diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 90e5c3177c..d9d9223bc1 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -13992,12 +13992,12 @@ }, { "source_path": "windows/manage/sign-up-windows-store-for-business.md", - "redirect_url": "https://docs.microsoft.com/microsoft-store/sign-up-windows-store-for-business", + "redirect_url": "https://docs.microsoft.com/microsoft-store/index.md", "redirect_document_id": true }, { "source_path": "store-for-business/sign-up-windows-store-for-business.md", - "redirect_url": "https://docs.microsoft.com/microsoft-store/sign-up-microsoft-store-for-business", + "redirect_url": "https://docs.microsoft.com/microsoft-store/index.md", "redirect_document_id": false }, { @@ -16546,9 +16546,10 @@ "redirect_document_id": true }, { - "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md", - "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr", + "source_path": "windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference", "redirect_document_id": false - } - ] + }, + + ] } diff --git a/store-for-business/TOC.md b/store-for-business/TOC.md index bdfb8ea979..797c283b19 100644 --- a/store-for-business/TOC.md +++ b/store-for-business/TOC.md @@ -3,7 +3,6 @@ ## [Sign up and get started](sign-up-microsoft-store-for-business-overview.md) ### [Microsoft Store for Business and Microsoft Store for Education overview](microsoft-store-for-business-overview.md) ### [Prerequisites for Microsoft Store for Business and Education](prerequisites-microsoft-store-for-business.md) -### [Sign up for Microsoft Store for Business or Microsoft Store for Education](sign-up-microsoft-store-for-business.md) ### [Roles and permissions in the Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md) ### [Settings reference: Microsoft Store for Business and Education](settings-reference-microsoft-store-for-business.md) ## [Find and acquire apps](find-and-acquire-apps-overview.md) diff --git a/store-for-business/acquire-apps-microsoft-store-for-business.md b/store-for-business/acquire-apps-microsoft-store-for-business.md index 3989e6d860..3cec119295 100644 --- a/store-for-business/acquire-apps-microsoft-store-for-business.md +++ b/store-for-business/acquire-apps-microsoft-store-for-business.md @@ -5,16 +5,20 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store -author: TrudyHa -ms.author: TrudyHa -ms.date: 10/23/2018 +ms.author: cmcatee +author: cmcatee-MSFT +manager: scotv ms.reviewer: -manager: dansimp ms.topic: conceptual ms.localizationpriority: medium +ms.date: 03/10/2021 --- # Acquire apps in Microsoft Store for Business and Education + +> [!IMPORTANT] +> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md). + As an admin, you can acquire apps from the Microsoft Store for Business and Education for your employees. Some apps are free, and some have a price. For info on app types that are supported, see [Apps in the Microsoft Store for Business](apps-in-microsoft-store-for-business.md). The following sections explain some of the settings for shopping. ## App licensing model diff --git a/store-for-business/add-unsigned-app-to-code-integrity-policy.md b/store-for-business/add-unsigned-app-to-code-integrity-policy.md index c57643bd16..fca2e9d796 100644 --- a/store-for-business/add-unsigned-app-to-code-integrity-policy.md +++ b/store-for-business/add-unsigned-app-to-code-integrity-policy.md @@ -3,16 +3,16 @@ title: Add unsigned app to code integrity policy (Windows 10) description: When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device. ms.assetid: 580E18B1-2FFD-4EE4-8CC5-6F375BE224EA ms.reviewer: -manager: dansimp ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store, security -author: TrudyHa -ms.author: TrudyHa +ms.author: cmcatee +author: cmcatee-MSFT +manager: scotv ms.topic: conceptual ms.localizationpriority: medium -ms.date: 10/17/2017 +ms.date: 03/10/2021 --- # Add unsigned app to code integrity policy @@ -99,7 +99,7 @@ After you're done, the files are saved to your desktop. You still need to sign t ## Catalog signing with Device Guard signing portal -To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business. For more information, see [Sign up for the Microsoft Store for Business](sign-up-microsoft-store-for-business.md). +To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business. Catalog signing is a vital step to adding your unsigned apps to your code integrity policy. diff --git a/store-for-business/index.md b/store-for-business/index.md index 9ec42cc879..ff6016354d 100644 --- a/store-for-business/index.md +++ b/store-for-business/index.md @@ -2,21 +2,20 @@ title: Microsoft Store for Business and Education (Windows 10) description: Welcome to the Microsoft Store for Business and Education. You can use Microsoft Store, to find, acquire, distribute, and manage apps for your organization or school. ms.assetid: 527E611E-4D47-44F0-9422-DCC2D1ACBAB8 -manager: dansimp ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store -author: TrudyHa -ms.author: TrudyHa +ms.author: cmcatee +author: cmcatee-MSFT +manager: scotv ms.topic: conceptual ms.localizationpriority: high -ms.date: 05/14/2020 +ms.date: 03/10/2021 --- # Microsoft Store for Business and Education - **Applies to** - Windows 10 @@ -24,6 +23,11 @@ ms.date: 05/14/2020 Welcome to the Microsoft Store for Business and Education! You can use Microsoft Store to find, acquire, distribute, and manage apps for your organization or school. +> [!IMPORTANT] +> Starting April 14, 2021, all apps that charge a base price above free will no longer be available to buy in the Microsoft Store for Business and Education. If you’ve already bought a paid app, you can still use it, but no new purchases will be possible from businessstore.microsoft.com or educationstore.microsoft.com. Also, you won’t be able to buy additional licenses for apps you already bought. You can still assign and reassign licenses for apps that you already own and use the private store. Apps with a base price of “free” will still be available. This change doesn’t impact apps in the Microsoft Store on Windows 10. +> +> Also starting April 14, 2021, you must sign in with your Azure Active Directory (Azure AD) account before you browse Microsoft Store for Business and Education. + ## In this section | Topic | Description | diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md index 59be6fdc1c..69f8d80a62 100644 --- a/store-for-business/microsoft-store-for-business-overview.md +++ b/store-for-business/microsoft-store-for-business-overview.md @@ -3,16 +3,16 @@ title: Microsoft Store for Business and Microsoft Store for Education overview ( description: With Microsoft Store for Business and Microsoft Store for Education, organizations and schools can make volume purchases of Windows apps. ms.assetid: 9DA71F6B-654D-4121-9A40-D473CC654A1C ms.reviewer: -manager: dansimp ms.prod: w10 ms.pagetype: store, mobile ms.mktglfcycl: manage ms.sitesec: library -author: TrudyHa -ms.author: TrudyHa +ms.author: cmcatee +author: cmcatee-MSFT +manager: scotv ms.topic: conceptual ms.localizationpriority: medium -ms.date: +ms.date: 03/10/2021 --- # Microsoft Store for Business and Microsoft Store for Education overview @@ -22,6 +22,9 @@ ms.date: - Windows 10 - Windows 10 Mobile +> [!IMPORTANT] +> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md). + Designed for organizations, Microsoft Store for Business and Microsoft Store for Education give IT decision makers and administrators in businesses or schools a flexible way to find, acquire, manage, and distribute free and paid apps in select markets to Windows 10 devices in volume. IT administrators can manage Microsoft Store apps and private line-of-business apps in one inventory, plus assign and re-use licenses as needed. You can choose the best distribution method for your organization: directly assign apps to individuals and teams, publish apps to private pages in Microsoft Store, or connect with management solutions for more options. > [!IMPORTANT] @@ -80,8 +83,6 @@ While not required, you can use a management tool to distribute and manage apps. The first step for getting your organization started with Store for Business and Education is signing up. Sign up using an existing account (the same one you use for Office 365, Dynamics 365, Intune, Azure, etc.) or we’ll quickly create an account for you. You must be a Global Administrator for your organization. -For more information, see [Sign up for Store for Business and Education](sign-up-microsoft-store-for-business.md). - ## Set up After your admin signs up for the Store for Business and Education, they can assign roles to other employees in your company or school. The admin needs Azure AD User Admin permissions to assign Microsoft Store for Business and Education roles. These are the roles and their permissions. diff --git a/store-for-business/prerequisites-microsoft-store-for-business.md b/store-for-business/prerequisites-microsoft-store-for-business.md index 0dc7ab9ece..46b104c6f6 100644 --- a/store-for-business/prerequisites-microsoft-store-for-business.md +++ b/store-for-business/prerequisites-microsoft-store-for-business.md @@ -3,16 +3,16 @@ title: Prerequisites for Microsoft Store for Business and Education (Windows 10) description: There are a few prerequisites for using Microsoft Store for Business or Microsoft Store for Education. ms.assetid: CEBC6870-FFDD-48AD-8650-8B0DC6B2651D ms.reviewer: -manager: dansimp ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store -author: TrudyHa -ms.author: TrudyHa +ms.author: cmcatee +author: cmcatee-MSFT +manager: scotv ms.topic: conceptual ms.localizationpriority: medium -ms.date: +ms.date: 03/10/2021 --- # Prerequisites for Microsoft Store for Business and Education @@ -22,6 +22,9 @@ ms.date: - Windows 10 - Windows 10 Mobile +> [!IMPORTANT] +> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md). + > [!IMPORTANT] > Customers who are in the Office 365 GCC environment or are eligible to buy with government pricing cannot use Microsoft Store for Business. diff --git a/store-for-business/roles-and-permissions-microsoft-store-for-business.md b/store-for-business/roles-and-permissions-microsoft-store-for-business.md index 2163e6379a..0368064b89 100644 --- a/store-for-business/roles-and-permissions-microsoft-store-for-business.md +++ b/store-for-business/roles-and-permissions-microsoft-store-for-business.md @@ -4,19 +4,23 @@ description: The first person to sign in to Microsoft Store for Business or Micr keywords: roles, permissions ms.assetid: CB6281E1-37B1-4B8B-991D-BC5ED361F1EE ms.reviewer: -manager: dansimp ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store -author: TrudyHa -ms.author: TrudyHa +ms.author: cmcatee +author: cmcatee-MSFT +manager: scotv ms.topic: conceptual ms.localizationpriority: medium -ms.date: 03/01/2019 +ms.date: 03/10/2021 --- # Roles and permissions in Microsoft Store for Business and Education + +> [!IMPORTANT] +> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md). + The first person to sign in to Microsoft Store for Business or Microsoft Store for Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. Microsoft Store for Business and Education has a set of roles that help admins and employees manage access to apps and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access the Store. Global Administrators and global user accounts that are used with other Microsoft services, such as Azure, or Office 365 can sign in to Microsoft Store. Global user accounts have some permissions in Microsoft Store, and Microsoft Store has a set of roles that help IT admins and employees manage access to apps and tasks for Microsoft Store. diff --git a/store-for-business/sign-up-microsoft-store-for-business-overview.md b/store-for-business/sign-up-microsoft-store-for-business-overview.md index 68548aeb8b..1ee40ab070 100644 --- a/store-for-business/sign-up-microsoft-store-for-business-overview.md +++ b/store-for-business/sign-up-microsoft-store-for-business-overview.md @@ -3,16 +3,16 @@ title: Sign up and get started (Windows 10) description: IT admins can sign up for the Microsoft Store for Business or Microsoft Store for Education and get started working with apps. ms.assetid: 87C6FA60-3AB9-4152-A85C-6A1588A20C7B ms.reviewer: -manager: dansimp ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store -author: TrudyHa -ms.author: TrudyHa +ms.author: cmcatee +author: cmcatee-MSFT +manager: scotv ms.topic: conceptual ms.localizationpriority: medium -ms.date: 10/03/2019 +ms.date: 03/10/2021 --- # Sign up and get started @@ -24,13 +24,15 @@ ms.date: 10/03/2019 IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps. +> [!IMPORTANT] +> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md). + ## In this section | Topic | Description | | ----- | ----------- | | [Microsoft Store for Business and Education overview](windows-store-for-business-overview.md) | Learn about Microsoft Store for Business. | | [Prerequisites for Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) | There are a few prerequisites for using Microsoft Store for Business and Education.](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) | -| [Sign up for Microsoft Store for Business or Microsoft Store for Education](https://docs.microsoft.com/microsoft-store/sign-up-microsoft-store-for-business) | Before you sign up for Store for Business and Education, at a minimum, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Store for Business. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process. | | [Roles and permissions in Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/roles-and-permissions-microsoft-store-for-business)| The first person to sign in to Microsoft Store for Business and Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. | | [Settings reference: Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/settings-reference-microsoft-store-for-business) | Microsoft Store for Business and Education has a group of settings that admins use to manage the store. | diff --git a/store-for-business/sign-up-microsoft-store-for-business.md b/store-for-business/sign-up-microsoft-store-for-business.md deleted file mode 100644 index 42f4df57b1..0000000000 --- a/store-for-business/sign-up-microsoft-store-for-business.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: Sign up for Microsoft Store for Business or Microsoft Store for Education (Windows 10) -description: Before you sign up for Microsoft Store for Business or Microsoft Store for Education, at a minimum, you'll need an Azure Active Directory (AD) account for your organization, and you'll need to be the global administrator for your organization. -ms.assetid: 296AAC02-5C79-4999-B221-4F5F8CEA1F12 -ms.reviewer: -manager: dansimp -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: store -author: TrudyHa -ms.author: TrudyHa -ms.topic: conceptual -ms.localizationpriority: medium -ms.date: 10/17/2017 ---- - -# Sign up for Microsoft Store for Business or Microsoft Store for Education - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -Before you sign up for Microsoft Store for Business or Microsoft Store for Education, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Microsoft Store for Business or Microsoft Store for Education. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process. - -## Sign up for Microsoft Store - - -Before signing up for Microsoft Store, make sure you're the global administrator for your organization. - -**To sign up for Microsoft Store** - -1. Go to [https://www.microsoft.com/business-store](https://www.microsoft.com/business-store), or [https://www.microsoft.com/education-store](https://www.microsoft.com/education-store) and click **Sign up**. - - - If you start Microsoft Store sign-up process, and don't have an Azure AD directory for your organization, we'll help you create one. For more info, see [Sign up for Azure AD accounts](#o365-welcome). - - - - - If you already have an Azure AD directory, you'll [sign in to Store for Business](#sign-in), and then accept Store for Business terms. - - ![Image showing Microsoft Store for Business page with invitation to sign up, or sign in.](images/wsfb-landing.png) - - **To sign up for Azure AD accounts through Office 365 for Business** - - - Signing up for Microsoft Store will create an Azure AD directory and global administrator account for you. There are just a few steps. - - Step 1: About you. - - Type the required info and click **Next.** - - ![Image showing Welcome page for sign up process.](images/wsfb-onboard-1.png) - - - Step 2: Create an ID. - - We'll use info you provided on the previous page to build your user ID. Check the info and click **Next**. - - ![Image showing Create your user ID page for sign up process.](images/wsfb-onboard-2.png) - - - Step 3: You're in. - - Let us know how you'd like to receive a verification code, and click either **Text me**, or **Call me**. We'll send you a verification code - - ![Image showing confirmation page as part of sign up process.](images/wsfb-onboard-3.png) - - - Verification. - - Type your verification code and click **Create my account**. - - ![Image showing verification code step.](images/wsfb-onboard-4.png) - - - Save this info. - - Be sure to save the portal sign-in page and your user ID info. Click **You're ready to go**. - - ![Image showing sign-in page and user ID for Microsoft Store for Business.](images/wsfb-onboard-5.png) - - - At this point, you'll have an Azure AD directory created with one user account. That user account is the global administrator. You can use that account to sign in to Store for Business. - -2. Sign in with your Azure AD account. - - ![Image showing sign-in page for Microsoft Store for Business.](images/wsfb-onboard-7.png) - -3. Read through and accept Microsoft Store for Business and Education terms. - -4. Welcome to the Store for Business. Click **Next** to continue. - - ![Image showing welcome message for Microsoft Store for business.](images/wsfb-firstrun.png) - -## Next steps - -After signing up for Microsoft Store for Business or Microsoft Store for Education, you can: - -- **Add users to your Azure AD directory**. If you created your Azure AD directory during sign up, additional user accounts are required for employees to install apps you assign to them, or to browse the private store in Store app. For more information, see [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-microsoft-store-for-business.md). -- **Assign roles to employees**. For more information, see [Roles and permissions in Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md). - -  - -  - - - - - diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 3ae9f6a248..a64db2e42e 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -159,16 +159,15 @@ ### [Personalization CSP](personalization-csp.md) #### [Personalization DDF file](personalization-ddf.md) ### [Policy CSP](policy-configuration-service-provider.md) -#### [Policy CSP DDF file](policy-ddf-file.md) -#### [Policies in Policy CSP supported by Group Policy](policies-in-policy-csp-supported-by-group-policy.md) -#### [ADMX-backed policies in Policy CSP](policies-in-policy-csp-admx-backed.md) -#### [Policies in Policy CSP supported by HoloLens 2](policies-in-policy-csp-supported-by-hololens2.md) -#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md) -#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md) -#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policies-in-policy-csp-supported-by-iot-enterprise.md) -#### [Policies in Policy CSP supported by Windows 10 IoT Core](policies-in-policy-csp-supported-by-iot-core.md) -#### [Policies in Policy CSP supported by Microsoft Surface Hub](policies-in-policy-csp-supported-by-surface-hub.md) -#### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policies-in-policy-csp-that-can-be-set-using-eas.md) +#### [Policy DDF file](policy-ddf-file.md) +#### [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md) +#### [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md) +#### [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md) +#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md) +#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md) +#### [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md) +#### [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md) +#### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md) #### [AboveLock](policy-csp-abovelock.md) #### [Accounts](policy-csp-accounts.md) #### [ActiveXControls](policy-csp-activexcontrols.md) diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md index 455f749b5b..498abd7018 100644 --- a/windows/client-management/mdm/accounts-csp.md +++ b/windows/client-management/mdm/accounts-csp.md @@ -11,15 +11,24 @@ ms.reviewer: manager: dansimp --- -# Accounts CSP +# Accounts Configuration Service Provider The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803. -The following diagram shows the Accounts configuration service provider in tree format. +The following shows the Accounts configuration service provider in tree format. -![Accounts CSP diagram](images/provisioning-csp-accounts.png) +``` +./Device/Vendor/MSFT +Accounts +----Domain +--------ComputerName +----Users +--------UserName +------------Password +------------LocalUserGroup +``` **./Device/Vendor/MSFT/Accounts** Root node. diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md index 37f6157570..927e9b9e0a 100644 --- a/windows/client-management/mdm/activesync-csp.md +++ b/windows/client-management/mdm/activesync-csp.md @@ -19,8 +19,8 @@ The ActiveSync configuration service provider is used to set up and change setti Configuring Windows Live ActiveSync accounts through this configuration service provider is not supported. -> **Note**   -The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the ./User/Vendor/MSFT/ActiveSync path. +> [!NOTE] +> The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the ./User/Vendor/MSFT/ActiveSync path. On the desktop, only per user configuration (./User/Vendor/MSFT/ActiveSync) is supported. However, the ./Vendor/MSFT/ActiveSync path will work if the user is logged in. The CSP fails when no user is logged in. @@ -28,15 +28,45 @@ The ./Vendor/MSFT/ActiveSync path is deprecated, but will continue to work in th -The following diagram shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM. +The following shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM. -![activesync csp (cp)](images/provisioning-csp-activesync-cp.png) +``` +./Vendor/MSFT +ActiveSync +----Accounts +--------Account GUID +------------EmailAddress +------------Domain +------------AccountIcon +------------AccountType +------------AccountName +------------Password +------------ServerName +------------UserName +------------Options +----------------CalendarAgeFilter +----------------Logging +----------------MailBodyType +----------------MailHTMLTruncation +----------------MailPlainTextTruncation +----------------Schedule +----------------UseSSL +----------------MailAgeFilter +----------------ContentTypes +--------------------Content Type GUID +------------------------Enabled +------------------------Name +------------Policies +----------------MailBodyType +----------------MaxMailAgeFilter + +``` **./User/Vendor/MSFT/ActiveSync** The root node for the ActiveSync configuration service provider. -> **Note**   -The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the ./User/Vendor/MSFT/ActiveSync path. +> [!NOTE] +> The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the ./User/Vendor/MSFT/ActiveSync path. On the desktop, only per user configuration (./User/Vendor/MSFT/ActiveSync) is supported. However, the ./Vendor/MSFT/ActiveSync will work if the user is logged in. The CSP fails when no