when possible.
@@ -107,26 +107,6 @@ The following table lists possible values for **ReadyForWindows** and what they
|Adoption status available | NamePublisher | A Ready for Windows adoption status is available for one or more versions of this application. Please check Ready for Windows to learn more. |Check [Ready for Windows](https://www.readyforwindows.com/) for adoption information for this application.|
| Unknown | Any | There is no Ready for Windows information available for this version of this application. Information may be available for other versions of the application at [Ready for Windows](https://www.readyforwindows.com/). | N/A |
-## Review applications with no known issues
-
-Applications with no issues known to Microsoft are listed, grouped by upgrade decision.
-
-
-
-Applications with no known issues that are installed on 2% or less of your total computer inventory \[number of computers application is installed on/total number of computers in your inventory\] are automatically marked **Ready to upgrade** and included in the applications reviewed count. Applications with no known issues that are installed on more than 2% of your total computer inventory are automatically marked **Not reviewed**.
-
-Be sure to review low install count applications for any business critical or important applications that may not yet be upgrade-ready, despite their low installation rates.
-
-To change an application's upgrade decision:
-
-1. Select **Decide upgrade readiness** to view applications with issues. Select **Table** to view the list in a table.
-
-2. Select **User changes** to change the upgrade decision for each application.
-
-3. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
-
-4. Click **Save** when finished.
-
## Review drivers with known issues
Drivers that won’t migrate to the new operating system are listed, grouped by availability.
@@ -152,9 +132,30 @@ To change a driver’s upgrade decision:
4. Click **Save** when finished.
+## Review low-risk apps and drivers
+
+Applications and drivers that are meet certain criteria to be considered low risk are displayed on this blade.
+
+
+
+The first row reports the number of your apps that have an official statement of support on Windows 10 from the software vendor, so you can be confident that they will work on your target operating system.
+
+The second row (**Apps that are "Highly adopted"**) shows apps that have a ReadyForWindows status of "Highly adopted". This means that they have been installed on at least 100,000 commercial Windows 10 devices, and that Microsoft has not detected significant issues with the app in telemetry. Since these apps are prevalent in the ecosystem at large, you can be confident that they will work in your environment as well.
+
+Each row of the blade uses a different criterion to filter your apps or drivers. You can view a list of applications that meet the criterion by clicking into a row of the blade. For example, if you click the row that says "Apps that are 'Highly adopted'", the result is a list of apps that have a ReadyForWindows status of "Highly adopted". From here, you can bulk-select the results, select **Ready to upgrade**, and then click **Save**. This will mark all apps meeting the "Highly adopted" criterion as "Ready to upgrade"--no further validation is required. Any applications that you have marked as *Mission critical* or *Business critical* are filtered out, as well as any app that has an issue known to Microsoft. This allows you to work with apps in bulk without having to worry about missing a critical app.
+
+You can customize the criteria further by using the Log Search query language. For example, if a ReadyForWindows status of "Adopted" is not sufficient by itself for you to be confident in an app's compatibility, you can add additional filters. To do this, click the row labeled **Apps that are 'Adopted'**. Then, modify the resulting query to fit your company's risk tolerance. If, for example, you prefer that an app must be "Adopted" and have fewer than 1,000 installations, then add *TotalInstalls < 1000* to the end of the Log Search query. Similarly, you can append additional criteria by using other attributes such as monthly active users or app importance.
+
+>[!NOTE]
+>Apps that you have designated as *Mission critical* or *Business critical* are automatically **excluded** from the counts on this blade. If an app is critical, you should always validate it manually it prior to upgrading.
+
+ At the bottom of the blade, the **OTHER APPS AND DRIVERS IN NEED OF REVIEW** section allows you to quickly access apps you have designated as **Mission critical** or **Business critical**, your remaining apps that still need to be reviewed, and your remaining drivers that need to be reviewed.
+
+
+
## Prioritize app and driver testing
-Planning and executing an OS upgrade project can be overwhelming. When you are tasked with evaluating thousands of applications and drivers to ensure a successful upgrade, it can be difficult to decide where to start. The Upgrade Readiness solution provides valuable assistance for you, helping to determine the most important apps and drivers to unblock and enabling you yo create a proposed action plan.
+Planning and executing an OS upgrade project can be overwhelming. When you are tasked with evaluating thousands of applications and drivers to ensure a successful upgrade, it can be difficult to decide where to start. The Upgrade Readiness solution provides valuable assistance for you, helping to determine the most important apps and drivers to unblock and enabling you yo create a proposed action plan.
### Proposed action plan
diff --git a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md
index 807cd59c14..e074aad404 100644
--- a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md
+++ b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md
@@ -2,7 +2,7 @@
title: Use Upgrade Readiness to manage Windows upgrades (Windows 10)
description: Describes how to use Upgrade Readiness to manage Windows upgrades.
ms.prod: w10
-author: greg-lindsay
+author: jaimeo
---
# Use Upgrade Readiness to manage Windows upgrades
@@ -14,7 +14,7 @@ You can use Upgrade Readiness to prioritize and work through application and dri
When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks.
-
+
Each step in the workflow is enumerated using blue tiles. Helpful data is provided on white tiles to help you get started, to monitor your progress, and to complete each step.
@@ -35,7 +35,7 @@ Also see the following topic for information about additional items that can be
The target version setting is used to evaluate the number of computers that are already running the default version of Windows 10, or a later version. The target version of Windows 10 is displayed on the upgrade overview tile. See the following example:
-
+
As mentioned previously, the default target version in Upgrade Readiness is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target version setting is used to evaluate the number of computers that are already running this version of Windows, or a later version.
@@ -45,10 +45,10 @@ You now have the ability to change the Windows 10 version you wish to target. Th
To change the target version setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Readiness solution:
-
+
>You must be signed in to Upgrade Readiness as an administrator to view settings.
On the **Upgrade Readiness Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target version setting are reflected in evaluations when a new snapshot is uploaded to your workspace.
-
+
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index 8d3a787f3c..a6f560cc33 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
+ms.date: 08/23/2017
author: greg-lindsay
---
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index f76208ce9c..5f663ae222 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
+ms.date: 08/23/2017
author: greg-lindsay
---
diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-enterprise-subscription-activation.md
index 8e9912ed68..c767d18075 100644
--- a/windows/deployment/windows-10-enterprise-subscription-activation.md
+++ b/windows/deployment/windows-10-enterprise-subscription-activation.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
+ms.date: 08/23/2017
author: greg-lindsay
---
diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md
index d9870313ca..f7f79e2f18 100644
--- a/windows/deployment/windows-10-poc-mdt.md
+++ b/windows/deployment/windows-10-poc-mdt.md
@@ -7,6 +7,7 @@ ms.sitesec: library
ms.pagetype: deploy
keywords: deployment, automate, tools, configure, mdt
ms.localizationpriority: high
+ms.date: 08/23/2017
author: greg-lindsay
---
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md
index 63e2727b2a..dc842b3f38 100644
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@@ -7,6 +7,7 @@ ms.sitesec: library
ms.pagetype: deploy
keywords: deployment, automate, tools, configure, sccm
ms.localizationpriority: high
+ms.date: 08/23/2017
author: greg-lindsay
---
@@ -238,8 +239,8 @@ This section contains several procedures to support Zero Touch installation with
1. Type the following commands at a Windows PowerShell prompt on SRV1:
```
- New-Item -ItemType Directory -Path "C:Sources\OSD\Boot"
- New-Item -ItemType Directory -Path "C:Sources\OSD\OS"
+ New-Item -ItemType Directory -Path "C:\Sources\OSD\Boot"
+ New-Item -ItemType Directory -Path "C:\Sources\OSD\OS"
New-Item -ItemType Directory -Path "C:\Sources\OSD\Settings"
New-Item -ItemType Directory -Path "C:\Sources\OSD\Branding"
New-Item -ItemType Directory -Path "C:\Sources\OSD\MDT"
@@ -559,7 +560,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
1. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
```
- New-Item -ItemType Directory -Path "C:Sources\OSD\OS\Windows 10 Enterprise x64"
+ New-Item -ItemType Directory -Path "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
```
diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md
index 621de876bd..5a67eebb9e 100644
--- a/windows/deployment/windows-10-poc.md
+++ b/windows/deployment/windows-10-poc.md
@@ -7,6 +7,7 @@ ms.sitesec: library
ms.pagetype: deploy
keywords: deployment, automate, tools, configure, mdt, sccm
ms.localizationpriority: high
+ms.date: 08/23/2017
author: greg-lindsay
---
@@ -771,6 +772,27 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
Add-DnsServerForwarder -IPAddress 192.168.0.2
+ **Configure service and user accounts**
+
+ Windows 10 deployment with MDT and System Center Configuration Manager requires specific accounts to perform some actions. Service accounts will be created to use for these tasks. A user account is also added in the contoso.com domain that can be used for testing purposes. In the test lab environment, passwords are set to never expire.
+
+ >To keep this test lab relatively simple, we will not create a custom OU structure and set permissions. Required permissions are enabled by adding accounts to the Domain Admins group. To configure these settings in a production environment, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
+
+ On DC1, open an elevated Windows PowerShell prompt and type the following commands:
+
+
+
12. Minimize the DC1 VM window but **do not stop** the VM.
Next, the client VM will be started and joined to the contoso.com domain. This is done before adding a gateway to the PoC network so that there is no danger of duplicate DNS registrations for the physical client and its cloned VM in the corporate domain.
@@ -984,27 +1006,6 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
Restart-Computer
-### Configure service and user accounts
-
-Windows 10 deployment with MDT and System Center Configuration Manager requires specific accounts to perform some actions. Service accounts will be created to use for these tasks. A user account is also added in the contoso.com domain that can be used for testing purposes. In the test lab environment, passwords are set to never expire.
-
->To keep this test lab relatively simple, we will not create a custom OU structure and set permissions. Required permissions are enabled by adding accounts to the Domain Admins group. To configure these settings in a production environment, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-
-On DC1, open an elevated Windows PowerShell prompt and type the following commands:
-
-
-
This completes configuration of the starting PoC environment. Additional services and tools are installed in subsequent guides.
## Appendix A: Verify the configuration
diff --git a/windows/device-security/TOC.md b/windows/device-security/TOC.md
index 6895c3208e..0ac76da289 100644
--- a/windows/device-security/TOC.md
+++ b/windows/device-security/TOC.md
@@ -89,7 +89,7 @@
#### [AppLocker Settings](applocker\applocker-settings.md)
## [BitLocker](bitlocker\bitlocker-overview.md)
-### [Overview of BitLocker and device encryption in Windows 10](bitlocker\bitlocker-device-encryption-overview-windows-10.md)
+### [Overview of BitLocker Device Encryption in Windows 10](bitlocker\bitlocker-device-encryption-overview-windows-10.md)
### [BitLocker frequently asked questions (FAQ)](bitlocker\bitlocker-frequently-asked-questions.md)
### [Prepare your organization for BitLocker: Planning and policies](bitlocker\prepare-your-organization-for-bitlocker-planning-and-policies.md)
### [BitLocker basic deployment](bitlocker\bitlocker-basic-deployment.md)
diff --git a/windows/device-security/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/device-security/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
index 2d68063ec7..18de1ae022 100644
--- a/windows/device-security/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
+++ b/windows/device-security/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: brianlic-msft
+ms.date: 08/29/2017
---
# System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
@@ -32,7 +33,7 @@ For the EFS service, this policy setting supports the 3DES and Advanced Encrypti
**Remote Desktop Services (RDS)**
-For encrypting Remote Desktop Services network communication, this policy setting supports only the Triple DES encryption algorithm.
+If you're using Remote Desktop Services, this policy setting should only be enabled if the 3DES encryption algorithm is supported.
**BitLocker**
diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md
index f482e0b44e..c3b5a294aa 100644
--- a/windows/threat-protection/TOC.md
+++ b/windows/threat-protection/TOC.md
@@ -6,17 +6,20 @@
### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md)
### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
### [Onboard endpoints and set up access](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
-#### [Configure endpoints](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
+#### [Configure client endpoints](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
##### [Configure endpoints using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
##### [Configure endpoints using System Security Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
##### [Configure endpoints using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
###### [Configure endpoints using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-microsoft-intune)
##### [Configure endpoints using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-#### [Configure proxy and Internet settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+##### [Configure non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+#### [Configure server endpoints](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+#### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
#### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
### [Use the Windows Defender ATP portal](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
-#### [View the Dashboard](windows-defender-atp\dashboard-windows-defender-advanced-threat-protection.md)
+#### [View the Security operations dashboard](windows-defender-atp\dashboard-windows-defender-advanced-threat-protection.md)
+#### [View the Security analytics dashboard](windows-defender-atp\security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
#### [View and organize the Alerts queue](windows-defender-atp\alerts-queue-windows-defender-advanced-threat-protection.md)
#### [Investigate alerts](windows-defender-atp\investigate-alerts-windows-defender-advanced-threat-protection.md)
##### [Alert process tree](windows-defender-atp\investigate-alerts-windows-defender-advanced-threat-protection.md#alert-process-tree)
@@ -27,17 +30,22 @@
#### [Investigate a domain](windows-defender-atp\investigate-domain-windows-defender-advanced-threat-protection.md)
#### [View and organize the Machines list](windows-defender-atp\machines-view-overview-windows-defender-advanced-threat-protection.md)
#### [Investigate machines](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md)
-##### [Search for specific alerts](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-alerts)
-##### [Filter events from a specific date](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
-##### [Export machine timeline events](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
-##### [Navigate between pages](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
+##### [Alerts related to this machine](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
+##### [Machine timeline](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
+###### [Search for specific events](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
+###### [Filter events from a specific date](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+###### [Export machine timeline events](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+###### [Navigate between pages](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
#### [Investigate a user account](windows-defender-atp\investigate-user-windows-defender-advanced-threat-protection.md)
#### [Manage alerts](windows-defender-atp\manage-alerts-windows-defender-advanced-threat-protection.md)
#### [Take response actions](windows-defender-atp\response-actions-windows-defender-advanced-threat-protection.md)
##### [Take response actions on a machine](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+###### [Manage machine group and tags](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
+###### [Collect investigation package](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package)
+###### [Run antivirus scan](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
+###### [Restrict app execution](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#restict-app-execution)
###### [Isolate machines from the network](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
###### [Undo machine isolation](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation)
-###### [Collect investigation package](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package)
###### [Check activity details in Action center](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
##### [Take response actions on a file](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md)
###### [Stop and quarantine files in your network](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
@@ -63,6 +71,46 @@
#### [Python code examples](windows-defender-atp\python-example-code-windows-defender-advanced-threat-protection.md)
#### [Experiment with custom threat intelligence alerts](windows-defender-atp\experiment-custom-ti-windows-defender-advanced-threat-protection.md)
#### [Troubleshoot custom threat intelligence issues](windows-defender-atp\troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+### [Use the Windows Defender ATP exposed APIs](windows-defender-atp\exposed-apis-windows-defender-advanced-threat-protection.md)
+#### [Supported Windows Defender ATP APIs](windows-defender-atp\supported-apis-windows-defender-advanced-threat-protection.md)
+##### Actor
+###### [Get actor information](windows-defender-atp\get-actor-information-windows-defender-advanced-threat-protection.md)
+###### [Get actor related alerts](windows-defender-atp\get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
+##### Alerts
+###### [Get alerts](windows-defender-atp\get-alerts-windows-defender-advanced-threat-protection.md)
+###### [Get alert information by ID](windows-defender-atp\get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
+###### [Get alert related actor information](windows-defender-atp\get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
+###### [Get alert related domain information](windows-defender-atp\get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
+###### [Get alert related file information](windows-defender-atp\get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
+###### [Get alert related IP information](windows-defender-atp\get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
+###### [Get alert related machine information](windows-defender-atp\get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
+##### Domain
+###### [Get domain related alerts](windows-defender-atp\get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
+###### [Get domain related machines](windows-defender-atp\get-domain-related-machines-windows-defender-advanced-threat-protection.md)
+###### [Get domain statistics](windows-defender-atp\get-domain-statistics-windows-defender-advanced-threat-protection.md)
+###### [Is domain seen in organization](windows-defender-atp\is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
+##### File
+###### [Get file information](windows-defender-atp\get-file-information-windows-defender-advanced-threat-protection.md)
+###### [Get file related alerts](windows-defender-atp\get-file-related-alerts-windows-defender-advanced-threat-protection.md)
+###### [Get file related machines](windows-defender-atp\get-file-related-machines-windows-defender-advanced-threat-protection.md)
+###### [Get file statistics](windows-defender-atp\get-file-statistics-windows-defender-advanced-threat-protection.md)
+##### IP
+###### [Get IP related alerts](windows-defender-atp\get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
+###### [Get IP related machines](windows-defender-atp\get-ip-related-machines-windows-defender-advanced-threat-protection.md)
+###### [Get IP statistics](windows-defender-atp\get-ip-statistics-windows-defender-advanced-threat-protection.md)
+###### [Is IP seen in organization](windows-defender-atp\is-ip-seen-org-windows-defender-advanced-threat-protection.md)
+##### Machines
+###### [Find machine information by IP](windows-defender-atp\find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
+###### [Get machines](windows-defender-atp\get-machines-windows-defender-advanced-threat-protection.md)
+###### [Get machine by ID](windows-defender-atp\get-machine-by-id-windows-defender-advanced-threat-protection.md)
+###### [Get machine log on users](windows-defender-atp\get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
+###### [Get machine related alerts](windows-defender-atp\get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
+##### User
+###### [Get alert related user information](windows-defender-atp\get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
+###### [Get user information](windows-defender-atp\get-user-information-windows-defender-advanced-threat-protection.md)
+###### [Get user related alerts](windows-defender-atp\get-user-related-alerts-windows-defender-advanced-threat-protection.md)
+###### [Get user related machines](windows-defender-atp\get-user-related-machines-windows-defender-advanced-threat-protection.md)
+### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md)
#### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
@@ -74,12 +122,12 @@
#### [Configure email notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
#### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
#### [Enable Threat intel API](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
+#### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
### [Windows Defender ATP settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md)
### [Windows Defender ATP service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
### [Review events and errors on endpoints with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
### [Windows Defender Antivirus compatibility](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)
-
## [Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
@@ -143,6 +191,36 @@
#### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
#### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
+
+
+## [Windows Defender Exploit Guard](windows-defender-exploit-guard\windows-defender-exploit-guard.md)
+### [Evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md)
+#### [Use auditing mode to evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\audit-windows-defender-exploit-guard.md)
+#### [View Exploit Guard events](windows-defender-exploit-guard\event-views-exploit-guard.md)
+
+### [Exploit Protection](windows-defender-exploit-guard\exploit-protection-exploit-guard.md)
+#### [Comparison with Enhanced Mitigation Experience Toolkit](windows-defender-exploit-guard\emet-exploit-protection-exploit-guard.md)
+#### [Evaluate Exploit Protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
+#### [Enable Exploit Protection](windows-defender-exploit-guard\enable-exploit-protection.md)
+#### [Customize Exploit Protection](windows-defender-exploit-guard\customize-exploit-protection.md)
+##### [Import, export, and deploy Exploit Protection configurations](windows-defender-exploit-guard\import-export-exploit-protection-emet-xml.md)
+### [Attack Surface Reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md)
+#### [Evaluate Attack Surface Reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md)
+#### [Enable Attack Surface Reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md)
+#### [Customize Attack Surface Reduction](windows-defender-exploit-guard\customize-attack-surface-reduction.md)
+### [Network Protection](windows-defender-exploit-guard\network-protection-exploit-guard.md)
+#### [Evaluate Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md)
+#### [Enable Network Protection](windows-defender-exploit-guard\enable-network-protection.md)
+### [Controlled Folder Access](windows-defender-exploit-guard\controlled-folders-exploit-guard.md)
+#### [Evaluate Controlled Folder Access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md)
+#### [Enable Controlled Folder Access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md)
+#### [Customize Controlled Folder Access](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md)
+
+
+
+
+
+
## [Windows Defender SmartScreen](windows-defender-smartscreen\windows-defender-smartscreen-overview.md)
### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen\windows-defender-smartscreen-available-settings.md)
### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen\windows-defender-smartscreen-set-individual-device.md)
diff --git a/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
index fdb8d3eec8..7e6a5244b8 100644
--- a/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
@@ -11,6 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
+ms.date: 08/25/2017
---
diff --git a/windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
index 66f292c972..7c7eed2793 100644
--- a/windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Reference topics for management and configuration tools
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
index 28d95b5f7c..bc92d0c50e 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
@@ -10,6 +10,9 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+
---
# Configure scanning options in Windows Defender AV
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
index 51e4da766a..01bec5d98d 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md
index 9db9a1a011..ffae20dfe9 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Configure the cloud block timeout period
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md
index 6483bcb53a..6843c1e01d 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Configure end-user interaction with Windows Defender Antivirus
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
index 4b7b42f001..885b929ee5 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Prevent or allow users to locally modify Windows Defender AV policy settings
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index 1d44078c65..cc04c936e3 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Configure and validate network connections for Windows Defender Antivirus
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
index 8cce4e1f03..92cb4eab33 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Configure the notifications that appear on endpoints
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md
index c1996876ef..882fec2cbe 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Configure behavioral, heuristic, and real-time protection
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
index 34adf05d43..2f73f17890 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
index 2ae2cc1683..3c3d477567 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md b/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
index 1e58b44fb0..315e1bc411 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Configure Windows Defender Antivirus features
diff --git a/windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
index 6eb5d98e2e..98b3c9615d 100644
--- a/windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Customize, initiate, and review the results of Windows Defender AV scans and remediation
diff --git a/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
index 447437331e..02fb05242b 100644
--- a/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Deploy, manage, and report on Windows Defender Antivirus
diff --git a/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md
index 8424255df1..adf719ad5b 100644
--- a/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Deploy and enable Windows Defender Antivirus
diff --git a/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
index c1f14fe426..e33ddf160c 100644
--- a/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment
diff --git a/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
index 256b81f90d..c0f1e340b7 100644
--- a/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Detect and block Potentially Unwanted Applications
diff --git a/windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
index 755d7bb810..a997f2b43b 100644
--- a/windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Enable cloud-delivered protection in Windows Defender AV
diff --git a/windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md
index 15297f3b96..ebc5c3cbc4 100644
--- a/windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Evaluate Windows Defender Antivirus protection
diff --git a/windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
index 123057dc01..201de035c2 100644
--- a/windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Manage event-based forced updates
diff --git a/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md
index 8e92f2d2cd..bf8666ecc1 100644
--- a/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md
@@ -11,6 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
+ms.date: 08/25/2017
---
# Manage updates and scans for endpoints that are out of date
diff --git a/windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
index d5838972b1..06ac450ee6 100644
--- a/windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Manage the schedule for when protection updates should be downloaded and applied
diff --git a/windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
index 214f619f3f..554e426b6d 100644
--- a/windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
@@ -11,6 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
+ms.date: 08/25/2017
---
# Manage the sources for Windows Defender Antivirus protection updates
diff --git a/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
index 374162b001..77c6833644 100644
--- a/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Manage Windows Defender Antivirus updates and apply baselines
diff --git a/windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md
index efcdb994fa..638419e42b 100644
--- a/windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Manage updates for mobile devices and virtual machines (VMs)
diff --git a/windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md
index 1da8e5b737..0c2af7f269 100644
--- a/windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Prevent users from seeing or interacting with the Windows Defender AV user interface
diff --git a/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
index 2082f44329..ba5043b800 100644
--- a/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Report on Windows Defender Antivirus protection
diff --git a/windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
index 3307e84851..90bc57e8a3 100644
--- a/windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Review Windows Defender AV scan results
diff --git a/windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
index 0fb07edd90..e4f58850f2 100644
--- a/windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
diff --git a/windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
index f9ad88746b..deb05534d1 100644
--- a/windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
diff --git a/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
index 8e3ea5d3bf..8a1f3a3a08 100644
--- a/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Specify the cloud-delivered protection level
diff --git a/windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md
index 79abd8d757..55a97e770f 100644
--- a/windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Use Group Policy settings to configure and manage Windows Defender AV
@@ -82,7 +84,7 @@ Reporting | Configure time out for detections in non-critical failed state | Not
Reporting | Configure time out for detections in recently remediated state | Not used
Reporting | Configure time out for detections requiring additional action | Not used
Reporting | Turn off enhanced notifications | [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md)
-Root | Turn off Windows Defender Antivirus | Not used
+Root | Turn off Windows Defender Antivirus | Not used (This setting must be set to **Not configured** to ensure any installed third-party antivirus apps work correctly)
Root | Define addresses to bypass proxy server | Not used
Root | Define proxy auto-config (.pac) for connecting to the network | Not used
Root | Define proxy server for connecting to the network | Not used
diff --git a/windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
index 49226c4cf3..914d50f8b3 100644
--- a/windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV
diff --git a/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md
index 91fc5c207e..6a3cb8e8bd 100644
--- a/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Use PowerShell cmdlets to configure and manage Windows Defender AV
diff --git a/windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md
index 306bf240d2..e009932162 100644
--- a/windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV
diff --git a/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
index 49d63c897a..b8b5733748 100644
--- a/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
index 8b27b216a4..2f90715cf9 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Windows Defender Antivirus in Windows 10 and Windows Server 2016
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
index f15f7b81a6..91520bc734 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-offline.md
index 4672b5eff4..3168581911 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-offline.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-offline.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
# Run and review the results of a Windows Defender Offline scan
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
index 107ae34521..dc8b0b0597 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
diff --git a/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
index 73bb0a5fb0..5221675063 100644
--- a/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
+++ b/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
@@ -40,7 +40,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Win
|-----------|------------------|-----------|-------|
|Configure Windows Defender Application Guard clipboard settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:
Disable the clipboard functionality completely when Virtualization Security is enabled.
Enable copying of certain content from Application Guard into Microsoft Edge.
Enable copying of certain content from Microsoft Edge into Application Guard.
**Important** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
|Configure Windows Defender Application Guard print settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:
Enable Application Guard to print into the XPS format.
Enable Application Guard to print into the PDF format.
Enable Application Guard to print to locally attached printers.
Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.
**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
-|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.
**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard.|
+|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.**Note** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.
**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
|Allow Persistence|At least Windows 10 Enterprise|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
**Disabled or not configured.** All user data within Application Guard is reset between sessions.
**Note** If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data. **To reset the container:**
Open a command-line program and navigate to Windows/System32.
Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.
Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.
|
|Turn On/Off Windows Defender Application Guard (WDAG)|At least Windows 10 Enterprise|Determines whether to turn on Application Guard for Microsoft Edge.|**Enabled.** Turns on Application Guard for Microsoft Edge, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device.
**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge.|
diff --git a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index 3e2f82bcdc..1c0e90fab7 100644
--- a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,9 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
+
# Turn on advanced features in Windows Defender ATP
**Applies to:**
@@ -21,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Windows Defender ATP with.
