deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 15:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'public' into patch-141

Browse Source
This commit is contained in:
ImranHabib 2021-03-12 10:15:55 +05:00 committed by GitHub
commit 342764b7fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
487 changed files with 1228 additions and 941 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.openpublishing.redirection.json
View File

@ -13992,12 +13992,12 @@
},
{
"source_path": "windows/manage/sign-up-windows-store-for-business.md",
"redirect_url": "https://docs.microsoft.com/microsoft-store/sign-up-windows-store-for-business",
"redirect_url": "https://docs.microsoft.com/microsoft-store/index.md",
"redirect_document_id": true
},
{
"source_path": "store-for-business/sign-up-windows-store-for-business.md",
"redirect_url": "https://docs.microsoft.com/microsoft-store/sign-up-microsoft-store-for-business",
"redirect_url": "https://docs.microsoft.com/microsoft-store/index.md",
"redirect_document_id": false
},
{

1
store-for-business/TOC.md
View File

@ -3,7 +3,6 @@
## [Sign up and get started](sign-up-microsoft-store-for-business-overview.md)
### [Microsoft Store for Business and Microsoft Store for Education overview](microsoft-store-for-business-overview.md)
### [Prerequisites for Microsoft Store for Business and Education](prerequisites-microsoft-store-for-business.md)
### [Sign up for Microsoft Store for Business or Microsoft Store for Education](sign-up-microsoft-store-for-business.md)
### [Roles and permissions in the Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md)
### [Settings reference: Microsoft Store for Business and Education](settings-reference-microsoft-store-for-business.md)
## [Find and acquire apps](find-and-acquire-apps-overview.md)

12
store-for-business/acquire-apps-microsoft-store-for-business.md
View File

@ -5,16 +5,20 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.date: 10/23/2018
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.reviewer:
manager: dansimp
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 03/10/2021
---
# Acquire apps in Microsoft Store for Business and Education
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
As an admin, you can acquire apps from the Microsoft Store for Business and Education for your employees. Some apps are free, and some have a price. For info on app types that are supported, see [Apps in the Microsoft Store for Business](apps-in-microsoft-store-for-business.md). The following sections explain some of the settings for shopping.
## App licensing model

10
store-for-business/add-unsigned-app-to-code-integrity-policy.md
View File

@ -3,16 +3,16 @@ title: Add unsigned app to code integrity policy (Windows 10)
description: When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device.
ms.assetid: 580E18B1-2FFD-4EE4-8CC5-6F375BE224EA
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store, security
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 10/17/2017
ms.date: 03/10/2021
---
# Add unsigned app to code integrity policy
@ -99,7 +99,7 @@ After you're done, the files are saved to your desktop. You still need to sign t
## <a href="" id="catalog-signing-device-guard-portal"></a>Catalog signing with Device Guard signing portal
To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business. For more information, see [Sign up for the Microsoft Store for Business](sign-up-microsoft-store-for-business.md).
To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business.
Catalog signing is a vital step to adding your unsigned apps to your code integrity policy.

14
store-for-business/index.md
View File

@ -2,21 +2,20 @@
title: Microsoft Store for Business and Education (Windows 10)
description: Welcome to the Microsoft Store for Business and Education. You can use Microsoft Store, to find, acquire, distribute, and manage apps for your organization or school.
ms.assetid: 527E611E-4D47-44F0-9422-DCC2D1ACBAB8
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: high
ms.date: 05/14/2020
ms.date: 03/10/2021
---
# Microsoft Store for Business and Education
**Applies to**
- Windows 10
@ -24,6 +23,11 @@ ms.date: 05/14/2020
Welcome to the Microsoft Store for Business and Education! You can use Microsoft Store to find, acquire, distribute, and manage apps for your organization or school.
> [!IMPORTANT]
> Starting April 14, 2021, all apps that charge a base price above free will no longer be available to buy in the Microsoft Store for Business and Education. If youve already bought a paid app, you can still use it, but no new purchases will be possible from businessstore.microsoft.com or educationstore.microsoft.com. Also, you wont be able to buy additional licenses for apps you already bought. You can still assign and reassign licenses for apps that you already own and use the private store. Apps with a base price of “free” will still be available. This change doesnt impact apps in the Microsoft Store on Windows 10.
>
> Also starting April 14, 2021, you must sign in with your Azure Active Directory (Azure AD) account before you browse Microsoft Store for Business and Education.
## In this section
| Topic | Description |

13
store-for-business/microsoft-store-for-business-overview.md
View File

@ -3,16 +3,16 @@ title: Microsoft Store for Business and Microsoft Store for Education overview (
description: With Microsoft Store for Business and Microsoft Store for Education, organizations and schools can make volume purchases of Windows apps.
ms.assetid: 9DA71F6B-654D-4121-9A40-D473CC654A1C
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.pagetype: store, mobile
ms.mktglfcycl: manage
ms.sitesec: library
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date:
ms.date: 03/10/2021
---
# Microsoft Store for Business and Microsoft Store for Education overview
@ -22,6 +22,9 @@ ms.date:
- Windows 10
- Windows 10 Mobile
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
Designed for organizations, Microsoft Store for Business and Microsoft Store for Education give IT decision makers and administrators in businesses or schools a flexible way to find, acquire, manage, and distribute free and paid apps in select markets to Windows 10 devices in volume. IT administrators can manage Microsoft Store apps and private line-of-business apps in one inventory, plus assign and re-use licenses as needed. You can choose the best distribution method for your organization: directly assign apps to individuals and teams, publish apps to private pages in Microsoft Store, or connect with management solutions for more options.
> [!IMPORTANT]
@ -80,8 +83,6 @@ While not required, you can use a management tool to distribute and manage apps.
The first step for getting your organization started with Store for Business and Education is signing up. Sign up using an existing account (the same one you use for Office 365, Dynamics 365, Intune, Azure, etc.) or well quickly create an account for you. You must be a Global Administrator for your organization.
For more information, see [Sign up for Store for Business and Education](sign-up-microsoft-store-for-business.md).
## Set up
After your admin signs up for the Store for Business and Education, they can assign roles to other employees in your company or school. The admin needs Azure AD User Admin permissions to assign Microsoft Store for Business and Education roles. These are the roles and their permissions.

11
store-for-business/prerequisites-microsoft-store-for-business.md
View File

@ -3,16 +3,16 @@ title: Prerequisites for Microsoft Store for Business and Education (Windows 10)
description: There are a few prerequisites for using Microsoft Store for Business or Microsoft Store for Education.
ms.assetid: CEBC6870-FFDD-48AD-8650-8B0DC6B2651D
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date:
ms.date: 03/10/2021
---
# Prerequisites for Microsoft Store for Business and Education
@ -22,6 +22,9 @@ ms.date:
- Windows 10
- Windows 10 Mobile
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
> [!IMPORTANT]
> Customers who are in the Office 365 GCC environment or are eligible to buy with government pricing cannot use Microsoft Store for Business.

12
store-for-business/roles-and-permissions-microsoft-store-for-business.md
View File

@ -4,19 +4,23 @@ description: The first person to sign in to Microsoft Store for Business or Micr
keywords: roles, permissions
ms.assetid: CB6281E1-37B1-4B8B-991D-BC5ED361F1EE
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 03/01/2019
ms.date: 03/10/2021
---
# Roles and permissions in Microsoft Store for Business and Education
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
The first person to sign in to Microsoft Store for Business or Microsoft Store for Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees.
Microsoft Store for Business and Education has a set of roles that help admins and employees manage access to apps and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access the Store. Global Administrators and global user accounts that are used with other Microsoft services, such as Azure, or Office 365 can sign in to Microsoft Store. Global user accounts have some permissions in Microsoft Store, and Microsoft Store has a set of roles that help IT admins and employees manage access to apps and tasks for Microsoft Store.