user is logged in. @@ -231,10 +261,10 @@ Valid values are one of the following: **Options/ContentTypes/*Content Type GUID*/Name** Required. A character string that specifies the name of the content type. -> **Note**  In Windows 10, this node is currently not working. +> [!NOTE] +> In Windows 10, this node is currently not working. - Supported operations are Get, Replace, and Add (cannot Add after the account is created). When you use Add or Replace inside an atomic block in the SyncML, the CSP returns an error and provisioning fails. When you use Add or Replace outside of the atomic block, the error is ignored and the account is provisioned as expected. diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md index e4d45bd4fd..3dfd62f711 100644 --- a/windows/client-management/mdm/alljoynmanagement-csp.md +++ b/windows/client-management/mdm/alljoynmanagement-csp.md @@ -17,8 +17,8 @@ ms.date: 06/26/2017 The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus. The devices must support the Microsoft AllJoyn configuration interface (com.microsoft.alljoynmanagement.config). You can also push configuration files to the same devices. To populate the various nodes when setting new configuration, we recommend that you do a query first, to get the actual values for all the nodes in all the attached devices. You can then use the information from the query to set the node values when pushing the new configuration. -> **Note**   -The AllJoynManagement configuration service provider (CSP) is only supported in Windows 10 IoT Core (IoT Core). +> [!NOTE] +> The AllJoynManagement configuration service provider (CSP) is only supported in Windows 10 IoT Core (IoT Core). This CSP was added in Windows 10, version 1511. @@ -26,9 +26,37 @@ This CSP was added in Windows 10, version 1511. For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB) Project](https://go.microsoft.com/fwlink/p/?LinkId=615876) and [AllJoyn Device System Bridge](https://go.microsoft.com/fwlink/p/?LinkId=615877). -The following diagram shows the AllJoynManagement configuration service provider in tree format +The following shows the AllJoynManagement configuration service provider in tree format -![alljoynmanagement csp diagram](images/provisioning-csp-alljoynmanagement.png) +``` +./Vendor/MSFT +AllJoynManagement +----Configurations +--------ServiceID +------------Port +----------------PortNum +--------------------ConfigurableObjects +------------------------CfgObjectPath +----Credentials +--------ServiceID +------------Key +----Firewall +--------PublicProfile +--------PrivateProfile +----Services +--------ServiceID +------------AppId +------------DeviceId +------------AppName +------------Manufacturer +------------ModelNumber +------------Description +------------SoftwareVersion +------------AJSoftwareVersion +------------HardwareVersion +----Options +--------QueryIdleTime +``` The following list describes the characteristics and parameters. diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 2c64c89cd9..5bfdda98df 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -1,6 +1,6 @@ --- title: ApplicationControl CSP -description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from a MDM server. +description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from an MDM server. keywords: security, malware ms.author: dansimp ms.topic: article @@ -16,10 +16,33 @@ ms.date: 09/10/2020 Windows Defender Application Control (WDAC) policies can be managed from an MDM server or locally using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot. Existing WDAC policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only. -The following diagram shows the ApplicationControl CSP in tree format. - -![tree diagram for applicationcontrol csp](images/provisioning-csp-applicationcontrol.png) +The following shows the ApplicationControl CSP in tree format. +``` +./Vendor/MSFT +ApplicationControl +----Policies +--------Policy GUID +------------Policy +------------PolicyInfo +----------------Version +----------------IsEffective +----------------IsDeployed +----------------IsAuthorized +----------------Status +----------------FriendlyName +------------Token +----------------TokenID +----Tokens +--------ID +------------Token +------------TokenInfo +----------------Status +------------PolicyIDs +----------------Policy GUID +----TenantID +----DeviceID +``` **./Vendor/MSFT/ApplicationControl** Defines the root node for the ApplicationControl CSP. @@ -99,7 +122,7 @@ The following table provides the result of this policy based on different values |False|False|True|Not Reachable.| |False|False|False|*Not Reachable.| -`*` denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the END_COMMAND_PROCESSING will result in a fail. +\* denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the END_COMMAND_PROCESSING will result in a fail. **ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status** This node specifies whether the deployment of the policy indicated by the GUID was successful. @@ -117,7 +140,7 @@ Value type is char. ## Microsoft Endpoint Manager (MEM) Intune Usage Guidance -For customers using Intune standalone or hybrid management with Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) +For customers using Intune standalone or hybrid management with Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune). ## Generic MDM Server Usage Guidance @@ -125,11 +148,11 @@ In order to leverage the ApplicationControl CSP without using Intune, you must: 1. Know a generated policy's GUID, which can be found in the policy xml as `` or `` for pre-1903 systems. 2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. -3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool. +3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command-line tool. Below is a sample certutil invocation: -```cmd +```console certutil -encode WinSiPolicy.p7b WinSiPolicy.cer ``` @@ -141,7 +164,7 @@ An alternative to using certutil would be to use the following PowerShell invoca ### Deploy Policies -To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below. +To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the Format section in the Example 1 below. To deploy base policy and supplemental policies: @@ -285,7 +308,7 @@ The ApplicationControl CSP can also be managed locally from PowerShell or via Mi Run the following command. PolicyID is a GUID which can be found in the policy xml, and should be used here without braces. ```powershell - New-CimInstance -Namespace $namespace -ClassName $policyClassName -Property @{ParentID="./Vendor/MSFT/ApplicationControl/Policies";InstanceID="";Policy=$policyBase64} +New-CimInstance -Namespace $namespace -ClassName $policyClassName -Property @{ParentID="./Vendor/MSFT/ApplicationControl/Policies";InstanceID="";Policy=$policyBase64} ``` ### Querying all policies via WMI Bridge diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 362aae37c3..bfc182df79 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -17,10 +17,54 @@ ms.date: 11/19/2019 The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There is no user interface shown for apps that are blocked. -The following diagram shows the AppLocker configuration service provider in tree format. - -![applocker csp](images/provisioning-csp-applocker.png) - +The following shows the AppLocker configuration service provider in tree format. +``` +./Vendor/MSFT +AppLocker +----ApplicationLaunchRestrictions +--------Grouping +------------EXE +----------------Policy +----------------EnforcementMode +----------------NonInteractiveProcessEnforcement +------------MSI +----------------Policy +----------------EnforcementMode +------------Script +----------------Policy +----------------EnforcementMode +------------StoreApps +----------------Policy +----------------EnforcementMode +------------DLL +----------------Policy +----------------EnforcementMode +----------------NonInteractiveProcessEnforcement +------------CodeIntegrity +----------------Policy +----EnterpriseDataProtection +--------Grouping +------------EXE +----------------Policy +------------StoreApps +----------------Policy +----LaunchControl +--------Grouping +------------EXE +----------------Policy +----------------EnforcementMode +------------StoreApps +----------------Policy +----------------EnforcementMode +----FamilySafety +--------Grouping +------------EXE +----------------Policy +----------------EnforcementMode +------------StoreApps +----------------Policy +----------------EnforcementMode +``` **./Vendor/MSFT/AppLocker** Defines the root node for the AppLocker configuration service provider. @@ -288,7 +332,7 @@ The following table show the mapping of information to the AppLocker publisher r Here is an example AppLocker publisher rule: -``` syntax +```xml @@ -299,7 +343,9 @@ You can get the publisher name and product name of apps using a web API. **To find publisher and product name for Microsoft apps in Microsoft Store for Business** 1. Go to the Microsoft Store for Business website, and find your app. For example, Microsoft OneNote. + 2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, **9wzdncrfhvjl**. + 3. In your browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. @@ -322,13 +368,13 @@ Here is the example for Microsoft OneNote: Request -``` syntax +```http https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata ``` Result -``` syntax +```json { "packageFamilyName": "Microsoft.Office.OneNote_8wekyb3d8bbwe", "packageIdentityName": "Microsoft.Office.OneNote", diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index 3a48ac399e..1ab4588011 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -29,10 +29,17 @@ For a step-by-step guide for setting up devices to run in kiosk mode, see [Set u > [!Note] > The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S. Starting in Windows 10, version 1803, it is also supported in Windows Holographic for Business edition. -The following diagram shows the AssignedAccess configuration service provider in tree format - -![assignedaccess csp diagram](images/provisioning-csp-assignedaccess.png) +The following shows the AssignedAccess configuration service provider in tree format +``` +./Vendor/MSFT +AssignedAccess +----KioskModeApp +----Configuration (Added in Windows 10, version 1709) +----Status (Added in Windows 10, version 1803) +----ShellLauncher (Added in Windows 10, version 1803) +----StatusConfiguration (Added in Windows 10, version 1803) +``` **./Device/Vendor/MSFT/AssignedAccess** Root node for the CSP. @@ -53,7 +60,7 @@ Starting in Windows 10, version 1607, you can use a provisioned app to configur Here's an example: -``` syntax +```json {"Account":"contoso\\kioskuser","AUMID":"Microsoft.Windows.Contoso_cw5n1h2txyewy!Microsoft.ContosoApp.ContosoApp"} ``` @@ -97,7 +104,8 @@ In Windows 10, version 1803, Assigned Access runtime status only supports monito | KioskModeAppNotFound | This occurs when the kiosk app is not deployed to the machine. | | KioskModeAppActivationFailure | This happens when the assigned access controller detects the process terminated unexpectedly after exceeding the max retry. | -Note that status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus. +> [!NOTE] +> Status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus. |Status code | KioskModeAppRuntimeStatus | |---------|---------| @@ -116,7 +124,8 @@ In Windows 10, version 1809, Assigned Access runtime status supports monitoring |ActivationFailed|The AssignedAccess account (kiosk or multi-app) failed to sign in.| |AppNoResponse|The kiosk app launched successfully but is now unresponsive.| -Note that status codes available in the Status payload correspond to a specific AssignedAccessRuntimeStatus. +> [!NOTE] +> Status codes available in the Status payload correspond to a specific AssignedAccessRuntimeStatus. |Status code|AssignedAccessRuntimeStatus| |---|---| @@ -573,7 +582,7 @@ Escape and CDATA are mechanisms when handling xml in xml. Consider it’s a tran This example shows escaped XML of the Data node. -``` +```xml @@ -642,8 +651,10 @@ This example shows escaped XML of the Data node. ``` + This example shows escaped XML of the Data node. -``` + +```xml @@ -714,7 +725,8 @@ This example shows escaped XML of the Data node. ``` This example uses CData for the XML. -``` + +```xml @@ -785,7 +797,8 @@ This example uses CData for the XML. ``` Example of Get command that returns the configuration in the device. -``` + +```xml @@ -802,7 +815,8 @@ Example of Get command that returns the configuration in the device. ``` Example of the Delete command. -``` + +```xml @@ -1122,6 +1136,7 @@ Shell Launcher V2 uses a separate XSD and namespace for backward compatibility. ``` + ### Shell Launcher V2 XSD ```xml @@ -1151,7 +1166,8 @@ Shell Launcher V2 uses a separate XSD and namespace for backward compatibility. ## ShellLauncherConfiguration examples ShellLauncherConfiguration Add -``` + +```xml @@ -1220,7 +1236,8 @@ ShellLauncherConfiguration Add ``` ShellLauncherConfiguration Add AutoLogon -``` + +```xml @@ -1268,7 +1285,8 @@ ShellLauncherConfiguration Add AutoLogon ``` ShellLauncher V2 Add -``` + +```xml @@ -1323,7 +1341,8 @@ xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> ``` ShellLauncherConfiguration Get -``` + +```xml diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 03a48da95f..3db06e4963 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -16,7 +16,8 @@ manager: dansimp The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it is also supported in Windows 10 Pro. > [!NOTE] -> Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes. +> Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes. +> > You must send all the settings together in a single SyncML to be effective. A Get operation on any of the settings, except for RequireDeviceEncryption and RequireStorageCardEncryption, returns @@ -24,11 +25,29 @@ the setting configured by the admin. For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation returns the actual status of enforcement to the admin, such as if Trusted Platform Module (TPM) protection is required and if encryption is required. And if the device has BitLocker enabled but with password protector, the status reported is 0. A Get operation on RequireDeviceEncryption does not verify that the a minimum PIN length is enforced (SystemDrivesMinimumPINLength). -The following diagram shows the BitLocker configuration service provider in tree format. - -![BitLocker csp](images/provisioning-csp-bitlocker.png) - - +The following shows the BitLocker configuration service provider in tree format. +``` +./Device/Vendor/MSFT +BitLocker +----RequireStorageCardEncryption +----RequireDeviceEncryption +----EncryptionMethodByDriveType +----SystemDrivesRequireStartupAuthentication +----SystemDrivesMinimumPINLength +----SystemDrivesRecoveryMessage +----SystemDrivesRecoveryOptions +----FixedDrivesRecoveryOptions +----FixedDrivesRequireEncryption +----RemovableDrivesRequireEncryption +----AllowWarningForOtherDiskEncryption +----AllowStandardUserEncryption +----ConfigureRecoveryPasswordRotation +----RotateRecoveryPasswords +----Status +--------DeviceEncryptionStatus +--------RotateRecoveryPasswordsStatus +--------RotateRecoveryPasswordsRequestID +``` **./Device/Vendor/MSFT/BitLocker** Defines the root node for the BitLocker configuration service provider. @@ -225,18 +244,18 @@ EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for remov If you want to disable this policy use the following SyncML: ```xml - - $CmdID$ - - - ./Device/Vendor/MSFT/BitLocker/EncryptionMethodByDriveType - - - chr - - - - + + $CmdID$ + + + ./Device/Vendor/MSFT/BitLocker/EncryptionMethodByDriveType + + + chr + + + + ``` Data type is string. Supported operations are Add, Get, Replace, and Delete. diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index f709de39d0..b75d0c3393 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -25,16 +25,94 @@ The CertificateStore configuration service provider is used to add secure socket For the CertificateStore CSP, you cannot use the Replace command unless the node already exists. -The following diagram shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning. - -![provisioning\-csp\-certificatestore](images/provisioning-csp-certificatestore.png) +The following shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning. +``` +./Vendor/MSFT +CertificateStore +----ROOT +--------* +------------EncodedCertificate +------------IssuedBy +------------IssuedTo +------------ValidFrom +------------ValidTo +------------TemplateName +--------System +------------* +----------------EncodedCertificate +----------------IssuedBy +----------------IssuedTo +----------------ValidFrom +----------------ValidTo +----------------TemplateName +----MY +--------User +------------* +----------------EncodedCertificate +----------------IssuedBy +----------------IssuedTo +----------------ValidFrom +----------------ValidTo +----------------TemplateName +--------SCEP +------------* +----------------Install +--------------------ServerURL +--------------------Challenge +--------------------EKUMapping +--------------------KeyUsage +--------------------SubjectName +--------------------KeyProtection +--------------------RetryDelay +--------------------RetryCount +--------------------TemplateName +--------------------KeyLength +--------------------HashAlgrithm +--------------------CAThumbPrint +--------------------SubjectAlternativeNames +--------------------ValidPeriod +--------------------ValidPeriodUnit +--------------------Enroll +----------------CertThumbPrint +----------------Status +----------------ErrorCode +--------WSTEP +------------CertThumprint +------------Renew +----------------RenewPeriod +----------------ServerURL +----------------RetryInterval +----------------ROBOSupport +----------------Status +----------------ErrorCode +----------------LastRenewalAttemptTime (Added in Windows 10, version 1607) +----------------RenewNow (Added in Windows 10, version 1607) +----------------RetryAfterExpiryInterval (Added in Windows 10, version 1703) +----CA +--------* +------------EncodedCertificate +------------IssuedBy +------------IssuedTo +------------ValidFrom +------------ValidTo +------------TemplateName +--------System +------------* +----------------EncodedCertificate +----------------IssuedBy +----------------IssuedTo +----------------ValidFrom +----------------ValidTo +----------------TemplateName +``` **Root/System** Defines the certificate store that contains root, or self-signed, certificates. Supported operation is Get. -> **Note**  Root/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing root certificates. +> [!NOTE] +> Root/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing root certificates. @@ -43,7 +121,8 @@ Defines the certificate store that contains cryptographic information, including Supported operation is Get. -> **Note**  CA/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing CA certificates. +> [!NOTE] +> CA/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing CA certificates. @@ -52,7 +131,8 @@ Defines the certificate store that contains public keys for client certificates. Supported operation is Get. -> **Note**  My/User is case sensitive. +> [!NOTE] +> My/User is case sensitive. @@ -61,7 +141,8 @@ Defines the certificate store that contains public key for client certificate. T Supported operation is Get. -> **Note**  My/System is case sensitive. +> [!NOTE] +> My/System is case sensitive. @@ -105,7 +186,8 @@ Required for Simple Certificate Enrollment Protocol (SCEP) certificate enrollmen Supported operation is Get. -> **Note**  Please use the ClientCertificateInstall CSP to install SCEP certificates moving forward. All enhancements to SCEP will happen in that CSP. +> [!NOTE] +> Please use the ClientCertificateInstall CSP to install SCEP certificates moving forward. All enhancements to SCEP will happen in that CSP. @@ -119,7 +201,8 @@ Required for SCEP certificate enrollment. Parent node to group SCEP certificate Supported operations are Add, Replace, and Delete. -> **Note**   Though the children nodes under Install support Replace commands, after the Exec command is sent to the device, the device takes the values that are set when the Exec command is accepted. You should not expect the node value change that occurs after the Exec command is accepted to impact the current undergoing enrollment. You should check the Status node value and make sure that the device is not at an unknown stage before changing the children node values. +> [!NOTE] +> Though the children nodes under Install support Replace commands, after the Exec command is sent to the device, the device takes the values that are set when the Exec command is accepted. You should not expect the node value change that occurs after the Exec command is accepted to impact the current undergoing enrollment. You should check the Status node value and make sure that the device is not at an unknown stage before changing the children node values. @@ -219,7 +302,8 @@ Valid values are one of the following: - Months - Years -> **Note**   The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server. +> [!NOTE] +> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server. @@ -228,7 +312,8 @@ Optional. Specifies desired number of units used in validity period and subject Supported operations are Get, Add, Delete, and Replace. -> **Note**   The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server. +> [!NOTE] +> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server. @@ -285,7 +370,8 @@ Supported operation is Get. **My/WSTEP/Renew/ServerURL** Optional. Specifies the URL of certificate renewal server. If this node does not exist, the client uses the initial certificate enrollment URL. -> **Note**  The renewal process follows the same steps as device enrollment, which means that it starts with Discovery service, followed by Enrollment policy service, and then Enrollment web service. +> [!NOTE] +> The renewal process follows the same steps as device enrollment, which means that it starts with Discovery service, followed by Enrollment policy service, and then Enrollment web service. @@ -298,7 +384,8 @@ The default value is 42 and the valid values are 1 – 1000. Value type is an in Supported operations are Add, Get, Delete, and Replace. -> **Note**   When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands. +> [!NOTE] +> When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands. @@ -313,7 +400,8 @@ The default value is 7 and the valid values are 1 – 1000 AND =< RenewalPeriod, Supported operations are Add, Get, Delete, and Replace. -> **Note**   When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands. +> [!NOTE] +> When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands. @@ -324,7 +412,8 @@ ROBO is the only supported renewal method for Windows 10. This value is ignored Supported operations are Add, Get, Delete, and Replace. -> **Note**   When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands. +> [!NOTE] +> When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands. diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md index c70da05dae..a4433c6dcf 100644 --- a/windows/client-management/mdm/cleanpc-csp.md +++ b/windows/client-management/mdm/cleanpc-csp.md @@ -15,10 +15,13 @@ manager: dansimp The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703. -The following diagram shows the CleanPC configuration service provider in tree format. - -![CleanPC csp diagram](images/provisioning-csp-cleanpc.png) - +The following shows the CleanPC configuration service provider in tree format. +``` +./Device/Vendor/MSFT +CleanPC +----CleanPCWithoutRetainingUserData +----CleanPCRetainingUserData +``` **./Device/Vendor/MSFT/CleanPC**