Turn on the following advanced features to get better protected from potentially malicious files and gain better insight during security investigations:
@@ -32,7 +36,7 @@ If your organization satisfies these conditions, the feature is enabled by defau
## Show user details
When you enable this feature, you'll be able to see user details stored in Azure Active Directory including a user's picture, name, title, and department information when investigating user account entities. You can find user account information in the following views:
-- Dashboard
+- Security operations dashboard
- Alert queue
- Machine details page
@@ -57,3 +61,4 @@ When you enable this feature, you'll be able to incorporate data from Office 365
- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
index c56729bba8..5b05198ca9 100644
--- a/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# View and organize the Windows Defender Advanced Threat Protection Alerts queue
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
The **Alerts queue** shows a list of alerts that were flagged from endpoints in your network. Alerts are displayed in queues according to their current status. In each queue, you'll see details such as the severity of alerts and the number of machines the alerts were raised on.
Alerts are organized in queues by their workflow status or assignment:
@@ -30,6 +33,7 @@ Alerts are organized in queues by their workflow status or assignment:
- **In progress**
- **Resolved**
- **Assigned to me**
+- **Suppression rules**
To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane.
@@ -112,13 +116,14 @@ Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together
## Related topics
-- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Windows Defender Advanced Threat Protection Security analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
index bec8ac80d7..2d146c99a0 100644
--- a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Windows Defender ATP alert API fields
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal.
@@ -273,7 +276,7 @@ Field numbers match the numbers in the images below.
-
+
diff --git a/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
index 8084be4e84..3f9933916f 100644
--- a/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Assign user access to the Windows Defender ATP portal
@@ -23,6 +24,8 @@ ms.localizationpriority: high
- Office 365
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Windows Defender ATP users and access permissions are managed in Azure Active Directory (AAD). Use the following methods to assign security roles.
## Assign user access using Azure PowerShell
diff --git a/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
index ff45bb42eb..723ff75a42 100644
--- a/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Check the health state of the sensor in Windows Defender ATP
description: Check the sensor health on machines to identify which ones are misconfigured, inactive, or are not reporting sensor data.
-keywords: sensor, sensor health, misconfigured, inactive, no sensor data, sensor data, impaired communication, communication
+keywords: sensor, sensor health, misconfigured, inactive, no sensor data, sensor data, impaired communications, communication
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Check sensor health state in Windows Defender ATP
@@ -22,6 +23,7 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
The sensor health tile provides information on the individual endpoint’s ability to provide sensor data and communicate with the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues.
@@ -49,7 +51,7 @@ You can filter the health state list by the following status:
- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service.
- **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service but have configuration errors that need to be corrected. Misconfigured machines can have either one or a combination of the following issues:
- **No sensor data** - Machines has stopped sending sensor data. Limited alerts can be triggered from the machine.
- - **Impaired communication** - Ability to communicate with machine is impaired. Sending files for deep analysis, blocking files, isolating machine from network and other actions that require communication with the machine may not work.
+ - **Impaired communications** - Ability to communicate with machine is impaired. Sending files for deep analysis, blocking files, isolating machine from network and other actions that require communication with the machine may not work.
You can view the machine details when you click on a misconfigured or inactive machine. You’ll see more specific machine information when you click the information icon.
diff --git a/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
index df4b70e28a..beff40e45f 100644
--- a/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Configure HP ArcSight to pull Windows Defender ATP alerts
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
You'll need to install and configure some files and tools to use HP ArcSight so that it can pull Windows Defender ATP alerts.
## Before you begin
diff --git a/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
index 97bfb2b0af..59f69d831e 100644
--- a/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Configure email notifications in Windows Defender ATP
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
You can configure Windows Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity.
> [!NOTE]
@@ -74,3 +77,4 @@ This section lists various issues that you may encounter when using email notifi
- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index dd813aefb9..2d17ac8b25 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Configure endpoints using Group Policy
@@ -23,13 +24,16 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
> [!NOTE]
> To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later.
## Onboard endpoints
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** on the **Navigation pane**.
+ a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
b. Select **Group Policy**, click **Download package** and save the .zip file.
@@ -49,6 +53,7 @@ ms.localizationpriority: high
9. Click **OK** and close any open GPMC windows.
+
## Additional Windows Defender ATP configuration settings
For each endpoint, you can state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
@@ -150,4 +155,5 @@ With Group Policy there isn’t an option to monitor deployment of policies on t
- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
index 2c8aed6960..a1f1d75d60 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Configure endpoints using Mobile Device Management tools
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
You can use mobile device management (MDM) solutions to configure endpoints. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage endpoints.
For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
@@ -106,7 +109,7 @@ Configuration for onboarded machines: telemetry reporting frequency | ./Device/V
1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Select **Endpoint management** > **Client management** on the **Navigation pane**.
+ a. Select **Endpoint management** > **Clients** on the **Navigation pane**.
b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
@@ -203,4 +206,5 @@ Health Status for offboarded machines: Onboarding State | ./Device/Vendor/MSFT/W
- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
index 59794d532f..89b06fa326 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Configure endpoints using System Center Configuration Manager
@@ -23,6 +24,8 @@ ms.localizationpriority: high
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
- System Center 2012 Configuration Manager or later versions
+[!include[Prerelease information](prerelease.md)]
+
## Configure endpoints using System Center Configuration Manager (current branch) version 1606
System Center Configuration Manager (SCCM) (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682).
@@ -169,4 +172,5 @@ For more information about System Center Configuration Manager Compliance see [C
- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
index 0f47beb693..e2993d8ccb 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Configure endpoints using a local script
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network.
> [!NOTE]
@@ -121,4 +124,5 @@ Monitoring can also be done directly on the portal, or by using the different de
- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..6d00f63c3e
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,82 @@
+---
+title: Configure non-persistent virtual desktop infrastructure (VDI) machines
+description: Deploy the configuration package on virtual desktop infrastructure (VDI) machine so that they are onboarded to Windows Defender ATP the service.
+keywords: configure virtual desktop infrastructure (VDI) machine, vdi, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Configure non-persistent virtual desktop infrastructure (VDI) machines
+
+**Applies to:**
+- Virtual desktop infrastructure (VDI) machines
+
+[!include[Prerelease information](prerelease.md)]
+
+## Onboard non-persistent virtual desktop infrastructure (VDI) machines
+
+Windows Defender ATP supports non-persistent VDI session onboarding. There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
+
+
+- Instant early onboarding of a short living session
+ - A session should be onboarded to Windows Defender ATP prior to the actual provisioning
+
+- Machine name persistence
+ - The machine names are typically reused for new sessions. One may ask to have them as a single machine entry while others may prefer to have multiple entries per machine name.
+
+You can onboard VDI machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
+
+1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+
+ a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+
+ b. Select **VDI onboarding scripts for non-persistent endpoints** then click **Download package** and save the .zip file.
+
+2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
+
+ >[!NOTE]
+ >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer.
+
+3. The following step is only applicable if you're implementing a single entry for each machine:
+ **For single entry for each machine**:
+ a. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`.
+
+ >[!NOTE]
+ >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer.
+
+4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.
+
+5. Depending on the method you'd like to implement, follow the appropriate steps:
+ **For single entry for each machine**:
+ Select the **PowerShell Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to onboarding PowerShell script `Onboard-NonPersistentMachine.ps1`.
+ **For multiple entries for each machine**:
+ Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
+
+6. Test your solution:
+
+ a. Create a pool with one machine.
+ b. Logon to machine.
+ c. Logoff from machine.
+ d. Logon to machine with another user.
+ e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.
+ **For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
+
+7. Click **Machines list** on the Navigation pane.
+
+8. Use the search function by entering the machine name and select **Machine** as search type.
+
+## Related topics
+- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+
+
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
index f0e8bcee5c..8b9d4a256a 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Configure Windows Defender ATP endpoints
-description: Configure endpoints so that they can send sensor data to the Windows Defender ATP sensor.
-keywords: configure endpoints, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
+title: Configure Windows Defender ATP client endpoints
+description: Configure client endpoints so that they can send sensor data to the Windows Defender ATP sensor.
+keywords: configure client endpoints, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,9 +10,10 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
-# Configure Windows Defender ATP endpoints
+# Configure Windows Defender ATP client endpoints
**Applies to:**
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Endpoints in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization.
Windows Defender ATP supports the following deployment tools and methods:
@@ -38,3 +41,4 @@ Topic | Description
[Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) | You can use either use System Center Configuration Manager (current branch) version 1606 or System Center Configuration Manager(current branch) version 1602 or earlier to deploy the configuration package on endpoints.
[Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) | Use Mobile Device Managment tools or Microsoft Intune to deploy the configuration package on endpoints.
[Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) | Learn how to use the local script to deploy the configuration package on endpoints.
+[Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) | Learn how to use the configuration package to configure VDI machines.
diff --git a/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index 9710d5a35b..1363cca541 100644
--- a/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
@@ -23,6 +24,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
The Windows Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service.
diff --git a/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..f359c9d10b
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,87 @@
+---
+title: Configure Windows Defender ATP server endpoints
+description: Configure server endpoints so that they can send sensor data to the Windows Defender ATP sensor.
+keywords: configure server endpoints, server, server onboarding, endpoint management, configure Windows ATP server endpoints, configure Windows Defender Advanced Threat Protection server endpoints
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Configure Windows Defender ATP server endpoints
+
+**Applies to:**
+
+- Windows Server 2012 R2
+- Windows Server 2016
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+Windows Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Windows Defender Security Center console.
+
+Windows Defender ATP supports the onboarding of the following servers:
+- Windows Server 2012 R2
+- Windows Server 2016
+
+## Onboard server endpoints
+
+To onboard your servers to Windows Defender ATP, you’ll need to:
+
+- Turn on server monitoring from the Windows Defender Security Center portal.
+- If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through [Multi Homing support](https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/). Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below.
+
+
+### Turn on Server monitoring from the Windows Defender Security Center portal
+
+1. In the navigation pane, select **Endpoint management** > **Server management**.
+
+2. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
+
+ 
+
+
+### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP
+
+1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
+
+2. Using the Workspace ID and Workspace key provided in the previous procedure, choose any of the following installation methods to install the agent on the server:
+ - [Manually install the agent using setup](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-setup)
+ On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**.
+ - [Install the agent using the command line](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#add-a-workspace-using-a-script).
+
+3. You'll need to configure proxy settings for the Microsoft Monitoring Agent. For more information, see [Configure proxy settings](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#configure-proxy-settings).
+
+Once completed, you should see onboarded servers in the portal within an hour.
+
+### Configure server endpoint proxy and Internet connectivity settings
+- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway).
+- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service:
+
+| Agent Resource | Ports |
+|------------------------------------|-------------|
+| *.oms.opinsights.azure.com | 443 |
+| *.blob.core.windows.net | 443 |
+| *.azure-automation.net | 443 |
+| *.ods.opinsights.azure.com | 443 |
+| winatp-gw-cus.microsoft.com | 443 |
+| winatp-gw-eus.microsoft.com | 443 |
+| winatp-gw-neu.microsoft.com | 443 |
+| winatp-gw-weu.microsoft.com | 443 |
+
+
+### Offboard server endpoints
+To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Windows Defender ATP.
+For more information, see [To disable an agent](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent).
+
+>[!NOTE]
+>Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months.
+
+## Related topics
+- [Configure Windows Defender ATP client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+- [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
index 7b1168f940..c90b025275 100644
--- a/windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Pull alerts to your SIEM tools
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
## Pull alerts using supported security information and events management (SIEM) tools
Windows Defender ATP supports (SIEM) tools to pull alerts. Windows Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull alerts from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
diff --git a/windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
index f698a6aeb3..701451367b 100644
--- a/windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Configure Splunk to pull Windows Defender ATP alerts
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
You'll need to configure Splunk so that it can pull Windows Defender ATP alerts.
## Before you begin
diff --git a/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
index 9a12691b2c..48810c5ae3 100644
--- a/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Create custom alerts using the threat intelligence (TI) application program interface (API)
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
You can define custom alert definitions and indicators of compromise (IOC) using the threat intelligence API. Creating custom threat intelligence alerts allows you to generate specific alerts that are applicable to your organization.
## Before you begin
diff --git a/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md
index 6c6ffef9ba..333d2f5e83 100644
--- a/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
---
-title: View the Windows Defender Advanced Threat Protection Dashboard
+title: Windows Defender Advanced Threat Protection Security operations dashboard
description: Use the Dashboard to identify machines at risk, keep track of the status of the service, and see statistics and information about machines and alerts.
keywords: dashboard, alerts, new, in progress, resolved, risk, machines at risk, infections, reporting, statistics, charts, graphs, health, active malware detections, threat category, categories, password stealer, ransomware, exploit, threat, low severity, active malware
search.product: eADQiWindows 10XVcnh
@@ -10,9 +10,10 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
-# View the Windows Defender Advanced Threat Protection Dashboard
+# View the Windows Defender Advanced Threat Protection Security operations dashboard
**Applies to:**
@@ -22,7 +23,9 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-The **Dashboard** displays a snapshot of:
+[!include[Prerelease information](prerelease.md)]
+
+The **Security operations dashboard** displays a snapshot of:
- The latest active alerts on your network
- Daily machines reporting
@@ -34,7 +37,7 @@ The **Dashboard** displays a snapshot of:
You can explore and investigate alerts and machines to quickly determine if, where, and when suspicious activities occurred in your network to help you understand the context they appeared in.
-From the **Dashboard** you will see aggregated events to facilitate the identification of significant events or behaviors on a machine. You can also drill down into granular events and low-level indicators.
+From the **Security operations dashboard** you will see aggregated events to facilitate the identification of significant events or behaviors on a machine. You can also drill down into granular events and low-level indicators.
It also has clickable tiles that give visual cues on the overall health state of your organization. Each tile opens a detailed view of the corresponding overview.
diff --git a/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
index 740f5bfac2..b10e923513 100644
--- a/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Windows Defender ATP data storage and privacy
@@ -22,6 +23,7 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
This section covers some of the most frequently asked questions regarding privacy and data handling for Windows Defender ATP.
> [!NOTE]
diff --git a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
index 4a0d314348..e3a3b4ae51 100644
--- a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Windows Defender compatibility
@@ -23,6 +24,8 @@ ms.localizationpriority: high
- Windows Defender
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
The Windows Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning.
If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode.
diff --git a/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
index 000296d697..32ba05c13a 100644
--- a/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Enable the custom threat intelligence API in Windows Defender ATP
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal.
1. In the navigation pane, select **Preference Setup** > **Threat intel API**.
diff --git a/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
index 13f4d9520a..26467de977 100644
--- a/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Enable SIEM integration in Windows Defender ATP
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Enable security information and event management (SIEM) integration so you can pull alerts from the Windows Defender ATP portal using your SIEM solution or by connecting directly to the alerts REST API.
1. In the navigation pane, select **Preferences setup** > **SIEM integration**.
diff --git a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
index cea3a9d683..4200e50e85 100644
--- a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
@@ -7,9 +7,10 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: iawilt
-author: iaanw
+ms.author: macapara
+author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
@@ -24,6 +25,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints.
For example, if endpoints are not appearing in the **Machines list** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
diff --git a/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
index ebd6f01e25..d5eb939076 100644
--- a/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Experiment with custom threat intelligence (TI) alerts
@@ -22,6 +23,7 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
With the Windows Defender ATP threat intelligence API, you can create custom threat intelligence alerts that can help you keep track of possible attack activities in your organization.
diff --git a/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..2a5b60e599
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,100 @@
+---
+title: Use the Windows Defender Advanced Threat Protection exposed APIs
+description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
+keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Use the Windows Defender ATP exposed APIs
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+
+In general, you’ll need to take the following steps to use the APIs:
+- Create an app
+- Get an access token
+- Run queries on the graph API
+
+### Before you begin
+Before using the APIs, you’ll need to create an app that you’ll use to authenticate against the graph. You’ll need to create a native app to use for the adhoc queries.
+
+## Create an app
+
+1. Log on to [Azure](https://portal.azure.com).
+
+2. Navigate to **Azure Active Directory** > **App registrations** > **New application registration**.
+
+ 
+
+3. In the Create window, enter the following information then click **Create**.
+
+ 
+
+ - **Name:** WinATPGraph
+ - **Application type:** Native
+ - **Redirect URI:** `https://localhost`
+
+
+4. Navigate and select the newly created application.
+ 
+
+5. Click **All settings** > **Required permissions** > **Add**.
+
+ 
+
+6. Click **Select an API** > **Microsoft Graph**, then click **Select**.
+
+ 
+
+
+7. Click **Select permissions** and select **Sign in and read user profile** then click **Select**.
+
+ 
+
+You can now use the code snippets in the following sections to query the API using the created app ID.
+
+## Get an access token
+1. Get the Client ID from the application you created.
+
+2. Use the **Client ID**. For example:
+ ```
+ private const string authority = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+ private const string resourceId = "https://graph.microsoft.com";
+ private const string clientId = "{YOUR CLIENT ID/APP ID HERE}";
+ private const string redirect = "https://localhost";
+ HttpClient client = new HttpClient();
+ AuthenticationContext auth = new AuthenticationContext(authority);
+ var token = auth.AcquireTokenAsync(resourceId, clientId, new Uri(redirect), new PlatformParameters(PromptBehavior.Auto)).Result;
+ client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(token.AccessTokenType, token.AccessToken);
+ ```
+
+## Query the graph
+Once the bearer token is retrieved, you can easily invoke the graph APIs. For example:
+
+```
+client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+// sample endpoint
+string ep = @"https://graph.microsoft.com/{VERSION}/alerts?$top=5";
+HttpResponseMessage response = client.GetAsync(ep).Result;
+string resp = response.Content.ReadAsStringAsync().Result;
+Console.WriteLine($"response for: {ep} \r\n {resp}");
+```
+
+
+## Related topics
+- [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..cd1e27c74b
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,72 @@
+---
+title: Find machine information by interal IP API
+description: Use this API to create calls related to finding a machine entry around a specific timestamp by FQDN or interal IP.
+keywords: apis, graph api, supported apis, find machine, machine information, IP
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Find machine information by interal IP
+Find a machine entity around a specific timestamp by FQDN or internal IP.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/machines/find(timestamp={time},key={IP/FQDN})
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and machine exists - 200 OK.
+If no machine found - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp={time},key={IP/FQDN})
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines",
+ "value": [
+ {
+ "id": "04c99d46599f078f1c3da3783cf5b95f01ac61bb",
+ "computerDnsName": "",
+ "firstSeen": "2017-07-06T01:25:04.9480498Z",
+ "osPlatform": "Windows10",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
index ec792a86dc..89ede3edae 100644
--- a/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Fix unhealthy sensors in Windows Defender ATP
description: Fix machine sensors that are reporting as misconfigured or inactive so that the service receives data from the machine.
-keywords: misconfigured, inactive, fix sensor, sensor health, no sensor data, sensor data, impaired communication, communication
+keywords: misconfigured, inactive, fix sensor, sensor health, no sensor data, sensor data, impaired communications, communication
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Fix unhealthy sensors in Windows Defender ATP
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Machines that are categorized as misconfigured or inactive can be flagged due to varying causes. This section provides some explanations as to what might have caused a machine to be categorized as inactive or misconfigured.
## Inactive machines
@@ -41,13 +44,13 @@ Do you expect a machine to be in ‘Active’ status? [Open a support ticket tic
## Misconfigured machines
Misconfigured machines can further be classified to:
- - Impaired communication
+ - Impaired communications
- No sensor data
-### Impaired communication
+### Impaired communications
This status indicates that there's limited communication between the machine and the service.
-The following suggested actions can help fix issues related to a misconfigured machine with impaired communication:
+The following suggested actions can help fix issues related to a misconfigured machine with impaired communications:
- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
diff --git a/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
index 4e1390a814..db7f9796a9 100644
--- a/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Update general Windows Defender ATP settings
@@ -21,6 +22,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update some settings which you'll be able to do through the **Preferences setup** menu.
1. In the navigation pane, select **Preferences setup** > **General**.
@@ -39,3 +42,4 @@ During the onboarding process, a wizard takes you through the general settings o
- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..b5745d86a0
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,67 @@
+---
+title: Get actor information API
+description: Retrieves an actor information report.
+keywords: apis, graph api, supported apis, get, actor, information
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get actor information
+Retrieves an actor information report.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/actor/{id}/
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and actor exists - 200 OK.
+If actor does not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/actors/zinc
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Actors/$entity",
+ "id": "zinc",
+ "linkToReport": "link-to-pdf"
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..d22c9702da
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,77 @@
+---
+title: Get actor related alerts API
+description: Retrieves all alerts related to a given actor.
+keywords: apis, graph api, supported apis, get, actor, related, alerts
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get actor related alerts
+Retrieves all alerts related to a given actor.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/actor/{id}/alerts
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and alert exists - 200 OK.
+If actor does not exist or no related alerts - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/actors/zinc/alerts
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts",
+ "@odata.count": 3,
+ "value": [
+ {
+ "id": "636390437845006321_-1646055784",
+ "severity": "Medium",
+ "status": "Resolved",
+ "description": "Malware associated with ZINC has been detected.",
+ "recommendedAction": "1.\tContact your incident response team.",
+ "alertCreationTime": "2017-08-23T00:09:43.9057955Z",
+ "category": "Malware",
+ "title": "Malware associated with the activity group ZINC was discovered",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..5a3baedc8a
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,73 @@
+---
+title: Get alert information by ID API
+description: Retrieves an alert by its ID.
+keywords: apis, graph api, supported apis, get, alert, information, id
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get alert information by ID
+Retrieves an alert by its ID.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/alerts/{id}
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and alert exists - 200 OK.
+If alert not found - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/alerts/{id}
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts/$entity",
+ "id": "636396039176847743_89954699",
+ "severity": "Informational",
+ "status": "New",
+ "description": "Readily available tools, such as commercial spyware, monitoring software, and hacking programs",
+ "recommendedAction": "Collect artifacts and determine scope.",
+ "alertCreationTime": "2017-08-29T11:45:17.5754165Z",
+…
+}
+
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..8727105bd0
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,69 @@
+---
+title: Get alert related actor information API
+description: Retrieves the actor information related to the specific alert.
+keywords: apis, graph api, supported apis, get, alert, actor, information, related
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get alert related actor information
+Retrieves the actor information related to the specific alert.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/alerts/{id}/actor
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and alert and actor exist - 200 OK.
+If alert not found or actor not found - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/actor
+Content-type: application/json
+
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Actors/$entity",
+ "id": "zinc",
+ "linkToReport": "link-to-pdf"
+}
+
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..d22d6043a1
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,71 @@
+---
+title: Get alert related domain information
+description: Retrieves all domains related to a specific alert.
+keywords: apis, graph api, supported apis, get alert information, alert information, related domain
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get alert related domain information
+Retrieves all domains related to a specific alert.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/alerts/{id}/domains
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and alert and domain exist - 200 OK.
+If alert not found or domain not found - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/domains
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Domains",
+ "value": [
+ {
+ "host": "www.example.com"
+ }
+ ]
+}
+
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..7020f3ddb1
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,73 @@
+---
+title: Get alert related files information
+description: Retrieves all files related to a specific alert.
+keywords: apis, graph api, supported apis, get alert information, alert information, related files
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get alert related files information
+Retrieves all files related to a specific alert.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/alerts/{id}/files
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and alert and files exist - 200 OK.
+If alert not found or files not found - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/files
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Files",
+ "value": [
+ {
+ "sha1": "121c7060dada38275d7082a4b9dc62641b255c36",
+ "sha256": "c815e0abb8273ba4ea6ca92d430d9e4d065dbb52877a9ce6a8371e5881bd7a94",
+ "md5": "776c970dfd92397b3c7d74401c85cd40",
+ "globalPrevalence": null,
+ "globalFirstObserved": null,
+…
+}
+
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..83ff265f9a
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,73 @@
+---
+title: Get alert related IP information
+description: Retrieves all IPs related to a specific alert.
+keywords: apis, graph api, supported apis, get alert information, alert information, related ip
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get alert related IP information
+Retrieves all IPs related to a specific alert.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/alerts/{id}/ips
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and alert and an IP exist - 200 OK.
+If alert not found or IPs not found - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/ips
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Ips",
+"value": [
+ {
+ "id": "104.80.104.128"
+ },
+ {
+ "id": "23.203.232.228
+…
+}
+
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..1051f8e032
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,68 @@
+---
+title: Get alert related machine information
+description: Retrieves all machines related to a specific alert.
+keywords: apis, graph api, supported apis, get alert information, alert information, related machine
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get alert related machine information
+Retrieves all machines related to a specific alert.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/alerts/{id}/machine
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and alert and machine exist - 200 OK.
+If alert not found or machine not found - 404 Not Found.
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/machine
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines/$entity",
+ "id": "207575116e44741d2b22b6a81429b3ca4fd34608",
+ "computerDnsName": "machine1-corp.contoso.com",
+ "firstSeen": "2015-12-01T11:31:53.7016691Z",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..008f657eb7
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,71 @@
+---
+title: Get alert related user information
+description: Retrieves the user associated to a specific alert.
+keywords: apis, graph api, supported apis, get, alert, information, related, user
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get alert related user information
+Retrieves the user associated to a specific alert.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/alerts/{id}/user
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and alert and a user exists - 200 OK.
+If alert not found or user not found - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/user
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users/$entity",
+ "id": "UserPII_487a7e2aa8b0a24e429b0be88e5cf5e91be1a8f4\\DomainPII_aca88e6ed7dc68a69c35019ca947745f3858c868",
+ "accountSid": null,
+ "accountName": "DomainPII_aca88e6ed7dc68a69c35019ca947745f3858c868",
+ "accountDomainName": "UserPII_487a7e2aa8b0a24e429b0be88e5cf5e91be1a8f4",
+…
+}
+
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..27cbaabe0a
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,75 @@
+---
+title: Get alerts API
+description: Retrieves top recent alerts.
+keywords: apis, graph api, supported apis, get, alerts, recent
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get alerts
+Retrieves top recent alerts.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/alerts
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and alerts exists - 200 OK.
+If no recent alerts found - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/alerts
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts",
+ "@odata.count": 5000,
+ "@odata.nextLink": "https://graph.microsoft.com/testwdatppreview/alerts?$skip=5000",
+ "value": [
+ {
+ "id": "636396039176847743_89954699",
+ "severity": "Informational",
+ "status": "New",
+ "description": "Readily available tools, such as commercial spyware, monitoring software, and hacking programs",
+ "recommendedAction": "Collect artifacts and determine scope",
+ "alertCreationTime": "2017-08-29T11:45:17.5754165Z",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..4ade44c5d8
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,74 @@
+---
+title: Get domain related alerts API
+description: Retrieves a collection of alerts related to a given domain address.
+keywords: apis, graph api, supported apis, get, domain, related, alerts
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get domain related alerts
+Retrieves a collection of alerts related to a given domain address.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/domains/{id}/alerts
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and domain and alert exists - 200 OK.
+If domain or alert does not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/domains/{id}/alerts
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts",
+ "@odata.count": 9,
+ "value": [
+ {
+ "id": "636396023170943366_-36088267",
+ "severity": "Medium",
+ "status": "New",
+ "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.",
+ "recommendedAction": "Update AV signatures and run a full scan.",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..630af76023
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,72 @@
+---
+title: Get domain related machines API
+description: Retrieves a collection of machines related to a given domain address.