12
store-for-business/sign-up-microsoft-store-for-business-overview.md
View File

@ -3,16 +3,16 @@ title: Sign up and get started (Windows 10)
description: IT admins can sign up for the Microsoft Store for Business or Microsoft Store for Education and get started working with apps.
ms.assetid: 87C6FA60-3AB9-4152-A85C-6A1588A20C7B
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 10/03/2019
ms.date: 03/10/2021
---
# Sign up and get started
@ -24,13 +24,15 @@ ms.date: 10/03/2019
IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps.
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
## In this section
| Topic | Description |
| ----- | ----------- |
| [Microsoft Store for Business and Education overview](windows-store-for-business-overview.md) | Learn about Microsoft Store for Business. |
| [Prerequisites for Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) | There are a few prerequisites for using Microsoft Store for Business and Education.](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) |
| [Sign up for Microsoft Store for Business or Microsoft Store for Education](https://docs.microsoft.com/microsoft-store/sign-up-microsoft-store-for-business) | Before you sign up for Store for Business and Education, at a minimum, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Store for Business. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process. |
| [Roles and permissions in Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/roles-and-permissions-microsoft-store-for-business)| The first person to sign in to Microsoft Store for Business and Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. |
| [Settings reference: Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/settings-reference-microsoft-store-for-business) | Microsoft Store for Business and Education has a group of settings that admins use to manage the store. |

105
store-for-business/sign-up-microsoft-store-for-business.md
View File

@ -1,105 +0,0 @@
---
title: Sign up for Microsoft Store for Business or Microsoft Store for Education (Windows 10)
description: Before you sign up for Microsoft Store for Business or Microsoft Store for Education, at a minimum, you'll need an Azure Active Directory (AD) account for your organization, and you'll need to be the global administrator for your organization.
ms.assetid: 296AAC02-5C79-4999-B221-4F5F8CEA1F12
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 10/17/2017
---
# Sign up for Microsoft Store for Business or Microsoft Store for Education
**Applies to**
- Windows 10
- Windows 10 Mobile
Before you sign up for Microsoft Store for Business or Microsoft Store for Education, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Microsoft Store for Business or Microsoft Store for Education. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process.
## Sign up for Microsoft Store
Before signing up for Microsoft Store, make sure you're the global administrator for your organization.
**To sign up for Microsoft Store**
1. Go to [https://www.microsoft.com/business-store](https://www.microsoft.com/business-store), or [https://www.microsoft.com/education-store](https://www.microsoft.com/education-store) and click **Sign up**.
- If you start Microsoft Store sign-up process, and don't have an Azure AD directory for your organization, we'll help you create one. For more info, see [Sign up for Azure AD accounts](#o365-welcome).
<!-- -->
- If you already have an Azure AD directory, you'll [sign in to Store for Business](#sign-in), and then accept Store for Business terms.
![Image showing Microsoft Store for Business page with invitation to sign up, or sign in.](images/wsfb-landing.png)
**To sign up for Azure AD accounts through Office 365 for Business**
- <a href="" id="o365-welcome"></a>Signing up for Microsoft Store will create an Azure AD directory and global administrator account for you. There are just a few steps.
Step 1: About you.
Type the required info and click **Next.**
![Image showing Welcome page for sign up process.](images/wsfb-onboard-1.png)
- Step 2: Create an ID.
We'll use info you provided on the previous page to build your user ID. Check the info and click **Next**.
![Image showing Create your user ID page for sign up process.](images/wsfb-onboard-2.png)
- Step 3: You're in.
Let us know how you'd like to receive a verification code, and click either **Text me**, or **Call me**. We'll send you a verification code
![Image showing confirmation page as part of sign up process.](images/wsfb-onboard-3.png)
- Verification.
Type your verification code and click **Create my account**.
![Image showing verification code step.](images/wsfb-onboard-4.png)
- Save this info.
Be sure to save the portal sign-in page and your user ID info. Click **You're ready to go**.
![Image showing sign-in page and user ID for Microsoft Store for Business.](images/wsfb-onboard-5.png)
- At this point, you'll have an Azure AD directory created with one user account. That user account is the global administrator. You can use that account to sign in to Store for Business.
2. <a href="" id="sign-in"></a>Sign in with your Azure AD account.
![Image showing sign-in page for Microsoft Store for Business.](images/wsfb-onboard-7.png)
3. <a href="" id="accept-terms"></a>Read through and accept Microsoft Store for Business and Education terms.
4. Welcome to the Store for Business. Click **Next** to continue.
![Image showing welcome message for Microsoft Store for business.](images/wsfb-firstrun.png)
## Next steps
After signing up for Microsoft Store for Business or Microsoft Store for Education, you can:
- **Add users to your Azure AD directory**. If you created your Azure AD directory during sign up, additional user accounts are required for employees to install apps you assign to them, or to browse the private store in Store app. For more information, see [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-microsoft-store-for-business.md).
- **Assign roles to employees**. For more information, see [Roles and permissions in Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md).
 
 

19
windows/client-management/mdm/policy-csp-connectivity.md
View File

@ -14,8 +14,6 @@ manager: dansimp
# Policy CSP - Connectivity
<hr/>
<!--Policies-->
@ -47,7 +45,7 @@ manager: dansimp
<a href="#connectivity-allowvpnroamingovercellular">Connectivity/AllowVPNRoamingOverCellular</a>
</dd>
<dd>
<a href="#connectivity-diableprintingoverhttp">Connectivity/DiablePrintingOverHTTP</a>
<a href="#connectivity-disableprintingoverhttp">Connectivity/DisablePrintingOverHTTP</a>
</dd>
<dd>
<a href="#connectivity-disabledownloadingofprintdriversoverhttp">Connectivity/DisableDownloadingOfPrintDriversOverHTTP</a>
@ -595,7 +593,7 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="connectivity-diableprintingoverhttp"></a>**Connectivity/DiablePrintingOverHTTP**
<a href="" id="connectivity-disableprintingoverhttp"></a>**Connectivity/DisablePrintingOverHTTP**
<!--SupportedSKUs-->
<table>
@ -656,7 +654,7 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
@ -730,7 +728,7 @@ If you disable or do not configure this policy setting, users can download print
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
@ -804,7 +802,7 @@ See the documentation for the web publishing and online ordering wizards for mor
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
@ -933,7 +931,7 @@ If you enable this policy, Windows only allows access to the specified UNC paths
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
@ -1005,7 +1003,7 @@ If you disable this setting or do not configure it, the user will be able to cre
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
@ -1016,6 +1014,7 @@ ADMX Info:
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
@ -1028,6 +1027,6 @@ Footnotes:
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 9 - Available in Windows 10, version 2009.
<!--/Policies-->

2
windows/configuration/wcd/wcd-accounts.md
View File

@ -45,7 +45,7 @@ Specifies the settings you can configure when joining a device to a domain, incl
| --- | --- | --- |
| Account | string | Account to use to join computer to domain |
| AccountOU | Enter the full path for the organizational unit. For example: OU=testOU,DC=domain,DC=Domain,DC=com. | Name of organizational unit for the computer account |
| ComputerName | Specify a unique name for the domain-joined computers using %RAND:x%, where x is an integer that includes fewer than 15 digits, or using %SERIAL% characters in the name.</br></br>ComputerName is a string with a maximum length of 15 bytes of content:</br></br>- ComputerName can use ASCII characters (1 byte each) and/or multi-byte characters such as Kanji, so long as you do not exceed 15 bytes of content.</br></br>- ComputerName cannot use spaces or any of the following characters: \{ &#124; \} ~ \[ \\ \] ^ ' : ; < = > ? @ ! " \# $ % ` \( \) + / . , \* &, or contain any spaces.</br></br>- ComputerName cannot use some non-standard characters, such as emoji.</br></br> Computer names that cannot be validated through the DnsValidateName function cannot be used, for example, computer names that only contain numbers (0-9). For more information, see the [DnsValidateName function](https://go.microsoft.com/fwlink/?LinkId=257040). | Specifies the name of the Windows device (computer name on PCs) |
| ComputerName | On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts**. | Specifies the name of the Windows device (computer name on PCs) |
| DomainName | string (cannot be empty) | Specify the name of the domain that the device will join |
| Password | string (cannot be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain. |

7
windows/deployment/update/media-dynamic-update.md
View File

@ -24,7 +24,7 @@ Volume-licensed media is available for each release of Windows 10 in the Volume
## Dynamic Update
Whenever installation of a feature update starts (whether from media or an environment connected to Windows Update), *Dynamic Update* is one of the first steps. Windows 10 Setup contacts a Microsoft endpoint to fetch Dynamic Update packages, and then applies those updates to your operating system installation media. The update packages includes the following kinds of updates:
Whenever installation of a feature update starts (whether from media or an environment connected to Windows Update), *Dynamic Update* is one of the first steps. Windows 10 Setup contacts a Microsoft endpoint to fetch Dynamic Update packages, and then applies those updates to your operating system installation media. The update packages include the following kinds of updates:
- Updates to Setup.exe binaries or other files that Setup uses for feature updates
- Updates for the "safe operating system" (SafeOS) that is used for the Windows recovery environment
@ -44,7 +44,7 @@ You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https
The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in **bold** the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results.
|To find this Dynamic Update packages, search for or check the results here--> |Title |Product |Description (select the **Title** link to see **Details**) |
|To find this Dynamic Update packages, search for or check the results here |Title |Product |Description (select the **Title** link to see **Details**) |
|---------|---------|---------|---------|
|Safe OS Dynamic Update | 2019-08 Dynamic Update... | Windows 10 Dynamic Update, Windows **Safe OS Dynamic Update** | ComponentUpdate: |
|Setup Dynamic Update | 2019-08 Dynamic Update... | Windows 10 Dynamic Update | **SetupUpdate** |
@ -81,6 +81,9 @@ This table shows the correct sequence for applying the various tasks to the file
|Add .NET and .NET cumulative updates | | | 24 |
|Export image | 8 | 17 | 25 |
> [!NOTE]
> Starting in February 2021, the latest cumulative update and servicing stack update will be combined and distributed in the Microsoft Update Catalog as a new combined cumulative update. For Steps 1, 9, and 18 that require the servicing stack update for updating the installation media, you should use the combined cumulative update. For more information on the combined cumulative update, see [Servicing stack updates](https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates).
### Multiple Windows editions
The main operating system file (install.wim) contains multiple editions of Windows 10. Its possible that only an update for a given edition is required to deploy it, based on the index. Or, it might be that all editions need an update. Further, ensure that languages are installed before Features on Demand, and the latest cumulative update is always applied last.