The root node for the CleanPC configuration service provider.

diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index 0337dad577..7f3e3f9aea 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -23,10 +23,48 @@ For PFX certificate installation and SCEP installation, the SyncML commands must You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail. -The following image shows the ClientCertificateInstall configuration service provider in tree format. - -![clientcertificateinstall csp](images/provisioning-csp-clientcertificateinstall.png) - +The following shows the ClientCertificateInstall configuration service provider in tree format. +``` +./Vendor/MSFT +ClientCertificateInstall +----PFXCertInstall +--------UniqueID +------------KeyLocation +------------ContainerName +------------PFXCertBlob +------------PFXCertPassword +------------PFXCertPasswordEncryptionType +------------PFXKeyExportable +------------Thumbprint +------------Status +------------PFXCertPasswordEncryptionStore (Added in Windows 10, version 1511) +----SCEP +--------UniqueID +------------Install +----------------ServerURL +----------------Challenge +----------------EKUMapping +----------------KeyUsage +----------------SubjectName +----------------KeyProtection +----------------RetryDelay +----------------RetryCount +----------------TemplateName +----------------KeyLength +----------------HashAlgorithm +----------------CAThumbprint +----------------SubjectAlternativeNames +----------------ValidPeriod +----------------ValidPeriodUnits +----------------ContainerName +----------------CustomTextToShowInPrompt +----------------Enroll +----------------AADKeyIdentifierList (Added in Windows 10, version 1703) +------------CertThumbprint +------------Status +------------ErrorCode +------------RespondentServerUrl +``` **Device or User** For device certificates, use ./Device/Vendor/MSFT path and for user certificates use ./User/Vendor/MSFT path. @@ -287,7 +325,8 @@ Valid values are: - Months - Years -> **Note**  The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate. +> [!NOTE] +> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate. Supported operations are Add, Get, Delete, and Replace. diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md index 816b5c188b..5680e25242 100644 --- a/windows/client-management/mdm/cm-proxyentries-csp.md +++ b/windows/client-management/mdm/cm-proxyentries-csp.md @@ -17,18 +17,49 @@ ms.date: 06/26/2017 The CM\_ProxyEntries configuration service provider is used to configure proxy connections on the mobile device. -> **Note**  CM\_ProxyEntries CSP is only supported in Windows 10 Mobile. -> -> -> -> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. +> [!NOTE] +> CM\_ProxyEntries CSP is only supported in Windows 10 Mobile. + +> [!IMPORTANT] +> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. -The following diagram shows the CM\_ProxyEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP) and OMA Device Management(OMA DM). Support for OMA DM was added in Windows 10, version 1607. +The following shows the CM\_ProxyEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP) and OMA Device Management(OMA DM). Support for OMA DM was added in Windows 10, version 1607. -![cm\-proxyentries csp (cp)](images/provisioning-csp-cm-proxyentries-cp.png) +``` +./Vendor/MSFT +CM_ProxyEntries +----Entry +--------ConnectionName +--------BypassLocal +--------Enable +--------Exception +--------Password +--------Port +--------Server +--------Type +--------Username + +./Device/Vendor/MSFT +Root + + +./Vendor/MSFT +./Device/Vendor/MSFT +CM_ProxyEntries +----Entry +--------ConnectionName +--------BypassLocal +--------Enable +--------Exception +--------Password +--------Port +--------Server +--------Type +--------Username +``` **entryname** Defines the name of the connection proxy. diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md index 67872d03da..1cac56d2f6 100644 --- a/windows/client-management/mdm/cmpolicy-csp.md +++ b/windows/client-management/mdm/cmpolicy-csp.md @@ -17,10 +17,9 @@ ms.date: 06/26/2017 The CMPolicy configuration service provider defines rules that the Connection Manager uses to identify the correct connection for a connection request. -> **Note**   -This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. +> [!NOTE] +> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. - Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicy configuration service provider can have multiple policies @@ -28,10 +27,21 @@ Each policy entry identifies one or more applications in combination with a host **Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN. -The following diagram shows the CMPolicy configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management. - -![cmpolicy csp (dm,cp)](images/provisioning-csp-cmpolicy.png) +The following shows the CMPolicy configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management. +``` +./Vendor/MSFT +CMPolicy +----PolicyName +--------SID +--------ClientType +--------Host +--------OrderedConnections +--------Connections +------------ConnXXX +----------------ConnectionID +----------------Type +``` ***policyName*** Defines the name of the policy. @@ -64,7 +74,7 @@ Specifies whether the list of connections is in preference order. A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference. **Conn***XXX* -Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". +Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits, which increment starting from "000". For example, a policy, which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". **ConnectionID** Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter. @@ -173,11 +183,11 @@ For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network typ - + - + @@ -486,14 +496,14 @@ Adding a host-based mapping policy: - + +

Top-level query: Yes

{7CFA04A5-0F3F-445C-88A4-C86ED2AD94EA}

Ethernet 10Mbps

Ethernet 10 Mbps

{97D3D1B3-854A-4C32-BD1C-C13069078370}

Ethernet 100Mbps

Ethernet 100 Mbps

{A8F4FE66-8D04-43F5-9DD2-2A85BD21029B}

Yes

nocharacteristic

uncharacteristic

Yes

characteristic-query

Yes

Recursive query: Yes

-

Top level query: Yes
diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index df773dcb43..3a5cc913a6 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -17,8 +17,8 @@ ms.date: 06/26/2017 The CMPolicyEnterprise configuration service provider is used by the enterprise to define rules that the Connection Manager uses to identify the correct connection for a connection request. -> **Note**   -This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. +> [!NOTE] +> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. @@ -28,10 +28,20 @@ Each policy entry identifies one or more applications in combination with a host **Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN. -The following diagram shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management. - -![cmpolicy csp (dm,cp)](images/provisioning-csp-cmpolicyenterprise.png) - +The following shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management. +``` +./Vendor/MSFT +CMPolicy +----PolicyName +--------SID +--------ClientType +--------Host +--------OrderedConnections +--------Connections +------------ConnXXX +----------------ConnectionID +----------------Type +``` ***policyName*** Defines the name of the policy. diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md index 17b165ed51..2645a75e3f 100644 --- a/windows/client-management/mdm/customdeviceui-csp.md +++ b/windows/client-management/mdm/customdeviceui-csp.md @@ -15,11 +15,18 @@ ms.date: 06/26/2017 # CustomDeviceUI CSP The CustomDeviceUI configuration service provider allows OEMs to implement their custom foreground application, as well as the background tasks to run on an IoT device running IoT Core. Only one foreground application is supported per device. Multiple background tasks are supported. -The following diagram shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. +The following shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. -> **Note**  This configuration service provider only applies to Windows 10 IoT Core (IoT Core). +> [!NOTE] +> This configuration service provider only applies to Windows 10 IoT Core (IoT Core). -![customdeviceui csp](images/provisioning-csp-customdeviceui.png) +``` +./Vendor/MSFT +CustomDeviceUI +----StartupAppID +----BackgroundTasksToLaunch +--------BackgroundTaskPackageName +``` **./Vendor/MSFT/CustomDeviceUI** The root node for the CustomDeviceUI configuration service provider. The supported operation is Get. diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 040bf33710..8a3242f3d3 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -20,10 +20,49 @@ ms.date: 08/11/2020 The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise. -The following image shows the Windows Defender configuration service provider in tree format. - -![defender csp diagram](images/provisioning-csp-defender.png) - +The following shows the Windows Defender configuration service provider in tree format. +``` +./Vendor/MSFT +Defender +----Detections +--------ThreatId +------------Name +------------URL +------------Severity +------------Category +------------CurrentStatus +------------ExecutionStatus +------------InitialDetectionTime +------------LastThreatStatusChangeTime +------------NumberOfDetections +----Health +--------ProductStatus (Added in Windows 10 version 1809) +--------ComputerState +--------DefenderEnabled +--------RtpEnabled +--------NisEnabled +--------QuickScanOverdue +--------FullScanOverdue +--------SignatureOutOfDate +--------RebootRequired +--------FullScanRequired +--------EngineVersion +--------SignatureVersion +--------DefenderVersion +--------QuickScanTime +--------FullScanTime +--------QuickScanSigVersion +--------FullScanSigVersion +--------TamperProtectionEnabled (Added in Windows 10, version 1903) +--------IsVirtualMachine (Added in Windows 10, version 1903) +----Configuration (Added in Windows 10, version 1903) +--------TamperProetection (Added in Windows 10, version 1903) +--------EnableFileHashcomputation (Added in Windows 10, version 1903) +--------SupportLogLocation (Added in the next major release of Windows 10) +----Scan +----UpdateSignature +----OfflineScan (Added in Windows 10 version 1803) +``` **Detections** An interior node to group all threats detected by Windows Defender. diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 11ab51bf9e..5337bb0cfd 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -21,10 +21,43 @@ The DevDetail configuration service provider handles the management object which For the DevDetail CSP, you cannot use the Replace command unless the node already exists. -The following diagram shows the DevDetail configuration service provider management object in tree format as used by OMA Device Management. The OMA Client Provisioning protocol is not supported for this configuration service provider. - -![devdetail csp (dm)](images/provisioning-csp-devdetail-dm.png) - +The following shows the DevDetail configuration service provider management object in tree format as used by OMA Device Management. The OMA Client Provisioning protocol is not supported for this configuration service provider. +``` +. +DevDetail +----URI +--------MaxDepth +--------MaxTotLen +--------MaxSegLen +----DevTyp +----OEM +----FwV +----SwV +----HwV +----LrgObj +----Ext +--------Microsoft +------------MobileID +------------RadioSwV +------------Resolution +------------CommercializationOperator +------------ProcessorArchitecture +------------ProcessorType +------------OSPlatform +------------LocalTime +------------DeviceName +------------DNSComputerName (Added in Windows 10, version 2004) +------------TotalStorage +------------TotalRAM +------------SMBIOSSerialNumber (Added in Windows 10, version 1809) +--------WLANMACAddress +--------VoLTEServiceSetting +--------WlanIPv4Address +--------WlanIPv6Address +--------WlanDnsSuffix +--------WlanSubnetMask +--------DeviceHardwareData (Added in Windows 10, version 1703) +``` **DevTyp** Required. Returns the device model name /SystemProductName as a string. @@ -143,8 +176,10 @@ The following are the available naming macros: Value type is string. Supported operations are Get and Replace. -> [!Note] -> On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer"s` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**. +> [!NOTE] +> We recommend using `%SERIAL%` or `%RAND:x%` with a high character limit to reduce the chance of name collision when generating a random name. This feature doesn't check if a particular name is already present in the environment. + +On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**. **Ext/Microsoft/TotalStorage** Added in Windows 10, version 1511. Integer that specifies the total available storage in MB from first internal drive on the device (may be less than total physical storage). @@ -215,6 +250,3 @@ Supported operation is Get. - - - diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md index 40e1d4d82e..382d2d379a 100644 --- a/windows/client-management/mdm/developersetup-csp.md +++ b/windows/client-management/mdm/developersetup-csp.md @@ -19,10 +19,21 @@ The DeveloperSetup configuration service provider (CSP) is used to configure Dev > [!NOTE] > The DeveloperSetup configuration service provider (CSP) is only supported in Windows 10 Holographic Enterprise edition and with runtime provisioning via provisioning packages. It is not supported in MDM. -The following diagram shows the DeveloperSetup configuration service provider in tree format. - -![developersetup csp diagram](images/provisioning-csp-developersetup.png) - +The following shows the DeveloperSetup configuration service provider in tree format. +``` +./Device/Vendor/MSFT +DeveloperSetup +----EnableDeveloperMode +----DevicePortal +--------Authentication +------------Mode +------------BasicAuth +----------------Username +----------------Password +--------Connection +------------HttpPort +------------HttpsPort +``` **DeveloperSetup**