+keywords: apis, graph api, supported apis, get, domain, related, machines
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get domain related machines
+Retrieves a collection of machines related to a given domain address.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/domains/{id}/machines
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and domain and machine exists - 200 OK.
+If domain or machines do not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines",
+ "value": [
+ {
+ "id": "0a3250e0693a109f1affc9217be9459028aa8426",
+ "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631",
+ "firstSeen": "2017-07-05T08:21:00.0572159Z",
+ "osPlatform": "Windows10",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..168ba45b95
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,69 @@
+---
+title: Get domain statistics API
+description: Retrieves the prevalence for the given domain.
+keywords: apis, graph api, supported apis, get, domain, domain related machines
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get domain statistics
+Retrieves the prevalence for the given domain.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/domains/{id}/stats
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and domain exists - 200 OK.
+If domain does not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.graph.InOrgDomainStats",
+ "host": "example.com",
+ "orgPrevalence": "4070",
+ "orgFirstSeen": "2017-07-30T13:23:48Z",
+ "orgLastSeen": "2017-08-29T13:09:05Z"
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..bf5224ea2c
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,70 @@
+---
+title: Get file information API
+description: Retrieves a file by identifier Sha1, Sha256, or MD5.
+keywords: apis, graph api, supported apis, get, file, information, sha1, sha256, md5
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get file information
+Retrieves a file by identifier Sha1, Sha256, or MD5.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/files/{id}/
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and file exists - 200 OK.
+If file does not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/files/{id}
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Files/$entity",
+ "sha1": "adae3732709d2178c8895c9be39c445b5e76d587",
+ "sha256": "34fcb083cd01b1bd89fc467fd3c2cd292de92f915a5cb43a36edaed39ce2689a",
+ "md5": "d387a06cd4bf5fcc1b50c3882f41a44e",
+ "globalPrevalence": 40790196,
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..0bc15888fe
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,74 @@
+---
+title: Get file related alerts API
+description: Retrieves a collection of alerts related to a given file hash.
+keywords: apis, graph api, supported apis, get, file, hash
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get file related alerts
+Retrieves a collection of alerts related to a given file hash.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/files/{id}/alerts
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and file and alert exists - 200 OK.
+If file or alerts do not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/files/{id}/alerts
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts",
+ "@odata.count": 9,
+ "value": [
+ {
+ "id": "636396023170943366_-36088267",
+ "severity": "Medium",
+ "status": "New",
+ "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.",
+ "recommendedAction": "Update AV signatures and run a full scan.",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..0dd8cbb37e
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,72 @@
+---
+title: Get file related machines API
+description: Retrieves a collection of machines related to a given file hash.
+keywords: apis, graph api, supported apis, get, machines, hash
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get file related machines
+Retrieves a collection of machines related to a given file hash.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/files/{id}/machines
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and file and machines exists - 200 OK.
+If file or machines do not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines",
+ "value": [
+ {
+ "id": "0a3250e0693a109f1affc9217be9459028aa8426",
+ "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631",
+ "firstSeen": "2017-07-05T08:21:00.0572159Z",
+ "osPlatform": "Windows10",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..cf4bdfb5bb
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,73 @@
+---
+title: Get file statistics API
+description: Retrieves the prevalence for the given file.
+keywords: apis, graph api, supported apis, get, file, statistics
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get file statistics
+Retrieves the prevalence for the given file.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/files/{id}/stats
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and file exists - 200 OK.
+If file do not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats",
+ "sha1": "adae3732709d2178c8895c9be39c445b5e76d587",
+ "orgPrevalence": "106398",
+ "orgFirstSeen": "2017-07-30T13:29:50Z",
+ "orgLastSeen": "2017-08-29T13:29:31Z",
+ "topFileNames": [
+ "chrome.exe",
+ "old_chrome.exe"
+ ]
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..cc3eaf628c
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,74 @@
+---
+title: Get IP related alerts API
+description: Retrieves a collection of alerts related to a given IP address.
+keywords: apis, graph api, supported apis, get, ip, related, alerts
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get IP related alerts
+Retrieves a collection of alerts related to a given IP address.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/ips/{id}/alerts
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and IP and alert exists - 200 OK.
+If IP and alerts do not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/ips/{id}/alerts
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts",
+ "@odata.count": 9,
+ "value": [
+ {
+ "id": "636396023170943366_-36088267",
+ "severity": "Medium",
+ "status": "New",
+ "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.",
+ "recommendedAction": "Update AV signatures and run a full scan.",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..5a3164c261
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,72 @@
+---
+title: Get IP related machines API
+description: Retrieves a collection of machines related to a given IP address.
+keywords: apis, graph api, supported apis, get, ip, related, machines
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get IP related machines
+Retrieves a collection of alerts related to a given IP address.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/ips/{id}/machines
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and IP and machines exists - 200 OK.
+If IP or machines do not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines",
+ "value": [
+ {
+ "id": "0a3250e0693a109f1affc9217be9459028aa8426",
+ "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631",
+ "firstSeen": "2017-07-05T08:21:00.0572159Z",
+ "osPlatform": "Windows10",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..077f8220bb
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,69 @@
+---
+title: Get IP statistics API
+description: Retrieves the prevalence for the given IP.
+keywords: apis, graph api, supported apis, get, ip, statistics, prevalence
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get IP statistics
+Retrieves the prevalence for the given IP.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/ips/{id}/stats
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and IP and domain exists - 200 OK.
+If domain does not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats",
+ "ipAddress": "192.168.1.1",
+ "orgPrevalence": "63515",
+ "orgFirstSeen": "2017-07-30T13:36:06Z",
+ "orgLastSeen": "2017-08-29T13:32:59Z"
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..eefe82c97b
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,72 @@
+---
+title: Get machine by ID API
+description: Retrieves a machine entity by ID.
+keywords: apis, graph api, supported apis, get, machines, entity, id
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get machine by ID
+Retrieves a machine entity by ID.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/machines/{id}
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and machine exists - 200 OK.
+If no machine found - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/machines/{id}
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines/$entity",
+ "id": "fadd8a46f4cc722a0391fdee82a7503b9591b3b9",
+ "computerDnsName": "",
+ "firstSeen": "2015-03-15T00:18:20.6588778Z",
+ "osPlatform": "Windows10",
+ "osVersion": "10.0.0.0",
+…
+}
+
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..837fece398
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,71 @@
+---
+title: Get machine log on users API
+description: Retrieves a collection of logged on users.
+keywords: apis, graph api, supported apis, get, machine, log on, users
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get machine log on users
+Retrieves a collection of logged on users.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/machines/{id}/logonusers
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and machine and user exist - 200 OK.
+If no machine found or no users found - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/machines/{id}/logonusers
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users",
+ "value": [
+ {
+ "id": "m",
+ "accountSid": null,
+ "accountName": "",
+ "accountDomainName": "northamerica",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..0afb16bf58
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,73 @@
+---
+title: Get machine related alerts API
+description: Retrieves a collection of alerts related to a given machine ID.
+keywords: apis, graph api, supported apis, get, machines, related, alerts
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get machine related alerts
+Retrieves a collection of alerts related to a given machine ID.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/machines/{id}/alerts
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and machine and alert exists - 200 OK.
+If no machine or no alerts found - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/machines/{id}/alerts
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts",
+ "@odata.count": 1,
+ "value": [
+ {
+ "id": "636396066728379047_-395412459",
+ "severity": "Medium",
+ "status": "New",
+ "description": "A reverse shell created from PowerShell was detected. A reverse shell allows an attacker to access the compromised machine without authenticating.",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..7674740001
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,76 @@
+---
+title: Get machines API
+description: Retrieves a collection of recently seen machines.
+keywords: apis, graph api, supported apis, get, machines
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get machines
+Retrieves a collection of recently seen machines.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/machines
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and machines exists - 200 OK.
+If no recent machines - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/machines
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines",
+ "@odata.count": 5000,
+ "@odata.nextLink": "https://graph.microsoft.com/testwdatppreview/machines?$skip=5000",
+ "value": [
+ {
+ "id": "fadd8a46f4cc722a0391fdee82a7503b9591b3b9",
+ "computerDnsName": "",
+ "firstSeen": "2015-03-15T00:18:20.6588778Z",
+ "osPlatform": "Windows10",
+ "osVersion": "10.0.0.0",
+…
+}
+
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..cf588557dc
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,70 @@
+---
+title: Get user information API
+description: Retrieve a User entity by key such as user name or domain.
+keywords: apis, graph api, supported apis, get, user, user information
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get user information
+Retrieve a User entity by key (user name or domain\user).
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/users/{id}/
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and user exists - 200 OK.
+If user does not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/users/{id}
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users/$entity",
+ "id": "",
+ "accountSid": null,
+ "accountName": "",
+ "accountDomainName": "",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..88cc381aaf
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,74 @@
+---
+title: Get user related alerts API
+description: Retrieves a collection of alerts related to a given user ID.
+keywords: apis, graph api, supported apis, get, user, related, alerts
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get user related alerts
+Retrieves a collection of alerts related to a given user ID.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/users/{id}/alerts
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and user and alert exists - 200 OK.
+If user does not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/users/{id}/alerts
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts",
+ "@odata.count": 9,
+ "value": [
+ {
+ "id": "636396023170943366_-36088267",
+ "severity": "Medium",
+ "status": "New",
+ "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.",
+ "recommendedAction": "Update AV signatures and run a full scan.",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..46b715810b
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,72 @@
+---
+title: Get user related machines API
+description: Retrieves a collection of machines related to a given user ID.
+keywords: apis, graph api, supported apis, get, user, user related alerts
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Get user related machines
+Retrieves a collection of machines related to a given user ID.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/users/{id}/machines
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and user and machine exists - 200 OK.
+If user or machine does not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/users/{id}/machines
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines",
+ "value": [
+ {
+ "id": "0a3250e0693a109f1affc9217be9459028aa8426",
+ "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631",
+ "firstSeen": "2017-07-05T08:21:00.0572159Z",
+ "osPlatform": "Windows10",
+…
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-action-block-file.png b/windows/threat-protection/windows-defender-atp/images/atp-action-block-file.png
new file mode 100644
index 0000000000..3c945c3b8d
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-action-block-file.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-action-center-app-restriction.png b/windows/threat-protection/windows-defender-atp/images/atp-action-center-app-restriction.png
new file mode 100644
index 0000000000..f195635b73
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-action-center-app-restriction.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-action-center-package-collection.png b/windows/threat-protection/windows-defender-atp/images/atp-action-center-package-collection.png
new file mode 100644
index 0000000000..a29e87f278
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-action-center-package-collection.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-action-center-restrict-app.png b/windows/threat-protection/windows-defender-atp/images/atp-action-center-restrict-app.png
new file mode 100644
index 0000000000..080b28974c
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-action-center-restrict-app.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png b/windows/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png
index ff3c828a38..5f0e1199b6 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png and b/windows/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-action-center.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-action-center.png
new file mode 100644
index 0000000000..90e1f30d77
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-action-center.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-collect-investigation-package.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-collect-investigation-package.png
new file mode 100644
index 0000000000..ce13835ade
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-collect-investigation-package.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-isolate-machine.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-isolate-machine.png
new file mode 100644
index 0000000000..df19e86e74
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-isolate-machine.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-manage-tags.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-manage-tags.png
new file mode 100644
index 0000000000..467cb3414e
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-manage-tags.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-release-from-isolation.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-release-from-isolation.png
new file mode 100644
index 0000000000..71d61dca5f
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-release-from-isolation.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-release-from-isoloation.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-release-from-isoloation.png
new file mode 100644
index 0000000000..5b5116f4dd
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-release-from-isoloation.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-remove-app-restrictions.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-remove-app-restrictions.png
new file mode 100644
index 0000000000..88ed4da744
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-remove-app-restrictions.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-restrict-app-execution.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-restrict-app-execution.png
new file mode 100644
index 0000000000..70a29f078a
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-restrict-app-execution.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-run-av.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-run-av.png
new file mode 100644
index 0000000000..79dfdf7756
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-run-av.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-add-application-name.png b/windows/threat-protection/windows-defender-atp/images/atp-add-application-name.png
new file mode 100644
index 0000000000..e46547a2ff
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-add-application-name.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-add-application.png b/windows/threat-protection/windows-defender-atp/images/atp-add-application.png
new file mode 100644
index 0000000000..38767341f9
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-add-application.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png
index f162f21b1b..9745627e88 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png and b/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-app-restriction.png b/windows/threat-protection/windows-defender-atp/images/atp-app-restriction.png
new file mode 100644
index 0000000000..ae493ad999
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-app-restriction.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-application-information.png b/windows/threat-protection/windows-defender-atp/images/atp-application-information.png
new file mode 100644
index 0000000000..0fa908d66c
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-application-information.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-av-scan-action-center.png b/windows/threat-protection/windows-defender-atp/images/atp-av-scan-action-center.png
new file mode 100644
index 0000000000..d980fc4ed9
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-av-scan-action-center.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-av-scan-notification.png b/windows/threat-protection/windows-defender-atp/images/atp-av-scan-notification.png
new file mode 100644
index 0000000000..aed05187d6
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-av-scan-notification.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-api-access.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-api-access.png
new file mode 100644
index 0000000000..31a49811ec
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-azure-api-access.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-atp-app.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-atp-app.png
new file mode 100644
index 0000000000..2fe20462f2
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-azure-atp-app.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-create.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-create.png
new file mode 100644
index 0000000000..a222f09880
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-azure-create.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-new-app.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-new-app.png
new file mode 100644
index 0000000000..effefd5424
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-azure-new-app.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-required-permissions.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-required-permissions.png
new file mode 100644
index 0000000000..ce3d0672a6
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-azure-required-permissions.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-select-permissions.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-select-permissions.png
new file mode 100644
index 0000000000..5aa454b9c8
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-azure-select-permissions.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-block-file-confirm.png b/windows/threat-protection/windows-defender-atp/images/atp-block-file-confirm.png
new file mode 100644
index 0000000000..23dcbb397e
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-block-file-confirm.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-collect-investigation-package.png b/windows/threat-protection/windows-defender-atp/images/atp-collect-investigation-package.png
new file mode 100644
index 0000000000..d90199bb76
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-collect-investigation-package.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-confirm-isolate.png b/windows/threat-protection/windows-defender-atp/images/atp-confirm-isolate.png
new file mode 100644
index 0000000000..e56876ff1b
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-confirm-isolate.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-create-dashboard.png b/windows/threat-protection/windows-defender-atp/images/atp-create-dashboard.png
new file mode 100644
index 0000000000..5a04cb5fd5
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-create-dashboard.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics.png b/windows/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics.png
new file mode 100644
index 0000000000..4f738b77ae
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-download-connector.png b/windows/threat-protection/windows-defender-atp/images/atp-download-connector.png
new file mode 100644
index 0000000000..8166caf6ae
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-download-connector.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-improv-ops.png b/windows/threat-protection/windows-defender-atp/images/atp-improv-ops.png
new file mode 100644
index 0000000000..3cfe2f682f
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-improv-ops.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-isolate-machine.png b/windows/threat-protection/windows-defender-atp/images/atp-isolate-machine.png
index 4905b60304..d416fcb5ad 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-isolate-machine.png and b/windows/threat-protection/windows-defender-atp/images/atp-isolate-machine.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-actions-undo.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-actions-undo.png
new file mode 100644
index 0000000000..ad6c46725c
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machine-actions-undo.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-actions.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-actions.png
new file mode 100644
index 0000000000..dc88fe76e4
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machine-actions.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-investigation-package.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-investigation-package.png
index 2c32d9780d..65eafd21ea 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-investigation-package.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-investigation-package.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-isolation.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-isolation.png
index 10b778ae73..cdc1be01f6 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-isolation.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-isolation.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png
index c9063c8fa9..0c7f50581f 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png
index da80abb64f..c90cef7b32 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-view-ata.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-view-ata.png
new file mode 100644
index 0000000000..5e2258d16d
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machine-view-ata.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png b/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png
index 746d043732..7c10c6b14f 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png and b/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-manage-tags.png b/windows/threat-protection/windows-defender-atp/images/atp-manage-tags.png
new file mode 100644
index 0000000000..fc88a55489
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-manage-tags.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-notification-collect-package.png b/windows/threat-protection/windows-defender-atp/images/atp-notification-collect-package.png
new file mode 100644
index 0000000000..3160d850e0
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-notification-collect-package.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-notification-restrict.png b/windows/threat-protection/windows-defender-atp/images/atp-notification-restrict.png
new file mode 100644
index 0000000000..5dbd52ce1c
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-notification-restrict.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-observed-in-organization.png b/windows/threat-protection/windows-defender-atp/images/atp-observed-in-organization.png
index 508822a2ad..b4865884d3 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-observed-in-organization.png and b/windows/threat-protection/windows-defender-atp/images/atp-observed-in-organization.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-org-score.png b/windows/threat-protection/windows-defender-atp/images/atp-org-score.png
new file mode 100644
index 0000000000..e0e05e11be
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-org-score.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-org-sec-score.png b/windows/threat-protection/windows-defender-atp/images/atp-org-sec-score.png
new file mode 100644
index 0000000000..65dc93e72c
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-org-sec-score.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-permissions-applications.png b/windows/threat-protection/windows-defender-atp/images/atp-permissions-applications.png
new file mode 100644
index 0000000000..c8a1a31e06
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-permissions-applications.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-portal.png b/windows/threat-protection/windows-defender-atp/images/atp-portal.png
index 5f39939886..742b8deb22 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-portal.png and b/windows/threat-protection/windows-defender-atp/images/atp-portal.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-powerbi-consent.png b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-consent.png
new file mode 100644
index 0000000000..953e4af373
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-consent.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-powerbi-get-data.png b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-get-data.png
new file mode 100644
index 0000000000..96200e68ff
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-get-data.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-powerbi-navigator.png b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-navigator.png
new file mode 100644
index 0000000000..2061e53383
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-navigator.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-powerbi-options.png b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-options.png
new file mode 100644
index 0000000000..be0e101c6e
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-options.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-powerbi-preview.png b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-preview.png
new file mode 100644
index 0000000000..92599b5a75
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-preview.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-restrict-app.png b/windows/threat-protection/windows-defender-atp/images/atp-restrict-app.png
new file mode 100644
index 0000000000..d587e6d40a
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-restrict-app.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-run-av-scan.png b/windows/threat-protection/windows-defender-atp/images/atp-run-av-scan.png
new file mode 100644
index 0000000000..ff284e05fc
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-run-av-scan.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-save-tag.png b/windows/threat-protection/windows-defender-atp/images/atp-save-tag.png
new file mode 100644
index 0000000000..47cedd37ae
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-save-tag.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-sec-coverage.png b/windows/threat-protection/windows-defender-atp/images/atp-sec-coverage.png
new file mode 100644
index 0000000000..b83b4de959
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-sec-coverage.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-dashboard.png b/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-dashboard.png
new file mode 100644
index 0000000000..1b3c80e762
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-dashboard.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines.png b/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines.png
new file mode 100644
index 0000000000..e7f8d974bf
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png b/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png
new file mode 100644
index 0000000000..627d376ba2
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-security-coverage.png b/windows/threat-protection/windows-defender-atp/images/atp-security-coverage.png
new file mode 100644
index 0000000000..2a1d763b3f
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-security-coverage.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-security-improvements.png b/windows/threat-protection/windows-defender-atp/images/atp-security-improvements.png
new file mode 100644
index 0000000000..d99b7de547
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-security-improvements.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-server-onboarding.png b/windows/threat-protection/windows-defender-atp/images/atp-server-onboarding.png
new file mode 100644
index 0000000000..07fa544f73
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-server-onboarding.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png
index 8dcfa06ea0..191941085d 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png and b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine-file.png b/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine-file.png
index cb58fad705..1f09d12343 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine-file.png and b/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine-file.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png b/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png
new file mode 100644
index 0000000000..e1d37a4f65
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-tag-management.png b/windows/threat-protection/windows-defender-atp/images/atp-tag-management.png
new file mode 100644
index 0000000000..6a4b746009
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-tag-management.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-undo-isolation.png b/windows/threat-protection/windows-defender-atp/images/atp-undo-isolation.png
index ea42abd060..ce515c1e79 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-undo-isolation.png and b/windows/threat-protection/windows-defender-atp/images/atp-undo-isolation.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-user-details-pane.png b/windows/threat-protection/windows-defender-atp/images/atp-user-details-pane.png
index 1d852999b9..b08381baed 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-user-details-pane.png and b/windows/threat-protection/windows-defender-atp/images/atp-user-details-pane.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-user-details-view-tdp.png b/windows/threat-protection/windows-defender-atp/images/atp-user-details-view-tdp.png
new file mode 100644
index 0000000000..b0732653d6
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-user-details-view-tdp.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-user-details.png b/windows/threat-protection/windows-defender-atp/images/atp-user-details.png
new file mode 100644
index 0000000000..1d852999b9
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-user-details.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-user-view-ata.png b/windows/threat-protection/windows-defender-atp/images/atp-user-view-ata.png
new file mode 100644
index 0000000000..2bea8cb48d
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-user-view-ata.png differ
diff --git a/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
index 22cb47ce0e..d2e1a9a60a 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Investigate Windows Defender Advanced Threat Protection alerts
@@ -18,6 +19,8 @@ ms.localizationpriority: high
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Investigate alerts that are affecting your network, what they mean, and how to resolve them. Use the alert details view to see various tiles that provide information about alerts. You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them.
@@ -27,7 +30,7 @@ The alert context tile shows the where, who, and when context of the alert. As w
For more information about managing alerts, see [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md).
-The alert details page also shows the alert process tree, an incident graph, and an alert timeline.
+The alert details page also shows the alert process tree, an incident graph, and an artifact timeline.
You can click on the machine link from the alert view to navigate to the machine. The alert will be highlighted automatically, and the timeline will display the appearance of the alert and its evidence in the **Machine timeline**. If the alert appeared more than once on the machine, the latest occurrence will be displayed in the **Machine timeline**.
@@ -74,15 +77,15 @@ The **Incident Graph** expansion by destination IP Address, shows the organizati
You can click the full circles on the incident graph to expand the nodes and view the expansion to other machines where the matching criteria were observed.
-## Alert timeline
-The **Alert timeline** feature provides an addition view of the evidence that triggered the alert on the machine, and shows the date and time the evidence triggering the alert was observed, as well as the first time it was observed on the machine. This can help in understanding if the evidence was first observed at the time of the alert, or whether it was observed on the machine earlier - without triggering an alert.
+## Artifact timeline
+The **Artifact timeline** feature provides an addition view of the evidence that triggered the alert on the machine, and shows the date and time the evidence triggering the alert was observed, as well as the first time it was observed on the machine. This can help in understanding if the evidence was first observed at the time of the alert, or whether it was observed on the machine earlier - without triggering an alert.
-
+
Selecting an alert detail brings up the **Details pane** where you'll be able to see more information about the alert such as file details, detections, instances of it observed worldwide, and in the organization.
## Related topics
-- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
index bb040b50a1..6c5effd35b 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Investigate a domain associated with a Windows Defender ATP alert
@@ -21,6 +22,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
You can see information from the following sections in the URL view:
@@ -45,7 +48,7 @@ The **Communication with URL in organization** section provides a chronological
5. Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events.
## Related topics
-- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
index 60f65b2052..afb66067f3 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Investigate a file associated with a Windows Defender ATP alert
@@ -21,31 +22,36 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach.
You can get information from the following sections in the file view:
- File details, Malware detection, Prevalence worldwide
-- Deep analysis
-- Alerts related to this file
-- File in organization
-- Most recent observed machines with file
-
+- Deep analysis
+- Alerts related to this file
+- File in organization
+- Most recent observed machines with file
+## File worldwide and Deep analysis
The file details, malware detection, and prevalence worldwide sections display various attributes about the file. You’ll see actions you can take on the file. For more information on how to take action on a file, see [Take response action on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md).
-You'll also see details such as the file’s MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the file’s prevalence worldwide. You'll also be able to [submit a file for deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis).
+You'll see details such as the file’s MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the file’s prevalence worldwide. You'll also be able to [submit a file for deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis).
+## Alerts related to this file
The **Alerts related to this file** section provides a list of alerts that are associated with the file. This list is a simplified version of the Alerts queue, and shows the date when the last activity was detected, a short description of the alert, the user associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert.
+## File in organization
The **File in organization** section provides details on the prevalence of the file, prevalence in email inboxes and the name observed in the organization.
+## Most recent observed machinew with the file
The **Most recent observed machines with the file** section allows you to specify a date range to see which machines have been observed with the file.
@@ -53,7 +59,7 @@ The **Most recent observed machines with the file** section allows you to specif
This allows for greater accuracy in defining entities to display such as if and when an entity was observed in the organization. For example, if you’re trying to identify the origin of a network communication to a certain IP Address within a 10-minute period on a given date, you can specify that exact time interval, and see only files that communicated with that IP Address at that time, drastically reducing unnecessary scrolling and searching.
## Related topics
-- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
index 486af0335d..0efb6d5061 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Investigate an IP address associated with a Windows Defender ATP alert
@@ -21,6 +22,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Examine possible communication between your machines and external internet protocol (IP) addresses.
Identifying all machines in the organization that communicated with a suspected or known malicious IP address, such as Command and Control (C2) servers, helps determine the potential scope of breach, associated files, and infected machines.
@@ -53,7 +56,7 @@ Use the search filters to define the search criteria. You can also use the timel
Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events.
## Related topics
-- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
index 2a4675f3c4..f437a524b9 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Investigate machines in the Windows Defender ATP Machines list
-description: Investigate affected machines in your network by reviewing alerts, network connection information, and service health on the Machines list.
-keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity
+description: Investigate affected machines by reviewing alerts, network connection information, adding machine tags and groups, and checking the service health.
+keywords: machines, endpoints, tags, groups, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity, service heatlh
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Investigate machines in the Windows Defender ATP Machines list
@@ -18,6 +19,8 @@ ms.localizationpriority: high
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
## Investigate machines
Investigate the details of an alert raised on a specific machine to identify other behaviors or events that might be related to the alert or the potential scope of breach.
@@ -25,39 +28,43 @@ You can click on affected machines whenever you see them in the portal to open a
- The [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
- The [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
-- The [Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- The [Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- Any individual alert
- Any individual file details view
- Any IP address or domain details view
When you investigate a specific machine, you'll see:
-- Machine details, Logged on users, and Machine Reporting
+- Machine details, Logged on users, and Machine Reporting
- Alerts related to this machine
- Machine timeline
-
+
-The machine details, total logged on users and machine reporting sections display various attributes about the machine. You’ll see details such as machine name, health state, actions you can take on the machine, and others. For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md).
+The machine details, total logged on users, and machine reporting sections display various attributes about the machine.
-You'll also see other information such as domain, operating system (OS) and build, total logged on users and who frequently and less frequently logged on, IP address, and how long it's been reporting sensor data to the Windows Defender ATP service.
+The machine details tile provides information such as the domain and OS of the machine. If there's an investigation package available on the machine, you'll see a link that allows you to download the package.