7
windows/deployment/update/servicing-stack-updates.md
View File

@ -29,8 +29,6 @@ Servicing stack updates provide fixes to the servicing stack, the component that
Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
For information about some changes to servicing stack updates, see [Simplifing Deployment of Servicing Stack Updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-on-premises-deployment-of-servicing-stack-updates/ba-p/1646039) on the Windows IT Pro blog.
## When are they released?
Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical."
@ -44,7 +42,6 @@ Both Windows 10 and Windows Server use the cumulative update mechanism, in which
Servicing stack updates must ship separately from the cumulative updates because they modify the component that installs Windows updates. The servicing stack is released separately because the servicing stack itself requires an update. For example, the cumulative update [KB4284880](https://support.microsoft.com/help/4284880/windows-10-update-kb4284880) requires the [May 17, 2018 servicing stack update](https://support.microsoft.com/help/4132216), which includes updates to Windows Update.
## Is there any special guidance?
Microsoft recommends you install the latest servicing stack updates for your operating system before installing the latest cumulative update.
@ -58,3 +55,7 @@ Typically, the improvements are reliability and performance improvements that do
* Servicing stack update releases are specific to the operating system version (build number), much like quality updates.
* Search to install latest available [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001).
* Once a servicing stack update is installed, it cannot be removed or uninstalled from the machine.
## Simplifying on-premises deployment of servicing stack updates
With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and later starting with the 2021 2C release, KB4601382.

4
windows/deployment/update/update-compliance-get-started.md
View File

@ -64,10 +64,10 @@ To find your CommercialID within Azure:
## Enroll devices in Update Compliance
Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are two ways to configure devices to use Update Compliance.
Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are two ways to configure devices to use Update Compliance. After you configure devices, it can take up to 72 hours before devices are visible in the solution. Until then, Update Compliance will indicate it is still assessing devices.
> [!NOTE]
> After configuring devices via one of the two methods below, it can take up to 72 hours before devices are visible in the solution. Until then, Update Compliance will indicate it is still assessing devices.
> If you use or plan to use [Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview), follow the steps in [Enroll devices in Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/enroll-devices) to also enroll devices in Update Compliance. You should be aware that the Commercial ID and Log Analytics workspace must be the same for both Desktop Analytics and Update Compliance.
### Configure devices using the Update Compliance Configuration Script

36
windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
View File

@ -29,6 +29,9 @@ ms.topic: article
>- Windows Server 2012
>- Windows Server 2016
>- Windows Server 2019
>- Office 2013*
>- Office 2016*
>- Office 2019*
**Looking for retail activation?**
@ -47,9 +50,9 @@ The process proceeds as follows:
- Install the Volume Activation Services server role on a domain controller and add a KMS host key by using the Volume Activation Tools Wizard.
- Extend the domain to the Windows Server 2012 R2 or higher schema level, and add a KMS host key by using the VAMT.
1. Microsoft verifies the KMS host key, and an activation object is created.
2. Microsoft verifies the KMS host key, and an activation object is created.
1. Client computers are activated by receiving the activation object from a domain controller during startup.
3. Client computers are activated by receiving the activation object from a domain controller during startup.
> [!div class="mx-imgBorder"]
> ![Active Directory-based activation flow](../images/volumeactivationforwindows81-10.jpg)
@ -73,33 +76,33 @@ When a reactivation event occurs, the client queries AD DS for the activation o
1. Use an account with Domain Administrator and Enterprise Administrator credentials to sign in to a domain controller.
1. Launch Server Manager.
2. Launch Server Manager.
1. Add the Volume Activation Services role, as shown in Figure 11.
3. Add the Volume Activation Services role, as shown in Figure 11.
![Adding the Volume Activation Services role](../images/volumeactivationforwindows81-11.jpg)
**Figure 11**. Adding the Volume Activation Services role
1. Click the link to launch the Volume Activation Tools (Figure 12).
4. Click the link to launch the Volume Activation Tools (Figure 12).
![Launching the Volume Activation Tools](../images/volumeactivationforwindows81-12.jpg)
**Figure 12**. Launching the Volume Activation Tools
1. Select the **Active Directory-Based Activation** option (Figure 13).
5. Select the **Active Directory-Based Activation** option (Figure 13).
![Selecting Active Directory-Based Activation](../images/volumeactivationforwindows81-13.jpg)
**Figure 13**. Selecting Active Directory-Based Activation
1. Enter your KMS host key and (optionally) a display name (Figure 14).
6. Enter your KMS host key and (optionally) a display name (Figure 14).
![Choosing how to activate your product](../images/volumeactivationforwindows81-15.jpg)
**Figure 14**. Entering your KMS host key
1. Activate your KMS host key by phone or online (Figure 15).
7. Activate your KMS host key by phone or online (Figure 15).
![Entering your KMS host key](../images/volumeactivationforwindows81-14.jpg)
@ -115,23 +118,18 @@ When a reactivation event occurs, the client queries AD DS for the activation o
>
> - [Office 2019 VL pack](https://www.microsoft.com/download/details.aspx?id=57342)
1. After activating the key, click **Commit**, and then click **Close**.
8. After activating the key, click **Commit**, and then click **Close**.
## Verifying the configuration of Active Directory-based activation
To verify your Active Directory-based activation configuration, complete the following steps:
1. After you configure Active Directory-based activation, start a computer that is running an edition of Windows that is configured by volume licensing.
1. If the computer has been previously configured with a MAK key, replace the MAK key with the GVLK by running the **slmgr.vbs /ipk** command and specifying the GLVK as the new product key.
1. If the computer is not joined to your domain, join it to the domain.
1. Sign in to the computer.
1. Open Windows Explorer, right-click **Computer**, and then click **Properties**.
1. Scroll down to the **Windows activation** section, and verify that this client has been activated.
2. If the computer has been previously configured with a MAK key, replace the MAK key with the GVLK by running the **slmgr.vbs /ipk** command and specifying the GLVK as the new product key.
3. If the computer is not joined to your domain, join it to the domain.
4. Sign in to the computer.
5. Open Windows Explorer, right-click **Computer**, and then click **Properties**.
6. Scroll down to the **Windows activation** section, and verify that this client has been activated.
> [!NOTE]
> If you are using both KMS and Active Directory-based activation, it may be difficult to see whether a client has been activated by KMS or by Active Directory-based activation. Consider disabling KMS during the test, or make sure that you are using a client computer that has not already been activated by KMS. The **slmgr.vbs /dlv** command also indicates whether KMS has been used.

