From 1a7878b2f5da494da98c024f680a3ee80e50c2dc Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 17 Jul 2018 14:42:39 -0700 Subject: [PATCH 01/12] add new urls --- ...roxy-internet-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 22fd6a1f44..ff3d61399f 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -90,7 +90,7 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec Service location | Microsoft.com DNS record :---|:--- -Common URLs for all locations | ```*.blob.core.windows.net```
```crl.microsoft.com```
```ctldl.windowsupdate.com```
```events.data.microsoft.com``` +Common URLs for all locations | ```*.blob.core.windows.net```
```crl.microsoft.com```
```ctldl.windowsupdate.com```
```events.data.microsoft.com```
```https://*.microsoftonline-p.com```
```https://*.securitycenter.windows.com```
```https://automatediracs-eus-prd.securitycenter.windows.com```
```https://login.microsoftonline.com```
```https://login.windows.net```
```https://onboardingpackagescusprd.blob.core.windows.net```
```https://secure.aadcdn.microsoftonline-p.com```
```https://securitycenter.onmicrosoft.com```
```https://securitycenter.windows.com```
```https://static2.sharepointonline.com```
European Union | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com``` United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com``` United States | ```us.vortex-win.data.microsoft.com```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com``` From 66f6f2fd136491acef1c48bc325c64eb38c67df5 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 17 Jul 2018 14:44:04 -0700 Subject: [PATCH 02/12] formatting --- ...indows-defender-advanced-threat-protection.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index ff3d61399f..fc596a53b1 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -127,14 +127,14 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover 6. Open *WDATPConnectivityAnalyzer.txt* and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs.

The tool checks the connectivity of Windows Defender ATP service URLs that Windows Defender ATP client is configured to interact with. It then prints the results into the *WDATPConnectivityAnalyzer.txt* file for each URL that can potentially be used to communicate with the Windows Defender ATP services. For example: - ```text - Testing URL : https://xxx.microsoft.com/xxx - 1 - Default proxy: Succeeded (200) - 2 - Proxy auto discovery (WPAD): Succeeded (200) - 3 - Proxy disabled: Succeeded (200) - 4 - Named proxy: Doesn't exist - 5 - Command line proxy: Doesn't exist - ``` + ```text + Testing URL : https://xxx.microsoft.com/xxx + 1 - Default proxy: Succeeded (200) + 2 - Proxy auto discovery (WPAD): Succeeded (200) + 3 - Proxy disabled: Succeeded (200) + 4 - Named proxy: Doesn't exist + 5 - Command line proxy: Doesn't exist + ``` If at least one of the connectivity options returns a (200) status, then the Windows Defender ATP client can communicate with the tested URL properly using this connectivity method.

From ffa3803eba8b4273254fb5c01043bc00ba910fe7 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Sun, 29 Jul 2018 14:55:45 +0300 Subject: [PATCH 03/12] added reboot machine --- ...igate-machines-windows-defender-advanced-threat-protection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index d90a76d961..9db2dfbceb 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -177,6 +177,7 @@ Use the following registry key entry to add a tag on a machine: - Registry key: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\` - Registry key value (string): Group +- Reboot machine ### Add machine tags using the portal From 173ea2f6c171333c180be999285ba68a533eed55 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Sun, 29 Jul 2018 15:47:17 +0300 Subject: [PATCH 04/12] remove device restrictions --- windows/security/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/index.yml b/windows/security/index.yml index 05c303413e..03d6db5682 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -85,7 +85,7 @@ sections: Prevent, detect, investigate, and respond to advanced threats. The following capabilities are available across multiple products that make up the Windows Defender ATP platform.
 