+
+For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md).
Clicking on the number of total logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days:
- Interactive and remote interactive logins
- Network, batch, and system logins
-
+
You'll also see details such as logon types for each user account, the user group, and when the account logon occurred.
For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md).
+## Alerts related to this machine
The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. You can also manage alerts from this section by clicking the circle icons to the left of the alert (or using Ctrl or Shift + click to select multiple alerts).
This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert. You'll also see a list of displayed alerts and you'll be able to quickly know the total number of alerts on the machine.
You can also choose to highlight an alert from the **Alerts related to this machine** or from the **Machine timeline** section to see the correlation between the alert and its related events on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights the alert and its related events and helps distinguish them from other alerts and events appearing in the timeline. Highlighted events are displayed in all information levels whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**.
+## Machine timeline
The **Machine timeline** section provides a chronological view of the events and associated alerts that have been observed on the machine.
This feature also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period.
@@ -72,38 +79,39 @@ Use the search bar to look for specific timeline events. Harness the power of us
- **Value** - Type in any search keyword to filter the timeline with the attribute you’re searching for. This search supports defined search queries based on type:value pairs.
You can use any of the following values:
- - Hash: Sha1 or MD5
- - File name
- - File extension
- - Path
- - Command line
- - User
- - IP
- - URL
+ - Hash: Sha1 or MD5
+ - File name
+ - File extension
+ - Path
+ - Command line
+ - User
+ - IP
+ - URL
+
- **Informational level** – Click the drop-down button to filter by the following levels:
- - Detections mode: displays Windows ATP Alerts and detections
- - Behaviors mode: displays "detections" and selected events of interest
- - Verbose mode: displays all raw events without aggregation or filtering
+ - Detections mode: displays Windows ATP Alerts and detections
+ - Behaviors mode: displays "detections" and selected events of interest
+ - Verbose mode: displays all raw events without aggregation or filtering
- **Event type** - Click the drop-down button to filter by the following levels:
- - Windows Defender ATP alerts
- - Windows Defender AV alerts
- - Response actions
- - AppGuard related events
- - Windows Defender Device Guard events
- - Process events
- - Network events
- - File events
- - Registry events
- - Load DLL events
- - Other events
- Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed.
+ - Windows Defender ATP alerts
+ - Windows Defender AV alerts
+ - Response actions
+ - AppGuard related events
+ - Windows Defender Device Guard events
+ - Process events
+ - Network events
+ - File events
+ - Registry events
+ - Load DLL events
+ - Other events
+ Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed.
- **User account** – Click the drop-down button to filter the machine timeline by the following user associated events:
- - Logon users
- - System
- - Network
- - Local service
+ - Logon users
+ - System
+ - Network
+ - Local service
The following example illustrates the use of type:value pair. The events were filtered by searching for the user jonathan.wolcott and network events as the event type:
@@ -133,14 +141,16 @@ From the list of events that are displayed in the timeline, you can examine the
-You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline) feature to see the correlation between alerts and events on a specific machine.
+You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine.
Expand an event to view associated processes related to the event. Click on the circle next to any process or IP address in the process tree to investigate additional details of the identified processes. This action brings up the **Details pane** which includes execution context of processes, network communications and a summary of metadata on the file or IP address.
The details pane enriches the ‘in-context’ information across investigation and exploration activities, reducing the need to switch between contexts. It lets you focus on the task of tracing associations between attributes without leaving the current context.
+
+
## Related topics
-- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
index 3fad51eada..52c8a9583f 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Investigate a user account in Windows Defender ATP
@@ -21,6 +22,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
## Investigate user account entities
Identify user accounts with the most active alerts (displayed on dashboard as "Users at risk") and investigate cases of potential compromised credentials, or pivot on the associated user account when investigating an alert or machine to identify possible lateral movement between machines with that user account.
@@ -36,7 +39,7 @@ When you investigate a user account entity, you'll see:
- Alerts related to this user
- Observed in organization (machines logged on to)
-
+
The user account entity details and logged on machines section display various attributes about the user account. You'll see details such as when the user was first and last seen and the total number of machines the user logged on to. You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine.
@@ -64,7 +67,7 @@ You can filter the results by the following time periods:
- 6 months
## Related topics
-- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..5d32e4419b
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,66 @@
+---
+title: Is domain seen in org API
+description: Use this API to create calls related to checking whether a domain was seen in the organization.
+keywords: apis, graph api, supported apis, domain, domain seen
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Is domain seen in org
+Answers whether a domain was seen in the organization.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/domains/{id}/
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and domain exists - 200 OK.
+If domain does not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/domains/{id}
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Domains/$entity",
+ "host": "example.com"
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..9dfc6cd763
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,66 @@
+---
+title: Is IP seen in org API
+description: Answers whether an IP was seen in the organization.
+keywords: apis, graph api, supported apis, is, ip, seen, org, organization
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Is IP seen in org
+Answers whether an IP was seen in the organization.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/ips/{id}/
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+
+## Request body
+Empty
+
+## Response
+If successful and IP exists - 200 OK.
+If IP do not exist - 404 Not Found.
+
+
+## Example
+
+Request
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/ips/{id}
+Content-type: application/json
+```
+
+Response
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Ips/$entity",
+ "id": "192.168.1.1"
+}
+```
diff --git a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
index 78c0d14437..4fa77ae8f4 100644
--- a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# View and organize the Windows Defender ATP Machines list
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
The **Machines list** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network.
Use the Machines list in these main scenarios:
@@ -34,7 +37,7 @@ Use the Machines list in these main scenarios:
## Sort, filter, and download the list of machines from the Machines list
You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order.
-Filter the **Machines list** by time period, **OS Platform**, **Health**, or **Malware category alerts** to focus on certain sets of machines, according to the desired criteria.
+Filter the **Machines list** by time period, **OS Platform**, **Health**, **Security state**, **Malware category alerts**, or **Groups** to focus on certain sets of machines, according to the desired criteria.
You can also download the entire list in CSV format using the **Export to CSV** feature.
@@ -53,14 +56,22 @@ You can use the following filters to limit the list of machines displayed during
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
+- Linux
+- Mac OS
- Other
+**Health**
+- All
+- Well configure
+- Requires attention - Depending on the Windows Defender security controls configured in your enterprise, you'll see various available filters.
+
+
**Sensor health state**
Filter the list to view specific machines grouped together by the following machine health states:
- **Active** – Machines that are actively reporting sensor data to the service.
-- **Misconfigured** – Machines that have impaired communication with service or are unable to send sensor data. Misconfigured machines can further be classified to:
- - Impaired communication
+- **Misconfigured** – Machines that have impaired communications with service or are unable to send sensor data. Misconfigured machines can further be classified to:
+ - Impaired communications
- No sensor data
For more information on how to address issues on misconfigured machines see, [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
@@ -101,7 +112,7 @@ You can sort the **Machines list** by the following columns:
## Related topics
-- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 82f32619ad..be0229d1d1 100644
--- a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Manage Windows Defender Advanced Threat Protection alerts
@@ -22,7 +23,9 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-Windows Defender ATP notifies you of possible malicious events, attributes, and contextual information through alerts. A summary of new alerts is displayed in the **Dashboard**, and you can access all alerts in the **Alerts queue** menu.
+[!include[Prerelease information](prerelease.md)]
+
+Windows Defender ATP notifies you of possible malicious events, attributes, and contextual information through alerts. A summary of new alerts is displayed in the **Security operations dashboard**, and you can access all alerts in the **Alerts queue** menu.
You can manage alerts by selecting an alert in the **Alerts queue** or the **Alerts related to this machine** section of the machine details view.
@@ -112,7 +115,7 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
You can select rules to open up the **Alert management** pane. From there, you can activate previously disabled rules.
## Related topics
-- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
index 2232344229..158de675fc 100644
--- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -7,9 +7,10 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: iawilt
-author: iaanw
+ms.author: macapara
+author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Minimum requirements for Windows Defender ATP
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
There are some minimum requirements for onboarding your network and endpoints.
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-abovefoldlink1)
diff --git a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
index b433fffe39..d5a674a071 100644
--- a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Onboard and set up Windows Defender Advanced Threat Protection
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
You need to onboard to Windows Defender ATP before you can use the service.
For more information, see [Onboard your Windows 10 endpoints to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be).
@@ -38,6 +41,7 @@ For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us
## In this section
Topic | Description
:---|:---
-[Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure endpoints in your enterprise.
+[Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure endpoints in your enterprise.
+[Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP
[Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings.
[Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding.
diff --git a/windows/threat-protection/windows-defender-atp/optimize-security-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/optimize-security-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..2f535cb869
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/optimize-security-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,33 @@
+---
+title: Optimize Windows Defender Antivirus
+description:
+keywords:
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Optimize Windows Defender Antivirus
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+The Antivirus optimization tile provides a list of recommendations to affected machines. Taking action on the recommendations will help improve your overall organizational security:
+
+- [Use Windows Defender AV with Windows Defender ATP](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility)
+- [Turn on cloud-delivered protection](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus)
+- [Turn on protection from potentially unwanted applications](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus)
+- [Turn on real-time protection](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus)
+- [Update antivirus protection and definitions](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
index 6105da4bd7..7a8e8393e6 100644
--- a/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: DulceMV
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Windows Defender Advanced Threat Protection portal overview
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Enterprise security teams can use the Windows Defender ATP portal to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to:
@@ -46,14 +49,14 @@ You can navigate through the portal using the menu options available in all sect
Area | Description
:---|:---
(1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text. **Feedback** -Access the feedback button to provide comments about the portal. **Settings** - Gives you access to the configuration settings where you can set time zones, alert suppression rules, and license information. **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
-(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**.
-**Dashboard** | Provides clickable tiles that open detailed information on various alerts that have been detected in your organization.
+(2) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**.
+**Dashboards** | Enables you to view the Security operations or the Security analytics dashboard.
**Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts.
**Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features.
**Endpoint management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding.
-(3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines list.
+(3) Main portal| Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list.
## Windows Defender ATP icons
The following table provides information on the icons used all throughout the portal:
diff --git a/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..1419c95077
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,134 @@
+---
+title: Create and build Power BI reports using Windows Defender ATP data
+description: Get security insights by creating and building Power BI dashboards using data from Windows Defender ATP and other data sources.
+keywords: preferences setup, power bi, power bi service, power bi desktop, reports, dashboards, connectors , security insights, mashup
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+ms.date: 09/05/2017
+---
+# Create and build Power BI reports using Windows Defender ATP data
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI.
+
+Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.
+
+Data connectors integrate seamlessly in Power BI, and make it easy for power users to query, shape and combine data to build reports and dashboards that meet the needs of your organization.
+
+You can easily get started by:
+- Creating a dashboard on the Power BI service
+- Building a custom dashboard on Power BI Desktop and tweaking it to fit the visual analytics and reporting requirements of your organization
+
+You can access these options from the Windows Defender ATP portal. Both the Power BI service and Power BI Desktop are supported.
+
+## Create a Windows Defender ATP dashboard on Power BI service
+Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal.
+
+1. In the navigation pane, select **Preferences setup** > **Power BI reports**.
+
+2. Click **Create dashboard**. This opens up a new tab in your browser and loads the Power BI service with data from your organization.
+
+ 
+
+ >[!NOTE]
+ >Loading your data in the Power BI service can take a few minutes.
+
+3. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.
+
+ 
+
+4. Click **Accept**. Power BI service will start downloading your Windows Defender ATP data from Microsoft Graph.
+
+When the dashboard is ready, you’ll get a notification within the Power BI website. Use the link in the portal to the Power BI console after creating the dashboard.
+
+For more information, see [Create a Power BI dashboard from a report](https://powerbi.microsoft.com/en-us/documentation/powerbi-service-create-a-dashboard/).
+
+## Build a custom Windows Defender ATP dashboard in Power BI Desktop
+You can create a custom dashboard in Power BI Desktop to create visualizations that cater to the specific views that your organization requires.
+
+### Before you begin
+1. Make sure you use Power BI Desktop June 2017 and above. [Download the latest version](https://powerbi.microsoft.com/en-us/desktop/).
+
+2. In the Windows Defender ATP portal navigation pane, select **Preferences setup** > **Power BI reports**.
+
+3. Click **Download connector** to download the WDATPPowerBI.zip file and extract it.
+
+ 
+
+4. Create a new directory `Microsoft Power BI Desktop\Custom Connectors` under the user's Documents folder.
+
+5. Copy WDATPDataConnector.mez from the zip to the directory you just created.
+
+6. Open Power BI Desktop.
+
+7. Click **File** > **Options and settings** > **Custom data connectors**.
+
+8. Select **New table and matrix visuals** and **Custom data connectors** and click **OK**.
+
+ 
+
+9. Restart Power BI Desktop.
+
+## Customize the Windows Defender ATP Power BI dashboard
+After completing the steps in the Before you begin section, you can proceed with building your custom dashboard.
+
+1. Open WDATPPowerBI.pbit from the zip with Power BI Desktop.
+
+2. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.
+
+ 
+
+3. Click **Accept**. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
+
+## Mashup Windows Defender ATP data with other data sources
+You can use Power BI Desktop to analyse data from Windows Defender ATP and mash that data up with other data sources to gain better security perspective in your organization.
+
+1. In Power BI Desktop, in the Home ribbon, click **Get data** and search for **Windows Defender Advanced Threat Protection**.
+
+ 
+
+2. Click **Connect**.
+
+3. On the Preview Connector windows, click **Continue**.
+
+ 
+
+4. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.
+
+ 
+
+5. Click **Accept**. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
+
+6. In the Navigator dialog box, select the Windows Defender ATP feeds you'd like to download and use in your reports and click Load. Data will start to be downloaded from the Microsoft Graph.
+
+ 
+
+7. Load other data sources by clicking **Get data item** in the Home ribbon, and select another data source.
+
+8. Add visuals and select fields from the available data sources.
+
+## Related topics
+- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
+- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
+- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
+- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+
+
+
+
diff --git a/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
index 68be48aa4f..e3960714e7 100644
--- a/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# PowerShell code examples for the custom threat intelligence API
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
This article provides PowerShell code examples for using the custom threat intelligence API.
These code examples demonstrate the following tasks:
diff --git a/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
index 66b0319b67..beade9fba5 100644
--- a/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Configure Windows Defender ATP preferences settings
@@ -21,6 +22,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Use the **Preferences setup** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
## In this section
@@ -33,3 +36,4 @@ Topic | Description
[Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) | Enables you to configure and identify a group of individuals who will immediately be informed of new alerts through email notifications.
[Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) | Enable security information and event management (SIEM) integration to pull alerts from the Windows Defender ATP portal using your SIEM solution.
[Enable Threat intel API](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application.
+[Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md) | Get security insights by creating and building Power BI dashboards using data from Windows Defender ATP and other data sources.
diff --git a/windows/threat-protection/windows-defender-atp/prerelease.md b/windows/threat-protection/windows-defender-atp/prerelease.md
new file mode 100644
index 0000000000..315e4f96d8
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/prerelease.md
@@ -0,0 +1,3 @@
+>[!IMPORTANT]
+
+>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
index 8a3c2389d9..ec38ff1fd1 100644
--- a/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Turn on the preview experience in Windows Defender ATP
@@ -21,6 +22,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Turn on the preview experience setting to be among the first to try upcoming features.
1. In the navigation pane, select **Preferences setup** > **Preview experience**.
@@ -32,3 +35,4 @@ Turn on the preview experience setting to be among the first to try upcoming fea
- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
index 4347ed4f8c..edc94e639a 100644
--- a/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Windows Defender ATP preview features
@@ -22,6 +23,7 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities.
@@ -35,4 +37,31 @@ Turn on the preview experience setting to be among the first to try upcoming fea
2. Toggle the setting between **On** and **Off** and select **Save preferences**.
## Preview features
-There are currently no preview only features.
+The following features are included in the preview release:
+
+- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+You can now onboard VDI machines to the Windows Defender ATP service.
+
+- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+Windows Defender ATP supports the onboarding of the following servers:
+ - Windows Server 2012 R2
+ - Windows Server 2016
+
+- [View the Windows Defender ATP Security analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+The Security Analytics dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
+
+- [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
+You can lock down a device and prevent subsequent attempts of potentially malicious programs from running.
+
+- [Run Windows Defender Antivirus scan on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
+As part of the investigation or response process, you can remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised machine.
+
+- [Manage machine group and tags](respond-machine-alerts-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
+Machine group and tags support proper mapping of the network, enabling you to attach different tags to machines to capture context and to enable dynamic groups creation as part of an incident.
+
+- [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.
+
+
+
+
diff --git a/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index 38e72858dc..ebf7206b49 100644
--- a/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Pull Windows Defender ATP alerts using REST API
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Windows Defender ATP supports the OAuth 2.0 protocol to pull alerts from the portal.
In general, the OAuth 2.0 protocol supports four types of flows:
diff --git a/windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
index d9602489d5..607ab8d422 100644
--- a/windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Python code examples for the custom threat intelligence API
@@ -22,6 +23,7 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
## Before you begin
You must [install](http://docs.python-requests.org/en/master/user/install/#install) the "[requests](http://docs.python-requests.org/en/master/)" python library.
diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
index 7f69b9369f..328a0ff719 100644
--- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Take response actions on a file
@@ -22,6 +23,7 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
Quickly respond to detected attacks by stopping and quarantining files or blocking a file. After taking action on files, you can check activity details on the Action center.
@@ -33,29 +35,29 @@ You can also submit files for deep analysis to run the file in a secure cloud sa
## Stop and quarantine files in your network
You can contain an attack in your organization by stopping the malicious process and quarantine the file where it was observed.
-The **Stop & Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistency such as registry keys.
+The **Stop and Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistency such as registry keys.
The action takes effect on machines with the latest Windows 10, version 1703 where the file was observed in the last 30 days.
### Stop and quarantine files
1. Select the file you want to stop and quarantine. You can select a file from any of the following views or use the Search box:
- - **Alerts** - click the corresponding links from the Description or Details in the Alert timeline
+ - **Alerts** - click the corresponding links from the Description or Details in the Artifact timeline
- **Search box** - select File from the drop–down menu and enter the file name
-2. Open the **Actions menu** and select **Stop & Quarantine File**.
+2. Open the **Actions menu** and select **Stop and Quarantine File**.
-3. Type a comment (optional), and select **Yes** to take action on the file. The comment will be saved in the Action center for reference.
+3. Type a comment and select **Yes, stop and quarantine** to take action on the file.
+ 
The Action center shows the submission information:
- - **Submission time** - Shows when the action was submitted.
- - **Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon.
- - **Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.
- - **Success** - Shows the number of machines where the file has been stopped and quarantined.
- - **Failed** - Shows the number of machines where the action failed and details about the failure.
+ - **Submission time** - Shows when the action was submitted.
+ - **Success** - Shows the number of machines where the file has been stopped and quarantined.
+ - **Failed** - Shows the number of machines where the action failed and details about the failure.
+ - **Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.
4. Select any of the status indicators to view more information about the action. For example, select **Failed** to see where the action failed.
@@ -104,14 +106,17 @@ This feature is designed to prevent suspected malware (or potentially malicious
-3. Type a comment (optional) and select **Yes** to take action on the file.
-The Action center shows the submission information:
- 
+3. Type a comment and select **Yes, block file** to take action on the file.
+
+
+ The Action center shows the submission information:
+
+ 
- **Submission time** - Shows when the action was submitted.
- - **Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon.
- - **Status** - Indicates whether the file was added to or removed from the blacklist.
+ - **Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon.
+ - **Status** - Indicates whether the file was added to or removed from the blacklist.
When the file is blocked, there will be a new event in the machine timeline.
@@ -130,9 +135,9 @@ For prevalent files in the organization, a warning is shown before an action is
### Remove file from blocked list
1. Select the file you want to remove from the blocked list. You can select a file from any of the following views or use the Search box:
- - **Alerts** - Click the file links from the Description or Details in the Alert timeline
- - **Machines list** - Click the file links in the Description or Details columns in the Observed on machine section
- - **Search box** - Select File from the drop–down menu and enter the file name
+ - **Alerts** - Click the file links from the Description or Details in the Artifact timeline
+ - **Machines list** - Click the file links in the Description or Details columns in the Observed on machine section
+ - **Search box** - Select File from the drop–down menu and enter the file name
2. Open the **Actions** menu and select **Remove file from blocked list**.
@@ -175,7 +180,7 @@ When the sample is collected, Windows Defender ATP runs the file in is a secure
**Submit files for deep analysis:**
1. Select the file that you want to submit for deep analysis. You can select or search a file from any of the following views:
- - Alerts - click the file links from the **Description** or **Details** in the Alert timeline
+ - Alerts - click the file links from the **Description** or **Details** in the Artifact timeline
- **Machines list** - click the file links from the **Description** or **Details** in the **Machine in organization** section
- Search box - select **File** from the drop–down menu and enter the file name
2. In the **Deep analysis** section of the file view, click **Submit**.
@@ -229,4 +234,4 @@ HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
> If the value *AllowSampleCollection* is not available, the client will allow sample collection by default.
## Related topics
-– [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
index 3c8baf58e6..0879c73c17 100644
--- a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Take response actions on a machine in Windows Defender ATP
-description: Take response actions on a machine by isolating machines, collecting an investigation package, and checking activity details.
-keywords: respond, isolate, isolate machine, collect investigation package, action center
+description: Take response actions on a machine such as isolating machines, collecting an investigation package, managing tags, running av scan, and restricting app execution.
+keywords: respond, isolate, isolate machine, collect investigation package, action center, restrict, manage tags, av scan, restrict app
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Take response actions on a machine
@@ -22,59 +23,60 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center.
>[!NOTE]
> These response actions are only available for machines on Windows 10, version 1703.
-## Isolate machines from the network
-Depending on the severity of the attack and the sensitivity of the machine, you might want to isolate the machine from the network. This action can help prevent the attacker from controlling the compromised machine and performing further activities such as data exfiltration and lateral movement.
+## Manage machine group and tags
+Machine group and tags support proper mapping of the network, enabling you to attach different tags to machines to capture context and to enable dynamic groups creation as part of an incident.
-This machine isolation feature disconnects the compromised machine from the network while retaining connectivity to the Windows Defender ATP service, which continues to monitor the machine.
+Machine related properties are being extended to account for:
->[!NOTE]
->You’ll be able to reconnect the machine back to the network at any time.
+- Group affiliation
+- Dynamic context capturing
-1. Select the machine that you want to isolate. You can select or search for a machine from any of the following views:
- - **Dashboard** - Select the machine name from the Top machines with active alerts section.
- - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
- - **Machines list** - Select the machine name from the list of machines.
- - **Search box** - Select Machine from the drop-down menu and enter the machine name.
-2. Open the **Actions** menu and select **Isolate machine**.
+### Group machines
+Machine group affiliation can represent geographic location, specific activity, importance level and others. Grouping machines with similar attributes can be handy when you need to apply contextual action on a specific list of machines. After creating groups, you can apply the Group filter on the Machines list to get a narrowed list of machines.
- 
+Machine group is defined in the following registry key entry of the machine:
-3. Type a comment (optional) and select **Yes** to take action on the machine.
- >[!NOTE]
- >The machine will remain connected to the Windows Defender ATP service even if it is isolated from the network.
+- Registry key: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\`
+- Registry key value (string): Group
- The Action center shows the submission information:
- 
- - **Submission time** - Shows when the isolation action was submitted.
- - **Submitting user** - Shows who submitted the action on the machine. You can view the comments provided by the user by selecting the information icon.
- - **Status** - Indicates any pending actions or the results of completed actions.
+### Set standard tags on machines
+Dynamic context capturing is achieved using tags. By tagging machines, you can keep track of individual machines in your organization. After adding tags on machines, you can apply the Tags filter on the Machines list to get a narrowed list of machines with the tag.
-When the isolation configuration is applied, there will be a new event in the machine timeline.
+1. Select the machine that you want to manage tags on. You can select or search for a machine from any of the following views:
-**Notification on machine user**:
-When a machine is being isolated, the following notification is displayed to inform the user that the machine is being isolated from the network:
+ - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section.
+ - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
+ - **Machines list** - Select the machine name from the list of machines.
+ - **Search box** - Select Machine from the drop-down menu and enter the machine name.
-
+ You can also get to the alert page through the file and IP views.
-## Undo machine isolation
-Depending on the severity of the attack and the state of the machine you can choose to release the machine isolation after you have verified that the compromised machine has been remediated.
+2. Open the **Actions** menu and select **Manage tags**.
-1. Select a machine that was previously isolated.
+ 
-2. Open the **Actions** menu and select **Undo machine isolation**.
+3. Enter tags on the machine. To add more tags, click the + icon.
+4. Click **Save and close**.
- 
+ 
+
+ Tags are added to the machine view and will also be reflected on the **Machines list** view. You can then use the **Tags** or **Groups** filter to see the relevant list of machines.
+
+### Manage machine tags
+You can manage tags from the Actions button or by selecting a machine from the Machines list and opening the machine details panel.
+
+
-3. Type a comment (optional) and select **Yes** to take action on the file. The machine will be reconnected to the network.
## Collect investigation package from machines
As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker.
@@ -83,35 +85,40 @@ You can download the package (Zip file) and investigate the events that occurred
The package contains the following folders:
-Folder | Description
-:---|:---
-Autoruns | Contains a set of files that each represent the content of the registry of a known auto start entry point (ASEP) to help identify attacker’s persistency on the machine. NOTE: If the registry key is not found, the file will contain the following message: “ERROR: The system was unable to find the specified registry key or value.”
-Installed programs | This .CSV file contains the list of installed programs that can help identify what is currently installed on the machine. For more information, see [Win32_Product class](https://go.microsoft.com/fwlink/?linkid=841509).
-Network connections | This folder contains a set of data points related to the connectivity information which can help in identifying connectivity to suspicious URLs, attacker’s command and control (C&C) infrastructure, any lateral movement, or remote connections. - ActiveNetworkConnections.txt – Displays protocol statistics and current TCP/IP network connections. Provides the ability to look for suspicious connectivity made by a process. - Arp.txt – Displays the current address resolution protocol (ARP) cache tables for all interfaces. ARP cache can reveal additional hosts on a network that have been compromised or suspicious systems on the network that night have been used to run an internal attack. - Dnscache.txt - Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. This can help in identifying suspicious connections. - Ipconfig.txt – Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.
-Prefetch files | Windows Prefetch files are designed to speed up the application startup process. It can be used to track all the files recently used in the system and find traces for applications that might have been deleted but can still be found in the prefetch file list. - Prefetch folder – Contains a copy of the prefetch files from `%SystemRoot%\Prefetch`. NOTE: It is suggested to download a prefetch file viewer to view the prefetch files. - PrefetchFilesList.txt – Contains the list of all the copied files which can be used to track if there were any copy failures to the prefetch folder.
-Processes | Contains a .CSV file listing the running processes which provides the ability to identify current processes running on the machine. This can be useful when identifying a suspicious process and its state.
-Scheduled tasks | Contains a .CSV file listing the scheduled tasks which can be used to identify routines performed automatically on a chosen machine to look for suspicious code which was set to run automatically.