8
windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
View File

@ -237,11 +237,11 @@ After the VM restarts, during OOBE, it's fine to select **Set up for personal us
![Windows setup example 7](images/winsetup7.png)
Once the installation is complete, sign in and verify that you are at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state. You will create multiple checkpoints throughout this lab, which can be used later to go through the process again.
Once the installation is complete, sign in and verify that you are at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state.
![Windows setup example 8](images/winsetup8.png)
To create your first checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM) and run the following:
To create a checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM) and run the following:
```powershell
Checkpoint-VM -Name WindowsAutopilot -SnapshotName "Finished Windows install"
@ -573,9 +573,9 @@ Soon after reaching the desktop, the device should show up in Intune as an **ena
Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure Active Directory credentials and you're all done.
> [!TIP]
> If you recieve a message that "Something went wrong" and it "Looks like we can't connect to the URL for your organization's MDM terms of use" then verify you have correctly [assigned licenses](https://docs.microsoft.com/mem/intune/fundamentals/licenses-assign) to the current user.
> If you receive a message that "Something went wrong" and it "Looks like we can't connect to the URL for your organization's MDM terms of use", verify that you have correctly [assigned licenses](https://docs.microsoft.com/mem/intune/fundamentals/licenses-assign) to the current user.
Windows Autopilot will now take over to automatically join your device into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoints you've created to go through this process again with different settings.
Windows Autopilot will now take over to automatically join your device into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoint you've created to go through this process again with different settings.
## Remove devices from Autopilot

209
windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md Normal file
View File

@ -0,0 +1,209 @@
---
title: Deploying Certificates to Key Trust Users to Enable RDP
description: Learn how to deploy certificates to a Key Trust user to enable remote desktop with supplied credentials
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, remote desktop, RDP
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
author: mapalko
ms.author: mapalko
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 02/22/2021
ms.reviewer:
---
# Deploying Certificates to Key Trust Users to Enable RDP
**Applies To**
- Windows 10, version 1703 or later
- Hybrid deployment
- Key trust
Windows Hello for Business supports using a certificate as the supplied credential when establishing a remote desktop connection to a server or other device. For certificate trust deployments, creation of this certificate occurs at container creation time.
This document discusses an approach for key trust deployments where authentication certificates can be deployed to an existing key trust user.
Three approaches are documented here:
1. Deploying a certificate to hybrid joined devices using an on-premises Active Directory certificate enrollment policy.
1. Deploying a certificate to hybrid or Azure AD joined devices using Simple Certificate Enrollment Protocol (SCEP) and Intune.
1. Working with non-Microsoft enterprise certificate authorities.
## Deploying a certificate to a hybrid joined device using an on-premises Active Directory Certificate enrollment policy
### Create a Windows Hello for Business certificate template
1. Sign in to your issuing certificate authority (CA).
1. Open the **Certificate Authority** Console (%windir%\system32\certsrv.msc).
1. In the left pane of the MMC, expand **Certification Authority (Local)**, and then expand your CA within the Certification Authority list.
1. Right-click **Certificate Templates** and then click **Manage** to open the **Certificate Templates** console.
1. Right-click the **Smartcard Logon** template and click **Duplicate Template**
![Duplicating Smartcard Template](images/rdpcert/duplicatetemplate.png)
1. On the **Compatibility** tab:
1. Clear the **Show resulting changes** check box
1. Select **Windows Server 2012 or Windows Server 2012 R2** from the Certification Authority list
1. Select **Windows Server 2012 or Windows Server 2012 R2** from the Certification Recipient list
1. On the **General** tab:
1. Specify a Template display name, such as **WHfB Certificate Authentication**
1. Set the validity period to the desired value
1. Take note of the Template name for later, which should be the same as the Template display name minus spaces (**WHfBCertificateAuthentication** in this example).
1. On the **Extensions** tab, verify the **Application Policies** extension includes **Smart Card Logon**.
1. On the **Subject Name** tab:
1. Select the **Build from this Active Directory** information button if it is not already selected
1. Select **Fully distinguished name** from the **Subject name format** list if Fully distinguished name is not already selected
1. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**
1. On the **Request Handling** tab:
1. Select the **Renew with same key** check box
1. Set the Purpose to **Signature and smartcard logon**
1. Click **Yes** when prompted to change the certificate purpose
1. Click **Prompt the user during enrollment**
1. On the **Cryptography** tab:
1. Set the Provider Category to **Key Storage Provider**
1. Set the Algorithm name to **RSA**
1. Set the minimum key size to **2048**
1. Select **Requests must use one of the following providers**
1. Tick **Microsoft Software Key Storage Provider**
1. Set the Request hash to **SHA256**
1. On the **Security** tab, add the security group that you want to give **Enroll** access to. For example, if you want to give access to all users, select the **Authenticated** users group, and then select Enroll permissions for them .
1. Click **OK** to finalize your changes and create the new template. Your new template should now appear in the list of Certificate Templates.
1. Close the Certificate Templates console.
1. Open an elevated command prompt and change to a temporary working directory.
1. Execute the following command:
certutil -dstemplate \<TemplateName\> \> \<TemplateName\>.txt
Replace \<TemplateName\> with the Template name you took note of earlier in step 7.
1. Open the text file created by the command above.
1. Delete the last line of the output from the file that reads **CertUtil: -dsTemplate command completed successfully.**
1. Modify the line that reads **pKIDefaultCSPs = "1,Microsoft Software Key Storage Provider"** to **pKIDefaultCSPs = "1,Microsoft Passport Key Storage Provider"**
1. Save the text file.
1. Update the certificate template by executing the following command:
certutil - dsaddtemplate \<TemplateName\>.txt
1. In the Certificate Authority console, right-click **Certificate Templates**, select **New**, and select **Certificate Template to Issue**
![Selecting Certificate Template to Issue](images/rdpcert/certificatetemplatetoissue.png)
1. From the list of templates, select the template you previously created (**WHFB Certificate Authentication**) and click **OK**. It can take some time for the template to replicate to all servers and become available in this list.
1. After the template replicates, in the MMC, right-click in the Certification Authority list, click **All Tasks** and then click **Stop Service**. Right-click the name of the CA again, click **All Tasks**, and then click **Start Service**.
### Requesting a Certificate
1. Ensure the hybrid Azure AD joined device has network line of sight to Active Directory domain controllers and the issuing certificate authority.
1. Start the **Certificates Current User** console (%windir%\system32\certmgr.msc).
1. In the left pane of the MMC, right-click **Personal**, click **All Tasks**, and then click **Request New Certificate…**
![Request a new certificate](images/rdpcert/requestnewcertificate.png)
1. On the Certificate Enrollment screen, click **Next**.
1. Under Select Certificate Enrollment Policy, ensure **Active Directory Enrollment Policy** is selected and then click **Next**.
1. Under Request Certificates, click the check-box next to the certificate template you created in the previous section (WHfB Certificate Authentication) and then click **Enroll**.
1. After a successful certificate request, click Finish on the Certificate Installation Results screen
## Deploying a certificate to Hybrid or Azure AD Joined Devices using Simple Certificate Enrollment Protocol (SCEP) via Intune
Deploying a certificate to Azure AD Joined Devices may be achieved with the Simple Certificate Enrollment Protocol (SCEP) via Intune. For guidance deploying the required infrastructure, refer to [Configure infrastructure to support SCEP certificate profiles with Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/certificates-scep-configure).
Next you should deploy the root CA certificate (and any other intermediate certificate authority certificates) to Azure AD Joined Devices using a Trusted root certificate profile with Intune. For guidance, refer to [Create trusted certificate profiles in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/certificates-trusted-root).
Once these requirements have been met, a new device configuration profile may be configured from Intune that provisions a certificate for the user of the device. Proceed as follows:
1. Sign in to the Microsoft [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to Devices \> Configuration Profiles \> Create profile.
1. Enter the following properties:
1. For Platform, select **Windows 10 and later**.
1. For Profile, select **SCEP Certificate**.
1. Click **Create**.
1. In **Basics**, enter the following parameters:
1. **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify them later. For example, a good profile name is SCEP profile for entire company.
1. **Description**: Enter a description for the profile. This setting is optional, but recommended.
1. Select **Next**.
1. In the **Configuration settings**, complete the following:
1. For Certificate Type, choose **User**.
1. For Subject name format, set it to **CN={{UserPrincipalName}}**.
1. Under Subject alternative name, select **User principal name (UPN)** from the drop-down menu and set the value to **CN={{UserPrincipalName}}**.
1. For Certificate validity period, set a value of your choosing.
1. For Key storage provider (KSP), choose **Enroll to Windows Hello for Business, otherwise fail (Windows 10 and later)**.
1. For Key usage, choose **Digital Signature**.
1. For Key size (bits), choose **2048**.
1. For Hash algorithm, choose **SHA-2**.
1. Under Root Certificate, click **+Root Certificate** and select the trusted certificate profile you created earlier for the Root CA Certificate.
1. Under Extended key usage, add the following:
| Name | Object Identifier | Predefined Values |
|------|-------------------|-------------------|
| Smart Card Logon | 1.3.6.1.4.1.311.20.2.2 | Smart Card Logon |
| Client Authentication | 1.3.6.1.5.5.7.3.2 | Client Authentication |
1. For Renewal threshold (%), set a value of your choosing.