The root node for the DeveloperSetup configuration service provider. diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md index 3bf0368ffd..99d2930eff 100644 --- a/windows/client-management/mdm/devicemanageability-csp.md +++ b/windows/client-management/mdm/devicemanageability-csp.md @@ -1,6 +1,6 @@ --- title: DeviceManageability CSP -description: The DeviceManageability configuration service provider (CSP) is used retrieve general information about MDM configuration capabilities on the device. +description: The DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device. ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2 ms.reviewer: manager: dansimp @@ -15,14 +15,21 @@ ms.date: 11/01/2017 # DeviceManageability CSP -The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607. +The DeviceManageability configuration service provider (CSP) is used to retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607. -For performance reasons DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information. - -The following diagram shows the DeviceManageability configuration service provider in a tree format. - -![devicemanageability csp diagram](images/provisioning-csp-devicemanageability.png) +For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information. +The following shows the DeviceManageability configuration service provider in a tree format. +``` +./Device/Vendor/MSFT +DeviceManageability +----Capabilities +--------CSPVersions +----Provider (Added in Windows 10, version 1709) +--------ProviderID (Added in Windows 10, version 1709) +------------ConfigInfo (Added in Windows 10, version 1709) +------------EnrollmentInfo (Added in Windows 10, version 1709) +``` **./Device/Vendor/MSFT/DeviceManageability** Root node to group information about runtime MDM configuration capability on the target device. diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 6ab35ba018..826af867cb 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -17,10 +17,52 @@ ms.date: 04/30/2019 The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies. -The following image shows the DeviceStatus configuration service provider in tree format. - -![devicestatus csp](images/provisioning-csp-devicestatus.png) - +The following shows the DeviceStatus configuration service provider in tree format. +``` +./Vendor/MSFT +DeviceStatus +----SecureBootState +----CellularIdentities +--------IMEI +------------IMSI +------------ICCID +------------PhoneNumber +------------CommercializationOperator +------------RoamingStatus +------------RoamingCompliance +----NetworkIdentifiers +--------MacAddress +------------IPAddressV4 +------------IPAddressV6 +------------IsConnected +------------Type +----Compliance +--------EncryptionCompliance +----TPM +--------SpecificationVersion +----OS +--------Edition +--------Mode +----Antivirus +--------SignatureStatus +--------Status +----Antispyware +--------SignatureStatus +--------Status +----Firewall +--------Status +----UAC +--------Status +----Battery +--------Status +--------EstimatedChargeRemaining +--------EstimatedRuntime +----DomainName +----DeviceGuard +--------VirtualizationBasedSecurityHwReq +--------VirtualizationBasedSecurityStatus +--------LsaCfgCredGuardStatus +``` **DeviceStatus** The root node for the DeviceStatus configuration service provider. diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md index ba02947ada..e9c0979c67 100644 --- a/windows/client-management/mdm/devinfo-csp.md +++ b/windows/client-management/mdm/devinfo-csp.md @@ -17,16 +17,23 @@ ms.date: 06/26/2017 The DevInfo configuration service provider handles the managed object which provides device information to the OMA DM server. This device information is automatically sent to the OMA DM server at the beginning of each OMA DM session. -> **Note**  This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application. +> [!NOTE] +> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application.   For the DevInfo CSP, you cannot use the Replace command unless the node already exists. -The following diagram shows the DevInfo configuration service provider management object in tree format as used by OMA Device Management. The OMA Client provisioning protocol is not supported by this configuration service provider. - -![devinfo csp (dm)](images/provisioning-csp-devinfo-dm.png) - +The following shows the DevInfo configuration service provider management object in tree format as used by OMA Device Management. The OMA Client provisioning protocol is not supported by this configuration service provider. +``` +. +DevInfo +----DevId +----Man +----Mod +----DmV +----Lang +``` **DevId** Required. Returns an application-specific global unique device identifier by default. diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 25617b27ab..cab8d8e9c3 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1379,7 +1379,7 @@ ms.date: 10/08/2020 - [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior) - [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay) - [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui) -- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp) +- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-disableprintingoverhttp) - [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp) - [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards) - [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md index e633560ef3..14a994d0a3 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md @@ -137,7 +137,7 @@ ms.date: 07/18/2019 - [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui) - [Connectivity/AllowCellularDataRoaming](./policy-csp-connectivity.md#connectivity-allowcellulardataroaming) - [Connectivity/AllowPhonePCLinking](./policy-csp-connectivity.md#connectivity-allowphonepclinking) -- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp) +- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-disableprintingoverhttp) - [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp) - [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards) - [Connectivity/DisallowNetworkConnectivityActiveTests](./policy-csp-connectivity.md#connectivity-disallownetworkconnectivityactivetests) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md index f3143ed222..e19d3350a5 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md @@ -16,7 +16,6 @@ ms.date: 09/16/2019 > [!div class="op_single_selector"] > -> - [IoT Enterprise](policy-csps-supported-by-iot-enterprise.md) > - [IoT Core](policy-csps-supported-by-iot-core.md) > diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md deleted file mode 100644 index afb79c5bfe..0000000000 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Policies in Policy CSP supported by Windows 10 IoT Enterprise -description: Policies in Policy CSP supported by Windows 10 IoT Enterprise -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.localizationpriority: medium -ms.date: 07/18/2019 ---- - -# Policies in Policy CSP supported by Windows 10 IoT Enterprise - -> [!div class="op_single_selector"] -> -> - [IoT Enterprise](policy-csps-supported-by-iot-enterprise.md) -> - [IoT Core](policy-csps-supported-by-iot-core.md) -> - -- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar) -- [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload) -- [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview) -- [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync) -- [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation) -- [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete) -- [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage) -- [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize) -- [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching) -- [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost) -- [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehostsource) -- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp) -- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp) -- [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground) -- [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground) -- [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode) -- [DeliveryOptimization/DOGroupId](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid) -- [DeliveryOptimization/DOGroupIdSource](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource) -- [DeliveryOptimization/DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxbackgrounddownloadbandwidth) -- [DeliveryOptimization/DOMaxCacheAge](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage) -- [DeliveryOptimization/DOMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize) -- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth) (deprecated) -- [DeliveryOptimization/DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxforegrounddownloadbandwidth) -- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth) (deprecated) -- [DeliveryOptimization/DOMinBackgroundQos](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos) -- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload) -- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer) -- [DeliveryOptimization/DOMinFileSizeToCache](policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache) -- [DeliveryOptimization/DOMinRAMAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer) -- [DeliveryOptimization/DOModifyCacheDrive](policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive) -- [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap) -- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth) -- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth) (deprecated) -- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth) -- [DeliveryOptimization/DORestrictPeerSelectionBy](policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby) -- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) -- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) -- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring) -- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope) -- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination) -- [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice) -- [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock) -- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) -- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) -- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) -- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) -- [Update/SetProxyBehaviorForUpdateDetection](policy-csp-update.md#update-setproxybehaviorforupdatedetection) - -## Related topics - -[Policy CSP](policy-configuration-service-provider.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index c8b2f862cc..b69045ce17 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -5303,7 +5303,7 @@ The following diagram shows the Policy configuration service provider in tree fo Connectivity/AllowVPNRoamingOverCellular

- Connectivity/DiablePrintingOverHTTP + Connectivity/DiablePrintingOverHTTP
Connectivity/DisableDownloadingOfPrintDriversOverHTTP @@ -8567,7 +8567,6 @@ The following diagram shows the Policy configuration service provider in tree fo - [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md) ## Policies in Policy CSP supported by Windows 10 IoT -- [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md) - [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md) ## Policies in Policy CSP supported by Microsoft Surface Hub diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 503ee130bc..9e0b691757 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -8,18 +8,16 @@ ms.technology: windows author: manikadhiman ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: dansimp --- # Policy CSP - Connectivity - -
-## Connectivity policies +## Connectivity policies
@@ -47,7 +45,7 @@ manager: dansimp Connectivity/AllowVPNRoamingOverCellular
- Connectivity/DiablePrintingOverHTTP + Connectivity/DisablePrintingOverHTTP
Connectivity/DisableDownloadingOfPrintDriversOverHTTP @@ -70,7 +68,7 @@ manager: dansimp
-**Connectivity/AllowBluetooth** +**Connectivity/AllowBluetooth** @@ -136,7 +134,7 @@ The following list shows the supported values:
-**Connectivity/AllowCellularData** +**Connectivity/AllowCellularData**
@@ -195,7 +193,7 @@ The following list shows the supported values:
-**Connectivity/AllowCellularDataRoaming** +**Connectivity/AllowCellularDataRoaming**
@@ -244,7 +242,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP English name: *Prohibit connection to roaming Mobile Broadband networks* - GP name: *WCM_DisableRoaming* - GP path: *Network/Windows Connection Manager* @@ -274,7 +272,7 @@ To validate on mobile devices, do the following:
-**Connectivity/AllowConnectedDevices** +**Connectivity/AllowConnectedDevices**
@@ -335,7 +333,7 @@ The following list shows the supported values:
-**Connectivity/AllowPhonePCLinking** +**Connectivity/AllowPhonePCLinking**
@@ -385,20 +383,20 @@ If you do not configure this policy setting, the default behavior depends on the -ADMX Info: +ADMX Info: - GP name: *enableMMX* - GP ADMX file name: *grouppolicy.admx* -This setting supports a range of values between 0 and 1. +This setting supports a range of values between 0 and 1. - 0 - Do not link - 1 (default) - Allow phone-PC linking -Validation: +Validation: If the Connectivity/AllowPhonePCLinking policy is configured to value 0, the add a phone button in the Phones section in settings will be grayed out and clicking it will not launch the window for a user to enter their phone number. @@ -410,7 +408,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li
-**Connectivity/AllowUSBConnection** +**Connectivity/AllowUSBConnection**
@@ -475,7 +473,7 @@ The following list shows the supported values:
-**Connectivity/AllowVPNOverCellular** +**Connectivity/AllowVPNOverCellular**
@@ -535,7 +533,7 @@ The following list shows the supported values:
-**Connectivity/AllowVPNRoamingOverCellular** +**Connectivity/AllowVPNRoamingOverCellular**
@@ -595,7 +593,7 @@ The following list shows the supported values:
-**Connectivity/DiablePrintingOverHTTP** +**Connectivity/DisablePrintingOverHTTP**
@@ -652,14 +650,14 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP English name: *Turn off printing over HTTP* - GP name: *DisableHTTPPrinting_2* - GP path: *Internet Communication settings* @@ -671,7 +669,7 @@ ADMX Info:
-**Connectivity/DisableDownloadingOfPrintDriversOverHTTP** +**Connectivity/DisableDownloadingOfPrintDriversOverHTTP**
@@ -726,14 +724,14 @@ If you disable or do not configure this policy setting, users can download print > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP English name: *Turn off downloading of print drivers over HTTP* - GP name: *DisableWebPnPDownload_2* - GP path: *Internet Communication settings* @@ -745,7 +743,7 @@ ADMX Info:
-**Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards** +**Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards**
@@ -800,14 +798,14 @@ See the documentation for the web publishing and online ordering wizards for mor > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP English name: *Turn off Internet download for Web publishing and online ordering wizards* - GP name: *ShellPreventWPWDownload_2* - GP path: *Internet Communication settings* @@ -819,7 +817,7 @@ ADMX Info:
-**Connectivity/DisallowNetworkConnectivityActiveTests** +**Connectivity/DisallowNetworkConnectivityActiveTests**
@@ -868,7 +866,7 @@ Value type is integer. -ADMX Info: +ADMX Info: - GP English name: *Turn off Windows Network Connectivity Status Indicator active tests* - GP name: *NoActiveProbe* - GP path: *Internet Communication settings* @@ -880,7 +878,7 @@ ADMX Info:
-**Connectivity/HardenedUNCPaths** +**Connectivity/HardenedUNCPaths**
@@ -929,14 +927,14 @@ If you enable this policy, Windows only allows access to the specified UNC paths > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP English name: *Hardened UNC Paths* - GP name: *Pol_HardenedPaths* - GP path: *Network/Network Provider* @@ -948,7 +946,7 @@ ADMX Info:
-**Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge** +**Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge**
@@ -1001,14 +999,14 @@ If you disable this setting or do not configure it, the user will be able to cre > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> > You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there is a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP English name: *Prohibit installation and configuration of Network Bridge on your DNS domain network* - GP name: *NC_AllowNetBridge_NLA* - GP path: *Network/Network Connections* @@ -1016,6 +1014,7 @@ ADMX Info: +
Footnotes: @@ -1028,6 +1027,6 @@ Footnotes: - 6 - Available in Windows 10, version 1903. - 7 - Available in Windows 10, version 1909. - 8 - Available in Windows 10, version 2004. +- 9 - Available in Windows 10, version 2009. - diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md index d39c37513b..6cc1c8921e 100644 --- a/windows/configuration/wcd/wcd-accounts.md +++ b/windows/configuration/wcd/wcd-accounts.md @@ -45,7 +45,7 @@ Specifies the settings you can configure when joining a device to a domain, incl | --- | --- | --- | | Account | string | Account to use to join computer to domain | | AccountOU | Enter the full path for the organizational unit. For example: OU=testOU,DC=domain,DC=Domain,DC=com. | Name of organizational unit for the computer account | -| ComputerName | Specify a unique name for the domain-joined computers using %RAND:x%, where x is an integer that includes fewer than 15 digits, or using %SERIAL% characters in the name.

ComputerName is a string with a maximum length of 15 bytes of content:

- ComputerName can use ASCII characters (1 byte each) and/or multi-byte characters such as Kanji, so long as you do not exceed 15 bytes of content.

- ComputerName cannot use spaces or any of the following characters: \{ | \} ~ \[ \\ \] ^ ' : ; < = > ? @ ! " \# $ % ` \( \) + / . , \* &, or contain any spaces.

- ComputerName cannot use some non-standard characters, such as emoji.