-Security event log | Contains the security event log which contains records of login or logout activity, or other security-related events specified by the system's audit policy. NOTE: Open the event log file using Event viewer.
-Services | Contains the services.txt file which lists services and their states.
-Windows Server Message Block (SMB) sessions | Lists shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. This can help identify data exfiltration or lateral movement. Contains files for SMBInboundSessions and SMBOutboundSession. NOTE: If the file contains the following message: “ERROR: The system was unable to find the specified registry key or value.”, it means that there were no SMB sessions of this type (inbound or outbound).
-Temp Directories | Contains a set of text files that lists the files located in %Temp% for every user in the system. This can help to track suspicious files that an attacker may have dropped on the system. NOTE: If the file contains the following message: “The system cannot find the path specified”, it means that there is no temp directory for this user, and might be because the user didn’t log in to the system.
-Users and Groups | Provides a list of files that each represent a group and its members.
-CollectionSummaryReport.xls | This file is a summary of the investigation package collection, it contains the list of data points, the command used to extract the data, the execution status, and the error code in case of failure. You can use this report to track if the package includes all the expected data and identify if there were any errors.
+| Folder | Description |
+|:--------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Autoruns | Contains a set of files that each represent the content of the registry of a known auto start entry point (ASEP) to help identify attacker’s persistency on the machine. NOTE: If the registry key is not found, the file will contain the following message: “ERROR: The system was unable to find the specified registry key or value.” |
+| Installed programs | This .CSV file contains the list of installed programs that can help identify what is currently installed on the machine. For more information, see [Win32_Product class](https://go.microsoft.com/fwlink/?linkid=841509). |
+| Network connections | This folder contains a set of data points related to the connectivity information which can help in identifying connectivity to suspicious URLs, attacker’s command and control (C&C) infrastructure, any lateral movement, or remote connections. - ActiveNetworkConnections.txt – Displays protocol statistics and current TCP/IP network connections. Provides the ability to look for suspicious connectivity made by a process. - Arp.txt – Displays the current address resolution protocol (ARP) cache tables for all interfaces. ARP cache can reveal additional hosts on a network that have been compromised or suspicious systems on the network that night have been used to run an internal attack. - Dnscache.txt - Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. This can help in identifying suspicious connections. - Ipconfig.txt – Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections. |
+| Prefetch files | Windows Prefetch files are designed to speed up the application startup process. It can be used to track all the files recently used in the system and find traces for applications that might have been deleted but can still be found in the prefetch file list. - Prefetch folder – Contains a copy of the prefetch files from `%SystemRoot%\Prefetch`. NOTE: It is suggested to download a prefetch file viewer to view the prefetch files. - PrefetchFilesList.txt – Contains the list of all the copied files which can be used to track if there were any copy failures to the prefetch folder. |
+| Processes | Contains a .CSV file listing the running processes which provides the ability to identify current processes running on the machine. This can be useful when identifying a suspicious process and its state. |
+| Scheduled tasks | Contains a .CSV file listing the scheduled tasks which can be used to identify routines performed automatically on a chosen machine to look for suspicious code which was set to run automatically. |
+| Security event log | Contains the security event log which contains records of login or logout activity, or other security-related events specified by the system's audit policy. NOTE: Open the event log file using Event viewer. |
+| Services | Contains the services.txt file which lists services and their states. |
+| Windows Server Message Block (SMB) sessions | Lists shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. This can help identify data exfiltration or lateral movement. Contains files for SMBInboundSessions and SMBOutboundSession. NOTE: If the file contains the following message: “ERROR: The system was unable to find the specified registry key or value.”, it means that there were no SMB sessions of this type (inbound or outbound). |
+| Temp Directories | Contains a set of text files that lists the files located in %Temp% for every user in the system. This can help to track suspicious files that an attacker may have dropped on the system. NOTE: If the file contains the following message: “The system cannot find the path specified”, it means that there is no temp directory for this user, and might be because the user didn’t log in to the system. |
+| Users and Groups | Provides a list of files that each represent a group and its members. |
+| CollectionSummaryReport.xls | This file is a summary of the investigation package collection, it contains the list of data points, the command used to extract the data, the execution status, and the error code in case of failure. You can use this report to track if the package includes all the expected data and identify if there were any errors. |
1. Select the machine that you want to investigate. You can select or search for a machine from any of the following views:
- - **Dashboard** - Select the machine name from the Top machines with active alerts section.
- - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
- - **Machines list** - Select the heading of the machine name from the machines list.
- - **Search box** - Select Machine from the drop-down menu and enter the machine name.
+ - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section.
+ - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
+ - **Machines list** - Select the heading of the machine name from the machines list.
+ - **Search box** - Select Machine from the drop-down menu and enter the machine name.
2. Open the **Actions** menu and select **Collect investigation package**.
+ 
+
+3. Type a comment and select **Yes, collect package** to take action on the machine.
+
+ 
+
The Action center shows the submission information:
- 
+ 
- **Submission time** - Shows when the action was submitted.
- - **Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon.
- **Status** - Indicates if the package was successfully collected from the network. When the collection is complete, you can download the package.
3. Select **Package available** to download the package.
@@ -122,8 +129,152 @@ CollectionSummaryReport.xls | This file is a summary of the investigation packag
You can also search for historical packages in the machine timeline.
+## Run Windows Defender Antivirus scan on machines
+As part of the investigation or response process, you can remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised machine.
+
+>[!NOTE]
+> A Windows Defender Antivirus (Windows Defender AV) scan can run alongside other antivirus solutions, whether Windows Defender AV is the active antivirus solution or not.
+
+1. Select the machine that you want to run the scan on. You can select or search for a machine from any of the following views:
+
+ - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section.
+ - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
+ - **Machines list** - Select the machine name from the list of machines.
+ - **Search box** - Select Machine from the drop-down menu and enter the machine name.
+2. Open the **Actions** menu and select **Run antivirus scan**.
+
+ 
+
+3. Select the scan type that you'd like to run. You can choose between a quick or a full scan.
+
+ 
+
+
+4. Type a comment and select **Yes, run scan** to start the scan.
+
+ The Action center shows the scan information:
+
+ 
+
+ - **Submission time** - Shows when the isolation action was submitted.
+ - **Status** - Indicates any pending actions or the results of completed actions.
+
+The machine timeline will include a new event, reflecting that a scan action was submitted on the machine. Windows Defender AV alerts will reflect any detections that surfaced during the scan.
+
+## Restrict app execution
+In addition to the ability of containing an attack by stopping malicious processes, you can also lock down a device and prevent subsequent attempts of potentially malicious programs from running.
+
+The action to restrict an application from running applies a code integrity policy that only allows running of files that are signed by a Microsoft issued certificate. This method of restriction can help prevent an attacker from controlling compromised machines and performing further malicious activities.
+
+>[!NOTE]
+>You’ll be able to reverse the restriction of applications from running at any time.
+
+1. Select the machine where you'd like to restrict an application from running from. You can select or search for a machine from any of the following views:
+
+ - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section.
+ - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
+ - **Machines list** - Select the machine name from the list of machines.
+ - **Search box** - Select Machine from the drop-down menu and enter the machine name.
+
+2. Open the **Actions** menu and select **Restrict app execution**.
+
+ 
+
+3. Type a comment and select **Yes, restict app execution** to take action on the file.
+
+ 
+
+ The Action center shows the submission information:
+ 
+
+
+ - **Submission time** - Shows when the isolation action was submitted.
+ - **Status** - Indicates any pending actions or the results of completed actions.
+
+When the application execution restriction configuration is applied, a new event is reflected in the machine timeline.
+
+
+**Notification on machine user**:
+When an app is restricted, the following notification is displayed to inform the user that an app is being restricted from running:
+
+
+
+## Remove app restriction
+Depending on the severity of the attack and the state of the machine, you can choose to reverse the restriction of applications policy after you have verified that the compromised machine has been remediated.
+
+1. Select the machine where you restricted an application from running from.
+
+2. Open the **Actions** menu and select **Remove app restrictions**.
+
+ 
+
+3. Type a comment and select **Yes, remove restriction** to take action on the application. The machine application restriction will no longer apply on the machine.
+
+
+## Isolate machines from the network
+Depending on the severity of the attack and the sensitivity of the machine, you might want to isolate the machine from the network. This action can help prevent the attacker from controlling the compromised machine and performing further activities such as data exfiltration and lateral movement.
+
+This machine isolation feature disconnects the compromised machine from the network while retaining connectivity to the Windows Defender ATP service, which continues to monitor the machine.
+
+On Windows 10, version 1710 and above, you'll have additional control over the network isolation level. You can also choose to enable Outlook and Skype for Business connectivity.
+
+>[!NOTE]
+>You’ll be able to reconnect the machine back to the network at any time.
+
+1. Select the machine that you want to isolate. You can select or search for a machine from any of the following views:
+
+ - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section.
+ - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
+ - **Machines list** - Select the machine name from the list of machines.
+ - **Search box** - Select Machine from the drop-down menu and enter the machine name.
+
+2. Open the **Actions** menu and select **Isolate machine**.
+
+ 
+
+3. Select the check-box if you'd like to enable Outlook and Skype communication while the machine is isolated.
+
+ 
+
+4. Type a comment and select **Yes, isolate machine** to take action on the machine.
+
+ >[!NOTE]
+ >The machine will remain connected to the Windows Defender ATP service even if it is isolated from the network. If you've chosen to enable Outlook and Skype for Business communication, then you'll be able to communicate to the user while the machine is isolated.
+
+ The Action center shows the submission information:
+ 
+
+ - **Submission time** - Shows when the isolation action was submitted.
+ - **Status** - Indicates any pending actions or the results of completed actions. Additional indications will be provided if you've enabled Outlook and Skype for Business communication.
+
+When the isolation configuration is applied, a new event is reflected in the machine timeline.
+
+**Notification on machine user**:
+When a machine is being isolated, the following notification is displayed to inform the user that the machine is being isolated from the network:
+
+
+
+## Release machine from isolation
+Depending on the severity of the attack and the state of the machine you can choose to release the machine from isolation after you have verified that the compromised machine has been remediated.
+
+1. Select a machine that was previously isolated.
+
+2. Open the **Actions** menu and select **Release from isolation**.
+
+ 
+
+3. Type a comment and select **Yes, release machine** to take action on the machine. The machine will be reconnected to the network.
+
+
## Check activity details in Action center
-The **Action center** provides information on actions that were taken on a machine or file. You’ll be able to view if a machine was isolated and if an investigation package is available from a machine. All related details are also shown, for example, submission time, submitting user, and if the action succeeded or failed.
+The **Action center** provides information on actions that were taken on a machine or file. You’ll be able to view the following details:
+
+- Investigation package collection
+- Antivirus scan
+- App restriction
+- Machine isolation
+
+All other related details are also shown, for example, submission time, submitting user, and if the action succeeded or failed.
diff --git a/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
index eef6296540..548e32a5b1 100644
--- a/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Take response actions in Windows Defender ATP
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
You can take response actions on machines and files to quickly respond to detected attacks so that you can contain or reduce and prevent further damage caused by malicious attackers in your organization.
@@ -35,7 +38,7 @@ Topic | Description
[Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)| Stop and quarantine files or block a file from your network.
## Related topics
-- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..1ec66ba4c3
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,120 @@
+---
+title: View the Security Analytics dashboard in Windows Defender ATP
+description: Use the Security Analytics dashboard to assess and improve the security state of your organization by analyzing various security control tiles.
+keywords: security analytics, dashboard, security recommendations, security control state, security score, score improvement, organizational security score, security coverate, security control, improvement opportunities, edr, antivirus, av, os security updates
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# View the Windows Defender Advanced Threat Protection Security analytics dashboard
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+The Security Analytics dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
+
+The **Security analytics dashboard** displays a snapshot of:
+- Organizational security score
+- Security coverage
+- Improvement opportunities
+
+
+
+## Organizational security score
+The organization security score is reflective of the average score of all the Windows Defender security controls that are configured according to the recommended baseline. You can improve this score by taking the steps in configuring each of the security controls in the optimal settings.
+
+
+
+Each Windows Defender security control from the **Security coverage** tile contributes 100 points to the organizational security score.
+
+The denominator is reflective of the organizational score potential and calculated by multiplying the number of supported security controls (Security coverage pillars) by the maximum points that each pillar contributes (maximum of 100 points for each pillar).
+
+
+In the example image, the total points from the **Improvement opportunities** tile add up to 279 points for the three pillars from the **Security coverage** tile.
+
+## Security coverage
+The security coverage tile shows a bar graph where each bar represents a Windows Defender security control. Each bar contributes 100 points to the overall organizational security score. It also represents the various Windows 10 security components with an indicator of the total number of machines that are well configured and those that require attention. Hovering on top of the individual bars will show exact numbers for each category.
+
+
+
+
+## Improvement opportunities
+Improve your organizational security score by taking the recommended improvement actions listed on this tile. The goal is to reduce the gap between the perfect score and the current score for each control.
+
+Click on each control to see the recommended optimizations.
+
+
+
+The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action. When added together, the total number makes up the nominator in the fraction for each segment in the Improvement opportunities tile.
+
+Recommendations that do not display a green action are informational only and no action is required.
+
+Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice.
+
+The following image shows an example list of machines where the EDR sensor is not turned on.
+
+
+
+### Endpoint detection and response (EDR) optimization
+This tile provides a specific list of actions you can take on Windows Defender ATP to improve how endpoints provide sensor data to the Windows Defender ATP service.
+
+You can take the following actions to increase the overall security score of your organization:
+- Turn on sensor
+- Fix sensor data collection
+- Fix impaired communications
+
+For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+
+### Windows Defender Antivirus optimization
+This tile provides a list of specific list of actions you can implement on endpoints with Windows Defender Antivirus to improve the security in your organization. Each action shows the exact number of endpoints where you can apply the action on.
+
+You can take the following actions to increase the overall security score of your organization:
+
+>[!NOTE]
+> For the Windows Defender Antivirus properties to show, you'll need to ensure that the Windows Defender Antivirus Cloud-based protection is properly configured on the endpoint.
+
+- Fix antivirus reporting
+ - This recommendation is displayed when the Windows Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md).
+- Turn on antivirus
+- Update antivirus definitions
+- Turn on cloud-based protection
+- Turn on real-time protection
+- Turn on PUA protection
+
+For more information, see [Configure Windows Defender Antivirus](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md).
+
+
+### OS security updates optimization
+This tile shows you the exact number of machines that require the latest security updates. It also shows machines that are running on the latest Windows Insider preview build and serves as a reminder to ensure that users should run the latest builds.
+
+You can take the following actions to increase the overall security score of your organization:
+- Install the latest security updates
+
+For more information on, see [Windows Update Troubleshooter](https://support.microsoft.com/en-us/help/4027322/windows-windows-update-troubleshooter).
+
+## Related topics
+- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
+- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
+- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP ](investigate-user-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/threat-protection/windows-defender-atp/security-updates-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/security-updates-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..a6f76a8f46
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/security-updates-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,22 @@
+---
+title:
+description:
+keywords:
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Security updates
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
index edd9a3e180..aed38dc020 100644
--- a/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Check the Windows Defender Advanced Threat Protection service health
@@ -22,16 +23,18 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
The **Service health** provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. If there are issues, you'll see details related to the issue such as when the issue was detected, what the preliminary root cause is, and the expected resolution time.
You'll also see information on historical issues that have been resolved and details such as the date and time when the issue was resolved. When there are no issues on the service, you'll see a healthy status.
-You can view details on the service health by clicking the tile from the **Dashboard** or selecting the **Service health** menu from the navigation pane.
+You can view details on the service health by clicking the tile from the **Security operations dashboard** or selecting the **Service health** menu from the navigation pane.
The **Service health** details page has the following tabs:
- **Current issues**
-- **Status History**
+- **Status history**
## Current issues
The **Current issues** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue:
diff --git a/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
index 6dd42769f1..0d217af685 100644
--- a/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: DulceMV
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Windows Defender Advanced Threat Protection settings
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Use the **Settings** menu  to configure the time zone, suppression rules, and view license information.
## Time zone settings
diff --git a/windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..108fefc1b7
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,38 @@
+---
+title: Supported Windows Defender Advanced Threat Protection APIs
+description: Learn about the specific supported Windows Defender Advanced Threat Protection entities where you can create API calls to.
+keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/05/2017
+---
+
+# Supported Windows Defender ATP APIs
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses.
+
+## In this section
+Topic | Description
+:---|:---
+Actor | Run API calls such as get actor information and get actor related alerts.
+Alerts | Run API calls such as get alerts, alert information by ID, alert related actor information, alert related IP information, and alert related machine information.
+Domain |Run API calls such as get domain related machines, domain related machines, statistics, and check if a domain is seen in your organization.
+File | Run API calls such as get file information, file related alerts, file related machines, and file statistics.
+IP | Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization.
+Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID.
+User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines.
+
diff --git a/windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
index c5cc1addec..f802ef999b 100644
--- a/windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Understand threat intelligence concepts
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Advanced cybersecurity attacks comprise of multiple complex malicious events, attributes, and contextual information. Identifying and deciding which of these activities qualify as suspicious can be a challenging task. Your knowledge of known attributes and abnormal activities specific to your industry is fundamental in knowing when to call an observed behavior as suspicious.
With Windows Defender ATP, you can create custom threat alerts that can help you keep track of possible attack activities in your organization. You can flag suspicious events to piece together clues and possibly stop an attack chain. These custom threat alerts will only appear in your organization and will flag events that you set it to track.
diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
index 1d8d5a0b52..a7b4331483 100644
--- a/windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Troubleshoot custom threat intelligence issues
@@ -22,6 +23,7 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
You might need to troubleshoot issues while using the custom threat intelligence feature.
diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index 8575f7b937..30083255ae 100644
--- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Troubleshoot Windows Defender Advanced Threat Protection onboarding issues
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues.
This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the endpoints.
diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
index 0a66cc942d..b04d0fdea3 100644
--- a/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Troubleshoot SIEM tool integration issues
@@ -22,6 +23,9 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
+
You might need to troubleshoot issues while pulling alerts in your SIEM tools.
This page provides detailed steps to troubleshoot issues you might encounter.
diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
index 5bb2935a52..00ddbd8987 100644
--- a/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,9 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
+
# Troubleshoot Windows Defender Advanced Threat Protection
**Applies to:**
@@ -21,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
### Server error - Access is denied due to invalid credentials
diff --git a/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
index d4e2d80927..727c6135b0 100644
--- a/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Use the threat intelligence API to create custom alerts
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization.
You can use the code examples to guide you in creating calls to the custom threat intelligence API.
diff --git a/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
index 3c7f06e779..bcd359ef0c 100644
--- a/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Use the Windows Defender Advanced Threat Protection portal
@@ -22,9 +23,11 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
A typical security breach investigation requires a member of a security operations team to:
-1. View an alert on the **Dashboard** or **Alerts queue**
+1. View an alert on the **Security operations dashboard** or **Alerts queue**
2. Review the indicators of compromise (IOC) or indications of attack (IOAs)
3. Review a timeline of alerts, behaviors, and events from the machine
4. Manage alerts, understand the threat or potential breach, collect information to support taking action, and resolve the alert
@@ -33,13 +36,14 @@ A typical security breach investigation requires a member of a security operatio
Security operation teams can use Windows Defender ATP portal to carry out this end-to-end process without having to leave the portal.
-Teams can monitor the overall status of enterprise endpoints from the **Dashboard**, gain insight on the various alerts, their category, when they were observed, and how long they’ve been in the network at a glance.
+Teams can monitor the overall status of enterprise endpoints from the **Security operations dashboard**, gain insight on the various alerts, their category, when they were observed, and how long they’ve been in the network at a glance.
### In this section
Topic | Description
:---|:---
-[View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP **Dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the endpoints on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
+[View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the endpoints on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
+[View the Windows Defender Advanced Threat Protection Security analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Security Analytics dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
[View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) | You can sort and filter alerts across your network, and drill down on individual alert queues such as new, in progress, or resolved queues.
[Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)| Investigate alerts in Windows Defender ATP which might indicate possible security breaches on endpoints in your organization.
[Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) | Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach.
diff --git a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
index 512dd52132..4f308f2bea 100644
--- a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
@@ -10,6 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
+ms.date: 09/05/2017
---
# Windows Defender Advanced Threat Protection
@@ -22,6 +23,8 @@ ms.localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-abovefoldlink1)
>
>For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy).
@@ -95,6 +98,7 @@ Topic | Description
[Use the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) | Learn about the capabilities of Windows Defender ATP to help you investigate alerts that might be indicators of possible breaches in your enterprise.
[Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) | Learn about pulling alerts from the Windows Defender ATP portal using supported security information and events management (SIEM) tools.
[Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) | Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization.
+[Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) | Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI.
[Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service.
[Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings, suppression rules, and view license information.
diff --git a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
new file mode 100644
index 0000000000..0916abe7b6
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -0,0 +1,178 @@
+---
+title: Use Attack Surface Reduction rules to prevent malware infection
+description: ASR rules can help prevent exploits from using apps and scripts to infect machines with malware
+keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+
+# Reduce attack surfaces with Windows Defender Exploit Guard
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Group Policy
+- PowerShell
+- Configuration service providers for mobile device management
+
+
+Attack Surface Reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.
+
+It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
+
+Attack Surface Reduction works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+
+The feature is comprised of a number of rules, each of which target specific behaviors that are typically used by malware and malicious apps to infect machines, such as:
+
+- Executable files and scripts used in Office apps or web mail that attempt to download or run files
+- Scripts that are obfuscated or otherwise suspicious
+- Behaviors that apps undertake that are not usually inititated during normal day-to-day work
+
+See the [Attack Surface Reduction rules](#attack-surface-reduction-rules) section in this topic for more information on each rule.
+
+When a rule is triggered, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
+
+You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Attack Surface Reduction would impact your organization if it were enabled.
+
+## Attack Surface Reduction rules
+
+The following sections describe what each rule does. Each rule is identified by a rule GUID, as in the following table:
+
+Rule name | GUIDs
+-|-
+Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
+Block Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
+Block Office applications from creating executable content | 3B576869-A4EC-4529-8536-B80A7769E899
+Block Office applications from injecting into other processes | 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84
+Impede JavaScript and VBScript to launch executables | D3E037E1-3EB8-44C8-A917-57927947596D
+Block execution of potentially obfuscated scripts | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
+Block Win32 imports from Macro code in Office | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
+
+
+### Rule: Block executable content from email client and webmail
+
+
+This rule blocks the following file types from being run or launched from an email seen in either Microsoft Outlook or webmail (such as Gmail.com or Outlook.com):
+
+- Executable files (such as .exe, .dll, or .scr)
+- Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
+- Script archive files
+
+
+
+### Rule: Block Office applications from creating child processes
+
+Office apps, such as Word or Excel, will not be allowed to create child processes.
+
+This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables.
+
+### Rule: Block Office applications from creating executable content
+
+This rule targets typical behaviors used by suspicious and malicious add-ons and scripts (extensions) that create or launch executable files. This is a typical malware technique.
+
+Extensions will be blocked from being used by Office apps. Typically these extensions use the Windows Scripting Host (.wsh files) to run scripts that automate certain tasks or provide user-created add-on features.
+
+
+### Rule: Block Office applications from injecting into other processes
+
+
+Office apps, such as Word, Excel, or PowerPoint, will not be able to inject code into other processes.
+
+This is typically used by malware to run malicious code in an attempt to hide the activity from antivirus scanning engines.
+
+
+
+### Rule: Impede JavaScript and VBScript to launch executables
+
+JavaScript and VBScript scripts can be used by malware to launch other malicious apps.
+
+This rule prevents these scripts from being allowed to launch apps, thus preventing malicious use of the scripts to spread malware and infect machines.
+
+
+
+### Rule: Block execution of potentially obfuscated scripts
+
+Malware and other threats can attempt to obfuscate or hide their malicious code in some script files.
+
+This rule prevents scripts that appear to be obfuscated from running.
+
+It uses the [AntiMalwareScanInterface (AMSI)](https://msdn.microsoft.com/en-us/library/windows/desktop/dn889587(v=vs.85).aspx) to determine if a script is potentially obfuscated, and then blocks such a script, or blocks scripts when an attempt is made to access them.
+
+
+
+
+
+## Requirements
+
+The following requirements must be met before Attack Surface Reduction will work:
+
+Windows 10 version | Windows Defender Antivirus
+- | -
+Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
+
+
+
+
+## Review Attack Surface Reduction events in Windows Event Viewer
+
+You can review the Windows event log to see events that are created when an Attack Surface Reduction rule is triggered (or audited):
+
+1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *asr-events.xml* to an easily accessible location on the machine.
+
+1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
+
+2. On the left panel, under **Actions**, click **Import custom view...**
+
+ 
+
+3. Navigate to the Exploit Guard Evaluation Package, and select the file *asr-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
+
+4. Click **OK**.
+
+5. This will create a custom view that filters to only show the following events related to Attack Surface Reduction:
+
+ Event ID | Description
+-|-
+5007 | Event when settings are changed
+1122 | Event when rule fires in Audit-mode
+1121 | Event when rule fires in Block-mode
+
+
+
+### Event fields
+
+- **ID**: matches with the Rule-ID that triggered the block/audit.
+- **Detection time**: Time of detection
+- **Process Name**: The process that performed the "operation" that was blocked/audited
+- **Description**: Additional details about the event or audit, including the signature, engine, and product version of Windows Defender Antivirus
+
+
+ ## In this section
+
+Topic | Description
+---|---
+[Evaluate Attack Surface Reduction](evaluate-attack-surface-reduction.md) | Use a tool to see a number of scenarios that demonstrate how the feature works, and what events would typically be created.
+[Enable Attack Surface Reduction](enable-attack-surface-reduction.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage Attack Surface Reduction in your network.
+[Customize Attack Surface Reduction](customize-attack-surface-reduction.md) | Exclude specified files and folders from being evaluated by Attack Surface Reduction and customize the notification that appears on a user's machine when a rule blocks an app or file.
+
diff --git a/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
new file mode 100644
index 0000000000..8ca8c4120a
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
@@ -0,0 +1,82 @@
+---
+title: Test how Windows Defender EG features work
+description: Audit mode lets you use the event log to see how Windows Defender Exploit Guard would protect your devices if it were enabled
+keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+# Use audit mode to evaluate Windows Defender Exploit Guard features
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+You can enable each of the features of Windows Defender Explot Guard in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature.
+
+You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period.
+
+While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable audit mode and then review the event log to see what impact the feature would have had were it enabled.
+
+You can use Windows Defender Advanced Threat Protection to get greater granularity into each event, especially for investigating Attack Surface Reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+
+This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer.
+
+You can use Group Policy, PowerShell, and configuration servicer providers (CSPs) to enable audit mode.