1. For SCEP Server URLs, provide the public endpoint that you configured during the deployment of your SCEP infrastructure.
1. Click **Next**
1. In Assignments, target the devices or users who should receive a certificate and click **Next**
1. In Applicability Rules, provide additional issuance restrictions if required and click **Next**
1. In Review + create, click **Create**
Once the configuration profile has been created, targeted clients will receive the profile from Intune on their next refresh cycle. You should find a new certificate in the user store. To validate the certificate is present, do the following steps:
1. Open the Certificates - Current User console (%windir%\system32\certmgr.msc)
1. In the left pane of the MMC, expand **Personal** and select **Certificates**
1. In the right-hand pane of the MMC, check for the new certificate
> [!NOTE]
> This infrastructure may also deploy the same certificates to co-managed or modern-managed Hybrid AAD-Joined devices using Intune Policies.
## Using non-Microsoft Enterprise Certificate Authorities
If you are using a Public Key Infrastructure that uses non-Microsoft services, the certificate templates published to the on-premises Active Directory may not be available. For guidance with integration of Intune/SCEP with non-Microsoft PKI deployments, refer to [Use third-party certification authorities (CA) with SCEP in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/certificate-authority-add-scep-overview).
As an alternative to using SCEP or if none of the previously covered solutions will work in your environment, you can manually generate Certificate Signing Requests (CSR) for submission to your PKI. To assist with this approach, you can use the [Generate-CertificateRequest](https://www.powershellgallery.com/packages/Generate-CertificateRequest) PowerShell commandlet.
The Generate-CertificateRequest commandlet will generate an .inf file for a pre-existing Windows Hello for Business key. The .inf can be used to generate a certificate request manually using certreq.exe. The commandlet will also generate a .req file, which can be submitted to your PKI for a certificate.
## RDP Sign-in with Windows Hello for Business Certificate Authentication
After adding the certificate using an approach from any of the previous sections, you should be able to RDP to any Windows device or server in the same Forest as the users on-premises Active Directory account, provided the PKI certificate chain for the issuing certificate authority is deployed to that target server.
1. Open the Remote Desktop Client (%windir%\system32\mstsc.exe) on the Hybrid AAD-Joined client where the authentication certificate has been deployed.
1. Attempt an RDP session to a target server.
1. Use the certificate credential protected by your Windows Hello for Business gesture.

4
windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
View File

@ -1,6 +1,6 @@
---
title: Remote Desktop
description: Learn how Windows Hello for Business supports using a certificate deployed to a WHFB container to a remote desktop to a server or another device.
description: Learn how Windows Hello for Business supports using biometrics with remote desktop
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, remote desktop, RDP
ms.prod: w10
ms.mktglfcycl: deploy
@ -13,7 +13,7 @@ manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 09/16/2020
ms.date: 02/24/2021
ms.reviewer:
---

2
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
View File

@ -22,7 +22,7 @@ ms.reviewer:
**Applies to**
- Windows 10, version 1703 or later
- Hybrid deployment
- Key trust
- Certificate Trust
## Directory Synchronization

BIN
windows/security/identity-protection/hello-for-business/images/rdpcert/certificatetemplatetoissue.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.5 KiB

BIN
windows/security/identity-protection/hello-for-business/images/rdpcert/duplicatetemplate.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.8 KiB

BIN
windows/security/identity-protection/hello-for-business/images/rdpcert/requestnewcertificate.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

2
windows/security/identity-protection/hello-for-business/toc.yml
View File

@ -103,6 +103,8 @@
href: hello-cert-trust-policy-settings.md
- name: Managing Windows Hello for Business in your organization
href: hello-manage-in-organization.md
- name: Deploying Certificates to Key Trust Users to Enable RDP
href: hello-deployment-rdp-certs.md
- name: Windows Hello for Business Features
items:
- name: Conditional Access

11
windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md
View File

@ -32,14 +32,17 @@ Yes.
**Suspend** keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive. By storing this key unencrypted, the **Suspend** option allows for changes or upgrades to the computer without the time and cost of decrypting and re-encrypting the entire drive. After the changes are made and BitLocker is again enabled, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade, the volume master key is changed, the protectors are updated to match and the clear key is erased.
## Do I have to decrypt my BitLocker-protected drive to download and install system updates and upgrades?
## Do I have to suspend BitLocker protection to download and install system updates and upgrades?
No user action is required for BitLocker in order to apply updates from Microsoft, including [Windows quality updates and feature updates](https://technet.microsoft.com/itpro/windows/manage/waas-quick-start).
Users need to suspend BitLocker for Non-Microsoft software updates, such as:
- Computer manufacturer firmware updates
- TPM firmware updates
- Non-Microsoft application updates that modify boot components
- Some TPM firmware updates if these updates clear the TPM outside of the Windows API. Not every TPM firmware update will clear the TPM and this happens if a known vulnerability has been discovered in the TPM firmware. Users dont have to suspend BitLocker if the TPM firmware update uses Windows API to clear the TPM because in this case, BitLocker will be automatically suspended. We recommend users testing their TPM firmware updates if they dont want to suspend BitLocker protection.
- Non-Microsoft application updates that modify the UEFI\BIOS configuration.
- Manual or third-party updates to secure boot databases (only if BitLocker uses Secure Boot for integrity validation).
- Updates to UEFI\BIOS firmware, installation of additional UEFI drivers, or UEFI applications without using the Windows update mechanism (only if you update and BitLocker does not use Secure Boot for integrity validation).
- You can check if BitLocker uses Secure Boot for integrity validation with manage-bde -protectors -get C: (and see if "Uses Secure Boot for integrity validation" is reported).
> [!NOTE]
> If you have suspended BitLocker, you can resume BitLocker protection after you have installed the upgrade or update. Upon resuming protection, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade or update. If these types of upgrades or updates are applied without suspending BitLocker, your computer will enter recovery mode when restarting and will require a recovery key or password to access the computer.

2
windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
View File

@ -458,7 +458,7 @@ contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,conto
Value format without proxy:
```console
contoso.sharepoint.com,|contoso.visualstudio.com,|contoso.onedrive.com,
contoso.sharepoint.com|contoso.visualstudio.com|contoso.onedrive.com,
```
### Protected domains

1
windows/security/threat-protection/TOC.md
View File

@ -269,6 +269,7 @@
### [Microsoft Defender for Endpoint for iOS]()
#### [Overview of Microsoft Defender for Endpoint for iOS](microsoft-defender-atp/microsoft-defender-atp-ios.md)
#### [What's New](microsoft-defender-atp/ios-whatsnew.md)
#### [Deploy]()
##### [Deploy Microsoft Defender for Endpoint for iOS via Intune](microsoft-defender-atp/ios-install.md)

2
windows/security/threat-protection/change-history-for-threat-protection.md
View File

@ -1,5 +1,5 @@
---
title: "Change history for [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)"
title: "Change history for [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)"
ms.reviewer:
ms.author: dansimp
description: This topic lists new and updated topics in the Defender for Endpoint content set.

4
windows/security/threat-protection/index.md
View File

@ -20,13 +20,13 @@ ms.technology: mde
# Threat Protection
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
[Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Defender for Endpoint protects endpoints from cyber threats, detects advanced attacks and data breaches, automates security incidents, and improves security posture.
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
> [!TIP]
> Enable your users to access cloud services and on-premises applications with ease and enable modern management capabilities for all devices. For more information, see [Secure your remote workforce](https://docs.microsoft.com/enterprise-mobility-security/remote-work/).

2
windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Microsoft Defender AV Assessment section in the Update Compliance add-in.

2
windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you might encounter when using the Microsoft Defender AV.

2
windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can perform various Microsoft Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Microsoft Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt.

2
windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can manage and configure Microsoft Defender Antivirus with the following tools:

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
## Use Microsoft Intune to configure scanning options

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Block at first sight provides a way to detect and block new malware within seconds. This protection is enabled by default when certain prerequisite settings are enabled. These settings include cloud-delivered protection, a specified sample submission timeout (such as 50 seconds), and a file-blocking level of high. In most enterprise organizations, these settings are enabled by default with Microsoft Defender Antivirus deployments.

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
When Microsoft Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Microsoft Defender Antivirus cloud service](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md).

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can configure how users of the endpoints on your network can interact with Microsoft Defender Antivirus.

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
View File

@ -22,7 +22,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can exclude certain files, folders, processes, and process-opened files from Microsoft Defender Antivirus scans. Such exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). Exclusions for process-opened files only apply to real-time protection.

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
View File

@ -22,7 +22,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
> [!IMPORTANT]
> Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response (EDR)](../microsoft-defender-atp/overview-endpoint-detection-response.md), [attack surface reduction (ASR) rules](../microsoft-defender-atp/attack-surface-reduction.md), and [controlled folder access](../microsoft-defender-atp/controlled-folders.md). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, add them to the Microsoft Defender for Endpoint [custom indicators](../microsoft-defender-atp/manage-indicators.md).

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
By default, Microsoft Defender Antivirus settings that are deployed via a Group Policy Object to the endpoints in your network will prevent users from locally changing the settings. You can change this in some instances.

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can configure Microsoft Defender Antivirus with a number of tools, including:

24
windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
To ensure Microsoft Defender Antivirus cloud-delivered protection works properly, you need to configure your network to allow connections between your endpoints and certain Microsoft servers.
@ -41,16 +41,16 @@ See the blog post [Important changes to Microsoft Active Protection Services end
## Allow connections to the Microsoft Defender Antivirus cloud service
The Microsoft Defender Antivirus cloud service provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides important protection against malware on your endpoints and across your network.
The Microsoft Defender Antivirus cloud service provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it's highly recommended because it provides important protection against malware on your endpoints and across your network.
>[!NOTE]
>The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.
>The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it's called a cloud service, it's not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.
See [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) for details on enabling the service with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app.
After you've enabled the service, you may need to configure your network or firewall to allow connections between it and your endpoints.
Because your protection is a cloud service, computers must have access to the internet and reach the Microsoft Defender for Office 365 machine learning services. Do not exclude the URL `*.blob.core.windows.net` from any kind of network inspection.
Because your protection is a cloud service, computers must have access to the internet and reach the Microsoft Defender for Office 365 machine learning services. Don't exclude the URL `*.blob.core.windows.net` from any kind of network inspection.
The table below lists the services and their associated URLs. Make sure that there are no firewall or network filtering rules denying access to these URLs, or you may need to create an allow rule specifically for them (excluding the URL `*.blob.core.windows.net`). Below mention URLs are using port 443 for communication.
@ -60,14 +60,14 @@ The table below lists the services and their associated URLs. Make sure that the
| Microsoft Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)|Used by Microsoft Defender Antivirus to provide cloud-delivered protection|`*.wdcp.microsoft.com` <br/> `*.wdcpalt.microsoft.com` <br/> `*.wd.microsoft.com`|
| Microsoft Update Service (MU) <br/> Windows Update Service (WU)| Security intelligence and product updates |`*.update.microsoft.com` <br/> `*.delivery.mp.microsoft.com`<br/> `*.windowsupdate.com` <br/><br/> For details see [Connection endpoints for Windows Update](https://docs.microsoft.com/windows/privacy/manage-windows-1709-endpoints#windows-update)|
|Security intelligence updates Alternate Download Location (ADL)| Alternate location for Microsoft Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)| `*.download.microsoft.com` </br> `*.download.windowsupdate.com`</br> `https://fe3cr.delivery.mp.microsoft.com/ClientWebService/client.asmx`|
| Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | `ussus1eastprod.blob.core.windows.net` <br/> `ussus1westprod.blob.core.windows.net` <br/> `usseu1northprod.blob.core.windows.net` <br/> `usseu1westprod.blob.core.windows.net` <br/> `ussuk1southprod.blob.core.windows.net` <br/> `ussuk1westprod.blob.core.windows.net` <br/> `ussas1eastprod.blob.core.windows.net` <br/> `ussas1southeastprod.blob.core.windows.net` <br/> `ussau1eastprod.blob.core.windows.net` <br/> `ussau1southeastprod.blob.core.windows.net` |
| Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | `ussus1eastprod.blob.core.windows.net` <br/> `ussus2eastprod.blob.core.windows.net` <br/> `ussus3eastprod.blob.core.windows.net` <br/> `ussus4eastprod.blob.core.windows.net` <br/> `wsus1eastprod.blob.core.windows.net` <br/> `wsus2eastprod.blob.core.windows.net` <br/> `ussus1westprod.blob.core.windows.net` <br/> `ussus2westprod.blob.core.windows.net` <br/> `ussus3westprod.blob.core.windows.net` <br/> `ussus4westprod.blob.core.windows.net` <br/> `wsus1westprod.blob.core.windows.net` <br/> `wsus2westprod.blob.core.windows.net` <br/> `usseu1northprod.blob.core.windows.net` <br/> `wseu1northprod.blob.core.windows.net` <br/> `usseu1westprod.blob.core.windows.net` <br/> `wseu1westprod.blob.core.windows.net` <br/> `ussuk1southprod.blob.core.windows.net` <br/> `wsuk1southprod.blob.core.windows.net` <br/> `ussuk1westprod.blob.core.windows.net` <br/> `wsuk1westprod.blob.core.windows.net` |
| Certificate Revocation List (CRL)|Used by Windows when creating the SSL connection to MAPS for updating the CRL | `http://www.microsoft.com/pkiops/crl/` <br/> `http://www.microsoft.com/pkiops/certs` <br/> `http://crl.microsoft.com/pki/crl/products` <br/> `http://www.microsoft.com/pki/certs` |
| Symbol Store|Used by Microsoft Defender Antivirus to restore certain critical files during remediation flows | `https://msdl.microsoft.com/download/symbols` |
| Universal Telemetry Client| Used by Windows to send client diagnostic data; Microsoft Defender Antivirus uses telemetry for product quality monitoring purposes | The update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: `vortex-win.data.microsoft.com` <br/> `settings-win.data.microsoft.com`|
## Validate connections between your network and the cloud
After allowing the URLs listed above, you can test if you are connected to the Microsoft Defender Antivirus cloud service and are correctly reporting and receiving information to ensure you are fully protected.
After allowing the URLs listed above, you can test if you're connected to the Microsoft Defender Antivirus cloud service and are correctly reporting and receiving information to ensure you're fully protected.
**Use the cmdline tool to validate cloud-delivered protection:**
@ -84,24 +84,24 @@ For more information, see [Manage Microsoft Defender Antivirus with the mpcmdrun
**Attempt to download a fake malware file from Microsoft:**
You can download a sample file that Microsoft Defender Antivirus will detect and block if you are properly connected to the cloud.
You can download a sample file that Microsoft Defender Antivirus will detect and block if you're properly connected to the cloud.
Download the file by visiting [https://aka.ms/ioavtest](https://aka.ms/ioavtest).
>[!NOTE]
>This file is not an actual piece of malware. It is a fake file that is designed to test if you are properly connected to the cloud.
>This file is not an actual piece of malware. It's a fake file that is designed to test if you're properly connected to the cloud.
If you are properly connected, you will see a warning Microsoft Defender Antivirus notification.
If you're properly connected, you'll see a warning Microsoft Defender Antivirus notification.
If you are using Microsoft Edge, you'll also see a notification message:
If you're using Microsoft Edge, you'll also see a notification message:
![Microsoft Edge informing the user that malware was found](images/defender/wdav-bafs-edge.png)
A similar message occurs if you are using Internet Explorer:
A similar message occurs if you're using Internet Explorer:
![Microsoft Defender Antivirus notification informing the user that malware was found](images/defender/wdav-bafs-ie.png)
You will also see a detection under **Quarantined threats** in the **Scan history** section in the Windows Security app:
You'll also see a detection under **Quarantined threats** in the **Scan history** section in the Windows Security app:
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
In Windows 10, application notifications about malware detection and remediation are more robust, consistent, and concise.

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can exclude files that have been opened by specific processes from Microsoft Defender Antivirus scans. See [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists.

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Microsoft Defender Antivirus uses several methods to provide threat protection:

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Always-on protection consists of real-time protection, behavior monitoring, and heuristics to identify malware based on known suspicious and malicious activities.

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
When Microsoft Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Microsoft Defender Antivirus should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats.

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.date: 02/10/2021
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions).

2
windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Microsoft Defender Antivirus scans.

2
windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Microsoft Defender Antivirus scans.

2
windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can deploy, manage, and report on Microsoft Defender Antivirus in a number of ways.

2
windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Depending on the management tool you are using, you may need to specifically enable or configure Microsoft Defender Antivirus protection.

2
windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
In addition to standard on-premises or hardware configurations, you can also use Microsoft Defender Antivirus in a remote desktop (RDS) or virtual desktop infrastructure (VDI) environment.

26
windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
View File

@ -6,12 +6,12 @@ search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.mktglfcycl: detect
ms.sitesec: library
ms.localizationpriority: medium
ms.localizationpriority: high
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
audience: ITPro
ms.date: 02/03/2021
ms.date: 03/10/2021
ms.reviewer:
manager: dansimp
ms.technology: mde
@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
- [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge)
> [!NOTE]
@ -41,9 +41,7 @@ Here are some examples:
> [!TIP]
> For more examples and a discussion of the criteria we use to label applications for special attention from security features, see [How Microsoft identifies malware and potentially unwanted applications](../intelligence/criteria.md).
Potentially unwanted applications can increase the risk of your network being infected with actual malware, make malware infections harder to identify, or waste IT resources in cleaning them up.
PUA protection is supported on Windows 10, Windows Server 2019, and Windows Server 2016.
Potentially unwanted applications can increase the risk of your network being infected with actual malware, make malware infections harder to identify, or waste IT resources in cleaning them up. PUA protection is supported on Windows 10, Windows Server 2019, and Windows Server 2016.