Computer names that cannot be validated through the DnsValidateName function cannot be used, for example, computer names that only contain numbers (0-9). For more information, see the [DnsValidateName function](https://go.microsoft.com/fwlink/?LinkId=257040). | Specifies the name of the Windows device (computer name on PCs) | +| ComputerName | On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts**. | Specifies the name of the Windows device (computer name on PCs) | | DomainName | string (cannot be empty) | Specify the name of the domain that the device will join | | Password | string (cannot be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain. | diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index ea81420b8b..1f7465c2ff 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -24,7 +24,7 @@ Volume-licensed media is available for each release of Windows 10 in the Volume ## Dynamic Update -Whenever installation of a feature update starts (whether from media or an environment connected to Windows Update), *Dynamic Update* is one of the first steps. Windows 10 Setup contacts a Microsoft endpoint to fetch Dynamic Update packages, and then applies those updates to your operating system installation media. The update packages includes the following kinds of updates: +Whenever installation of a feature update starts (whether from media or an environment connected to Windows Update), *Dynamic Update* is one of the first steps. Windows 10 Setup contacts a Microsoft endpoint to fetch Dynamic Update packages, and then applies those updates to your operating system installation media. The update packages include the following kinds of updates: - Updates to Setup.exe binaries or other files that Setup uses for feature updates - Updates for the "safe operating system" (SafeOS) that is used for the Windows recovery environment @@ -44,9 +44,9 @@ You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in **bold** the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results. -|To find this Dynamic Update packages, search for or check the results here--> |Title |Product |Description (select the **Title** link to see **Details**) | +|To find this Dynamic Update packages, search for or check the results here |Title |Product |Description (select the **Title** link to see **Details**) | |---------|---------|---------|---------| -|Safe OS Dynamic Update | 2019-08 Dynamic Update... | Windows 10 Dynamic Update,Windows **Safe OS Dynamic Update** | ComponentUpdate: | +|Safe OS Dynamic Update | 2019-08 Dynamic Update... | Windows 10 Dynamic Update, Windows **Safe OS Dynamic Update** | ComponentUpdate: | |Setup Dynamic Update | 2019-08 Dynamic Update... | Windows 10 Dynamic Update | **SetupUpdate** | |Latest cumulative update | 2019-08 **Cumulative Update for Windows 10** | Windows 10 | Install this update to resolve issues in Windows... | |Servicing stack Dynamic Update | 2019-09 **Servicing Stack Update for Windows 10** | Windows 10... | Install this update to resolve issues in Windows... | @@ -81,6 +81,9 @@ This table shows the correct sequence for applying the various tasks to the file |Add .NET and .NET cumulative updates | | | 24 | |Export image | 8 | 17 | 25 | +> [!NOTE] +> Starting in February 2021, the latest cumulative update and servicing stack update will be combined and distributed in the Microsoft Update Catalog as a new combined cumulative update. For Steps 1, 9, and 18 that require the servicing stack update for updating the installation media, you should use the combined cumulative update. For more information on the combined cumulative update, see [Servicing stack updates](https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates). + ### Multiple Windows editions The main operating system file (install.wim) contains multiple editions of Windows 10. It’s possible that only an update for a given edition is required to deploy it, based on the index. Or, it might be that all editions need an update. Further, ensure that languages are installed before Features on Demand, and the latest cumulative update is always applied last. diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index e2b6404d14..b22ca9e870 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -29,8 +29,6 @@ Servicing stack updates provide fixes to the servicing stack, the component that Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes. -For information about some changes to servicing stack updates, see [Simplifing Deployment of Servicing Stack Updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-on-premises-deployment-of-servicing-stack-updates/ba-p/1646039) on the Windows IT Pro blog. - ## When are they released? Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical." @@ -44,7 +42,6 @@ Both Windows 10 and Windows Server use the cumulative update mechanism, in which Servicing stack updates must ship separately from the cumulative updates because they modify the component that installs Windows updates. The servicing stack is released separately because the servicing stack itself requires an update. For example, the cumulative update [KB4284880](https://support.microsoft.com/help/4284880/windows-10-update-kb4284880) requires the [May 17, 2018 servicing stack update](https://support.microsoft.com/help/4132216), which includes updates to Windows Update. - ## Is there any special guidance? Microsoft recommends you install the latest servicing stack updates for your operating system before installing the latest cumulative update. @@ -58,3 +55,7 @@ Typically, the improvements are reliability and performance improvements that do * Servicing stack update releases are specific to the operating system version (build number), much like quality updates. * Search to install latest available [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001). * Once a servicing stack update is installed, it cannot be removed or uninstalled from the machine. + +## Simplifying on-premises deployment of servicing stack updates + +With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and later starting with the 2021 2C release, KB4601382. diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 4e77a4d513..32cf41ab89 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -64,10 +64,10 @@ To find your CommercialID within Azure: ## Enroll devices in Update Compliance -Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are two ways to configure devices to use Update Compliance. +Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are two ways to configure devices to use Update Compliance. After you configure devices, it can take up to 72 hours before devices are visible in the solution. Until then, Update Compliance will indicate it is still assessing devices. > [!NOTE] -> After configuring devices via one of the two methods below, it can take up to 72 hours before devices are visible in the solution. Until then, Update Compliance will indicate it is still assessing devices. +> If you use or plan to use [Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview), follow the steps in [Enroll devices in Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/enroll-devices) to also enroll devices in Update Compliance. You should be aware that the Commercial ID and Log Analytics workspace must be the same for both Desktop Analytics and Update Compliance. ### Configure devices using the Update Compliance Configuration Script diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index 2a37ee3bd7..79c1279f78 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -29,6 +29,9 @@ ms.topic: article >- Windows Server 2012 >- Windows Server 2016 >- Windows Server 2019 +>- Office 2013* +>- Office 2016* +>- Office 2019* **Looking for retail activation?** @@ -47,9 +50,9 @@ The process proceeds as follows: - Install the Volume Activation Services server role on a domain controller and add a KMS host key by using the Volume Activation Tools Wizard. - Extend the domain to the Windows Server 2012 R2 or higher schema level, and add a KMS host key by using the VAMT. -1. Microsoft verifies the KMS host key, and an activation object is created. +2. Microsoft verifies the KMS host key, and an activation object is created. -1. Client computers are activated by receiving the activation object from a domain controller during startup. +3. Client computers are activated by receiving the activation object from a domain controller during startup. > [!div class="mx-imgBorder"] > ![Active Directory-based activation flow](../images/volumeactivationforwindows81-10.jpg) @@ -73,33 +76,33 @@ When a reactivation event occurs, the client queries AD DS for the activation o 1. Use an account with Domain Administrator and Enterprise Administrator credentials to sign in to a domain controller. -1. Launch Server Manager. +2. Launch Server Manager. -1. Add the Volume Activation Services role, as shown in Figure 11. +3. Add the Volume Activation Services role, as shown in Figure 11. ![Adding the Volume Activation Services role](../images/volumeactivationforwindows81-11.jpg) **Figure 11**. Adding the Volume Activation Services role -1. Click the link to launch the Volume Activation Tools (Figure 12). +4. Click the link to launch the Volume Activation Tools (Figure 12). ![Launching the Volume Activation Tools](../images/volumeactivationforwindows81-12.jpg) **Figure 12**. Launching the Volume Activation Tools -1. Select the **Active Directory-Based Activation** option (Figure 13). +5. Select the **Active Directory-Based Activation** option (Figure 13). ![Selecting Active Directory-Based Activation](../images/volumeactivationforwindows81-13.jpg) **Figure 13**. Selecting Active Directory-Based Activation -1. Enter your KMS host key and (optionally) a display name (Figure 14). +6. Enter your KMS host key and (optionally) a display name (Figure 14). ![Choosing how to activate your product](../images/volumeactivationforwindows81-15.jpg) **Figure 14**. Entering your KMS host key -1. Activate your KMS host key by phone or online (Figure 15). +7. Activate your KMS host key by phone or online (Figure 15). ![Entering your KMS host key](../images/volumeactivationforwindows81-14.jpg) @@ -115,23 +118,18 @@ When a reactivation event occurs, the client queries AD DS for the activation o > > - [Office 2019 VL pack](https://www.microsoft.com/download/details.aspx?id=57342) -1. After activating the key, click **Commit**, and then click **Close**. +8. After activating the key, click **Commit**, and then click **Close**. ## Verifying the configuration of Active Directory-based activation To verify your Active Directory-based activation configuration, complete the following steps: 1. After you configure Active Directory-based activation, start a computer that is running an edition of Windows that is configured by volume licensing. - -1. If the computer has been previously configured with a MAK key, replace the MAK key with the GVLK by running the **slmgr.vbs /ipk** command and specifying the GLVK as the new product key. - -1. If the computer is not joined to your domain, join it to the domain. - -1. Sign in to the computer. - -1. Open Windows Explorer, right-click **Computer**, and then click **Properties**. - -1. Scroll down to the **Windows activation** section, and verify that this client has been activated. +2. If the computer has been previously configured with a MAK key, replace the MAK key with the GVLK by running the **slmgr.vbs /ipk** command and specifying the GLVK as the new product key. +3. If the computer is not joined to your domain, join it to the domain. +4. Sign in to the computer. +5. Open Windows Explorer, right-click **Computer**, and then click **Properties**. +6. Scroll down to the **Windows activation** section, and verify that this client has been activated. > [!NOTE] > If you are using both KMS and Active Directory-based activation, it may be difficult to see whether a client has been activated by KMS or by Active Directory-based activation. Consider disabling KMS during the test, or make sure that you are using a client computer that has not already been activated by KMS. The **slmgr.vbs /dlv** command also indicates whether KMS has been used. diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index 4753557b61..8a07ad9b20 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -237,11 +237,11 @@ After the VM restarts, during OOBE, it's fine to select **Set up for personal us ![Windows setup example 7](images/winsetup7.png) -Once the installation is complete, sign in and verify that you are at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state. You will create multiple checkpoints throughout this lab, which can be used later to go through the process again. +Once the installation is complete, sign in and verify that you are at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state. ![Windows setup example 8](images/winsetup8.png) -To create your first checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM) and run the following: +To create a checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM) and run the following: ```powershell Checkpoint-VM -Name WindowsAutopilot -SnapshotName "Finished Windows install" @@ -573,9 +573,9 @@ Soon after reaching the desktop, the device should show up in Intune as an **ena Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure Active Directory credentials and you're all done. > [!TIP] -> If you recieve a message that "Something went wrong" and it "Looks like we can't connect to the URL for your organization's MDM terms of use" then verify you have correctly [assigned licenses](https://docs.microsoft.com/mem/intune/fundamentals/licenses-assign) to the current user. +> If you receive a message that "Something went wrong" and it "Looks like we can't connect to the URL for your organization's MDM terms of use", verify that you have correctly [assigned licenses](https://docs.microsoft.com/mem/intune/fundamentals/licenses-assign) to the current user. -Windows Autopilot will now take over to automatically join your device into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoints you've created to go through this process again with different settings. +Windows Autopilot will now take over to automatically join your device into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoint you've created to go through this process again with different settings. ## Remove devices from Autopilot diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md new file mode 100644 index 0000000000..5d728241b0 --- /dev/null +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -0,0 +1,209 @@ +--- +title: Deploying Certificates to Key Trust Users to Enable RDP +description: Learn how to deploy certificates to a Key Trust user to enable remote desktop with supplied credentials +keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, remote desktop, RDP +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security, mobile +audience: ITPro +author: mapalko +ms.author: mapalko +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium +ms.date: 02/22/2021 +ms.reviewer: +--- + +# Deploying Certificates to Key Trust Users to Enable RDP + +**Applies To** + +- Windows 10, version 1703 or later +- Hybrid deployment +- Key trust + +Windows Hello for Business supports using a certificate as the supplied credential when establishing a remote desktop connection to a server or other device. For certificate trust deployments, creation of this certificate occurs at container creation time. + +This document discusses an approach for key trust deployments where authentication certificates can be deployed to an existing key trust user. + +Three approaches are documented here: + +1. Deploying a certificate to hybrid joined devices using an on-premises Active Directory certificate enrollment policy. + +1. Deploying a certificate to hybrid or Azure AD joined devices using Simple Certificate Enrollment Protocol (SCEP) and Intune. + +1. Working with non-Microsoft enterprise certificate authorities. + +## Deploying a certificate to a hybrid joined device using an on-premises Active Directory Certificate enrollment policy + +### Create a Windows Hello for Business certificate template + +1. Sign in to your issuing certificate authority (CA). + +1. Open the **Certificate Authority** Console (%windir%\system32\certsrv.msc). + +1. In the left pane of the MMC, expand **Certification Authority (Local)**, and then expand your CA within the Certification Authority list. + +1. Right-click **Certificate Templates** and then click **Manage** to open the **Certificate Templates** console. + +1. Right-click the **Smartcard Logon** template and click **Duplicate Template** + + ![Duplicating Smartcard Template](images/rdpcert/duplicatetemplate.png) + +1. On the **Compatibility** tab: + 1. Clear the **Show resulting changes** check box + 1. Select **Windows Server 2012 or Windows Server 2012 R2** from the Certification Authority list + 1. Select **Windows Server 2012 or Windows Server 2012 R2** from the Certification Recipient list + +1. On the **General** tab: + 1. Specify a Template display name, such as **WHfB Certificate Authentication** + 1. Set the validity period to the desired value + 1. Take note of the Template name for later, which should be the same as the Template display name minus spaces (**WHfBCertificateAuthentication** in this example). + +1. On the **Extensions** tab, verify the **Application Policies** extension includes **Smart Card Logon**. + +1. On the **Subject Name** tab: + 1. Select the **Build from this Active Directory** information button if it is not already selected + 1. Select **Fully distinguished name** from the **Subject name format** list if Fully distinguished name is not already selected + 1. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name** +1. On the **Request Handling** tab: + 1. Select the **Renew with same key** check box + 1. Set the Purpose to **Signature and smartcard logon** + 1. Click **Yes** when prompted to change the certificate purpose + 1. Click **Prompt the user during enrollment** + +1. On the **Cryptography** tab: + 1. Set the Provider Category to **Key Storage Provider** + 1. Set the Algorithm name to **RSA** + 1. Set the minimum key size to **2048** + 1. Select **Requests must use one of the following providers** + 1. Tick **Microsoft Software Key Storage Provider** + 1. Set the Request hash to **SHA256** + +1. On the **Security** tab, add the security group that you want to give **Enroll** access to. For example, if you want to give access to all users, select the **Authenticated** users group, and then select Enroll permissions for them . + +1. Click **OK** to finalize your changes and create the new template. Your new template should now appear in the list of Certificate Templates. + +1. Close the Certificate Templates console. + +1. Open an elevated command prompt and change to a temporary working directory. + +1. Execute the following command: + + certutil -dstemplate \ \> \.txt + + Replace \ with the Template name you took note of earlier in step 7. + +1. Open the text file created by the command above. + 1. Delete the last line of the output from the file that reads **CertUtil: -dsTemplate command completed successfully.** + 1. Modify the line that reads **pKIDefaultCSPs = "1,Microsoft Software Key Storage Provider"** to **pKIDefaultCSPs = "1,Microsoft Passport Key Storage Provider"** + +1. Save the text file. + +1. Update the certificate template by executing the following command: + + certutil - dsaddtemplate \.txt + +1. In the Certificate Authority console, right-click **Certificate Templates**, select **New**, and select **Certificate Template to Issue** + + ![Selecting Certificate Template to Issue](images/rdpcert/certificatetemplatetoissue.png) + +1. From the list of templates, select the template you previously created (**WHFB Certificate Authentication**) and click **OK**. It can take some time for the template to replicate to all servers and become available in this list. + +1. After the template replicates, in the MMC, right-click in the Certification Authority list, click **All Tasks** and then click **Stop Service**. Right-click the name of the CA again, click **All Tasks**, and then click **Start Service**. + +### Requesting a Certificate + +1. Ensure the hybrid Azure AD joined device has network line of sight to Active Directory domain controllers and the issuing certificate authority. + +1. Start the **Certificates – Current User** console (%windir%\system32\certmgr.msc). + +1. In the left pane of the MMC, right-click **Personal**, click **All Tasks**, and then click **Request New Certificate…** + + ![Request a new certificate](images/rdpcert/requestnewcertificate.png) + +1. On the Certificate Enrollment screen, click **Next**. + +1. Under Select Certificate Enrollment Policy, ensure **Active Directory Enrollment Policy** is selected and then click **Next**. + +1. Under Request Certificates, click the check-box next to the certificate template you created in the previous section (WHfB Certificate Authentication) and then click **Enroll**. + +1. After a successful certificate request, click Finish on the Certificate Installation Results screen + +## Deploying a certificate to Hybrid or Azure AD Joined Devices using Simple Certificate Enrollment Protocol (SCEP) via Intune + +Deploying a certificate to Azure AD Joined Devices may be achieved with the Simple Certificate Enrollment Protocol (SCEP) via Intune. For guidance deploying the required infrastructure, refer to [Configure infrastructure to support SCEP certificate profiles with Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/certificates-scep-configure). + +Next you should deploy the root CA certificate (and any other intermediate certificate authority certificates) to Azure AD Joined Devices using a Trusted root certificate profile with Intune. For guidance, refer to [Create trusted certificate profiles in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/certificates-trusted-root). + +Once these requirements have been met, a new device configuration profile may be configured from Intune that provisions a certificate for the user of the device. Proceed as follows: + +1. Sign in to the Microsoft [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). + +1. Navigate to Devices \> Configuration Profiles \> Create profile. + +1. Enter the following properties: + 1. For Platform, select **Windows 10 and later**. + 1. For Profile, select **SCEP Certificate**. + 1. Click **Create**. + +1. In **Basics**, enter the following parameters: + 1. **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify them later. For example, a good profile name is SCEP profile for entire company. + 1. **Description**: Enter a description for the profile. This setting is optional, but recommended. + 1. Select **Next**. + +1. In the **Configuration settings**, complete the following: + 1. For Certificate Type, choose **User**. + 1. For Subject name format, set it to **CN={{UserPrincipalName}}**. + 1. Under Subject alternative name, select **User principal name (UPN)** from the drop-down menu and set the value to **CN={{UserPrincipalName}}**. + 1. For Certificate validity period, set a value of your choosing. + 1. For Key storage provider (KSP), choose **Enroll to Windows Hello for Business, otherwise fail (Windows 10 and later)**. + 1. For Key usage, choose **Digital Signature**. + 1. For Key size (bits), choose **2048**. + 1. For Hash algorithm, choose **SHA-2**. + 1. Under Root Certificate, click **+Root Certificate** and select the trusted certificate profile you created earlier for the Root CA Certificate. + 1. Under Extended key usage, add the following: + + | Name | Object Identifier | Predefined Values | + |------|-------------------|-------------------| + | Smart Card Logon | 1.3.6.1.4.1.311.20.2.2 | Smart Card Logon | + | Client Authentication | 1.3.6.1.5.5.7.3.2 | Client Authentication | + + 1. For Renewal threshold (%), set a value of your choosing. + 1. For SCEP Server URLs, provide the public endpoint that you configured during the deployment of your SCEP infrastructure. + 1. Click **Next** +1. In Assignments, target the devices or users who should receive a certificate and click **Next** + +1. In Applicability Rules, provide additional issuance restrictions if required and click **Next** + +1. In Review + create, click **Create** + +Once the configuration profile has been created, targeted clients will receive the profile from Intune on their next refresh cycle. You should find a new certificate in the user store. To validate the certificate is present, do the following steps: + +1. Open the Certificates - Current User console (%windir%\system32\certmgr.msc) + +1. In the left pane of the MMC, expand **Personal** and select **Certificates** + +1. In the right-hand pane of the MMC, check for the new certificate + +> [!NOTE] +> This infrastructure may also deploy the same certificates to co-managed or modern-managed Hybrid AAD-Joined devices using Intune Policies. + +## Using non-Microsoft Enterprise Certificate Authorities + +If you are using a Public Key Infrastructure that uses non-Microsoft services, the certificate templates published to the on-premises Active Directory may not be available. For guidance with integration of Intune/SCEP with non-Microsoft PKI deployments, refer to [Use third-party certification authorities (CA) with SCEP in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/certificate-authority-add-scep-overview). + +As an alternative to using SCEP or if none of the previously covered solutions will work in your environment, you can manually generate Certificate Signing Requests (CSR) for submission to your PKI. To assist with this approach, you can use the [Generate-CertificateRequest](https://www.powershellgallery.com/packages/Generate-CertificateRequest) PowerShell commandlet. + +The Generate-CertificateRequest commandlet will generate an .inf file for a pre-existing Windows Hello for Business key. The .inf can be used to generate a certificate request manually using certreq.exe. The commandlet will also generate a .req file, which can be submitted to your PKI for a certificate. + +## RDP Sign-in with Windows Hello for Business Certificate Authentication + +After adding the certificate using an approach from any of the previous sections, you should be able to RDP to any Windows device or server in the same Forest as the user’s on-premises Active Directory account, provided the PKI certificate chain for the issuing certificate authority is deployed to that target server. + +1. Open the Remote Desktop Client (%windir%\system32\mstsc.exe) on the Hybrid AAD-Joined client where the authentication certificate has been deployed. +1. Attempt an RDP session to a target server. +1. Use the certificate credential protected by your Windows Hello for Business gesture. diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index b7f8050a4c..65132bed00 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -65,7 +65,7 @@ If the error occurs again, check the error code against the following table to s | 0x801C03EA | Server failed to authorize user or device. | Check if the token is valid and user has permission to register Windows Hello for Business keys. | | 0x801C03EB | Server response http status is not valid | Sign out and then sign in again. | | 0x801C03EC | Unhandled exception from server. | sign out and then sign in again. | -| 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed.

-or-

Token was not found in the Authorization header.

-or-

Failed to read one or more objects.

-or-

The request sent to the server was invalid. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin. +| 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed.

-or-

Token was not found in the Authorization header.

-or-

Failed to read one or more objects.

-or-

The request sent to the server was invalid.