+
+
+
+Audit options | How to enable audit mode | How to view events
+- | - | -
+Audit applies to all events | [Enable Controlled Folder Access](enable-controlled-folders-exploit-guard.md#enable-and-audit-controlled-folder-access) | [Controlled Folder Access events](controlled-folders-exploit-guard.md#review-controlled-folder-access-events-in-windows-event-viewer)
+Audit applies to individual rules | [Enable Attack Surface Reduction rules](enable-attack-surface-reduction.md#enable-and-audit-attack-surface-reduction-rules) | [Attack Surface Reduction events](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer)
+Audit applies to all events | [Enable Network Protection](enable-network-protection.md#enable-and-audit-network-protection) | [Network Protection events](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer)
+Audit applies to individual mitigations | [Enable Exploit Protection](enable-exploit-protection.md#enable-and-audit-exploit-protection) | [Exploit Protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer)
+
+
+You can also use the a custom PowerShell script that enables the features in audit mode automatically:
+
+1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *Enable-ExploitGuardAuditMode.ps1* to an easily accessible location on the machine.
+
+1. Type **powershell** in the Start menu.
+
+2. Right-click **Windows PowerShell**, click **Run as administrator** and click **Yes** or enter admin credentials at the prompt.
+
+3. Enter the following in the PowerShell window to enable Controlled Folder Access and Attack Surface Reduction in audie mode:
+ ```PowerShell
+ Set-ExecutionPolicy Bypass -Force
+ \Enable-ExploitGuardAuditMode.ps1
+ ```
+
+ Replace \ with the folder path where you placed the file.
+
+ A message should appear to indicate that audit mode was enabled.
+
+
+## Related topics
+
+Topic | Description
+---|---
+- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
+- [Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md)
+- [Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md)
+- [Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md)
+
+
+
diff --git a/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
new file mode 100644
index 0000000000..2cda929649
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
@@ -0,0 +1,99 @@
+---
+title: Help prevent ransomware and threats from encrypting and changing files
+description: Files in default folders can be protected from being changed by malicious apps. This can help prevent ransomware encrypting your files.
+keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+
+# Protect important folders with Controlled Folder Access
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Windows Defender Security Center app
+- Group Policy
+- PowerShell
+- Configuration service providers for mobile device management
+
+
+Controlled Folder Access helps you protect valuable data from malicious apps and threats, such as ransomware.
+
+It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
+
+Controlled Folder Access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+
+All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder.
+
+This is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/en-us/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage.
+
+A notification will appear on the machine where the app attempted to make changes to a protected folder. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
+
+The protected folders include common system folders, and you can [add additional folders](customize-controlled-folders-exploit-guard.md#protect-additional-folders). You can also [allow or whitelist apps](customize-controlled-folders-exploit-guard.md#allow-specifc-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders.
+
+As with other features of Windows Defender Exploit Guard, you can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Controlled Folder Access would impact your organization if it were enabled.
+
+
+
+## Requirements
+
+The following requirements must be met before Controlled Folder Access will work:
+
+Windows 10 version | Windows Defender Antivirus
+-|-
+Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
+
+
+## Review Controlled Folder Access events in Windows Event Viewer
+
+You can review the Windows event log to see events that are created when Controlled Folder Access blocks (or audits) an app:
+
+1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *cfa-events.xml* to an easily accessible location on the machine.
+
+2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
+
+3. On the left panel, under **Actions**, click **Import custom view...**
+
+ 
+
+4. Navigate to where you extracted *cfa-events.xml* and select it. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
+
+4. Click **OK**.
+
+5. This will create a custom view that filters to only show the following events related to Controlled Folder Access:
+
+Event ID | Description
+-|-
+5007 | Event when settings are changed
+1124 | Audited Controlled Folder Access event
+1123 | Blocked Controlled Folder Access event
+
+
+ ## In this section
+
+Topic | Description
+---|---
+[Evaluate Controlled Folder Access](evaluate-controlled-folder-access.md) | Use a dedicated demo tool to see how Controlled Folder Access works, and what events would typically be created.
+[Enable Controlled Folder Access](enable-controlled-folders-exploit-guard.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage Controlled Folder Access in your network
+[Customize Controlled Folder Access](customize-controlled-folders-exploit-guard.md) | Add additional protected folders, and allow specified apps to access protected folders.
diff --git a/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
new file mode 100644
index 0000000000..71db423dcf
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
@@ -0,0 +1,94 @@
+---
+title: Configure how ASR works to finetune protection in your network
+description: You can individually set rules in audit, block, or disabled modes, and add files and folders that should be excluded from ASR
+keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, customize, configure, exclude
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+# Customize Attack Surface Reduction
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Windows Defender Security Center app
+- Group Policy
+- PowerShell
+- Configuration service providers for mobile device management
+
+
+Attack Surface Reduction is a feature that is part of Windows Defender Exploit Guard. It helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.
+
+This topic describes how to customize Attack Surface Reduction by [excluding files and folders](#exclude-files-and-folders) or [adding custom text to the notification](#customize-the-notification) alert that appears on a user's computer.
+
+You can use Group Policy, PowerShell, and MDM CSPs to configure these settings.
+
+## Exclude files and folders
+
+You can exclude files and folders from being evaluated by Attack Surface Reduction rules.
+
+You can specify individual files or folders (using folder paths or fully qualified resource names) but you cannot specify if the exclusions should only be applied to individual rules: the exclusions will apply to all rules that are enabled (or placed in audit mode).
+
+### Use Group Policy to exclude files and folders
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+
+3. In the **Group Policy Management Editor** go to **Computer configuration**.
+
+4. Click **Policies** then **Administrative templates**.
+
+5. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Attack Surface Reduction**.
+
+6. Double-click the **Exclude files and paths from Attack Surface Reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item.
+
+### Use PowerShell to exclude files and folderss
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+ ```PowerShell
+ Add-MpPreference -AttackSurfaceReductionOnlyExclusions ""
+ ```
+
+Continue to use `Add-MpPreference -AttackSurfaceReductionOnlyExclusions` to add more folders to the list.
+
+
+>[!IMPORTANT]
+>Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list.
+
+### Use MDM CSPs to exclude files and folders
+
+Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions.
+
+
+
+## Customize the notification
+
+See the [Windows Defender Security Center](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
+
+
+
+## Related topics
+
+- [Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md)
+- [Enable Attack Surface Reduction](enable-attack-surface-reduction.md)
+- [Evaluate Attack Surface Reduction](evaluate-attack-surface-reduction.md)
+
diff --git a/windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
new file mode 100644
index 0000000000..9bde74faf6
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
@@ -0,0 +1,194 @@
+---
+title: Add additional folders and apps to be protected by Windows 10
+description: Add additional folders that should be protected by Controlled Folder Access, or whitelist apps that are incorrectly blocking changes to important files.
+keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders, customize, add folder, add app, whitelist, add executable
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+
+# Customize Controlled Folder Access
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Windows Defender Security Center app
+- Group Policy
+- PowerShell
+- Configuration service providers for mobile device management
+
+
+Controlled Folder Access helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
+
+This topic describes how to customize the following settings of the Controlled Folder Access feature with the Windows Defender Security Center app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs):
+
+- [Add additional folders to be protected](#protect-additional-folders)
+- [Add apps that should be allowed to access protected folders](#allow-specifc-apps-to-make-changes-to-controlled-folders)
+
+ ## Protect additional folders
+
+Controlled Folder Access applies to a number of system folders and default locations, including folders such as Documents, Pictures, Movies, and Desktop.
+
+You can add additional folders to be protected, but you cannot remove the default folders in the default list.
+
+Adding other folders to Controlled Folder Access can be useful, for example, if you dont store files in the default Windows libraries or youve changed the location of the libraries away from the defaults.
+
+You can also enter network shares and mapped drives, but environment variables and wildcards are not supported.
+
+You can use the Windows Defender Security Center app or Group Policy to add and remove additional protected folders.
+
+### Use the Windows Defender Security Center app to protect additional folders
+
+1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
+
+ 
+
+3. Under the **Controlled folder access** section, click **Protected folders**
+
+4. Click **Add a protected folder** and follow the prompts to add apps.
+
+ 
+
+
+### Use Group Policy to protect additional folders
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+
+3. In the **Group Policy Management Editor** go to **Computer configuration**.
+
+4. Click **Policies** then **Administrative templates**.
+
+5. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access**.
+
+6. Double-click the **Configured protected folders** setting and set the option to **Enabled**. Click **Show** and enter each folder.
+
+> [!IMPORTANT]
+> Environment variables and wildcards are not supported.
+
+
+### Use PowerShell to protect additional folders
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+ ```PowerShell
+ Add-MpPreference -ControlledFolderAccessProtectedFolders ""
+ ```
+
+
+Continue to use `Add-MpPreference -ControlledFolderAccessProtectedFolders` to add more folders to the list. Folders added using this cmdlet will appear in the Windows Defender Security Center app.
+
+
+
+
+
+>[!IMPORTANT]
+>Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list.
+
+### Use MDM CSPs to protect additional folders
+
+Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-guardedfolderslist) configuration service provider (CSP) to allow apps to make changes to protected folders.
+
+
+
+ ## Allow specifc apps to make changes to controlled folders
+
+You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if youre finding a particular app that you know and trust is being blocked by the Controlled Folder Access feature.
+
+>[!IMPORTANT]
+>By default, Windows adds apps that it considers friendly to the allowed list - apps added automatically by Windows are not recorded in the list shown in the Windows Defender Security Center app or by using the associated PowerShell cmdlets.
+>You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness.
+
+
+You can use the Windows Defender Security Center app or Group Policy to add and remove apps that should be allowed to access protected folders.
+
+When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the whitelist and may be blocked by Controlled Folder Access.
+
+### Use the Windows Defender Security app to whitelist specific apps
+
+1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
+
+ 
+
+3. Under the **Controlled folder access** section, click **Allow an app through Controlled folder access**
+
+4. Click **Add an allowed app** and follow the prompts to add apps.
+
+ 
+
+### Use Group Policy to whitelist specific apps
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+
+3. In the **Group Policy Management Editor** go to **Computer configuration**.
+
+4. Click **Policies** then **Administrative templates**.
+
+5. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access**.
+
+6. Double-click the **Configure allowed applications** setting and set the option to **Enabled**. Click **Show** and enter each app as Value? Or Value Name? what are the requirements? Have to be exe? Do you have to enter fully qualified path, or will it apply to any .exe with that name?
+
+
+
+### Use PowerShell to whitelist specific apps
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+ ```PowerShell
+ Add-MpPreference -ControlledFolderAccessAllowedApplications ""
+ ```
+
+ For example, to add the executable *test.exe*, located in the folder *C:\apps*, the cmdlet would be as follows:
+
+ ```PowerShell
+ Add-MpPreference -ControlledFolderAccessAllowedApplications "c:\apps\test.exe"
+ ```
+
+Continue to use `Add-MpPreference -ControlledFolderAccessAllowedApplications` to add more apps to the list. Apps added using this cmdlet will appear in the Windows Defender Security Center app.
+
+
+
+
+
+>[!IMPORTANT]
+>Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list.
+
+
+
+### Use MDM CSPs to whitelist specific apps
+
+Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-guardedfoldersallowedapplications) configuration service provider (CSP) to allow apps to make changes to protected folders.
+
+## Customize the notification
+
+See the [Windows Defender Security Center](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
+
+## Related topics
+- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md)
+- [Enable Controlled Folder Access](enable-controlled-folders-exploit-guard.md)
+- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
new file mode 100644
index 0000000000..86c947101d
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
@@ -0,0 +1,260 @@
+---
+title: Enable or disable specific mitigations used by Exploit Protection
+keywords: exploit protection, mitigations, enable, powershell, dep, cfg, emet, aslr
+description: You can enable individual mitigations using the Windows Defender Security Center app or PowerShell. You can also audit mitigations and export configurations.
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+# Customize Exploit Protection
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Windows Defender Security Center app
+- Group Policy
+- PowerShell
+
+
+
+Exploit Protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
+
+ It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
+
+You configure these settings using the Windows Defender Security Center on an individual machine, and then export the configuration as an XML file that you can deploy to other machines. You can use Group Policy to distribute the XML file to multiple devices at once. You can also configure the mitigations with PowerShell.
+
+ This topic lists each of the mitigations available in Exploit Protection, indicates whether the mitigation can be applied system-wide or to individual apps, and provides a brief description of how the mitigation works.
+
+It also describes how to enable or configure the mitigations using Windows Defender Security Center, PowerShell, and MDM CSPs. This is the first step in creating a configuration that you can deploy across your network. The next step involves [generating or exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml.md).
+
+
+## Exploit Protection mitigations
+
+All mitigations can be configured for individual apps. Some mitigations can also be applied at the operating system level.
+
+You can set each of the mitigations to on, off, or to their default value as indicated in the following table. Some mitigations have additional options, these are indicated in the description in the table.
+
+For the associated PowerShell cmdlets for each mitigation, see the [PowerShell reference table](#cmdlets-table) at the bottom of this topic.
+
+Mitigation | Description | Can be applied to, and default value for system mitigations | Audit mode available
+- | - | - | -
+Control flow guard (CFG) | Ensures control flow integrity for indirect calls. Can optionally suppress exports and use strict CFG. | System and app-level (system default: **On** | No
+Data Execution Prevention (DEP) | Prevents code from being run from data-only memory pages such as the heap and stacks. Only configurable for 32-bit (x86) apps, permanently enabled for all other architectures. Can optionally enable ATL thunk emulation. | System and app-level (system default: **On** | No
+Force randomization for images (Mandatory ASLR) | Forcibly relocates images not compiled with /DYNAMICBASE. Can optionally fail loading images that don't have relocation information. | System and app-level (system default: **Off** | No
+Randomize memory allocations (Bottom-Up ASLR) | Randomizes locations for virtual memory allocations including those for system structures heaps, stacks, TEBs, and PEBs. Can optionally use a wider randomization variance for 64-bit processes. | System and app-level (system default: **On** | No
+Validate exception chains (SEHOP) | Ensures the integrity of an exception chain during exception dispatch. Only configurable for 32-bit (x86) applications. | System and app-level (system default: **On** | No
+Validate heap integrity | Terminates a process when heap corruption is detected. | System and app-level (system default: **Off** | No
+Arbitrary code guard (ACG) | Prevents the introduction of non-image-backed executable code and prevents code pages from being modified. Can optionally allow thread opt-out and allow remote downgrade (configurable only with PowerShell). | App-level only | Yes
+Block low integrity images | Prevents the loading of images marked with Low Integrity. | App-level only | Yes
+Block remote images | Prevents loading of images from remote devices. | App-level only | Yes
+Block untrusted fonts | Prevents loading any GDI-based fonts not installed in the system fonts directory, notably fonts from the web. | App-level only | Yes
+Code integrity guard | Restricts loading of images signed by Microsoft, WQL, and higher. Can optionally allow Windows Store signed images. | App-level only | Yes
+Disable extension points | Disables various extensibility mechanisms that allow DLL injection into all processes, such as AppInit DLLs, window hooks, and Winsock service providers. | App-level only | No
+Disable Win32k system calls | Prevents an app from using the Win32k system call table. | App-level only | Yes
+Do not allow child processes | Prevents an app from creating child processes. | App-level only | Yes
+Export address filtering (EAF) | Detects dangerous operations being resolved by malicious code. Can optionally validate access by modules commonly used by exploits. | App-level only | Yes
+Import address filtering (IAF) | Detects dangerous operations being resolved by malicious code. Can optionally validate access by modules commonly used by exploits. | App-level only | Yes
+Simulate execution (SimExec) | Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. | App-level only | Yes
+Validate API invocation (CallerCheck) | Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. | App-level only | Yes
+Validate handle usage | Causes an exception to be raised on any invalid handle references. | App-level only | No
+Validate image dependency integrity | Enforces code signing for Windows image dependency loading. | App-level only | Yes
+Validate stack integrity (StackPivot) | Ensures that the stack has not been redirected for sensitive APIs. | App-level only | Yes
+
+
+
+
+### Configure system-level mitigations with the Windows Defender Security Center app
+
+1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+
+2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then the **Exploit protection** label:
+
+ 
+
+3. Under the **System settings** section, find the mitigation you want to configure and select either:
+ - **On by default**
+ - **Off by default**
+ -**Use default**
+
+ >[!NOTE]
+ >You may see a User Account Control window when changing some settings. Enter administrator credentials to apply the setting.
+
+ Changing some settings may required a restart, which will be indicated in red text underneath the setting.
+
+ 
+
+4. Repeat this for all the system-level mitigations you want to configure.
+
+You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) or continue on to configure app-specific mitigations.
+
+Exporting the configuration as an XML file allows you to copy the configuration from one machine onto other machines.
+
+
+### Configure app-specific mitigations with the Windows Defender Security Center app
+
+1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+
+2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then the **Exploit protection settings** at the bottom of the screen:
+
+ 
+
+
+3. Go to the **Program settings** section and choose the app you want to apply mitigations to:
+
+ 1. If the app you want to configure is already listed, click it and then click **Edit**
+ 2. If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app:
+ - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
+ - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
+
+ 
+
+
+4. After selecting the app, you'll see a list of all the mitigations that can be applied. To enable the mitigation, click the check box and then change the slider to **On**. Select any additional options. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
+
+5. Repeat this for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration.
+
+ 
+
+You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) or return to configure system-level mitigations.
+
+Exporting the configuration as an XML file allows you to copy the configuration from one machine onto other machines.
+
+
+ ## PowerShell reference
+
+ You can use the Windows Defender Security Center app to configure exploit protection, or you can use PowerShell cmdlets.
+
+ The configuration settings that were most recently modified will always be applied - regardless of whether you use PowerShell or Windows Defender Security Center. This means that if you use the app to configure a mitigation, then use PowerShell to configure the same mitigation, the app will update to show the changes you made with PowerShell. If you were to then use the app to change the mitigation again, that change would apply.
+
+ >[!IMPORTANT]
+ >Any changes that are deployed to a machine through Group Policy will override the local configuration. When setting up an initial configuration, use a machine that will not have a Group Policy configuration applied to ensure your changes aren't overriden.
+
+
+ You can use the PowerShell verb `Get` or `Set` with the cmdlet `ProcessMitigation`. Using `Get` will list the current configuration status of any mitigations that have been enabled on the device - add the `-Name` cmdlet and app exe to see mitigations for just that app:
+
+```PowerShell
+Get-ProcessMitigation -Name processName.exe
+```
+
+ Use `Set` to configure each mitigation in the following format:
+
+ ```PowerShell
+Set-ProcessMitigation - -,,
+```
+
+
+Where:
+
+- \:
+ - `-Name` to indicate the mitigations should be applied to a specific app. Specify the app's executable after this flag.
+ - `-System` to indicate the mitigation should be applied at the system level
+- \:
+ - `-Enable` to enable the mitigation
+ - `-Disable` to disable the mitigation
+- \:
+ - The mitigation's cmdlet as defined in the [mitigation cmdlets table](#cmdlets-table) below, along with any suboptions (surrounded with spaces). Each mitigation is seperated with a comma.
+
+
+ For example, to enable the Data Execution Prevention (DEP) mitigation with ATL thunk emulation and for an executable called *testing.exe* in the folder *C:\Apps\LOB\tests*, and to prevent that executable from creating child processes, you'd use the following command:
+
+ ```PowerShell
+Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable DEP, EmulateAtlThunks, DisallowChildProcessCreation
+```
+
+ >[!IMPORTANT]
+ >Seperate each mitigation option with commas.
+
+ If you wanted to apply DEP at the system level, you'd use the following command:
+
+ ```PowerShell
+Set-Processmitigation -System -Enable DEP
+```
+
+ To disable mitigations, you can replace `-Enable` with `-Disable`. However, for app-level mitigations, this will force the mitigation to be disabled only for that app.
+
+ If you need to restore the mitigation back to the system default, you need to include the `-Remove` cmdlet as well, as in the following example:
+
+ ```PowerShell
+Set-Processmitigation -Name test.exe -Remove -Disable DEP
+```
+
+
+ You can also set some mitigations to audit mode. Instead of using the PowerShell cmdlet for the mitigation, use the **Audit mode** cmdlet as specified in the [mitigation cmdlets table](#cmdlets-table) below.
+
+ For example, to enable Arbitrary Code Guard (ACG) in audit mode for the *testing.exe* used in the example above, you'd use the following command:
+
+ ```PowerShell
+Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode
+```
+
+You can disable audit mode by using the same command but replacing `-Enable` with `-Disable`.
+
+### PowerShell reference table
+
+This table lists the PowerShell cmdlets (and associated audit mode cmdlet) that can be used to configure each mitigation.
+
+
+
+
+Mitigation | Applies to | PowerShell cmdlets | Audit mode cmdlet
+- | - | - | -
+Control flow guard (CFG) | System and app-level | CFG, StrictCFG, SuppressExports | Audit not available
+Data Execution Prevention (DEP) | System and app-level | DEP, EmulateAtlThunks | Audit not available
+Force randomization for images (Mandatory ASLR) | System and app-level | ForceRelocate | Audit not available
+Randomize memory allocations (Bottom-Up ASLR) | System and app-level | BottomUp, HighEntropy | Audit not available
+Validate exception chains (SEHOP) | System and app-level | SEHOP, SEHOPTelemetry | Audit not available
+Validate heap integrity | System and app-level | TerminateOnHeapError | Audit not available
+Arbitrary code guard (ACG) | App-level only | DynamicCode | AuditDynamicCode
+Block low integrity images | App-level only | BlockLowLabel | AuditImageLoad
+Block remote images | App-level only | BlockRemoteImages | Audit not available
+Block untrusted fonts | App-level only | DisableNonSystemFonts | AuditFont, FontAuditOnly
+Code integrity guard | App-level only | BlockNonMicrosoftSigned, AllowStoreSigned | AuditMicrosoftSigned, AuditStoreSigned
+Disable extension points | App-level only | ExtensionPoint | Audit not available
+Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall
+Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess
+Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter \[1\] | Audit not available
+Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available
+Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available
+Validate API invocation (CallerCheck) | App-level only | EnableRopCallerCheck | Audit not available
+Validate handle usage | App-level only | StrictHandle | Audit not available
+Validate image dependency integrity | App-level only | EnforceModuleDepencySigning | Audit not available
+Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot | Audit not available
+
+
+
+\[1\]: Use the following format to enable EAF modules for dlls for a process:
+
+```PowerShell
+Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll
+```
+
+
+## Customize the notification
+
+See the [Windows Defender Security Center](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
+
+## Related topics
+
+- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
+- [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md)
+- [Evaluate Exploit Protection](evaluate-exploit-protection.md)
+- [Enable Exploit Protection](enable-exploit-protection.md)
+- [Import, export, and deploy Exploit Protection configurations](import-export-exploit-protection-emet-xml.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md
new file mode 100644
index 0000000000..f2c3551f4a
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md
@@ -0,0 +1,46 @@
+---
+title: Compare the features in Exploit Protection with EMET
+keywords: emet, enhanced mitigation experience toolkit, configuration, exploit
+description: Exploit Protection in Windows 10 provides advanced configuration over the settings offered in EMET.
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+
+# Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview, build 16232 and later
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+
+
+
+We're still working on this content and will have it published soon!
+
+
+
+Check out the following topics for more information about Exploit Protection:
+
+- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
+- [Evaluate Exploit Protection](evaluate-exploit-protection.md)
+- [Enable Exploit Protection](enable-exploit-protection.md)
+- [Configure and audit Exploit Protection mitigations](customize-exploit-protection.md)
+- [Import, export, and deploy Exploit Protection configurations](import-export-exploit-protection-emet-xml.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
new file mode 100644
index 0000000000..910db87d44
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
@@ -0,0 +1,118 @@
+---
+title: Enable ASR rules individually to protect your organization
+description: Enable ASR rules to protect your devices from attacks the use macros, scripts, and common injection techniques
+keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, enable, turn on
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+# Enable Attack Surface Reduction
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Group Policy
+- PowerShell
+- Configuration service providers for mobile device management
+
+
+Attack Surface Reduction is a feature that is part of Windows Defender Exploit Guard. It helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.
+
+
+
+## Enable and audit Attack Surface Reduction rules
+
+You can use Group Policy, PowerShell, or MDM CSPs to configure the state or mode for each rule. This can be useful if you only want to enable some rules, or you want to enable rules individually in audit mode.
+
+For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
+
+Attack Surface Reduction rules are identified by their unique rule ID.
+
+You can manually add the rules by using the GUIDs in the following table:
+
+Rule description | GUIDs
+-|-
+Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
+Block Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
+Block Office applications from creating executable content | 3B576869-A4EC-4529-8536-B80A7769E899
+Block Office applications from injecting into other processes | 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84
+Impede JavaScript and VBScript to launch executables | D3E037E1-3EB8-44C8-A917-57927947596D
+Block execution of potentially obfuscated scripts | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
+Block Win32 imports from Macro code in Office | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
+
+See the [Attack Surface Reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule.
+
+### Use Group Policy to enable Attack Surface Reduction rules
+
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+
+3. In the **Group Policy Management Editor** go to **Computer configuration**.
+
+4. Click **Policies** then **Administrative templates**.
+
+5. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Attack Surface Reduction**.
+
+6. Double-click the **Configure Attack Surface Reduction rules** setting and set the option to **Enabled**. You can then set the individual state for each rule in the options section:
+ - Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows:
+ - Block mode = 1
+ - Disabled = 0
+ - Audit mode = 2
+
+
+ 
+
+
+
+
+ ### Use PowerShell to enable Attack Surface Reduction rules
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+ ```PowerShell
+ Add-MpPreference -AttackSurfaceReductionRules_Ids
+ ```
+
+You can enable the feature in audit mode using the following cmdlet:
+
+```PowerShell
+Set-MpPreference -AttackSurfaceReductionRules_Actions AuditMode
+```
+
+Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off.
+
+
+
+### Use MDM CSPs to enable Attack Surface Reduction rules
+
+Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductionrules) configuration service provider (CSP) to individually enable and set the mode for each rule.
+
+
+
+
+## Related topics
+
+- [Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md)
+- [Customize Attack Surface Reduction](customize-attack-surface-reduction.md)
+- [Evaluate Attack Surface Reduction](evaluate-attack-surface-reduction.md)
diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
new file mode 100644
index 0000000000..3471eba455
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
@@ -0,0 +1,107 @@
+---
+title: Turn on the protected folders feature in Windows 10
+keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders, enable, turn on, use
+description: Learn how to protect your important files by enabling Controlled Folder Access
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+
+# Enable Controlled Folder Access
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Windows Defender Security Center app
+- Group Policy
+- PowerShell
+- Configuration service providers for mobile device management
+
+
+Controlled Folder Access helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
+
+This topic describes how to enable Controlled Folder Access with the Windows Defender Security Center app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs).
+
+
+## Enable and audit Controlled Folder Access
+
+You can enable Controlled Folder Access with the Windows Defender Security Center app, Group Policy, PowerShell, or MDM CSPs. You can also set the feature to audit mode. Audit mode allows you to test how the feature would work (and review events) without impacting the normal use of the machine.
+
+For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
+
+
+### Use the Windows Defender Security app to enable Controlled Folder Access
+
+1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
+
+ 
+
+3. Set the switch for the feature to **On**
+
+ 
+
+### Use Group Policy to enable Controlled Folder Access
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+
+3. In the **Group Policy Management Editor** go to **Computer configuration**.
+
+4. Click **Policies** then **Administrative templates**.
+
+5. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access**.