- + From 9a5db65ae5532681ac5f3200133a98749f70cfcf Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Tue, 31 Jul 2018 13:23:52 -0700 Subject: [PATCH 05/12] Update configure-browser-telemetry-for-m365-analytics-include.md --- ...e-browser-telemetry-for-m365-analytics-include.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md index c1431ecc28..6e45dd8f33 100644 --- a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md +++ b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md @@ -4,6 +4,9 @@ [!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)] +>[!IMPORTANT] +>For this policy to work, enable the Allow Telemetry policy with the _Enhanced_ option and enable the Configure the Commercial ID policy by providing the Commercial ID. + ### Supported values |Group Policy |MDM |Registry |Description |Most restricted | @@ -14,13 +17,10 @@ |Enabled |3 |3 |Send both intranet and Internet history | | --- ->>You can find this setting in the following location of the Group Policy Editor: +>>You can find this policy and the related policies in the following location of the Group Policy Editor: >> ->>      **_Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection and Preview Builds\\_** - ->[!IMPORTANT] ->For this policy to work, enable the Allow Telemetry policy with the _Enhanced_ option and enable the Configure the Commercial ID policy by providing the Commercial ID. - +>>**_Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection and Preview Builds\\_** +>>
  • Allow Telemetry
  • Configure the Commercial ID
  • Configure collection of browsing data for Microsoft 365 Analytics
### ADMX info and settings #### ADMX info From e82582492c361b1abb4f49e5100fcc29c92bbe6f Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Tue, 31 Jul 2018 16:41:23 -0700 Subject: [PATCH 06/12] Update how-hardware-based-containers-help-protect-windows.md --- .../how-hardware-based-containers-help-protect-windows.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md b/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md index 7cb2ae0095..bc28e62e7a 100644 --- a/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md +++ b/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md @@ -31,7 +31,7 @@ After successful verification and startup of the device’s firmware and Windows This is where Windows Defender System Guard protection begins with its ability to ensure that only properly signed and secure Windows files and drivers, including third party, can start on the device. At the end of the Windows boot process, System Guard will start the system’s antimalware solution, which scans all third party drivers, at which point the system boot process is completed. In the end, Windows Defender System Guard helps ensure that the system securely boots with integrity and that it hasn’t been compromised before the remainder of your system defenses start. -![Boot time integrity](images/windows-defender-system-guard-boot-time-integrity.png) +![Boot time integrity](../hardware-protection/images/windows-defender-system-guard-boot-time-integrity.png) ## Maintaining integrity of the system after it’s running (run time) @@ -47,5 +47,5 @@ While Windows Defender System Guard provides advanced protection that will help As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or System Center Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources. -![Windows Defender System Guard](images/windows-defender-system-guard-validate-system-integrity.png) +![Windows Defender System Guard](../hardware-protection/images/windows-defender-system-guard-validate-system-integrity.png) From 9c2e2a3ce532e189e49f5551f104e2c7263007a6 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Tue, 31 Jul 2018 16:50:24 -0700 Subject: [PATCH 07/12] Update how-hardware-based-containers-help-protect-windows.md --- .../how-hardware-based-containers-help-protect-windows.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md b/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md index bc28e62e7a..a29c472d90 100644 --- a/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md +++ b/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md @@ -10,6 +10,7 @@ author: justinha ms.date: 07/31/2018 --- + # Windows Defender System Guard: How hardware-based containers help protect Windows 10 Windows 10 uses containers to isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised. From e9d2a3802215460add3e2cf0c7678e81163d8d68 Mon Sep 17 00:00:00 2001 From: Adam Gross Date: Tue, 31 Jul 2018 21:19:27 -0500 Subject: [PATCH 08/12] Update use-upgrade-readiness-to-manage-windows-upgrades.md Added additional Windows target versions. --- .../use-upgrade-readiness-to-manage-windows-upgrades.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md index badacb456b..97bc60f3d0 100644 --- a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md +++ b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.prod: w10 author: jaimeo ms.author: jaimeo -ms.date: 08/30/2017 +ms.date: 07/31/2018 --- # Use Upgrade Readiness to manage Windows upgrades @@ -22,7 +22,7 @@ When you are ready to begin the upgrade process, a workflow is provided to guide Each step in the workflow is enumerated using blue tiles. Helpful data is provided on white tiles to help you get started, to monitor your progress, and to complete each step. ->**Important**: You can use the [Target version](#target-version) setting to evaluate computers that are runnign a specified version of Windows before starting the Upgrade Readiness workflow. By default, the Target version is configured to the released version of Windows 10 for the Current Branch for Business (CBB). +>**Important**: You can use the [Target version](#target-version) setting to evaluate computers that are running a specified version of Windows