-or-

User does not have permissions to join to Azure AD. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure AD and rejoin.
Allow user(s) to join to Azure AD under Azure AD Device settings. | 0x801C03EE | Attestation failed. | Sign out and then sign in again. | | 0x801C03EF | The AIK certificate is no longer valid. | Sign out and then sign in again. | | 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to [Duplicate Attributes Prevent Dirsync](https://docs.microsoft.com/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also, if no sync conflict exists, please verify that the "Mail/Email address" in AAD and the Primary SMTP address are the same in the proxy address. diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index 0ebcd33ec5..73e443551f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -1,6 +1,6 @@ --- title: Remote Desktop -description: Learn how Windows Hello for Business supports using a certificate deployed to a WHFB container to a remote desktop to a server or another device. +description: Learn how Windows Hello for Business supports using biometrics with remote desktop keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, remote desktop, RDP ms.prod: w10 ms.mktglfcycl: deploy @@ -13,7 +13,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 09/16/2020 +ms.date: 02/24/2021 ms.reviewer: --- diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index efeaaacd05..7adb1b0b6d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -20,9 +20,9 @@ ms.reviewer: # Configure Hybrid Windows Hello for Business: Directory Synchronization **Applies to** -- Windows 10, version 1703 or later -- Hybrid deployment -- Key trust +- Windows 10, version 1703 or later +- Hybrid deployment +- Certificate Trust ## Directory Synchronization diff --git a/windows/security/identity-protection/hello-for-business/images/rdpcert/certificatetemplatetoissue.png b/windows/security/identity-protection/hello-for-business/images/rdpcert/certificatetemplatetoissue.png new file mode 100644 index 0000000000..174cf0a790 Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/rdpcert/certificatetemplatetoissue.png differ diff --git a/windows/security/identity-protection/hello-for-business/images/rdpcert/duplicatetemplate.png b/windows/security/identity-protection/hello-for-business/images/rdpcert/duplicatetemplate.png new file mode 100644 index 0000000000..028f06544c Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/rdpcert/duplicatetemplate.png differ diff --git a/windows/security/identity-protection/hello-for-business/images/rdpcert/requestnewcertificate.png b/windows/security/identity-protection/hello-for-business/images/rdpcert/requestnewcertificate.png new file mode 100644 index 0000000000..322a4fcbdc Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/rdpcert/requestnewcertificate.png differ diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index 8a29bb7d81..5c90875208 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -103,6 +103,8 @@ href: hello-cert-trust-policy-settings.md - name: Managing Windows Hello for Business in your organization href: hello-manage-in-organization.md + - name: Deploying Certificates to Key Trust Users to Enable RDP + href: hello-deployment-rdp-certs.md - name: Windows Hello for Business Features items: - name: Conditional Access diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md index a856063b96..8f6a80ac58 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md @@ -32,14 +32,17 @@ Yes. **Suspend** keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive. By storing this key unencrypted, the **Suspend** option allows for changes or upgrades to the computer without the time and cost of decrypting and re-encrypting the entire drive. After the changes are made and BitLocker is again enabled, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade, the volume master key is changed, the protectors are updated to match and the clear key is erased. -## Do I have to decrypt my BitLocker-protected drive to download and install system updates and upgrades? +## Do I have to suspend BitLocker protection to download and install system updates and upgrades? No user action is required for BitLocker in order to apply updates from Microsoft, including [Windows quality updates and feature updates](https://technet.microsoft.com/itpro/windows/manage/waas-quick-start). Users need to suspend BitLocker for Non-Microsoft software updates, such as: -- Computer manufacturer firmware updates -- TPM firmware updates -- Non-Microsoft application updates that modify boot components +- Some TPM firmware updates if these updates clear the TPM outside of the Windows API. Not every TPM firmware update will clear the TPM and this happens if a known vulnerability has been discovered in the TPM firmware. Users don’t have to suspend BitLocker if the TPM firmware update uses Windows API to clear the TPM because in this case, BitLocker will be automatically suspended. We recommend users testing their TPM firmware updates if they don’t want to suspend BitLocker protection. +- Non-Microsoft application updates that modify the UEFI\BIOS configuration. +- Manual or third-party updates to secure boot databases (only if BitLocker uses Secure Boot for integrity validation). +- Updates to UEFI\BIOS firmware, installation of additional UEFI drivers, or UEFI applications without using the Windows update mechanism (only if you update and BitLocker does not use Secure Boot for integrity validation). + - You can check if BitLocker uses Secure Boot for integrity validation with manage-bde -protectors -get C: (and see if "Uses Secure Boot for integrity validation" is reported). + > [!NOTE] > If you have suspended BitLocker, you can resume BitLocker protection after you have installed the upgrade or update. Upon resuming protection, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade or update. If these types of upgrades or updates are applied without suspending BitLocker, your computer will enter recovery mode when restarting and will require a recovery key or password to access the computer. diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 19f213f47f..9cd06e39f6 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -240,27 +240,27 @@ For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com 4. On the **Before You Begin** page, click **Next**. - ![Create Packaged app Rules wizard, showing the Before You Begin page](images/wip-applocker-secpol-wizard-1.png) + ![Screenshot of the Before You Begin tab](images/wip-applocker-secpol-wizard-1.png) 5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**. - ![Create Packaged app Rules wizard, showing the Before You Begin page](images/wip-applocker-secpol-wizard-2.png) + ![Screenshot of the Permissions tab with "Allow" and "Everyone" selected](images/wip-applocker-secpol-wizard-2.png) 6. On the **Publisher** page, click **Select** from the **Use an installed packaged app as a reference** area. - ![Create Packaged app Rules wizard, showing the Publisher](images/wip-applocker-secpol-wizard-3.png) + ![Screenshot of the "Use an installed package app as a reference" radio button selected and the Select button highlighted](images/wip-applocker-secpol-wizard-3.png) 7. In the **Select applications** box, pick the app that you want to use as the reference for your rule, and then click **OK**. For this example, we’re using Microsoft Dynamics 365. - ![Create Packaged app Rules wizard, showing the Select applications page](images/wip-applocker-secpol-wizard-4.png) + ![Screenshot of the Select applications list](images/wip-applocker-secpol-wizard-4.png) 8. On the updated **Publisher** page, click **Create**. - ![Create Packaged app Rules wizard, showing the Microsoft Dynamics 365 on the Publisher page](images/wip-applocker-secpol-wizard-5.png) + ![Screenshot of the Publisher tab](images/wip-applocker-secpol-wizard-5.png) 9. Click **No** in the dialog box that appears, asking if you want to create the default rules. You must not create default rules for your WIP policy. - ![Create Packaged app Rules wizard, showing the Microsoft Dynamics 365 on the Publisher page](images/wip-applocker-default-rule-warning.png) + ![Screenshot of AppLocker warning](images/wip-applocker-default-rule-warning.png) 9. Review the Local Security Policy snap-in to make sure your rule is correct. @@ -318,11 +318,11 @@ The executable rule helps to create an AppLocker rule to sign any unsigned apps. 6. On the **Conditions** page, click **Path** and then click **Next**. - ![Create Packaged app Rules wizard, showing the Publisher](images/path-condition.png) + ![Screenshot with Path conditions selected in the Create Executable Rules wizard](images/path-condition.png) 7. Click **Browse Folders...** and select the path for the unsigned apps. For this example, we’re using "C:\Program Files". - ![Create Packaged app Rules wizard, showing the Select applications page](images/select-path.png) + ![Screenshot of the Path field of the Create Executable Rules wizard](images/select-path.png) 8. On the **Exceptions** page, add any exceptions and then click **Next**. @@ -458,7 +458,7 @@ contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,conto Value format without proxy: ```console -contoso.sharepoint.com,|contoso.visualstudio.com,|contoso.onedrive.com, +contoso.sharepoint.com|contoso.visualstudio.com|contoso.onedrive.com, ``` ### Protected domains diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 0b3f297f8b..dbb57c5791 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -269,6 +269,7 @@ ### [Microsoft Defender for Endpoint for iOS]() #### [Overview of Microsoft Defender for Endpoint for iOS](microsoft-defender-atp/microsoft-defender-atp-ios.md) +#### [What's New](microsoft-defender-atp/ios-whatsnew.md) #### [Deploy]() ##### [Deploy Microsoft Defender for Endpoint for iOS via Intune](microsoft-defender-atp/ios-install.md) diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md index 50746cadf8..26d1251e8d 100644 --- a/windows/security/threat-protection/change-history-for-threat-protection.md +++ b/windows/security/threat-protection/change-history-for-threat-protection.md @@ -1,5 +1,5 @@ --- -title: "Change history for [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)" +title: "Change history for [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)" ms.reviewer: ms.author: dansimp description: This topic lists new and updated topics in the Defender for Endpoint content set. diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 58b2c201b8..340933cfc7 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -20,13 +20,13 @@ ms.technology: mde # Threat Protection **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Defender for Endpoint protects endpoints from cyber threats, detects advanced attacks and data breaches, automates security incidents, and improves security posture. **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > [!TIP] > Enable your users to access cloud services and on-premises applications with ease and enable modern management capabilities for all devices. For more information, see [Secure your remote workforce](https://docs.microsoft.com/enterprise-mobility-security/remote-work/). diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md index 53cc0585bb..1d3f01234e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Microsoft Defender AV Assessment section in the Update Compliance add-in. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md index db2a7a7f8e..6ed065117c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you might encounter when using the Microsoft Defender AV. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md index 04a84573cc..77a859a805 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can perform various Microsoft Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Microsoft Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md index 060cddd476..3c463a5169 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can manage and configure Microsoft Defender Antivirus with the following tools: diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md index 7782d63b95..bf309eba5d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) ## Use Microsoft Intune to configure scanning options diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md index 801001d7ef..96b78f6e1c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Block at first sight provides a way to detect and block new malware within seconds. This protection is enabled by default when certain prerequisite settings are enabled. These settings include cloud-delivered protection, a specified sample submission timeout (such as 50 seconds), and a file-blocking level of high. In most enterprise organizations, these settings are enabled by default with Microsoft Defender Antivirus deployments. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md index fc9ab62d48..6fc2a16ea3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) When Microsoft Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Microsoft Defender Antivirus cloud service](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md index 91d207c1bc..a9d1ba4f3b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can configure how users of the endpoints on your network can interact with Microsoft Defender Antivirus. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md index beb6882a8b..1f020f0372 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md @@ -22,7 +22,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can exclude certain files, folders, processes, and process-opened files from Microsoft Defender Antivirus scans. Such exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). Exclusions for process-opened files only apply to real-time protection. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md index 54c891a786..6e73ced912 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md @@ -22,7 +22,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > [!IMPORTANT] > Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response (EDR)](../microsoft-defender-atp/overview-endpoint-detection-response.md), [attack surface reduction (ASR) rules](../microsoft-defender-atp/attack-surface-reduction.md), and [controlled folder access](../microsoft-defender-atp/controlled-folders.md). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, add them to the Microsoft Defender for Endpoint [custom indicators](../microsoft-defender-atp/manage-indicators.md). diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md index 4b69f181b0..c9e9e785d1 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) By default, Microsoft Defender Antivirus settings that are deployed via a Group Policy Object to the endpoints in your network will prevent users from locally changing the settings. You can change this in some instances. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md index 6185228b0b..07bd54a1a4 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can configure Microsoft Defender Antivirus with a number of tools, including: diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md index f00a35da1f..c4ecf2347a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) To ensure Microsoft Defender Antivirus cloud-delivered protection works properly, you need to configure your network to allow connections between your endpoints and certain Microsoft servers. @@ -41,16 +41,16 @@ See the blog post [Important changes to Microsoft Active Protection Services end ## Allow connections to the Microsoft Defender Antivirus cloud service -The Microsoft Defender Antivirus cloud service provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides important protection against malware on your endpoints and across your network. +The Microsoft Defender Antivirus cloud service provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it's highly recommended because it provides important protection against malware on your endpoints and across your network. >[!NOTE] ->The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. +>The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it's called a cloud service, it's not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. See [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) for details on enabling the service with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app. After you've enabled the service, you may need to configure your network or firewall to allow connections between it and your endpoints. -Because your protection is a cloud service, computers must have access to the internet and reach the Microsoft Defender for Office 365 machine learning services. Do not exclude the URL `*.blob.core.windows.net` from any kind of network inspection. +Because your protection is a cloud service, computers must have access to the internet and reach the Microsoft Defender for Office 365 machine learning services. Don't exclude the URL `*.blob.core.windows.net` from any kind of network inspection. The table below lists the services and their associated URLs. Make sure that there are no firewall or network filtering rules denying access to these URLs, or you may need to create an allow rule specifically for them (excluding the URL `*.blob.core.windows.net`). Below mention URLs are using port 443 for communication. @@ -60,14 +60,14 @@ The table below lists the services and their associated URLs. Make sure that the | Microsoft Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)|Used by Microsoft Defender Antivirus to provide cloud-delivered protection|`*.wdcp.microsoft.com`
`*.wdcpalt.microsoft.com`
`*.wd.microsoft.com`| | Microsoft Update Service (MU)
Windows Update Service (WU)| Security intelligence and product updates |`*.update.microsoft.com`
`*.delivery.mp.microsoft.com`
`*.windowsupdate.com`

For details see [Connection endpoints for Windows Update](https://docs.microsoft.com/windows/privacy/manage-windows-1709-endpoints#windows-update)| |Security intelligence updates Alternate Download Location (ADL)| Alternate location for Microsoft Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)| `*.download.microsoft.com`
`*.download.windowsupdate.com`
`https://fe3cr.delivery.mp.microsoft.com/ClientWebService/client.asmx`| -| Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | `ussus1eastprod.blob.core.windows.net`
`ussus1westprod.blob.core.windows.net`
`usseu1northprod.blob.core.windows.net`
`usseu1westprod.blob.core.windows.net`
`ussuk1southprod.blob.core.windows.net`
`ussuk1westprod.blob.core.windows.net`
`ussas1eastprod.blob.core.windows.net`
`ussas1southeastprod.blob.core.windows.net`
`ussau1eastprod.blob.core.windows.net`
`ussau1southeastprod.blob.core.windows.net` | +| Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | `ussus1eastprod.blob.core.windows.net`
`ussus2eastprod.blob.core.windows.net`
`ussus3eastprod.blob.core.windows.net`
`ussus4eastprod.blob.core.windows.net`
`wsus1eastprod.blob.core.windows.net`
`wsus2eastprod.blob.core.windows.net`
`ussus1westprod.blob.core.windows.net`
`ussus2westprod.blob.core.windows.net`
`ussus3westprod.blob.core.windows.net`
`ussus4westprod.blob.core.windows.net`
`wsus1westprod.blob.core.windows.net`
`wsus2westprod.blob.core.windows.net`
`usseu1northprod.blob.core.windows.net`
`wseu1northprod.blob.core.windows.net`
`usseu1westprod.blob.core.windows.net`
`wseu1westprod.blob.core.windows.net`
`ussuk1southprod.blob.core.windows.net`
`wsuk1southprod.blob.core.windows.net`
`ussuk1westprod.blob.core.windows.net`
`wsuk1westprod.blob.core.windows.net` | | Certificate Revocation List (CRL)|Used by Windows when creating the SSL connection to MAPS for updating the CRL | `http://www.microsoft.com/pkiops/crl/`
`http://www.microsoft.com/pkiops/certs`
`http://crl.microsoft.com/pki/crl/products`
`http://www.microsoft.com/pki/certs` | | Symbol Store|Used by Microsoft Defender Antivirus to restore certain critical files during remediation flows | `https://msdl.microsoft.com/download/symbols` | | Universal Telemetry Client| Used by Windows to send client diagnostic data; Microsoft Defender Antivirus uses telemetry for product quality monitoring purposes | The update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: `vortex-win.data.microsoft.com`
`settings-win.data.microsoft.com`| ## Validate connections between your network and the cloud -After allowing the URLs listed above, you can test if you are connected to the Microsoft Defender Antivirus cloud service and are correctly reporting and receiving information to ensure you are fully protected. +After allowing the URLs listed above, you can test if you're connected to the Microsoft Defender Antivirus cloud service and are correctly reporting and receiving information to ensure you're fully protected. **Use the cmdline tool to validate cloud-delivered protection:** @@ -84,24 +84,24 @@ For more information, see [Manage Microsoft Defender Antivirus with the mpcmdrun **Attempt to download a fake malware file from Microsoft:** -You can download a sample file that Microsoft Defender Antivirus will detect and block if you are properly connected to the cloud. +You can download a sample file that Microsoft Defender Antivirus will detect and block if you're properly connected to the cloud. Download the file by visiting [https://aka.ms/ioavtest](https://aka.ms/ioavtest). >[!NOTE] ->This file is not an actual piece of malware. It is a fake file that is designed to test if you are properly connected to the cloud. +>This file is not an actual piece of malware. It's a fake file that is designed to test if you're properly connected to the cloud. -If you are properly connected, you will see a warning Microsoft Defender Antivirus notification. +If you're properly connected, you'll see a warning Microsoft Defender Antivirus notification. -If you are using Microsoft Edge, you'll also see a notification message: +If you're using Microsoft Edge, you'll also see a notification message: ![Microsoft Edge informing the user that malware was found](images/defender/wdav-bafs-edge.png) -A similar message occurs if you are using Internet Explorer: +A similar message occurs if you're using Internet Explorer: ![Microsoft Defender Antivirus notification informing the user that malware was found](images/defender/wdav-bafs-ie.png) -You will also see a detection under **Quarantined threats** in the **Scan history** section in the Windows Security app: +You'll also see a detection under **Quarantined threats** in the **Scan history** section in the Windows Security app: 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md index 1660b6284e..0b1a46fded 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) In Windows 10, application notifications about malware detection and remediation are more robust, consistent, and concise. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md index 52641f673b..94b265a644 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can exclude files that have been opened by specific processes from Microsoft Defender Antivirus scans. See [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md index 12fa08755b..f10ed3e4fb 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Microsoft Defender Antivirus uses several methods to provide threat protection: diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md index 63abc5021b..d60c180cfa 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Always-on protection consists of real-time protection, behavior monitoring, and heuristics to identify malware based on known suspicious and malicious activities. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md index 95cd08db31..a040dd0a08 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) When Microsoft Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Microsoft Defender Antivirus should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md index c04445eb32..ce00979c0f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.date: 02/10/2021 **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions). diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md index 10b6622a43..142404566a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Microsoft Defender Antivirus scans. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md index a2a610032c..0fdf549b5e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Microsoft Defender Antivirus scans. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md index 01a88d64d7..c5543f30ef 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can deploy, manage, and report on Microsoft Defender Antivirus in a number of ways. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md index c27135a1f6..38beb9a21f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Depending on the management tool you are using, you may need to specifically enable or configure Microsoft Defender Antivirus protection. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index ef143bfe39..3f58a55cf2 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) In addition to standard on-premises or hardware configurations, you can also use Microsoft Defender Antivirus in a remote desktop (RDS) or virtual desktop infrastructure (VDI) environment. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md index eedb6be8ae..32fad78f0b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md @@ -6,12 +6,12 @@ search.product: eADQiWindows 10XVcnh ms.prod: m365-security ms.mktglfcycl: detect ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: high author: denisebmsft ms.author: deniseb ms.custom: nextgen audience: ITPro -ms.date: 02/03/2021 +ms.date: 03/10/2021 ms.reviewer: manager: dansimp ms.technology: mde @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge) > [!NOTE] @@ -41,9 +41,7 @@ Here are some examples: > [!TIP] > For more examples and a discussion of the criteria we use to label applications for special attention from security features, see [How Microsoft identifies malware and potentially unwanted applications](../intelligence/criteria.md). -Potentially unwanted applications can increase the risk of your network being infected with actual malware, make malware infections harder to identify, or waste IT resources in cleaning them up. - -PUA protection is supported on Windows 10, Windows Server 2019, and Windows Server 2016. +Potentially unwanted applications can increase the risk of your network being infected with actual malware, make malware infections harder to identify, or waste IT resources in cleaning them up. PUA protection is supported on Windows 10, Windows Server 2019, and Windows Server 2016. ## Microsoft Edge @@ -64,9 +62,7 @@ Although potentially unwanted application protection in Microsoft Edge (Chromium In Chromium-based Edge with PUA protection turned on, Microsoft Defender SmartScreen protects you from PUA-associated URLs. -Admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsoft-edge) how Microsoft Edge and Microsoft Defender SmartScreen work together to protect groups of users from PUA-associated URLs. There are several [group policy settings](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreen-settings) explicitly for Microsoft -Defender SmartScreen available, including [one for blocking PUA](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can -[configure Microsoft Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Microsoft Defender SmartScreen on or off. +Security admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsoft-edge) how Microsoft Edge and Microsoft Defender SmartScreen work together to protect groups of users from PUA-associated URLs. There are several [group policy settings](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreen-settings) explicitly for Microsoft Defender SmartScreen available, including [one for blocking PUA](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can [configure Microsoft Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Microsoft Defender SmartScreen on or off. Although Microsoft Defender for Endpoint has its own block list based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md) in the Microsoft Defender for Endpoint portal, Microsoft Defender SmartScreen respects the new settings. @@ -77,9 +73,7 @@ The potentially unwanted application (PUA) protection feature in Microsoft Defen > [!NOTE] > This feature is available in Windows 10, Windows Server 2019, and Windows Server 2016. -Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine. - -When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification is prefaced with `PUA:` to indicate its content. +Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine. When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification is prefaced with `PUA:` to indicate its content. The notification appears in the usual [quarantine list within the Windows Security app](microsoft-defender-security-center-antivirus.md#detection-history). @@ -112,13 +106,21 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw #### Use Group Policy to configure PUA protection 1. Download and install [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157) + 2. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). + 3. Select the Group Policy Object you want to configure, and then choose **Edit**. + 4. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**. + 5. Expand the tree to **Windows Components** > **Microsoft Defender Antivirus**. + 6. Double-click **Configure detection for potentially unwanted applications**. + 7. Select **Enabled** to enable PUA protection. + 8. In **Options**, select **Block** to block potentially unwanted applications, or select **Audit Mode** to test how the setting works in your environment. Select **OK**. + 9. Deploy your Group Policy object as you usually do. #### Use PowerShell cmdlets to configure PUA protection diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md index 483ca94393..50a4a72090 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md @@ -22,7 +22,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > [!NOTE] > The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md index e56c78b8f3..66772cfa88 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Use this guide to determine how well Microsoft Defender Antivirus protects you from viruses, malware, and potentially unwanted applications. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md index 0e6a552e4c..7140c5d055 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 device. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md index 8dc17adfac..74ef6bcfea 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Microsoft Defender Antivirus allows you to determine if updates should (or should not) occur after certain events, such as at startup or after receiving specific reports from the cloud-delivered protection service. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md index 668830b824..39cd346198 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Microsoft Defender Antivirus lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md index 494811e6e8..f7570bbf51 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Microsoft Defender Antivirus lets you determine when it should look for and download updates. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md index acd96cc68b..fb8bee0025 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=22146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=22154037) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index a2cf20d072..1b34d236ed 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: pahuijbr manager: dansimp -ms.date: 03/05/2021 +ms.date: 03/10/2021 ms.technology: mde --- @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) There are two types of updates related to keeping Microsoft Defender Antivirus up to date: @@ -78,6 +78,23 @@ All our updates contain