+
+6. Double-click the **Configure controlled folder access** setting and set the option to **Enabled**. In the options section you must specify one of the following:
+ - **Enable** - Malicious and suspicious apps will not be allowed to make changes to files in protected folders. A notification will be provided in the Windows event log
+ - **Disable (Default)** - The Controlled Folder Access feature will not work. All apps can make changes to files in protected folders.
+ - **Audit Mode** - If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization.
+
+ 
+
+>[!IMPORTANT]
+>To fully enable the Controlled Folder Access feature, you must set the Group Policy option to **Enabled** and also select **Enable** in the options drop-down menu.
+
+### Use PowerShell to enable Controlled Folder Access
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+ ```PowerShell
+ Set-MpPreference -EnableControlledFolderAccess Enabled
+ ```
+
+You can enable the feauting in audit mode by specifying `AuditMode` instead of `Enabled`.
+
+Use `Disabled` to turn the feature off.
+
+### Use MDM CSPs to enable Controlled Folder Access
+
+Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-guardedfolderslist) configuration service provider (CSP) to allow apps to make changes to protected folders.
+
+
+## Related topics
+
+- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md)
+- [Customize Controlled Folder Access](customize-controlled-folders-exploit-guard.md)
+- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md b/windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
new file mode 100644
index 0000000000..90e6cd1782
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
@@ -0,0 +1,76 @@
+---
+title: Turn on Exploit Protection to help mitigate against attacks
+keywords: exploit, mitigation, attacks, vulnerability
+description: Exploit Protection in Windows 10 provides advanced configuration over the settings offered in EMET.
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+
+# Enable Exploit Protection
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Windows Defender Security Center app
+- Group Policy
+- PowerShell
+
+
+
+Exploit Protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
+
+Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are included in Exploit Protection.
+
+It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
+
+
+
+## Enable and audit Exploit Protection
+
+You enable and configure each Exploit Protection mitigation separately. Some mitigations apply to the entire operating system, while others can be targeted towards specific apps.
+
+The mitigations available in Exploit Protection are enabled or configured to their default values automatically in Windows 10. However, you can customize the configuration to suit your organization and then deploy that configuration across your network.
+
+You can also set mitigations to audit mode. Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine.
+
+For background information on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
+
+You can also convert an existing EMET configuration file (in XML format) and import it into Exploit Protection. This is useful if you have been using EMET and have a customized series of policies and mitigations that you want to keep using.
+
+See the following topics for instructions on configuring Exploit Protection mitigations and importing, exporting, and converting configurations:
+
+1. [Configure the mitigations you want to enable or audit](customize-exploit-protection.md)
+2. [Export the configuration to an XML file that you can use to deploy the configuration to multiple machines](import-export-exploit-protection-emet-xml.md).
+
+
+## Related topics
+
+- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
+- [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md)
+- [Evaluate Exploit Protection](evaluate-exploit-protection.md)
+- [Configure and audit Exploit Protection mitigations](customize-exploit-protection.md)
+- [Import, export, and deploy Exploit Protection configurations](import-export-exploit-protection-emet-xml.md)
+
+
+
diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/threat-protection/windows-defender-exploit-guard/enable-network-protection.md
new file mode 100644
index 0000000000..4e8f0eea70
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/enable-network-protection.md
@@ -0,0 +1,100 @@
+---
+title: Turn Network Protection on
+description: Enable Network Protection with Group Policy, PowerShell, or MDM CSPs
+keywords: ANetwork Protection, exploits, malicious website, ip, domain, domains, enable, turn on
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+# Enable Network Protection
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Group Policy
+- PowerShell
+- Configuration service providers for mobile device management
+
+
+Network Protection is a feature that is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). It helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
+
+This topic describes how to enable Network Protection with Group Policy, PowerShell cmdlets, and configuration service providers (CSPs) for mobile device management (MDM).
+
+
+## Enable and audit Network Protection
+
+You can enable Network Protection in either audit or block mode with Group Policy, PowerShell, or MDM settings with CSP.
+
+For background information on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
+
+
+### Use Group Policy to enable or audit Network Protection
+
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+
+3. In the **Group Policy Management Editor** go to **Computer configuration**.
+
+4. Click **Policies** then **Administrative templates**.
+
+5. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Network Protection**.
+
+6. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section you must specify one of the following:
+ - **Block** - Users will not be able to access malicious IP addresses and domains
+ - **Disable (Default)** - The Network Protection feature will not work. Users will not be blocked from accessing malicious domains
+ - **Audit Mode** - If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log but the user will not be blocked from visiting the address.
+
+
+>[!IMPORTANT]
+>To fully enable the Network Protection feature, you must set the Group Policy option to **Enabled** and also select **Block** in the options drop-down menu.
+
+
+ ### Use PowerShell to enable or audit Network Protection
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+ ```
+ Set-MpPreference -EnableNetworkProtection Enabled
+ ```
+
+You can enable the feauting in audit mode using the following cmdlet:
+
+```
+Set-MpPreference -EnableNetworkProtection AuditMode
+```
+
+Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off.
+
+
+
+### Use MDM CSPs to enable or audit Network Protection
+
+
+Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable and configure Network Protection.
+
+
+## Related topics
+
+- [Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md)
+- [Evaluate Network Protection](evaluate-network-protection.md)
diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
new file mode 100644
index 0000000000..1e5a5acdee
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
@@ -0,0 +1,249 @@
+---
+title: Use a demo to see how ASR can help protect your devices
+description: The custom demo tool lets you create sample malware infection scenarios so you can see how ASR would block and prevent attacks
+keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, evaluate, test, demo
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+# Evaluate Attack Surface Reduction rules
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Windows Defender Security Center app
+- Group Policy
+- PowerShell
+
+
+
+
+Attack Surface Reduction is a feature that is part of Windows Defender Exploit Guard [that helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines](attack-surface-reduction-exploit-guard.md).
+
+This topic helps you evaluate Attack Surface Reduction. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organisation.
+
+>[!NOTE]
+>This topic uses a customized testing tool and PowerShell cmdlets to make it easy to enable the feature and test it.
+>For instructions on how to use Group Policy, Mobile Device Management (MDM), and System Center Configuration Manager to deploy these settings across your network, see the main [Attack Surface Reduction topic](attack-surface-reduction-exploit-guard.md).
+
+
+## Use the demo tool to see how Attack Surface Reduction works
+
+Use the **ExploitGuard ASR test tool** app to see how Attack Surface Reduction rules are applied in certain key protection and high-risk scenarios. These scenarios are typical infection vectors for malware that use exploits to spread and infect machines.
+
+The tool is part of the Windows Defender Exploit Guard evaluation package:
+- [Download the Exploit Guard Evaluation Package](https://aka.ms/mp7z2w)
+
+This tool has a simple user interface that lets you choose a rule, configure it in blocking, audit, or disabled mode, and run a pre-created series of actions that would be evaluated by the rule.
+
+When you run a scenario, you will see what the scenario entails, what the rule is set to, and what actions were taken.
+
+
+
+Each scenario creates a fake or sample file or behavior that the rule would target and, if the rule was enabled, block from running.
+
+>[!IMPORTANT]
+>The settings you change while using this tool will be cleared when you close the tool. If you want to test the feature in a production environment, you should consider using [audit mode to measure impact](#use-audit-mode-to-measure-impact), or see the main [Attack Surface Reduction topic](attack-surface-reduction-exploit-guard.md).
+
+**Run a rule using the demo tool:**
+
+1. Open the Exploit Guard Evaluation Package and copy the file *ExploitGuard ASR test tool* to a location on your PC that is easy to access (such as your desktop).
+
+2. Run the tool by double-clicking the version that matches your operating system - either 64-bit (x64) or 32-bit (x86). If a Windows Defender SmartScreen notification appears, click **More details** and then **Run anyway**.
+
+
+ >[!IMPORTANT]
+ >Make sure you use the version of the tool that is appropriate for the machine you are using. Use the x86 version for 32-bit versions of Windows 10, or use the x64 version for 64-bit versions of Windows 10.
+
+3. Select the rule from the drop-down menu.
+
+4. Select the mode, **Disabled**, **Block**, or **Audit**.
+ 1. Optionally, click **Show Advanced Options** and choose a specific scenario (or all scenarios sequentially by selecting **All Scenarios**), enter a delay, or click **Leave Dirty**.
+
+5. Click **RunScenario**.
+
+The scenario will run, and an output will appear describing the steps taken.
+
+You can right-click on the output window and click **Open Event Viewer** to see the relevant event in Windows Event Viewer.
+
+>[!TIP]
+>You can click **Save Filter to Custom View...** in the Event Viewer to create a custom view so you can easily come back to this view as you continue to evaluate rules.
+
+
+Choosing the **Mode** will change how the rule functions:
+
+Mode option | Description
+-|-
+Disabled | The rule will not fire and no event will be recorded. This is the same as if you had not enabled Attack Surface Reduction at all.
+Block | The rule will fire and the suspicious behavior will be blocked from running. An event will be recorded in the event log. This is the same as if you had enabled Attack Surface Reduction.
+Audit | The rule wil fire, but the suspicious behavior will **not** be blocked from running. An event will be recorded in the event log as if the rule did block the behavior. This allows you to see how Attack Surface Reduction will work but without impacting how you use the machine.
+
+Block mode will cause a notification to appear on the user's desktop:
+
+
+
+You can [modify the notification to display your company name and links](customize-attack-surface-reduction.md#customize-the-notification) for users to obtain more information or contact your IT help desk.
+
+For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
+
+The following sections describe what each rule does and what the scenarios entail for each rule.
+
+### Rule: Block executable content from email client and webmail
+
+
+This rule blocks certain files from being run or launched from an email. You can specify an individual scenario, based on the category of the file type or whether the email is in Microsoft Outlook or web mail.
+
+The following table describes the category of the file type that will be blocked and the source of the email for each scenario in this rule:
+
+Scenario name | File type | Program
+- | - | -
+Random | A scenario will be randomly chosen from this list | Microsoft Outlook or web mail
+Mail Client PE | Executable files (such as .exe, .dll, or .scr) | Microsoft Outlook
+Mail Client Script | Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file) | Microsoft Outlook
+Mail Client Script Archive | Script archive files | Microsoft Outlook
+WebMail PE | Executable files (such as .exe, .dll, or .scr) | Web mail, such as gmail, outlook, hotmail
+WebMail Script | Script files (such as a PowerShell .ps, VBScript .vbs, or JavaScript .js file) | Web mail
+WebMail Script Archive | Script archive files | Web mail
+
+
+### Rule: Block Office applications from creating child processes
+
+>[!NOTE]
+>There is only one scenario to test for this rule.
+
+Office apps, such as Word or Excel, will not be allowed to create child processes. This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables.
+
+### Rule: Block Office applications from creating executable content
+
+This rule targets typical behaviors used by suspicious and malicious add-ons and scripts that create or launch executable files. This is a typical malware technique.
+
+The following scenarios can be individually chosen:
+
+- Random
+ - A scenario will be randomly chosen from this list
+- Extension Block
+ - Extensions will be blocked from being used by Office apps. Typically these extensions use the Windows Scripting Host (.wsh files) to run scripts that automate certain tasks or provide user-created add-on features.
+
+
+### Rule: Block Office applications from injecting into other processes
+
+
+>[!NOTE]
+>There is only one scenario to test for this rule.
+
+
+Office apps, such as Word, Excel, or PowerPoint, will not be able to inject code into other processes. This is typically used by malware to run malicious code in an attempt to hide the activity from antivirus scanning engines.
+
+
+
+### Rule: Impede JavaScript and VBScript to launch executables
+
+JavaScript and VBScript scripts can be used by malware to launch other malicious apps. This rule prevents these scripts from being allowed to launch apps, thus preventing malicious use of the scripts to spread malware and infect machines.
+
+- Random
+ - A scenario will be randomly chosen from this list
+- JScript
+ - JavaScript will not be allowed to launch executable files
+- VBScript
+ - VBScript will not be allowed to launch executable files
+
+
+
+### Rule: Block execution of potentially obfuscated scripts
+
+Malware and other threats can attempt to obfuscate or hide their malicious code in some script files. This rule prevents scripts that appear to be obfuscated from running.
+
+
+- Random
+ - A scenario will be randomly chosen from this list
+- AntiMalwareScanInterface
+ - This scenario uses the [AntiMalwareScanInterface (AMSI)](https://msdn.microsoft.com/en-us/library/windows/desktop/dn889587(v=vs.85).aspx) to determine if a script is potentially obfuscated, and then blocks such a script
+- OnAccess
+ - Potentially obfuscated scripts will be blocked when an attempt is made to access them
+
+
+## Review Attack Surface Reduction events in Windows Event Viewer
+
+You can also review the Windows event log to see the events there were created when using the tool:
+
+1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
+
+2. On the left panel, under **Actions**, click **Import custom view...**
+
+3. Navigate to the Exploit Guard Evaluation Package, and select the file *asr-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
+
+4. Click **OK**.
+
+5. This will create a custom view that filters to only show the following events related to Attack Surface Reduction:
+
+Event ID | Description
+-|-
+5007 | Event when settings are changed
+1122 | Event when rule fires in Audit-mode
+1121 | Event when rule fires in Block-mode
+
+
+## Use audit mode to measure impact
+
+You can also enable the Attack Surface Reduction feature in audit mode. This lets you see a record of what apps would have been blocked if you had enabled the feature.
+
+You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how often the rules will fire during normal use.
+
+To enable audit mode, use the following PowerShell cmdlet:
+
+```PowerShell
+Set-MpPreference -AttackSurfaceReductionRules_Actions AuditMode
+```
+
+This enables all Attack Surface Reduction rules in audit mode.
+
+>[!TIP]
+>If you want to fully audit how Attack Surface Reduction will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
+You can also use Group Policy, Intune, or MDM CSPs to configure and deploy the setting, as described in the main [Attack Surface Reduction topic](attack-surface-reduction-exploit-guard.md).
+
+
+
+## Customize Attack Surface Reduction
+
+During your evaluation, you may wish to configure each rule individualy or exclude certain files and processes from being evaluated by the feature.
+
+See the [Customize Exploit Protection](customize-exploit-protection.md) topic for information on configuring the feature with management tools, including Group Policy and MDM CSP policies.
+
+
+## Related topics
+- [Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md)
+- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
+- [Use audit mode to evaluate Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
new file mode 100644
index 0000000000..3b7019e217
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
@@ -0,0 +1,133 @@
+---
+title: See how CFA can help protect files from being changed by malicious apps
+description: Use a custom tool to see how Controlled Folder Access works in Windows 10.
+keywords: controlled folder access, windows 10, windows defender, ransomware, protect, evaluate, test, demo, try
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+# Evaluate Controlled Folder Access
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Windows Defender Security Center app
+- Group Policy
+- PowerShell
+
+Controlled Folder Access is a feature that is part of Windows Defender Exploit Guard [that helps protect your documents and files from modification by suspicious or malicious apps](controlled-folders-exploit-guard.md).
+
+It is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/en-us/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage.
+
+This topic helps you evaluate Controlled Folder Access. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organisation.
+
+>[!NOTE]
+>This topic uses PowerShell cmdlets to make it easy to enable the feature and test it.
+>For instructions on how to use Group Policy, Mobile Device Management (MDM), and System Center Configuration Manager to deploy these settings across your network, see the main [Controlled Folder Access topic](controlled-folders-exploit-guard.md).
+
+
+## Use the demo tool to see how Controlled Folder Access works
+
+Use the **ExploitGuard CFA File Creator** tool to see how Controlled Folder Access can prevent a suspicious app from creating files in protected folders.
+
+The tool is part of the Windows Defender Exploit Guard evaluation package:
+- [Download the Exploit Guard Evaluation Package](https://aka.ms/mp7z2w)
+
+This tool can be run locally on an individual machine to see the typical behavior of Controlled Folder Access. The tool is considered by Windows Defender Exploit Guard to be suspicious and will be blocked from creating new files or making changes to existing files in any of your protected folders.
+
+You can enable Controlled Folder Access, run the tool, and see what the experience is like when a suspicious app is prevented from accessing or modifying files in protected folders.
+
+
+
+1. Type **powershell** in the Start menu.
+
+2. Right-click **Windows PowerShell**, click **Run as administrator** and click **Yes** or enter admin credentials at the prompt.
+
+3. Enter the following in the PowerShell window to enable Controlled Folder Access:
+ ```PowerShell
+ Set-MpPreference -EnableControlledFolderAccess Enabled
+ ```
+
+4. Open the Exploit Guard Evaluation Package and copy the file *ExploitGuard CFA File Creator.exe* to a location on your PC that is easy to access (such as your desktop).
+
+5. Run the tool by double-clicking it. If a Windows Defender SmartScreen notification appears, click **More details** and then **Run anyway**.
+
+6. You'll be asked to specify a name and location for the file. You can choose anything you wish to test.
+
+ 
+
+7. A notification will appear, indicating that the tool was prevented from creating the file, as in the following example:
+
+ 
+
+## Review Controlled Folder Access events in Windows Event Viewer
+
+You can also review the Windows event log to see the events there were created when using the tool:
+
+1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
+
+2. On the left panel, under **Actions**, click **Import custom view...**
+
+3. Navigate to the Exploit Guard Evaluation Package, and select the file *cfa-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
+
+4. Click **OK**.
+
+5. This will create a custom view that filters to only show the following events related to Controlled Folder Access:
+
+Event ID | Description
+-|-
+5007 | Event when settings are changed
+1124 | Audited Controlled Folder Access event
+1123 | Blocked Controlled Folder Access event
+
+
+## Use audit mode to measure impact
+
+As with other Windows Defender EG features, you can enable the Controlled Folder Access feature in audit mode. This lets you see a record of what *would* have happened if you had enabled the setting.
+
+You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period.
+
+To enable audit mode, use the following PowerShell cmdlet:
+
+```PowerShell
+Set-MpPreference -EnableControlledFolderAccess AuditMode
+```
+
+>[!TIP]
+>If you want to fully audit how Controlled Folder Access will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
+You can also use Group Policy, Intune, MDM, or System Center Configuration Manager to configure and deploy the setting, as described in the main [Controlled Folder Access topic](controlled-folders-exploit-guard.md).
+
+
+For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
+
+
+
+## Customize protected folders and apps
+
+During your evaluation, you may wish to add to the list of protected folders, or allow certain apps to modify files.
+
+See the main [Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md) topic for configuring the feature with management tools, including Group Policy, PowerShell, and MDM CSP.
+
+## Related topics
+- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md)
+- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
+- [Use audit mode to evaluate Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md
new file mode 100644
index 0000000000..94309ec278
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md
@@ -0,0 +1,133 @@
+---
+title: See how Exploit Protection works in a demo
+description: See how Exploit Protection can prevent suspicious behaviors from occurring on specific apps.
+keywords: exploit protection, exploits, kernel, events, evaluate, demo, try, mitigiation
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+
+# Evaluate Exploit Protection
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Windows Defender Security Center app
+- Group Policy
+- PowerShell
+
+
+Exploit Protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
+
+Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are included in Exploit Protection.
+
+This topcs helps you evaluate Exploit Protection. See the [Exploit Protection topic](exploit-protection-exploit-guard.md) for more information on what Exploit Protection does and how to configure it for real-world deployment.
+
+>[!NOTE]
+>This topic uses PowerShell cmdlets to make it easy to enable the feature and test it.
+>For instructions on how to use Group Policy and Mobile Device Management (MDM to deploy these settings across your network, see the main [Exploit Protection topic](exploit-protection-exploit-guard.md) .
+
+
+## Enable and validate an Exploit Protection mitigation
+
+For this demo you will enable the mitigation that prevents child processes from being created. You'll use Internet Explorer as the parent app.
+
+First, enable the mitigation using PowerShell, and then confirm that it has been applied in the Windows Defender Security Center app:
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+
+2. Enter the following cmdlet:
+
+ ```PowerShell
+ SetProcessMitigation Name iexplore.exe Enable DisallowChildProcessCreation
+ ```
+
+1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+
+2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then **Exploit protection settings** at the bottom of the screen.
+
+3. Go to the **Program settings** section, scroll down, click **iexplore.exe**, and then **Edit**.
+
+4. Find the **Do not allow child processes** setting and make sure that **Override System settings** is enabled and the switch is set to **On**.
+
+Now that you know the mitigation has been enabled, you can test to see if it works and what the experience would be for an end user:
+
+1. Type **run** in the Start menu andp ress **Enter** to open the run dialog box.
+
+2. Type **iexplore.exe** and press **Enter** or click **OK** to attempt to open Internet Explorer.
+
+3. Internet Explorer should briefly open and then immediately shut down again, indicating that the mitigation was applied and prevented Internet Explorer from opening a child process (its own process).
+
+Lastly, we can disable the mitigation so that Internet Explorer works properly again:
+
+1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+
+2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then **Exploit protection settings** at the bottom of the screen.
+
+3. Go to the **Program settings** section, scroll down, click **iexplore.exe**, and then **Edit**.
+
+4. Find the **Do not allow child processes** setting and set the switch to **Off**. Click **Apply**
+
+5. Validate that Internet Explorer runs by running it from the run dialog box again. It should open as expected.
+
+
+## Review Exploit Protection events in Windows Event Viewer
+
+You can now review the events that Exploit Protection sent to the Windows Event log to confirm what happened:
+
+1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *ep-events.xml* to an easily accessible location on the machine.
+
+2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
+
+3. On the left panel, under **Actions**, click **Import custom view...**
+
+4. Navigate to where you extracted *ep-events.xml* and select it. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
+
+4. Click **OK**.
+
+5. This will create a custom view that filters to only show the following events related to Exploit Protection, which are all listed in the [Exploit Protection](exploit-protection-exploit-guard.md) topic.
+
+6. The specific event to look for in this demo is event ID 4, which should have the following or similar information:
+
+ Process '\Device\HarddiskVolume1\Program Files\Internet Explorer\iexplore.exe' (PID 4692) was blocked from creating a child process 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' with command line '"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4692 CREDAT:75009 /prefetch:2'.
+
+
+## Use audit mode to measure impact
+
+As with other Windows Defender EG features, you can enable Exploit Protection in audit mode. You can enable audit mode for individual mitigations.
+
+This lets you see a record of what *would* have happened if you had enabled the mitigation.
+
+You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious or malicious events generally occur over a certain period.
+
+See the [**PowerShell reference** section in the Customize Exploit Protection topic](customize-exploit-protection.md#powershell-reference) for a list of which mitigations can be audited and instructions on enabling the mode.
+
+For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
+
+
+
+## Related topics
+- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
+- [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md)
+- [Enable Exploit Protection](enable-exploit-protection.md)
+- [Configure and audit Exploit Protection mitigations](customize-exploit-protection.md)
+- [Import, export, and deploy Exploit Protection configurations](import-export-exploit-protection-emet-xml.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md
new file mode 100644
index 0000000000..41d3ca0276
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md
@@ -0,0 +1,115 @@
+---
+title: Conduct a demo to see how Network Protection works
+description: Quickly see how Network Protection works by performing common scenarios that it protects against
+keywords: Network Protection, exploits, malicious website, ip, domain, domains, evaluate, test, demo
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+# Evaluate Network Protection
+
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Group Policy
+- PowerShell
+
+
+
+Network Protection is a feature that is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
+
+It helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
+
+This topic helps you evaluate Network Protection by enabling the feature and guiding you to a testing site.
+
+>[!NOTE]
+>The site will replicate the behavior that would happen if a user visted a malicious site or domain. The sites in this evaluation topic are not malicious, they are specially created websites that pretend to be malicious.
+
+## Enable Network Protection
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+ ```PowerShell
+ Set-MpPreference -EnableNetworkProtection Enabled
+ ```
+
+You can also carry out the processes described in this topic in audit or disabled mode to see how the feature will work. Use the same PowerShell cmdlet as above, but replace `Enabled` with either `AuditMode` or `Disabled`.
+
+### Visit a (fake) malicious domain
+
+1. Open Internet Explorer, Google Chrome, or any other browser of your choice.
+
+1. Go to [https://smartscreentestratings2.net](https://smartscreentestratings2.net).
+
+You will get a 403 Forbidden response in the browser, and you will see a notification that the network connnection was blocked.
+
+
+
+
+ ## Review Network Protection events in Windows Event Viewer
+
+You can also review the Windows event log to see the events there were created when performing the demo:
+
+1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
+
+2. On the left panel, under **Actions**, click **Import custom view...**
+
+3. Navigate to the Exploit Guard Evaluation Package, and select the file *np-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
+
+4. Click **OK**.
+
+5. This will create a custom view that filters to only show the following events related to Network Protection:
+
+Event ID | Description
+-|-
+5007 | Event when settings are changed
+1125 | Event when rule fires in Audit-mode
+1126 | Event when rule fires in Block-mode
+
+
+## Use audit mode to measure impact
+
+You can also enable the Network Protection feature in audit mode. This lets you see a record of what IPs and domains would have been blocked if the feature were enabled.
+
+You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how often the feature will block connections during normal use.
+
+To enable audit mode, use the following PowerShell cmdlet:
+
+```PowerShell
+Set-MpPreference -EnableNetworkProtection AuditMode
+```
+
+
+>[!TIP]
+>If you want to fully audit how Network Protection will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
+You can also use Group Policy, Intune, or MDM CSPs to configure and deploy the setting, as described in the main [Network Protection topic](network-protection-exploit-guard.md).
+
+
+
+
+ ## Related topics
+
+- [Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md)
+- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
+- [Use audit mode to evaluate Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md
new file mode 100644
index 0000000000..7f93a40671
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md
@@ -0,0 +1,55 @@
+---
+title: Evaluate the impact of Windows Defender Exploit Guard
+description: Use our evaluation guides to quickly enable and configure features, and test them against common attack scenarios
+keywords: evaluate, guides, evaluation, exploit guard, controlled folder access, attack surface reduction, exploit protection, network protection, test, demo
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+
+# Evaluate Windows Defender Exploit Guard
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+Windows Defender Exploit Guard is a new collection of tools and features that help you keep your network safe from exploits. Exploits are infection vectors for malware that rely on vulnerabilities in software.
+
+Windows Defender Exploit Guard is comprised of four features. We've developed evaluation guides for each of the features so you can easily and quickly see how they work and determine if they are suitable for your organization.
+
+Before you begin, you should read the main [Windows Defender Exploit Guard](windows-defender-exploit-guard.md) topic to get an understanding of each of the features and what their prerequisutes are.
+
+
+- [Evaluate Attack Surface Reduction](evaluate-attack-surface-reduction.md)
+- [Evaluate Controlled Folder Access](evaluate-controlled-folder-access.md)
+- [Evaluate Exploit Protection](evaluate-exploit-protection.md)
+- [Evaluate Network Protection](evaluate-network-protection.md)
+
+You might also be interested in enabling the features in audit mode - which allows you to see how the features work in the real world without impacting your organization or employee's work habits:
+
+- [Use audit mode to evaluate Windows Defender Exploit Guard features](audit-windows-defender-exploit-guard.md)
+
+## Related topics
+
+Topic | Description
+---|---
+- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
+- [Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md)
+- [Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md)
+- [Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
new file mode 100644
index 0000000000..2e4142e7ae
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
@@ -0,0 +1,183 @@
+---
+title: Import custom views to see Windows Defender Exploit Guard events
+description: Use Windows Event Viewer to import individual views for each of the features.