before starting the Upgrade Readiness workflow. By default, the Target version is configured to the released version of Windows 10 for the Current Branch for Business (CBB). The following information and workflow is provided: @@ -41,11 +41,11 @@ The target version setting is used to evaluate the number of computers that are ![Upgrade overview showing target version](../images/ur-target-version.png) -As mentioned previously, the default target version in Upgrade Readiness is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target version setting is used to evaluate the number of computers that are already running this version of Windows, or a later version. +The default target version in Upgrade Readiness is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target version setting is used to evaluate the number of computers that are already running this version of Windows, or a later version. The number displayed under **Computers upgraded** in the Upgrade Overview blade is the total number of computers that are already running the same or a later version of Windows compared to the target version. It also is used in the evaluation of apps and drivers: Known issues and guidance for the apps and drivers in Upgrade Readiness is based on the target operating system version. -You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, Windows 10 version 1607, and Windows 10 version 1703. +You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, Windows 10 version 1607, Windows 10 version 1703, Windows 10 version 1709 and Windows 10 version 1803. To change the target version setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Readiness solution: From 97a6623ff25b2fb42b701c4b4ab63ab620cf640d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 1 Aug 2018 16:30:30 +0300 Subject: [PATCH 09/12] new urls in troubleshooting --- ...ows-defender-advanced-threat-protection.md | 2 +- ...ows-defender-advanced-threat-protection.md | 159 +++++++++--------- 2 files changed, 85 insertions(+), 76 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index fc596a53b1..23f06ea316 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -90,7 +90,7 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec Service location | Microsoft.com DNS record :---|:--- -Common URLs for all locations | ```*.blob.core.windows.net```
```crl.microsoft.com```
```ctldl.windowsupdate.com```
```events.data.microsoft.com```
```https://*.microsoftonline-p.com```
```https://*.securitycenter.windows.com```
```https://automatediracs-eus-prd.securitycenter.windows.com```
```https://login.microsoftonline.com```
```https://login.windows.net```
```https://onboardingpackagescusprd.blob.core.windows.net```
```https://secure.aadcdn.microsoftonline-p.com```
```https://securitycenter.onmicrosoft.com```
```https://securitycenter.windows.com```
```https://static2.sharepointonline.com```
+Common URLs for all locations | ```*.blob.core.windows.net```
```crl.microsoft.com```
```ctldl.windowsupdate.com```
```events.data.microsoft.com``` European Union | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com``` United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com``` United States | ```us.vortex-win.data.microsoft.com```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com``` diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md index ef5f861a65..36cc71f861 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md @@ -1,76 +1,85 @@ ---- -title: Troubleshoot onboarding issues and error messages -description: Troubleshoot onboarding issues and error message while completing setup of Windows Defender Advanced Threat Protection. -keywords: troubleshoot, troubleshooting, Azure Active Directory, onboarding, error message, error messages, windows defender atp -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: v-tanewt -author: tbit0001 -ms.localizationpriority: medium -ms.date: 11/28/2017 ---- - -# Troubleshoot subscription and portal access issues - -**Applies to:** - -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink) - - -This page provides detailed steps to troubleshoot issues that might occur when setting up your Windows Defender ATP service. - -If you receive an error message, Windows Defender Security Center will provide a detailed explanation on what the issue is and relevant links will be supplied. - -## No subscriptions found - -If while accessing Windows Defender Security Center you get a **No subscriptions found** message, it means the Azure Active Directory (AAD) used to login the user to the portal, does not have a Windows Defender ATP license. - -Potential reasons: -- The Windows E5 and Office E5 licenses are separate licenses. -- The license was purchased but not provisioned to this AAD instance. - - It could be a license provisioning issue. - - It could be you inadvertently provisioned the license to a different Microsoft AAD than the one used for authentication into the service. - -For both cases you should contact Microsoft support at [General Windows Defender ATP Support](https://support.microsoft.com/en-us/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636419533611396913) or -[Volume license support](https://www.microsoft.com/licensing/servicecenter/Help/Contact.aspx). - -![Image of no subscriptions found](images\atp-no-subscriptions-found.png) - -## Your subscription has expired - -If while accessing Windows Defender Security Center you get a **Your subscription has expired** message, your online service subscription has expired. Windows Defender ATP subscription, like any other online service subscription, has an expiration date. - -You can choose to renew or extend the license at any point in time. When accessing the portal after the expiration date a **Your subscription has expired** message