+ February-2021 (Platform: 4.18.2102.3 | Engine: 1.1.17900.7) + + Security intelligence update version: **1.333.7.0** + Released: **March 9, 2021** + Platform: **4.19.2102.3** + Engine: **1.1.17900.7** + Support phase: **Security and Critical Updates** + +### What's new + +- Improved service recovery through [tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md) +- Extend tamper protection scope + +### Known Issues +No known issues +
+
January-2021 (Platform: 4.18.2101.9 | Engine: 1.1.17800.5)  Security intelligence update version: **1.327.1854.0** @@ -114,7 +131,13 @@ No known issues ### Known Issues No known issues
-
+
+ +### Previous version updates: Technical upgrade support only + +After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only. +

+
October-2020 (Platform: 4.18.2010.7 | Engine: 1.1.17600.5)  Security intelligence update version: **1.327.7.0** @@ -134,13 +157,7 @@ No known issues No known issues
-
- -### Previous version updates: Technical upgrade support only - -After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only. -

-
+
September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)  Security intelligence update version: **1.325.10.0** @@ -334,7 +351,7 @@ Engine: **1.1.16700.2** - Fixed BSOD on WS2016 with Exchange - Support platform updates when TMP is redirected to network path -- Platform and engine versions are added to [WDSI](https://www.microsoft.com/wdsi/defenderupdates) +- Platform and engine versions are added to [WDSI](https://www.microsoft.com/en-us/wdsi/defenderupdates) - extend Emergency signature update to [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility) - Fix 4.18.1911.3 hang @@ -390,7 +407,7 @@ The below table provides the Microsoft Defender Antivirus platform and engine ve |Windows 10 release |Platform version |Engine version |Support phase | |:---|:---|:---|:---| -|2004 (20H1) |4.18.2004.6 |1.1.17000.2 | Technical upgrade support (only) | +|2004 (20H1/20H2) |4.18.1909.6 |1.1.17000.2 | Technical upgrade support (only) | |1909 (19H2) |4.18.1902.5 |1.1.16700.3 | Technical upgrade support (only) | |1903 (19H1) |4.18.1902.5 |1.1.15600.4 | Technical upgrade support (only) | |1809 (RS5) |4.18.1807.18075 |1.1.15000.2 | Technical upgrade support (only) | diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md index 8f192cc64b..27e095d876 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Mobile devices and VMs may require more configuration to ensure performance is not impacted by updates. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 3c97136983..a1a3ee0c86 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) ## Overview diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md index 63a22fd4f7..0c2b8d058a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) ## Microsoft Defender Antivirus: Your next-generation protection diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md index 4eb54041c7..3404f99585 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md @@ -22,7 +22,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Microsoft Defender Antivirus is available on the following editions/versions of Windows Server: - Windows Server 2019 diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md index b22545f7af..a63d9f70b3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR). diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md index 81bb63ed13..2fb25214bb 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) In Windows 10, version 1703 and later, the Windows Defender app is part of the Windows Security. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md index 7f35ddf666..5f2be1828e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Microsoft Defender Antivirus - Microsoft 365 diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index daa0a27d8a..aeaea0756d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -14,7 +14,7 @@ audience: ITPro author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 02/17/2021 +ms.date: 03/11/2021 ms.technology: mde --- @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Tamper protection is available for devices that are running one of the following versions of Windows: @@ -61,14 +61,121 @@ Tamper protection doesn't prevent you from viewing your security settings. And, | To perform this task... | See this section... | |:---|:---| -| Turn tamper protection on (or off) for an individual device | [Manage tamper protection on an individual device](#manage-tamper-protection-on-an-individual-device) | +| Turn tamper protection on (or off) in the Microsoft Defender Security Center

Manage tamper protection across your tenant | [Manage tamper protection for your organization using the Microsoft Defender Security Center](#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center) | | Turn tamper protection on (or off) for all or part of your organization using Intune

Fine-tune tamper protection settings in your organization | [Manage tamper protection for your organization using Intune](#manage-tamper-protection-for-your-organization-using-intune) | | Turn tamper protection on (or off) for your organization with Configuration Manager | [Manage tamper protection for your organization using tenant attach with Configuration Manager, version 2006](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006) | -| Turn tamper protection on (or off) in the Microsoft Defender Security Center