## Microsoft Edge
@ -64,9 +62,7 @@ Although potentially unwanted application protection in Microsoft Edge (Chromium
In Chromium-based Edge with PUA protection turned on, Microsoft Defender SmartScreen protects you from PUA-associated URLs.
Admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsoft-edge) how Microsoft Edge and Microsoft Defender SmartScreen work together to protect groups of users from PUA-associated URLs. There are several [group policy settings](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreen-settings) explicitly for Microsoft
Defender SmartScreen available, including [one for blocking PUA](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can
[configure Microsoft Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Microsoft Defender SmartScreen on or off.
Security admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsoft-edge) how Microsoft Edge and Microsoft Defender SmartScreen work together to protect groups of users from PUA-associated URLs. There are several [group policy settings](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreen-settings) explicitly for Microsoft Defender SmartScreen available, including [one for blocking PUA](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can [configure Microsoft Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Microsoft Defender SmartScreen on or off.
Although Microsoft Defender for Endpoint has its own block list based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md) in the Microsoft Defender for Endpoint portal, Microsoft Defender SmartScreen respects the new settings.
@ -77,9 +73,7 @@ The potentially unwanted application (PUA) protection feature in Microsoft Defen
> [!NOTE]
> This feature is available in Windows 10, Windows Server 2019, and Windows Server 2016.
Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine.
When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification is prefaced with `PUA:` to indicate its content.
Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine. When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification is prefaced with `PUA:` to indicate its content.
The notification appears in the usual [quarantine list within the Windows Security app](microsoft-defender-security-center-antivirus.md#detection-history).
@ -112,13 +106,21 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
#### Use Group Policy to configure PUA protection
1. Download and install [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157)
2. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)).
3. Select the Group Policy Object you want to configure, and then choose **Edit**.
4. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
5. Expand the tree to **Windows Components** > **Microsoft Defender Antivirus**.
6. Double-click **Configure detection for potentially unwanted applications**.
7. Select **Enabled** to enable PUA protection.
8. In **Options**, select **Block** to block potentially unwanted applications, or select **Audit Mode** to test how the setting works in your environment. Select **OK**.
9. Deploy your Group Policy object as you usually do.
#### Use PowerShell cmdlets to configure PUA protection

2
windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md
View File

@ -22,7 +22,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
> [!NOTE]
> The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.

2
windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Use this guide to determine how well Microsoft Defender Antivirus protects you from viruses, malware, and potentially unwanted applications.

2
windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md
View File

@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 device.

2
windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Microsoft Defender Antivirus allows you to determine if updates should (or should not) occur after certain events, such as at startup or after receiving specific reports from the cloud-delivered protection service.

2
windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Microsoft Defender Antivirus lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis.

2
windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Microsoft Defender Antivirus lets you determine when it should look for and download updates.

2
windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=22146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=22154037)
<a id="protection-updates"></a>
<!-- this has been used as anchor in VDI content -->

41
windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
View File

@ -13,7 +13,7 @@ ms.author: deniseb
ms.custom: nextgen
ms.reviewer: pahuijbr
manager: dansimp
ms.date: 03/05/2021
ms.date: 03/10/2021
ms.technology: mde
---
@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
There are two types of updates related to keeping Microsoft Defender Antivirus up to date:
@ -78,6 +78,23 @@ All our updates contain
<br/><br/>
<details>
<summary> February-2021 (Platform: 4.18.2102.3 | Engine: 1.1.17900.7)</summary>
&ensp;Security intelligence update version: **1.333.7.0**
&ensp;Released: **March 9, 2021**
&ensp;Platform: **4.19.2102.3**
&ensp;Engine: **1.1.17900.7**
&ensp;Support phase: **Security and Critical Updates**
### What's new
- Improved service recovery through [tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md)
- Extend tamper protection scope
### Known Issues
No known issues
<br/>
</details><details>
<summary> January-2021 (Platform: 4.18.2101.9 | Engine: 1.1.17800.5)</summary>
&ensp;Security intelligence update version: **1.327.1854.0**
@ -114,7 +131,13 @@ No known issues
### Known Issues
No known issues
<br/>
</details><details>
</details>
### Previous version updates: Technical upgrade support only
After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only.
<br/><br/>
<details>
<summary> October-2020 (Platform: 4.18.2010.7 | Engine: 1.1.17600.5)</summary>
&ensp;Security intelligence update version: **1.327.7.0**
@ -134,13 +157,7 @@ No known issues
No known issues
<br/>
</details>
### Previous version updates: Technical upgrade support only
After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only.
<br/><br/>
<details>
</details><details>
<summary> September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)</summary>
&ensp;Security intelligence update version: **1.325.10.0**
@ -334,7 +351,7 @@ Engine: **1.1.16700.2**
- Fixed BSOD on WS2016 with Exchange
- Support platform updates when TMP is redirected to network path
- Platform and engine versions are added to [WDSI](https://www.microsoft.com/wdsi/defenderupdates)
- Platform and engine versions are added to [WDSI](https://www.microsoft.com/en-us/wdsi/defenderupdates) <!-- The preceding URL must include "/en-us" -->
- extend Emergency signature update to [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility)
- Fix 4.18.1911.3 hang
@ -390,7 +407,7 @@ The below table provides the Microsoft Defender Antivirus platform and engine ve
|Windows 10 release |Platform version |Engine version |Support phase |
|:---|:---|:---|:---|
|2004 (20H1) |4.18.2004.6 |1.1.17000.2 | Technical upgrade support (only) |
|2004 (20H1/20H2) |4.18.1909.6 |1.1.17000.2 | Technical upgrade support (only) |
|1909 (19H2) |4.18.1902.5 |1.1.16700.3 | Technical upgrade support (only) |
|1903 (19H1) |4.18.1902.5 |1.1.15600.4 | Technical upgrade support (only) |
|1809 (RS5) |4.18.1807.18075 |1.1.15000.2 | Technical upgrade support (only) |

2
windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Mobile devices and VMs may require more configuration to ensure performance is not impacted by updates.

2
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
## Overview

2
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
## Microsoft Defender Antivirus: Your next-generation protection

2
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
View File

@ -22,7 +22,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Microsoft Defender Antivirus is available on the following editions/versions of Windows Server:
- Windows Server 2019

2
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR).

2
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
In Windows 10, version 1703 and later, the Windows Defender app is part of the Windows Security.

2
windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md
View File

@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
- Microsoft Defender Antivirus
- Microsoft 365

30
windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
View File

@ -14,7 +14,7 @@ audience: ITPro
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
ms.date: 02/17/2021
ms.date: 03/08/2021
ms.technology: mde
---
@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Tamper protection is available for devices that are running one of the following versions of Windows:
@ -64,7 +64,7 @@ Tamper protection doesn't prevent you from viewing your security settings. And,
| Turn tamper protection on (or off) for an individual device | [Manage tamper protection on an individual device](#manage-tamper-protection-on-an-individual-device) |
| Turn tamper protection on (or off) for all or part of your organization using Intune <p>Fine-tune tamper protection settings in your organization | [Manage tamper protection for your organization using Intune](#manage-tamper-protection-for-your-organization-using-intune) |
| Turn tamper protection on (or off) for your organization with Configuration Manager | [Manage tamper protection for your organization using tenant attach with Configuration Manager, version 2006](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006) |
| Turn tamper protection on (or off) in the Microsoft Defender Security Center <p>Manage tamper protection across your tenant <p>(Currently in preview) | [Manage tamper protection for your organization using the Microsoft Defender Security Center](#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center) |
| Turn tamper protection on (or off) in the Microsoft Defender Security Center <p>Manage tamper protection across your tenant | [Manage tamper protection for your organization using the Microsoft Defender Security Center](#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center) |
| View details about tampering attempts on devices | [View information about tampering attempts](#view-information-about-tampering-attempts) |
| Review your security recommendations | [Review security recommendations](#review-your-security-recommendations) |
| Review the list of frequently asked questions (FAQs) | [Browse the FAQs](#view-information-about-tampering-attempts) |
@ -85,7 +85,9 @@ Here's what you see in the Windows Security app:
![Tamper protection turned on in Windows 10 Home](images/tamperprotectionturnedon.png)
1. Select **Start**, and start typing *Security*. In the search results, select **Windows Security**.
2. Select **Virus & threat protection** > **Virus & threat protection settings**.
3. Set **Tamper Protection** to **On** or **Off**.
## Manage tamper protection for your organization using Intune
@ -95,9 +97,13 @@ If you are part of your organization's security team, and your subscription incl
### Requirements for managing tamper protection in Intune
- You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations.
- Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.)
- Your Windows devices must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).)