will be presented with an option to download the machine offboarding package, should you choose to not renew the license. - -> [!NOTE] -> For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. - -![Image of subscription expired](images\atp-subscription-expired.png) - -## You are not authorized to access the portal - -If you receive a **You are not authorized to access the portal**, be aware that Windows Defender ATP is a security monitoring, incident investigation and response product, and as such, access to it is restricted and controlled by the user. -For more information see, [**Assign user access to the portal**](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection). - -![Image of not authorized to access portal](images\atp-not-authorized-to-access-portal.png) - -## Data currently isn't available on some sections of the portal -If the portal dashboard, and other sections show an error message such as "Data currently isn't available": - -![Image of data currently isn't available](images/atp-data-not-available.png) - -You'll need to whitelist the `securitycenter.windows.com` and all sub-domains under it. For example `*.securitycenter.windows.com`. - - -## Related topics +--- +title: Troubleshoot onboarding issues and error messages +description: Troubleshoot onboarding issues and error message while completing setup of Windows Defender Advanced Threat Protection. +keywords: troubleshoot, troubleshooting, Azure Active Directory, onboarding, error message, error messages, windows defender atp +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-tanewt +author: tbit0001 +ms.localizationpriority: medium +ms.date: 11/28/2017 +--- + +# Troubleshoot subscription and portal access issues + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink) + + +This page provides detailed steps to troubleshoot issues that might occur when setting up your Windows Defender ATP service. + +If you receive an error message, Windows Defender Security Center will provide a detailed explanation on what the issue is and relevant links will be supplied. + +## No subscriptions found + +If while accessing Windows Defender Security Center you get a **No subscriptions found** message, it means the Azure Active Directory (AAD) used to login the user to the portal, does not have a Windows Defender ATP license. + +Potential reasons: +- The Windows E5 and Office E5 licenses are separate licenses. +- The license was purchased but not provisioned to this AAD instance. + - It could be a license provisioning issue. + - It could be you inadvertently provisioned the license to a different Microsoft AAD than the one used for authentication into the service. + +For both cases you should contact Microsoft support at [General Windows Defender ATP Support](https://support.microsoft.com/en-us/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636419533611396913) or +[Volume license support](https://www.microsoft.com/licensing/servicecenter/Help/Contact.aspx). + +![Image of no subscriptions found](images\atp-no-subscriptions-found.png) + +## Your subscription has expired + +If while accessing Windows Defender Security Center you get a **Your subscription has expired** message, your online service subscription has expired. Windows Defender ATP subscription, like any other online service subscription, has an expiration date. + +You can choose to renew or extend the license at any point in time. When accessing the portal after the expiration date a **Your subscription has expired** message will be presented with an option to download the machine offboarding package, should you choose to not renew the license. + +> [!NOTE] +> For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. + +![Image of subscription expired](images\atp-subscription-expired.png) + +## You are not authorized to access the portal + +If you receive a **You are not authorized to access the portal**, be aware that Windows Defender ATP is a security monitoring, incident investigation and response product, and as such, access to it is restricted and controlled by the user. +For more information see, [**Assign user access to the portal**](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection). + +![Image of not authorized to access portal](images\atp-not-authorized-to-access-portal.png) + +## Data currently isn't available on some sections of the portal +If the portal dashboard, and other sections show an error message such as "Data currently isn't available": + +![Image of data currently isn't available](images/atp-data-not-available.png) + +You'll need to whitelist the `securitycenter.windows.com` and all sub-domains under it. For example `*.securitycenter.windows.com`. + + +## Portal communication issues +If you encounter issues with accessing the portal, missing data, or restricted access to portions of the portal, you'll need to verify that the following urls are whitelisted and open for communciation. + +- `*.blob.core.windows.net +crl.microsoft.com` +- `https://*.microsoftonline-p.com` - `https://*.securitycenter.windows.com` - `https://automatediracs-eus-prd.securitycenter.windows.com` - `https://login.microsoftonline.com` - `https://login.windows.net` - `https://onboardingpackagescusprd.blob.core.windows.net` +- `https://secure.aadcdn.microsoftonline-p.com` +- `https://securitycenter.windows.com` - `https://static2.sharepointonline.com` + +## Related topics - [Validate licensing provisioning and complete setup for Windows Defender ATP](licensing-windows-defender-advanced-threat-protection.md) \ No newline at end of file From 91439af860305ecd4c0e387636a6b9a899373d2a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 1 Aug 2018 16:33:38 +0300 Subject: [PATCH 10/12] date --- ...rror-messages-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md index 36cc71f861..d17f45e798 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: v-tanewt author: tbit0001 ms.localizationpriority: medium -ms.date: 11/28/2017 +ms.date: 08/01/2018 --- # Troubleshoot subscription and portal access issues From 67e6c5e6c1c65c64813df529a1b8c23e9a8ee40f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 1 Aug 2018 16:44:37 +0300 Subject: [PATCH 11/12] add note to reg key info --- ...