+keywords: event view, exploit guard, audit, review, events
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.date: 08/25/2017
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+
+---
+
+
+# Reduce attack surfaces with Windows Defender Exploit Guard
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+Each of the four features in Windows Defender Exploit Guard allow you to review events in the Windos Event log. This is useful so you can monitor what rules or settings are working, and determine if any settings are too "noisy" or impacting your day to day workflow.
+
+Reviewing the events is also handy when you are evaluating the features, as you can enable audit mode for the features or settings, and then review what would have happened if they were fully enabled.
+
+This topic lists all the events, their associated feature or setting, and describes how to create custom views to filter to specific events.
+
+## Use custom views to review Windows Defender Exploit Guard features
+
+You can create custom views in the Windows Event Viewer to only see events for specific features and settings.
+
+The easiest way to do this is to import a custom view as an XML file. You can obtain XML files for each of the features in the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w), or you can copy the XML directly from this page.
+
+### Import an existing XML custom view
+
+1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the appropraite file to an easily accessible location. The following filenames are each of the custom views:
+ - Controlled Folder Access events custom view: *cfa-events.xml*
+ - Exploit Protection events custom view: *ep-events.xml*
+ - Attack Surface Reduction events custom view: *asr-events.xml*
+ - Network Protection events custom view: *np-events.xml*
+
+1. Type **event viewer** in the Start menu and open the Windows **Event Viewer**.
+
+3. On the left panel, under **Actions**, click **Import Custom View...**
+
+ 
+
+4. Navigate to where you extracted XML file for the custom view you want and select it.
+
+4. Click **Open**.
+
+5. This will create a custom view that filters to only show the [events related to that feature](#list-of-all-windows-defender-exploit-guard-events).
+
+
+### Copy the XML directly
+
+
+1. Type **event viewer** in the Start menu and open the Windows **Event Viewer**.
+
+3. On the left panel, under **Actions**, click **Create Custom View...**
+
+ 
+
+4. Go to the XML tab and click **Edit query manually**. You'll see a warning that you won't be able to edit the query using the **Filter** tab if you use the XML option. Click **Yes**.
+
+5. Paste the XML code for the feature you want to filter events from into the XML section.
+
+4. Click **OK**. Specify a name for your filter.
+
+5. This will create a custom view that filters to only show the [events related to that feature](#list-of-all-windows-defender-exploit-guard-events).
+
+
+
+
+
+### XML for Attack Surface Reduction events
+
+```xml
+
+
+
+
+
+
+```
+
+### XML for Controlled Folder Access events
+
+```xml
+
+
+
+
+
+
+```
+
+### XML for Exploit Protection events
+
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+```
+
+### XML for Network Protection events
+
+```xml
+
+
+
+
+
+
+
+```
+
+
+
+## List of all Windows Defender Exploit Guard events
+
+
+All Windows Defender Exploit Guard events are located under **Applications and Services Logs > Microsoft > Windows** and then the folder or provider as listed in the following table.
+
+Feature | Provider/source | Event ID | Description
+:-|:-|:-:|:-
+Exploit Protection | Security-Mitigations | 1 | ACG audit
+Exploit Protection | Security-Mitigations | 2 | ACG enforce
+Exploit Protection | Security-Mitigations | 3 | Do not allow child processes audit
+Exploit Protection | Security-Mitigations | 4 | Do not allow child processes block
+Exploit Protection | Security-Mitigations | 5 | Block low integrity images audit
+Exploit Protection | Security-Mitigations | 6 | Block low integrity images block
+Exploit Protection | Security-Mitigations | 7 | Block remote images audit
+Exploit Protection | Security-Mitigations | 8 | Block remote images block
+Exploit Protection | Security-Mitigations | 9 | Disable win32k system calls audit
+Exploit Protection | Security-Mitigations | 10 | Disable win32k system calls block
+Exploit Protection | Security-Mitigations | 11 | Code integrity guard audit
+Exploit Protection | Security-Mitigations | 12 | Code integrity guard block
+Exploit Protection | Security-Mitigations | 13 | EAF audit
+Exploit Protection | Security-Mitigations | 14 | EAF enforce
+Exploit Protection | Security-Mitigations | 15 | EAF+ audit
+Exploit Protection | Security-Mitigations | 16 | EAF+ enforce
+Exploit Protection | Security-Mitigations | 17 | IAF audit
+Exploit Protection | Security-Mitigations | 18 | IAF enforce
+Exploit Protection | Security-Mitigations | 19 | ROP StackPivot audit
+Exploit Protection | Security-Mitigations | 20 | ROP StackPivot enforce
+Exploit Protection | Security-Mitigations | 21 | ROP CallerCheck audit
+Exploit Protection | Security-Mitigations | 22 | ROP CallerCheck enforce
+Exploit Protection | Security-Mitigations | 23 | ROP SimExec audit
+Exploit Protection | Security-Mitigations | 24 | ROP SimExec enforce
+Exploit Protection | WER-Diagnostics | 5 | CFG Block
+Exploit Protection | Win32K | 260 | Untrusted Font
+Network Protection | Windows Defender | 5007 | Event when settings are changed
+Network Protection | Windows Defender | 1125 | Event when Network Protection fires in Audit-mode
+Network Protection | Windows Defender | 1126 | Event when Network Protection fires in Block-mode
+Controlled Folder Access | Windows Defender | 5007 | Event when settings are changed
+Controlled Folder Access | Windows Defender | 1124 | Audited Controlled Folder Access event
+Controlled Folder Access | Windows Defender | 1123 | Blocked Controlled Folder Access event
+Attack Surface Reduction | Windows Defender | 5007 | Event when settings are changed
+Attack Surface Reduction | Windows Defender | 1122 | Event when rule fires in Audit-mode
+Attack Surface Reduction | Windows Defender | 1121 | Event when rule fires in Block-mode
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
new file mode 100644
index 0000000000..cc5ba5334b
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
@@ -0,0 +1,125 @@
+---
+title: Apply mitigations to help prevent attacks through vulnerabilities
+keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet
+description: Exploit Protection in Windows 10 provides advanced configuration over the settings offered in EMET.
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+
+# Protect devices from exploits with Windows Defender Exploit Guard
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Windows Defender Security Center app
+- Group Policy
+- PowerShell
+
+
+
+Exploit Protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
+
+It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
+
+Exploit Protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+
+ You [configure these settings using the Windows Defender Security Center app or PowerShell](customize-exploit-protection.md) on an individual machine, and then [export the configuration as an XML file that you can deploy to other machines](import-export-exploit-protection-emet-xml.md). You can use Group Policy to distribute the XML file to multiple devices at once.
+
+ When a mitigation is encountered on the machine, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
+
+ You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Exploit Protection would impact your organization if it were enabled.
+
+ Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) have been included in Exploit Protection, and you can convert and import existing EMET configuration profiles into Exploit Protection.
+
+ >[!IMPORTANT]
+ >If you are currently using EMET you should be aware that [EMET will reach end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with Exploit Protection in Windows 10. You can [convert an existing EMET configuration file into Exploit Protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
+
+
+
+## Requirements
+
+The following requirements must be met before Exploit Protection will work:
+
+Windows 10 version | Windows Defender Advanced Threat Protection
+-|-
+Insider Preview build 16232 or later (dated July 1, 2017 or later) | For full reporting you need a license for [Windows Defender ATP](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
+
+
+ ## Review Exploit Protection events in Windows Event Viewer
+
+You can review the Windows event log to see events that are created when Exploit Protection blocks (or audits) an app:
+
+1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *ep-events.xml* to an easily accessible location on the machine.
+
+2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
+
+3. On the left panel, under **Actions**, click **Import custom view...**
+
+ 
+
+4. Navigate to where you extracted *ep-events.xml* and select it. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
+
+5. Click **OK**.
+
+6. This will create a custom view that filters to only show the following events related to Exploit Protection:
+
+Provider/source | Event ID | Description
+-|:-:|-
+Security-Mitigations | 1 | ACG audit
+Security-Mitigations | 2 | ACG enforce
+Security-Mitigations | 3 | Do not allow child processes audit
+Security-Mitigations | 4 | Do not allow child processes block
+Security-Mitigations | 5 | Block low integrity images audit
+Security-Mitigations | 6 | Block low integrity images block
+Security-Mitigations | 7 | Block remote images audit
+Security-Mitigations | 8 | Block remote images block
+Security-Mitigations | 9 | Disable win32k system calls audit
+Security-Mitigations | 10 | Disable win32k system calls block
+Security-Mitigations | 11 | Code integrity guard audit
+Security-Mitigations | 12 | Code integrity guard block
+Security-Mitigations | 13 | EAF audit
+Security-Mitigations | 14 | EAF enforce
+Security-Mitigations | 15 | EAF+ audit
+Security-Mitigations | 16 | EAF+ enforce
+Security-Mitigations | 17 | IAF audit
+Security-Mitigations | 18 | IAF enforce
+Security-Mitigations | 19 | ROP StackPivot audit
+Security-Mitigations | 20 | ROP StackPivot enforce
+Security-Mitigations | 21 | ROP CallerCheck audit
+Security-Mitigations | 22 | ROP CallerCheck enforce
+Security-Mitigations | 23 | ROP SimExec audit
+Security-Mitigations | 24 | ROP SimExec enforce
+WER-Diagnostics | 5 | CFG Block
+Win32K | 260 | Untrusted Font
+
+
+ ## In this section
+
+Topic | Description
+---|---
+[Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md) | Many of the features in the EMET are now included in Exploit Protection. This topic identifies those features and explains how the features have changed or evolved.
+[Evaluate Exploit Protection](evaluate-exploit-protection.md) | Undertake a demo scenario to see how Exploit Protection mitigations can protect your network from malicious and suspicious behavior.
+[Enable Exploit Protection](enable-exploit-protection.md) | Use Group Policy or PowerShell to enable and manage Exploit Protection in your network.
+[Customize and configure Exploit Protection](customize-exploit-protection.md) | Configure mitigations for the operating system and for individual apps.
+[Import, export, and deploy Exploit Protection configurations](import-export-exploit-protection-emet-xml.md) | Export, import, and deploy the settings across your organization. You can also convert an existing EMET configuration profile and import it into Exploit Protection.
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/asr-notif.png b/windows/threat-protection/windows-defender-exploit-guard/images/asr-notif.png
new file mode 100644
index 0000000000..2f8eb02556
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/asr-notif.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/asr-rules-gp.png b/windows/threat-protection/windows-defender-exploit-guard/images/asr-rules-gp.png
new file mode 100644
index 0000000000..fa6285cb56
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/asr-rules-gp.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/asr-test-tool.png b/windows/threat-protection/windows-defender-exploit-guard/images/asr-test-tool.png
new file mode 100644
index 0000000000..569ee7a256
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/asr-test-tool.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/cfa-allow-app-ps.png b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-allow-app-ps.png
new file mode 100644
index 0000000000..f93dbe34e3
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-allow-app-ps.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/cfa-allow-app.png b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-allow-app.png
new file mode 100644
index 0000000000..6b078ec9d5
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-allow-app.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/cfa-allow-folder-ps.png b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-allow-folder-ps.png
new file mode 100644
index 0000000000..88cd35c6ce
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-allow-folder-ps.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/cfa-audit-gp.png b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-audit-gp.png
new file mode 100644
index 0000000000..89abf15424
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-audit-gp.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/cfa-filecreator.png b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-filecreator.png
new file mode 100644
index 0000000000..96e6874361
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-filecreator.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/cfa-gp-enable.png b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-gp-enable.png
new file mode 100644
index 0000000000..d8f0ccffab
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-gp-enable.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/cfa-notif.png b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-notif.png
new file mode 100644
index 0000000000..62ca8c3021
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-notif.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/cfa-on.png b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-on.png
new file mode 100644
index 0000000000..7441a54834
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-on.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/cfa-prot-folders.png b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-prot-folders.png
new file mode 100644
index 0000000000..a61b54a696
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/cfa-prot-folders.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/ep-prog.png b/windows/threat-protection/windows-defender-exploit-guard/images/ep-prog.png
new file mode 100644
index 0000000000..d36cdd8498
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/ep-prog.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/event-viewer-import.png b/windows/threat-protection/windows-defender-exploit-guard/images/event-viewer-import.png
new file mode 100644
index 0000000000..96d12d3af1
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/event-viewer-import.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/events-create.gif b/windows/threat-protection/windows-defender-exploit-guard/images/events-create.gif
new file mode 100644
index 0000000000..68f057de3a
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/events-create.gif differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/events-import.gif b/windows/threat-protection/windows-defender-exploit-guard/images/events-import.gif
new file mode 100644
index 0000000000..55e77c546f
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/events-import.gif differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/exp-prot-gp.png b/windows/threat-protection/windows-defender-exploit-guard/images/exp-prot-gp.png
new file mode 100644
index 0000000000..d7b921aa69
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/exp-prot-gp.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/np-notif.png b/windows/threat-protection/windows-defender-exploit-guard/images/np-notif.png
new file mode 100644
index 0000000000..69eb1bbeee
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/np-notif.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-app-settings-options.png b/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-app-settings-options.png
new file mode 100644
index 0000000000..01801a519d
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-app-settings-options.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-app-settings.png b/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-app-settings.png
new file mode 100644
index 0000000000..38404d7569
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-app-settings.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-export.png b/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-export.png
new file mode 100644
index 0000000000..3289ace8cf
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-export.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-sys-settings.png b/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-sys-settings.png
new file mode 100644
index 0000000000..53edeb6135
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot-sys-settings.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot.png b/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot.png
new file mode 100644
index 0000000000..5bc0f3e22b
Binary files /dev/null and b/windows/threat-protection/windows-defender-exploit-guard/images/wdsc-exp-prot.png differ
diff --git a/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md b/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md
new file mode 100644
index 0000000000..c864cb9ed7
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md
@@ -0,0 +1,172 @@
+---
+title: Deploy Exploit Protection mitigations across your organization
+keywords: exploit protection, mitigations, import, export, configure, emet, convert, conversion, deploy, install
+description: Use Group Policy to deploy mitigations configuration. You can also convert an existing EMET configuration and import it as an Exploit Protection configuration.
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+
+# Import, export, and deploy Exploit Protection configurations
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Windows Defender Security Center app
+- Group Policy
+- PowerShell
+
+
+
+
+Exploit Protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
+
+It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
+
+Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are now included in Exploit Protection.
+
+You use the Windows Defender Security Center or PowerShell to create a set of mitigations (known as a configuration). You can then export this configuration as an XML file and share it with multiple machines on your network so they all have the same set of mitigation settings.
+
+You can also convert and import an existing EMET configuration XML file into an Exploit Protection configuration XML.
+
+This topic describes how to create a configuration file and deploy it across your network, and how to convert an EMET configuration.
+
+The [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) contains a sample configuration file (name *ProcessMitigation-Selfhost-v4.xml* that you can use to see how the XML structure looks. The sample file also contains settings that have been converted from an EMET configuration. You can open the file in a text editor (such as Notepad) or import it directly into Exploit Protection and then review the settings in the Windows Defender Security Center app, as described further in this topic.
+
+
+
+## Create and export a configuration file
+
+Before you export a configuration file, you need to ensure you have the correct settings.
+
+You should first configure Exploit Protection on a single, dedicated machine. See the [Customize Exploit Protection](customize-exploit-protection.md) topic for descriptions about and instrucitons for configuring mitigations.
+
+When you have configured Exploit Protection to your desired state (including both system-level and app-level mitigations), you can export the file using either the Windows Defender Security Center app or PowerShell.
+
+### Use the Windows Defender Security Center app to export a configuration file
+
+
+1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+
+2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection settings**:
+
+ 
+
+3. At the bottom of the **Exploit protection** section, click **Export settings** and then choose the location and name of the XML file where you want the configuration to be saved.
+
+
+ 
+
+>[!NOTE]
+>When you export the settings, all settings for both app-level and system-level mitigations are saved. This means you don't need to export a file from both the **System settings** and **Program settings** sections - either section will export all settings.
+
+
+### Use PowerShell to export a configuration file
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+ ```PowerShell
+ Get-ProcessMitigation -RegistryConfigFilePath filename.xml
+ ```
+
+Change `filename` to any name or location of your choosing.
+
+> [!IMPORTANT]
+> When you deploy the configuration using Group Policy, all machines that will use the configuration must be able to access the configuration file. Ensure you place the file in a shared location.
+
+
+## Import a configuration file
+
+You can import an Exploit Protection configuration file that you've previously created. You can only use PowerShell to import the configuration file.
+
+After importing, the settings will be instantly applied and can be reviewed in the Windows Defender Security Center app.
+
+### Use PowerShell to import a configuration file
+
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+ ```PowerShell
+ Set-ProcessMitigation -RegistryConfigFilePath filename.xml
+ ```
+
+Change `filename` to the location and name of the Exploit Protection XML file.
+
+>[!IMPORTANT]
+>Ensure you import a configuration file that is created specifically for Exploit Protection. You cannot directly import an EMET configuration file, you must convert it first.
+
+
+## Convert an EMET configuration file to an Exploit Protection configuration file
+
+You can convert an existing EMET configuration file to the new format used by Exploit Protection. You must do this if you want to import an EMET configuration into Exploit Protection in Windows 10.
+
+You can only do this conversion in PowerShell.
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+ ```PowerShell
+ ConvertTo-ProcessMitigationPolicy -EMETFilePath emetFile.xml -OutputFilePath filename.xml
+ ```
+
+Change `emetFile` to the name and location of the EMET configuration file, and change `filename` to whichever location and file name you want to use.
+
+
+## Manage or deploy a configuration
+
+You can use Group Policy to deploy the configuration you've created to multiple machines in your network.
+
+> [!IMPORTANT]
+> When you deploy the configuration using Group Policy, all machines that will use the configuration must be able to access the configuration XML file. Ensure you place the file in a shared location.
+
+### Use Group Policy to distribute the configuration
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+
+3. In the **Group Policy Management Editor** go to **Computer configuration**.
+
+4. Click **Policies** then **Administrative templates**.
+
+5. Expand the tree to **Windows components > Windows Defender Exploit Guard > Exploit Protection**.
+
+ 
+
+6. Double-click the **Use a common set of exploit protection settings** setting and set the option to **Enabled**.
+
+7. In the **Options::** section, enter the location and filename of the Exploit Protection configuration file that you want to use, such as in the following examples:
+ - C:\MitigationSettings\Config.XML
+ - \\Server\Share\Config.xml
+ - https://localhost:8080/Config.xml
+
+8. Click **OK** and [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/en-us/library/ee663280(v=vs.85).aspx).
+
+
+## Related topics
+
+- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
+- [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md)
+- [Evaluate Exploit Protection](evaluate-exploit-protection.md)
+- [Enable Exploit Protection](enable-exploit-protection.md)
+- [Configure and audit Exploit Protection mitigations](customize-exploit-protection.md)
diff --git a/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
new file mode 100644
index 0000000000..2f1e023d45
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
@@ -0,0 +1,95 @@
+---
+title: Use Network Protection to help prevent connections to bad sites
+description: Protect your network by preventing users from accessing known malicious and suspicious network addresses
+keywords: Network Protection, exploits, malicious website, ip, domain, domains
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+
+# Protect your network with Windows Defender Exploit Guard
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+
+**Manageability available with**
+
+- Group Policy
+- PowerShell
+- Configuration service providers for mobile device management
+
+
+Network Protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
+
+It expands the scope of [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md) to block all outboud HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).
+
+It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
+
+Network Protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+
+When Network Protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
+
+You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Network Protection would impact your organization if it were enabled.
+
+
+
+## Requirements
+
+The following requirements must be met before Network Protection will work:
+
+Windows 10 version | Windows Defender Antivirus
+- | -
+Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
+
+
+## Review Network Protection events in Windows Event Viewer
+
+
+You can review the Windows event log to see events that are created when Network Protection blocks (or audits) access to a malicious IP or domain:
+
+1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *np-events.xml* to an easily accessible location on the machine.
+
+1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
+
+2. On the left panel, under **Actions**, click **Import custom view...**
+
+ 
+
+3. Navigate to the Exploit Guard Evaluation Package, and select the file *np-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
+
+4. Click **OK**.
+
+5. This will create a custom view that filters to only show the following events related to Network Protection:
+
+ Event ID | Description
+-|-
+5007 | Event when settings are changed
+1125 | Event when Network Protection fires in Audit-mode
+1126 | Event when Network Protection fires in Block-mode
+
+
+
+
+ ## In this section
+
+Topic | Description
+---|---
+[Evaluate Network Protection](evaluate-network-protection.md) | Undertake aa quick scenario that demonstrate how the feature works, and what events would typically be created.
+[Enable Network Protection](enable-network-protection.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage the Network Protection feature in your network.
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-exploit-guard/prerelease.md b/windows/threat-protection/windows-defender-exploit-guard/prerelease.md
new file mode 100644
index 0000000000..1164534c8a
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/prerelease.md
@@ -0,0 +1,2 @@
+> [!IMPORTANT]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
new file mode 100644
index 0000000000..3df7e0ace2
--- /dev/null
+++ b/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
@@ -0,0 +1,79 @@
+---
+title: Use Windows Defender Exploit Guard to protect your network
+description: Windows Defender EG employs features that help protect your network from threats, including helping prevent ransomware encryption and exploit attacks
+keywords: emet, exploit guard, Controlled Folder Access, Network Protection, Exploit Protection, Attack Surface Reduction, hips, host intrusion prevention system
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
+---
+
+
+
+# Windows Defender Exploit Guard
+
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+[!include[Prerelease information](prerelease.md)]
+
+**Audience**
+
+- Enterprise security administrators
+
+Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees.
+
+There are four features in Windows Defender EG:
+
+- [Exploit Protection](exploit-protection-exploit-guard.md) can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps
+- [Attack Surface Reduction rules](attack-surface-reduction-exploit-guard.md) can reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-, script- and mail-based malware
+- [Network Protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Edge to cover network traffic and connectivity on your organization's devices
+- [Controlled Folder Access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware
+
+
+You can evaluate each feature of Windows Defender EG with the guides at the following link, which provide pre-built PowerShell scripts and testing tools so you can see the features in action:
+- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
+
+
+You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for the features, which provides you with basic event logs that indicate how the feature would have responded if it had been fully enabled. This can be useful when evaluating the impact of Windows Defender EG and to help determine the impact of the features on your network's security.
+
+Windows Defender EG can be managed and reported on in the Windows Defender Security Center as part of the Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies, which also includes:
+- [The Windows Defender ATP console](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
+- [Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
+- [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
+- Windows Defender Device Guard
+- [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md)
+
+You can use the Windows Defender ATP console to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+
+Each of the features in Windows Defender EG have slightly different requirements:
+
+Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | [Windows Defender Advanced Threat Protection license](../windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md)
+-|-|-|-
+Exploit Protection | No requirement | Required for reporting in the Windows Defender ATP console
+Attack Surface Reduction | Must be enabled | Required for reporting in the Windows Defender ATP console
+Network Protection | Must be enabled | Required for reporting in the Windows Defender ATP console
+Controlled Folder Access | Must be enabled | Required for reporting in the Windows Defender ATP console
+
+> [!NOTE]
+> Each feature's requirements are further described in the individual topics in this library.
+
+
+ ## In this library
+
+Topic | Description
+---|---
+[Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md) | Exploit Protection provides you with many of the features in now-retired Enhanced Mitigations Experience Toolkit - and adds additional configuration and technologies. These features can help prevent threats from using vulnerabilities to gain access to your network and devices. You can create a template of settings that can be exported and copied to multiple machines in your network at once.
+[Reduce attack surfaces with Windows Defender Exploit Guard](attack-surface-reduction-exploit-guard.md) | Use pre-built rules to manage mitigations for key attack and infection vectors, such as Office-based malicious macro code and PowerShell, VBScript, and JavaScript scripts.
+[Protect your network with Windows Defender Exploit Guard](network-protection-exploit-guard.md) | Minimize the exposure of your devices from network and web-based infection vectors.
+[Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md) | Prevent unknown or unauthorized apps (including ransomware encryption malware) from writing to sensitive folders, such as folders containing sensitive or business-critical data.
+
+
diff --git a/windows/threat-protection/windows-defender-security-center/images/security-center-custom-flyout.png b/windows/threat-protection/windows-defender-security-center/images/security-center-custom-flyout.png
new file mode 100644
index 0000000000..ea5b039dd9
Binary files /dev/null and b/windows/threat-protection/windows-defender-security-center/images/security-center-custom-flyout.png differ
diff --git a/windows/threat-protection/windows-defender-security-center/images/security-center-custom-notif.png b/windows/threat-protection/windows-defender-security-center/images/security-center-custom-notif.png
new file mode 100644
index 0000000000..363648cbc0
Binary files /dev/null and b/windows/threat-protection/windows-defender-security-center/images/security-center-custom-notif.png differ
diff --git a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index 84618a3d06..00470f7842 100644
--- a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -10,6 +10,8 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
+ms.author: iawilt
+ms.date: 08/25/2017
---
@@ -108,6 +110,43 @@ See the following links for more information on the features in the Windows Defe
- Family options, which include a number of parental controls along with tips and information for keeping kids safe online
- Home users can learn more at the [Help protection your family online in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4013209/windows-10-protect-your-family-online-in-windows-defender)
+## Customize notifications from the Windows Defender Security Center
+
+You can customize notifcations so they show information to users about how to get more help from your organization's help desk.
+
+
+
+This information will also appear as a pop-out window on the Windows Defender Security Center app.
+
+
+
+Users can click on the displayed information to get more help:
+- Clicking **Call** or the phone number will open Skype to start a call to the displayed number
+- Clicking **Email** or the email address will create a new email in the machine's default email app address to the displayed email
+- Clicking **Help portal** or the website URL will open the machine's default web browser and go to the displayed address
+
+
+### Use Group Policy to customize the notification
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+
+3. In the **Group Policy Management Editor** go to **Computer configuration**.
+
+4. Click **Policies** then **Administrative templates**.
+
+5. Expand the tree to **Windows components > Windows Defender Security Center > Enterprise Customization**.
+
+6. Open the **Configure customized contact information** setting and set it to **Enabled**. Click **OK**.
+
+7. Open the **Specify contact company name** setting and set it to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Click **OK**.
+
+8. To ensure the custom notification appear, you must also configure at least one of the following settings by opening them, setting them to **Enabled** and adding the contact information in the field under **Options**:
+ 1. Specify contact email address of Email ID
+ 2. Specify contact phone number or Skype ID
+ 3. Specify contact website
+
+9. Click **OK** after configuring each setting to save your changes.
+
>[!NOTE]
diff --git a/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md b/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md
index 957fc1f33b..f68b1bb523 100644
--- a/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md
+++ b/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md
@@ -9,7 +9,6 @@ ms.pagetype: security
author: eross-msft
ms.localizationpriority: high
---
-
# Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings
**Applies to:**
3](../images/ua-cg-15.png){kind=link}