- You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above).
- Your devices must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).)
### Turn tamper protection on (or off) in Intune
@ -105,12 +111,15 @@ If you are part of your organization's security team, and your subscription incl
![Turn tamper protection on with Intune](images/turnontamperprotect-MEM.png)
1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) and sign in with your work or school account.
2. Select **Devices** > **Configuration Profiles**.
3. Create a profile that includes the following settings:
- **Platform: Windows 10 and later**
- **Profile type: Endpoint protection**
- **Category: Microsoft Defender Security Center**
- **Tamper Protection: Enabled**
4. Assign the profile to one or more groups.
### Are you using Windows OS 1709, 1803, or 1809?
@ -120,7 +129,9 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release
#### Use PowerShell to determine whether tamper protection is turned on
1. Open the Windows PowerShell app.
2. Use the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) PowerShell cmdlet.
3. In the list of results, look for `IsTamperProtected`. (A value of *true* means tamper protection is enabled.)
## Manage tamper protection for your organization with Configuration Manager, version 2006
@ -133,9 +144,11 @@ If you're using [version 2006 of Configuration Manager](https://docs.microsoft.c
![Windows security experience in Endpoint Manager](images/win-security- exp-policy-endpt-security.png)
1. Set up tenant attach. See [Microsoft Endpoint Manager tenant attach: Device sync and device actions](https://docs.microsoft.com/mem/configmgr/tenant-attach/device-sync-actions).
2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and choose **+ Create Policy**.<br/>
- In the **Platform** list, select **Windows 10 and Windows Server (ConfigMgr)**.
- In the **Profile** list, select **Windows Security experience (preview)**. <br/>
3. Deploy the policy to your device collection.
### Need help with this?
@ -147,24 +160,29 @@ See the following resources:
## Manage tamper protection for your organization using the Microsoft Defender Security Center
Currently in preview, tamper protection can be turned on or off in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). Here are a few points to keep in mind:
Tamper protection can be turned on or off for your tenant using the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). Here are a few points to keep in mind:
- When you use the Microsoft Defender Security Center to manage tamper protection, you do not have to use Intune or the tenant attach method.
- When you manage tamper protection in the Microsoft Defender Security Center, the setting is applied tenant wide, affecting all of your devices that are running Windows 10, Windows Server 2016, or Windows Server 2019. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either [Intune](#manage-tamper-protection-for-your-organization-using-intune) or [Configuration Manager with tenant attach](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006).
- If you have a hybrid environment, tamper protection settings configured in Intune take precedence over settings configured in the Microsoft Defender Security Center.
- Tamper protection is generally available; however, the ability to manage tamper protection in the Microsoft Defender Security Center is currently in preview.
### Requirements for managing tamper protection in the Microsoft Defender Security Center
- You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations.
- Your Windows devices must be running one of the following versions of Windows:
- Windows 10
- [Windows Server 2019](/windows-server/get-started-19/whats-new-19)
- Windows Server, version [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803) or later
- [Windows Server 2016](/windows-server/get-started/whats-new-in-windows-server-2016)
- For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).
- Your devices must be [onboarded to Microsoft Defender for Endpoint](../microsoft-defender-atp/onboarding.md).
- Your devices must be using anti-malware platform version 4.18.2010.7 (or above) and anti-malware engine version 1.1.17600.5 (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).)
- [Cloud-delivered protection must be turned on](enable-cloud-protection-microsoft-defender-antivirus.md).
### Turn tamper protection on (or off) in the Microsoft Defender Security Center
@ -172,7 +190,9 @@ Currently in preview, tamper protection can be turned on or off in the Microsoft
![Turn tamper protection on in the Microsoft Defender Security Center](images/mde-turn-tamperprotect-on.png)
1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
2. Choose **Settings**.
3. Go to **General** > **Advanced features**, and then turn tamper protection on.
## View information about tampering attempts

2
windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can use Group Policy to prevent users on endpoints from seeing the Microsoft Defender Antivirus interface. You can also prevent them from pausing scans.

2
windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Microsoft Defender Antivirus is built into Windows 10, Windows Server 2019, and Windows Server 2016. Microsoft Defender Antivirus is of your next-generation protection in Microsoft Defender for Endpoint. Next-generation protection helps protect your devices from software threats like viruses, malware, and spyware across email, apps, the cloud, and the web.

2
windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
If Microsoft Defender Antivirus is configured to detect and remediate threats on your device, Microsoft Defender Antivirus quarantines suspicious files. If you are certain a quarantined file is not a threat, you can restore it.

2
windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
After a Microsoft Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results.

2
windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can run an on-demand scan on individual endpoints. These scans will start immediately, and you can define parameters for the scan, such as the location or type.

2
windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
> [!NOTE]

2
windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can specify your level of cloud-delivered protection offered by Microsoft Defender Antivirus by using Microsoft Endpoint Manager (recommended) or Group Policy.

2
windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md
View File

@ -22,7 +22,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can find help here if you encounter issues while migrating from a third-party security solution to Microsoft Defender Antivirus.

2
windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
If you encounter a problem with Microsoft Defender Antivirus, you can search the tables in this topic to find a matching issue and potential solution.

2
windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
> [!IMPORTANT]
> On March 31, 2020, the Microsoft Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.

2
windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can use [Group Policy](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx) to configure and manage Microsoft Defender Antivirus on your endpoints.

2
windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
If you were using Microsoft Endpoint Manager or Microsoft Intune to manage the endpoints on your network, you can now use Microsoft Endpoint Manager to manage Microsoft Defender Antivirus scans.

2
windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
You can use PowerShell to perform various functions in Windows Defender. Similar to the command prompt or command line, PowerShell is a task-based command-line shell and scripting language designed especially for system administration. You can read more about it at the [PowerShell hub on MSDN](https://docs.microsoft.com/previous-versions/msdn10/mt173057(v=msdn.10)).

2
windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Windows Management Instrumentation (WMI) is a scripting interface that allows you to retrieve, modify, and update settings.

2
windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md
View File

@ -22,7 +22,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Microsoft next-generation technologies in Microsoft Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models.

2
windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
View File

@ -18,7 +18,7 @@ ms.technology: mde
# Configure Microsoft Defender Application Guard policy settings
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain.

2
windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
View File

@ -18,7 +18,7 @@ ms.technology: mde
# Prepare to install Microsoft Defender Application Guard
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
## Review system requirements

2
windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
View File

@ -19,7 +19,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization.

4
windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md
View File

@ -21,7 +21,7 @@ ms.technology: mde
# Access the Microsoft Defender Security Center MSSP customer portal
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
@ -29,7 +29,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)

6
windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
View File

@ -20,8 +20,8 @@ ms.technology: mde
# Add or Remove Machine Tags API
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
2154037
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
@ -90,7 +90,7 @@ If successful, this method returns 200 - Ok response code and the updated Machin
Here is an example of a request that adds machine tag.
```
```http
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags
```

2
windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
View File

@ -21,7 +21,7 @@ ms.technology: mde
# Configure advanced features in Defender for Endpoint
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

5
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md
View File

@ -26,8 +26,9 @@ ms.technology: mde
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Use the `AssignedIPAddresses()` function in your advanced hunting queries to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp argument, this function obtains the most recent IP addresses at the specified time.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
View File

@ -23,8 +23,8 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink)

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
View File

@ -24,8 +24,8 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
View File

@ -23,8 +23,8 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
View File

@ -24,8 +24,8 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
View File

@ -23,8 +23,8 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)

3
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
View File

@ -23,8 +23,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)

3
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
View File

@ -23,8 +23,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)

3
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
View File

@ -23,8 +23,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)

Some files were not shown because too many files have changed in this diff Show More