-machines-windows-defender-advanced-threat-protection.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 9db2dfbceb..c6beecee0e 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 05/30/2018 +ms.date: 08/01/2018 --- # Investigate machines in the Windows Defender ATP Machines list @@ -177,7 +177,9 @@ Use the following registry key entry to add a tag on a machine: - Registry key: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\` - Registry key value (string): Group -- Reboot machine + +>[!NOTE] +>The device tag is part of the machine information report that’s generated once a day. As an alternative, you may choose to restart the endpoint that would transfer a new machine information report. ### Add machine tags using the portal From e0112aa77f1cd274ccad47859a59bffbe26d676e Mon Sep 17 00:00:00 2001 From: Patti Short Date: Wed, 1 Aug 2018 17:07:01 +0000 Subject: [PATCH 12/12] Updated configure-browser-telemetry-for-m365-analytics-include.md --- ...rowser-telemetry-for-m365-analytics-include.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md index 6e45dd8f33..2b78b12fed 100644 --- a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md +++ b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md @@ -9,18 +9,19 @@ ### Supported values -|Group Policy |MDM |Registry |Description |Most restricted | -|---|:---:|:---:|---|:---:| -|Disabled or not configured
**(default)** |0 |0 |No data collected or sent |![Most restricted value](../images/check-gn.png) | -|Enabled |1 |1 |Send intranet history only | | -|Enabled |2 |2 |Send Internet history only | | -|Enabled |3 |3 |Send both intranet and Internet history | | +>[!div class="mx-tableFixed"] +>|Group Policy |MDM |Registry |Description |Most restricted | +>|---|:---:|:---:|---|:---:| +>|Disabled or not configured
**(default)** |0 |0 |No data collected or sent |![Most restricted value](../images/check-gn.png) | +>|Enabled |1 |1 |Send intranet history only | | +>|Enabled |2 |2 |Send Internet history only | | +>|Enabled |3 |3 |Send both intranet and Internet history | | --- >>You can find this policy and the related policies in the following location of the Group Policy Editor: >> >>**_Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection and Preview Builds\\_** ->>
  • Allow Telemetry
  • Configure the Commercial ID
  • Configure collection of browsing data for Microsoft 365 Analytics
+>>
  • Allow Telemetry = Enabled, _Enhanced_
  • Configure the Commercial ID = String of the Commercial ID
  • Configure collection of browsing data for Microsoft 365 Analytics
### ADMX info and settings #### ADMX info
Attack surface reductionNext generation protectionEndpoint detection and responseAuto investigation and remediationSecurity posture
[Hardware based isolation](https://docs.microsoft.com/en-us/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows)

[Application control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)

[Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard)

[Network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)

[Device restrictions](https://docs.microsoft.com/en-us/intune/device-restrictions-configure)

[Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)

[Network firewall](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security)

[Attack surface reduction controls](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
[Hardware based isolation](https://docs.microsoft.com/en-us/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows)

[Application control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)

[Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard)

[Network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)

[Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)

[Network firewall](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security)

[Attack surface reduction controls](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)		 [Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)

[Machine learning](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus)

[Automated sandbox service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus)		 [Alerts queue](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection)

[Historical endpoint data](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#machine-timeline)

[Realtime and historical threat hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)

[API and SIEM integration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection)

[Response orchestration](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection)

[Forensic collection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection#collect-investigation-package-from-machines)

[Threat intelligence](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection)

[Advanced detonation and analysis service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#deep-analysis)		 [Automated investigation and remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)

[Threat remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#how-threats-are-remediated)

[Manage automated investigations](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#manage-automated-investigations)

[Analyze automated investigation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#analyze-automated-investigations)