Manage tamper protection across your tenant

(Currently in preview) | [Manage tamper protection for your organization using the Microsoft Defender Security Center](#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center) | +| Turn tamper protection on (or off) for an individual device | [Manage tamper protection on an individual device](#manage-tamper-protection-on-an-individual-device) | | View details about tampering attempts on devices | [View information about tampering attempts](#view-information-about-tampering-attempts) | | Review your security recommendations | [Review security recommendations](#review-your-security-recommendations) | | Review the list of frequently asked questions (FAQs) | [Browse the FAQs](#view-information-about-tampering-attempts) | +## Manage tamper protection for your organization using the Microsoft Defender Security Center + +Tamper protection can be turned on or off for your tenant using the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). Here are a few points to keep in mind: + +- Currently, the option to manage tamper protection in the Microsoft Defender Security Center is on by default for new deployments. For existing deployments, tamper protection is available on an opt-in basis, with plans to make this the default method in the near future. (To opt in, in the Microsoft Defender Security Center, choose **Settings** > **Advanced features** > **Tamper protection**.) + +- When you use the Microsoft Defender Security Center to manage tamper protection, you do not have to use Intune or the tenant attach method. + +- When you manage tamper protection in the Microsoft Defender Security Center, the setting is applied tenant wide, affecting all of your devices that are running Windows 10, Windows Server 2016, or Windows Server 2019. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either [Intune](#manage-tamper-protection-for-your-organization-using-intune) or [Configuration Manager with tenant attach](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006). + +- If you have a hybrid environment, tamper protection settings configured in Intune take precedence over settings configured in the Microsoft Defender Security Center. + +### Requirements for managing tamper protection in the Microsoft Defender Security Center + +- You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations. + +- Your Windows devices must be running one of the following versions of Windows: + - Windows 10 + - [Windows Server 2019](/windows-server/get-started-19/whats-new-19) + - Windows Server, version [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803) or later + - [Windows Server 2016](/windows-server/get-started/whats-new-in-windows-server-2016) + - For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information). + +- Your devices must be [onboarded to Microsoft Defender for Endpoint](../microsoft-defender-atp/onboarding.md). + +- Your devices must be using anti-malware platform version 4.18.2010.7 (or above) and anti-malware engine version 1.1.17600.5 (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).) + +- [Cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) must be turned on. + +### Turn tamper protection on (or off) in the Microsoft Defender Security Center + +![Turn tamper protection on in the Microsoft Defender Security Center](images/mde-turn-tamperprotect-on.png) + +1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. + +2. Choose **Settings**. + +3. Go to **General** > **Advanced features**, and then turn tamper protection on. + +## Manage tamper protection for your organization using Intune + +If you are part of your organization's security team, and your subscription includes [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune), you can turn tamper protection on (or off) for your organization in the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) portal. Use Intune when you want to fine-tune tamper protection settings. For example, if you want to enable tamper protection on some devices, but not all, use Intune. + +### Requirements for managing tamper protection in Intune + +- You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations. + +- Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.) + +- Your Windows devices must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).) + +- You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above). + +- Your devices must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).) + +### Turn tamper protection on (or off) in Intune + +![Turn tamper protection on with Intune](images/turnontamperprotect-MEM.png) + +1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) and sign in with your work or school account. + +2. Select **Devices** > **Configuration Profiles**. + +3. Create a profile that includes the following settings: + - **Platform: Windows 10 and later** + - **Profile type: Endpoint protection** + - **Category: Microsoft Defender Security Center** + - **Tamper Protection: Enabled** + +4. Assign the profile to one or more groups. + +### Are you using Windows OS 1709, 1803, or 1809? + +If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803), or [1809](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019), you won't see **Tamper Protection** in the Windows Security app. Instead, you can use PowerShell to determine whether tamper protection is enabled. + +#### Use PowerShell to determine whether tamper protection is turned on + +1. Open the Windows PowerShell app. + +2. Use the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) PowerShell cmdlet. + +3. In the list of results, look for `IsTamperProtected`. (A value of *true* means tamper protection is enabled.) + +## Manage tamper protection for your organization with Configuration Manager, version 2006 + +If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10, Windows Server 2016, and Windows Server 2019 by using a method called *tenant attach*. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver endpoint security configuration policies to on-premises collections & devices. + +![Windows security experience in Endpoint Manager](images/win-security- exp-policy-endpt-security.png) + +> [!NOTE] +> The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Make sure to review the prerequisites and other information in the resources mentioned in this procedure. + +1. Set up tenant attach. To get help with this, see [Microsoft Endpoint Manager tenant attach: Device sync and device actions](https://docs.microsoft.com/mem/configmgr/tenant-attach/device-sync-actions). + +2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and then choose **+ Create Policy**.
+ - In the **Platform** list, select **Windows 10 and Windows Server (ConfigMgr)**. + - In the **Profile** list, select **Windows Security experience (preview)**.
+ +3. Deploy the policy to your device collection. + +### Need help with this method? + +See the following resources: + +- [Settings for the Windows Security experience profile in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/antivirus-security-experience-windows-settings) +- [Tech Community Blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin) + ## Manage tamper protection on an individual device > [!NOTE] @@ -85,95 +192,12 @@ Here's what you see in the Windows Security app: ![Tamper protection turned on in Windows 10 Home](images/tamperprotectionturnedon.png) 1. Select **Start**, and start typing *Security*. In the search results, select **Windows Security**. + 2. Select **Virus & threat protection** > **Virus & threat protection settings**. + 3. Set **Tamper Protection** to **On** or **Off**. -## Manage tamper protection for your organization using Intune -If you are part of your organization's security team, and your subscription includes [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune), you can turn tamper protection on (or off) for your organization in the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) portal. Use Intune when you want to fine-tune tamper protection settings. For example, if you want to enable tamper protection on some devices, but not all, use Intune. - -### Requirements for managing tamper protection in Intune - -- You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations. -- Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.) -- Your Windows devices must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).) -- You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above). -- Your devices must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).) - -### Turn tamper protection on (or off) in Intune - -![Turn tamper protection on with Intune](images/turnontamperprotect-MEM.png) - -1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) and sign in with your work or school account. -2. Select **Devices** > **Configuration Profiles**. -3. Create a profile that includes the following settings: - - **Platform: Windows 10 and later** - - **Profile type: Endpoint protection** - - **Category: Microsoft Defender Security Center** - - **Tamper Protection: Enabled** -4. Assign the profile to one or more groups. - -### Are you using Windows OS 1709, 1803, or 1809? - -If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803), or [1809](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019), you won't see **Tamper Protection** in the Windows Security app. In this case, you can use PowerShell to determine whether tamper protection is enabled. - -#### Use PowerShell to determine whether tamper protection is turned on - -1. Open the Windows PowerShell app. -2. Use the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) PowerShell cmdlet. -3. In the list of results, look for `IsTamperProtected`. (A value of *true* means tamper protection is enabled.) - -## Manage tamper protection for your organization with Configuration Manager, version 2006 - -> [!IMPORTANT] -> The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Make sure to review the prerequisites and other information in the resources mentioned in this procedure. - -If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10, Windows Server 2016, and Windows Server 2019 by using a method called *tenant attach*. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver endpoint security configuration policies to on-premises collections & devices. - -![Windows security experience in Endpoint Manager](images/win-security- exp-policy-endpt-security.png) - -1. Set up tenant attach. See [Microsoft Endpoint Manager tenant attach: Device sync and device actions](https://docs.microsoft.com/mem/configmgr/tenant-attach/device-sync-actions). -2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and choose **+ Create Policy**.
- - In the **Platform** list, select **Windows 10 and Windows Server (ConfigMgr)**. - - In the **Profile** list, select **Windows Security experience (preview)**.
-3. Deploy the policy to your device collection. - -### Need help with this? - -See the following resources: - -- [Settings for the Windows Security experience profile in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/antivirus-security-experience-windows-settings) -- [Tech Community Blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin) - -## Manage tamper protection for your organization using the Microsoft Defender Security Center - -Currently in preview, tamper protection can be turned on or off in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). Here are a few points to keep in mind: - -- When you use the Microsoft Defender Security Center to manage tamper protection, you do not have to use Intune or the tenant attach method. -- When you manage tamper protection in the Microsoft Defender Security Center, the setting is applied tenant wide, affecting all of your devices that are running Windows 10, Windows Server 2016, or Windows Server 2019. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either [Intune](#manage-tamper-protection-for-your-organization-using-intune) or [Configuration Manager with tenant attach](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006). -- If you have a hybrid environment, tamper protection settings configured in Intune take precedence over settings configured in the Microsoft Defender Security Center. -- Tamper protection is generally available; however, the ability to manage tamper protection in the Microsoft Defender Security Center is currently in preview. - -### Requirements for managing tamper protection in the Microsoft Defender Security Center - -- You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations. -- Your Windows devices must be running one of the following versions of Windows: - - Windows 10 - - [Windows Server 2019](/windows-server/get-started-19/whats-new-19) - - Windows Server, version [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803) or later - - [Windows Server 2016](/windows-server/get-started/whats-new-in-windows-server-2016) - - For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information). -- Your devices must be [onboarded to Microsoft Defender for Endpoint](../microsoft-defender-atp/onboarding.md). -- Your devices must be using anti-malware platform version 4.18.2010.7 (or above) and anti-malware engine version 1.1.17600.5 (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).) -- [Cloud-delivered protection must be turned on](enable-cloud-protection-microsoft-defender-antivirus.md). - -### Turn tamper protection on (or off) in the Microsoft Defender Security Center - -![Turn tamper protection on in the Microsoft Defender Security Center](images/mde-turn-tamperprotect-on.png) - -1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. -2. Choose **Settings**. -3. Go to **General** > **Advanced features**, and then turn tamper protection on. ## View information about tampering attempts diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md index 93d033b274..9505edb6c6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can use Group Policy to prevent users on endpoints from seeing the Microsoft Defender Antivirus interface. You can also prevent them from pausing scans. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md index f6c46b93b9..63b1cef153 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Microsoft Defender Antivirus is built into Windows 10, Windows Server 2019, and Windows Server 2016. Microsoft Defender Antivirus is of your next-generation protection in Microsoft Defender for Endpoint. Next-generation protection helps protect your devices from software threats like viruses, malware, and spyware across email, apps, the cloud, and the web. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md index e3f5c1f0fe..3aee622427 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) If Microsoft Defender Antivirus is configured to detect and remediate threats on your device, Microsoft Defender Antivirus quarantines suspicious files. If you are certain a quarantined file is not a threat, you can restore it. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md index 4168fb1d63..82de267b72 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) After a Microsoft Defender Antivirus scan completes, whether it is an [on-demand](run-scan-microsoft-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-microsoft-defender-antivirus.md), the results are recorded and you can view the results. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md index 5a65b6a165..b9d6853c2a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can run an on-demand scan on individual endpoints. These scans will start immediately, and you can define parameters for the scan, such as the location or type. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md index ce888c039c..d3af9f6b9d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > [!NOTE] diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md index 1e4c37caba..e65babbf90 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can specify your level of cloud-delivered protection offered by Microsoft Defender Antivirus by using Microsoft Endpoint Manager (recommended) or Group Policy. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md index d0c2933ef9..3a59626b11 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md @@ -22,7 +22,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can find help here if you encounter issues while migrating from a third-party security solution to Microsoft Defender Antivirus. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md index b65212267f..6d48b38885 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) If you encounter a problem with Microsoft Defender Antivirus, you can search the tables in this topic to find a matching issue and potential solution. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md index 0b3b787b77..4ec6d05d04 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > [!IMPORTANT] > On March 31, 2020, the Microsoft Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md index b3383fd1a6..decb62a445 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can use [Group Policy](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx) to configure and manage Microsoft Defender Antivirus on your endpoints. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md index 75f4f1b7cc..dcd08baa99 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) If you were using Microsoft Endpoint Manager or Microsoft Intune to manage the endpoints on your network, you can now use Microsoft Endpoint Manager to manage Microsoft Defender Antivirus scans. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md index 078fbf7fab..dc441c48cf 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) You can use PowerShell to perform various functions in Windows Defender. Similar to the command prompt or command line, PowerShell is a task-based command-line shell and scripting language designed especially for system administration. You can read more about it at the [PowerShell hub on MSDN](https://docs.microsoft.com/previous-versions/msdn10/mt173057(v=msdn.10)). diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md index 92f746d03d..bfcce9630c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Windows Management Instrumentation (WMI) is a scripting interface that allows you to retrieve, modify, and update settings. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md index 5bc184057b..88cba327be 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md @@ -22,7 +22,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Microsoft next-generation technologies in Microsoft Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models. diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md index bbab8b350a..6eddda97d7 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md @@ -18,7 +18,7 @@ ms.technology: mde # Configure Microsoft Defender Application Guard policy settings **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain. diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index 919fc5c18b..e63bfdaf57 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -18,7 +18,7 @@ ms.technology: mde # Prepare to install Microsoft Defender Application Guard **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) ## Review system requirements diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index 0c7e53c3fb..89dc438cda 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -19,7 +19,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization. diff --git a/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md b/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md index 969ca1a11c..c632baed12 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md +++ b/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md @@ -21,7 +21,7 @@ ms.technology: mde # Access the Microsoft Defender Security Center MSSP customer portal **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] @@ -29,7 +29,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md index 99ac4ec111..a1cc377d45 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md +++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md @@ -20,8 +20,8 @@ ms.technology: mde # Add or Remove Machine Tags API **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +2154037 +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] @@ -90,7 +90,7 @@ If successful, this method returns 200 - Ok response code and the updated Machin Here is an example of a request that adds machine tag. -``` +```http POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index 0239279f5e..13c41c5a68 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -21,7 +21,7 @@ ms.technology: mde # Configure advanced features in Defender for Endpoint **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md index b28c3e7902..321ee52593 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md @@ -26,8 +26,9 @@ ms.technology: mde >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink) **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) + + Use the `AssignedIPAddresses()` function in your advanced hunting queries to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp argument, this function obtains the most recent IP addresses at the specified time. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 3d5528fced..3b4db6f1dc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -23,8 +23,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) + >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md index dfd47ce5c3..2a6d8f2f4f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md @@ -24,8 +24,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) + >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md index 85121c67e1..4929ff1813 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md @@ -23,8 +23,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) + >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md index 9d8a944f7b..3bf9a21720 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md @@ -24,8 +24,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) + >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md index 1f725b1953..4d3aa4e2cf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md @@ -23,8 +23,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) + >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md index 2403e7dca0..7edd695042 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md index e9bb4da83c..55f13a0d3d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md index 8d7bb09379..3635672598 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md index 606738f0a5..916d598e74 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md index 469cf50647..320ebe9bcc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md @@ -23,9 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md index 3f8c20ce5c..d31ac843a3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md index 91bf57e992..13824028f0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md index 1a30b1c1d8..0614397181 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md index 33b5554fd4..b87624f53b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventory-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventory-table.md index e26443ea9d..e3a85cf831 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventory-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventory-table.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilities-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilities-table.md index bee199aaa9..5addd121a0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilities-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilities-table.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md index bbbfb435dc..27f1b068e6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md index ffff09c519..a99c4489dc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md index 0ce701f20c..446dc8b08d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md @@ -24,8 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) [Advanced hunting](advanced-hunting-overview.md) relies on data coming from across your organization. To get the most comprehensive data possible, ensure that you have the correct settings in the corresponding data sources. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md index 4b06e0796d..8e44c9d3dc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md @@ -22,7 +22,7 @@ ms.technology: mde # FileProfile() **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) The `FileProfile()` function is an enrichment function in [advanced hunting](advanced-hunting-overview.md) that adds the following data to files found by the query. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md index 40e92ba327..acdd0ed361 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md index 062ccc2962..1540aef40c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md index c2f9975fac..9ad0ec8f03 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md index 36e806bc85..5a3b9cc77f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md index f1e57a9b92..60a963033b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md @@ -22,8 +22,8 @@ ms.technology: mde # Take action on advanced hunting query results **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md index 5fe6c98c25..69d806e699 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md @@ -25,8 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) @@ -38,8 +37,8 @@ Topic | Description [View and organize the Alerts queue](alerts-queue.md) | Shows a list of alerts that were flagged in your network. [Manage alerts](manage-alerts.md) | Learn about how you can manage alerts such as change its status, assign it to a security operations member, and see the history of an alert. [Investigate alerts](investigate-alerts.md)| Investigate alerts that are affecting your network, understand what they mean, and how to resolve them. -[Investigate files](investigate-files.md)| Investigate the details of a file associated with a specific alert, behaviour, or event. -[Investigate devices](investigate-machines.md)| Investigate the details of a device associated with a specific alert, behaviour, or event. +[Investigate files](investigate-files.md)| Investigate the details of a file associated with a specific alert, behavior, or event. +[Investigate devices](investigate-machines.md)| Investigate the details of a device associated with a specific alert, behavior, or event. [Investigate an IP address](investigate-ip.md) | Examine possible communication between devices in your network and external internet protocol (IP) addresses. [Investigate a domain](investigate-domain.md) | Investigate a domain to see if devices and servers in your network have been communicating with a known malicious domain. [Investigate a user account](investigate-user.md) | Identify user accounts with the most active alerts and investigate cases of potential compromised credentials. diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md index 554a001277..ee2a0773f1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md index dfc9c405e5..57c02a5a40 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md @@ -26,9 +26,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platform** +- Android + ## Conditional Access with Defender for Endpoint for Android Microsoft Defender for Endpoint for Android along with Microsoft Intune and Azure Active Directory enables enforcing Device compliance and Conditional Access policies diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 89f8619d4e..b7e64c5218 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -26,9 +26,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platform** +- Android + > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md index 10ddc13de9..bc43caa1d8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md @@ -21,9 +21,12 @@ ms.technology: mde # Microsoft Defender for Endpoint for Android - Privacy information **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platform** +- Android + > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) @@ -44,9 +47,9 @@ apps. Here's a list of the types of data being collected: Information about Android application packages (APKs) on the device including -- Install source -- Storage location (file path) of the APK -- Time of install, size of APK and permissions +- Install source +- Storage location (file path) of the APK +- Time of install, size of APK and permissions ### Web page / Network information diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md index f301f7ead9..82e65744f5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md @@ -26,9 +26,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platform** +- Android > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-terms.md b/windows/security/threat-protection/microsoft-defender-atp/android-terms.md index 1ab039d371..14e9b8c63a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-terms.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-terms.md @@ -22,15 +22,6 @@ ms.technology: mde # Microsoft Defender for Endpoint for Android application license terms -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - -> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - - ## MICROSOFT APPLICATION LICENSE TERMS: MICROSOFT DEFENDER FOR ENDPOINT These license terms ("Terms") are an agreement between Microsoft Corporation (or diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md b/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md index cadef87218..3a1f6ad4ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) The Microsoft Defender for Endpoint API Explorer is a tool that helps you explore various Defender for Endpoint APIs interactively. diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md index 2f97bfca70..5bbd4d2792 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md index b5b277ed3b..8dead83a4d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md @@ -23,9 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md index 91c6a65e75..0d07bada8e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md index b63d650adb..deb13b58ff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md @@ -23,9 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md index 2ea97fa422..c5223bee7e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md @@ -19,9 +19,10 @@ ms.technology: mde # Microsoft Defender for Endpoint API release notes -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) The following information lists the updates made to the Microsoft Defender for Endpoint APIs and the dates they were made. diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md index 362d381ce7..535b993343 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md @@ -22,11 +22,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) + ## APIs - Defender for Endpoint APIs are governed by [Microsoft API License and Terms of use](https://docs.microsoft.com/legal/microsoft-apis/terms-of-use). ### Throttling limits diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md index da77401c86..ee166e8c58 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md +++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md @@ -23,12 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - - -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md index 16e0ec7d6d..7f06ffde4f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md @@ -27,7 +27,7 @@ ms.technology: mde **Applies to:** - Azure Active Directory - Office 365 -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md index 0eeda99ae3..741afabf61 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md index a9947f2875..522dfd79ee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 404fde4c79..035b4e773b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md index e851516dcb..aa2c627401 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md +++ b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md @@ -21,7 +21,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md index f4a000c3eb..5b550db840 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -27,7 +27,7 @@ During and after an automated investigation, remediation actions for threat dete **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) ## (NEW!) A unified Action center diff --git a/windows/security/threat-protection/microsoft-defender-atp/autoir-investigation-results.md b/windows/security/threat-protection/microsoft-defender-atp/autoir-investigation-results.md index dfde5d03b9..9218b91eff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/autoir-investigation-results.md +++ b/windows/security/threat-protection/microsoft-defender-atp/autoir-investigation-results.md @@ -27,7 +27,7 @@ ms.date: 02/02/2021 # Details and results of an automated investigation **Applies to:** -- Microsoft Defender for Endpoint +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) With Microsoft Defender for Endpoint, when an [automated investigation](automated-investigations.md) runs, details about that investigation are available both during and after the automated investigation process. If you have the necessary permissions, you can view those details in an investigation details view. The investigation details view provides you with up-to-date status and the ability to approve any pending actions. diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index ab8f4e0d15..ad9b71f4fb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -28,9 +28,7 @@ ms.custom: AIR [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Want to see how it works? Watch the following video:

diff --git a/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md b/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md index d0ace26d8c..5c7d6be2fb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md @@ -26,8 +26,7 @@ ms.custom: AIR # Automation levels in automated investigation and remediation capabilities **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Automated investigation and remediation (AIR) capabilities in Microsoft Defender for Endpoint can be configured to one of several levels of automation. Your automation level affects whether remediation actions following AIR investigations are taken automatically or only upon approval. - *Full automation* (recommended) means remediation actions are taken automatically on artifacts determined to be malicious. diff --git a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md index 2fcb21f2da..6523dba08c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** - Azure Active Directory -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/batch-update-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/batch-update-alerts.md index 2b93144552..bf9263f1db 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/batch-update-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/batch-update-alerts.md @@ -22,7 +22,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md index f5c2868d55..6c36e19448 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md @@ -26,7 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md index 71162e7251..98fdd0b510 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md +++ b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-checksensor-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md index e492aea556..d9a221d00b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md @@ -26,7 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md index 3e7ccee247..7d0b3a533f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md +++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md @@ -22,11 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/community.md b/windows/security/threat-protection/microsoft-defender-atp/community.md index e8debb489b..57fbbe592e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/community.md +++ b/windows/security/threat-protection/microsoft-defender-atp/community.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md index 93ea0017f4..7903a49694 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md index 45279a411f..7afdacd4c0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md index 6734313b4e..db4c676adb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md index e77d4f82c5..ee0c27a94e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md @@ -25,7 +25,7 @@ ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md index 2fe50d0988..009e567767 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md index 34b3c01017..3ca881cddd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-emailconfig-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md index 5018528f0f..7adfb630fe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md @@ -26,7 +26,7 @@ ms.technology: mde **Applies to:** - Group Policy -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md index 586ee60a55..a07e6fe975 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md index 8b9f7b018e..f7b40435f4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) **Platforms** diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md index 2c2b018868..d3fdc50ae9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md @@ -24,8 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Microsoft Endpoint Configuration Manager current branch - System Center 2012 R2 Configuration Manager diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md index 98d60ad1f1..9524235da5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md @@ -22,9 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink) You can also manually onboard individual devices to Defender for Endpoint. You might want to do this first when testing the service before you commit to onboarding all devices in your network. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md index feba28cd2f..319a18a6cf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Virtual desktop infrastructure (VDI) devices - Windows 10, Windows Server 2019, Windows Server 2008R2/2012R2/2016 diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md index 85c75d3828..934155012d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - [Microsoft 365 Endpoint data loss prevention (DLP)](/microsoft-365/compliance/endpoint-dlp-learn-about) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md index 6b6afc49f2..f58060ef84 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink). diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md index 76815e7245..8bc9cb2421 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md index f85e803452..432aad688c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md index 3bd54ed230..0bc5cee7a1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md index c355455472..753fe73c40 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md @@ -26,8 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md index 6f4f12e78a..ed004ad158 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md index 09106fbd64..d9e591cabe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 94aee1893b..93eac0a3a8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 7e35ea3d86..07e759c41a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -24,7 +24,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platforms** - Windows Server 2008 R2 SP1 - Windows Server 2012 R2 - Windows Server 2016 diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md index 02793f57ba..b42807a66d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md index 3a5a17455d..878715c536 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md @@ -22,7 +22,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-emailconfig-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md b/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md index 081cd57903..c4c707c47f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/contact-support-usgov.md b/windows/security/threat-protection/microsoft-defender-atp/contact-support-usgov.md index 95f0488aa4..cd399e7520 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/contact-support-usgov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/contact-support-usgov.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) Defender for Endpoint has recently upgraded the support process to offer a more modern and advanced support experience. diff --git a/windows/security/threat-protection/microsoft-defender-atp/contact-support.md b/windows/security/threat-protection/microsoft-defender-atp/contact-support.md index e79c0952b0..4b33e72170 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/contact-support.md +++ b/windows/security/threat-protection/microsoft-defender-atp/contact-support.md @@ -1,6 +1,6 @@ --- -title: Contact Microsoft Defender ATP support -description: Learn how to contact Microsoft Defender ATP support +title: Contact Microsoft Defender for Endpoint support +description: Learn how to contact Microsoft Defender for Endpoint support keywords: support, contact, premier support, solutions, problems, case search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index f227cf31b8..5512fe322c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md index 7f0e7debb4..aa6d616595 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 65af61d64f..f2e44889fb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -25,8 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md index be445c4a3c..9269fbb2ce 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md @@ -25,8 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md index e82169852e..e098f363d6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md @@ -21,7 +21,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 7997959422..ae3f2e4f2f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -12,7 +12,7 @@ author: denisebmsft ms.author: deniseb ms.reviewer: jcedola, dbodorin, vladiso, nixanm, anvascon manager: dansimp -ms.date: 01/06/2021 +ms.date: 03/10/2021 ms.technology: mde --- @@ -22,7 +22,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) @@ -130,6 +130,7 @@ An allowed application or service only has write access to a controlled folder a ### Use PowerShell to allow specific apps 1. Type **PowerShell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator** + 2. Enter the following cmdlet: ```PowerShell @@ -158,7 +159,7 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications] Microsoft Defender for Endpoint certificate and file indicators can allow signed executable files to access protected folders. For implementation details, see [Create indicators based on certificates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates). > [!Note] -> This does no apply to scripting engines, including Powershell +> This does not apply to scripting engines, including PowerShell. ## Customize the notification diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md index 80c3c22418..6285039fc7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md @@ -21,7 +21,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md index 4772ea3e78..1c8bbd8daf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md +++ b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md @@ -23,9 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-gensettings-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md index 6af0ae78d7..4738046949 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md @@ -23,8 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md index e4d3704b11..2cb0f13b8c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md index 24c7bd00cc..d2997b4737 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md @@ -1,5 +1,5 @@ --- -title: Delete Indicator API. +title: Delete Indicator API description: Learn how to use the Delete Indicator API to delete an Indicator entity by ID in Microsoft Defender for Endpoint. keywords: apis, public api, supported apis, delete, ti indicator, entity, id search.product: eADQiWindows 10XVcnh @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md index 21715873c5..4418f8bce8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md +++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md index 099e614f4d..6d29d4645f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md +++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md index 5965d178c8..c23bdd5ea6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md b/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md index f4adc4a723..7c3056edaf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md +++ b/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index 87d5219bad..3a5b32b88f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -27,7 +27,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) @@ -128,6 +128,9 @@ To learn more, see [Get-MpComputerStatus](https://docs.microsoft.com/powershell/ 3. In the list of results, in the **STATE** row, confirm that the service is running. +### How much time does it take for EDR in block mode to be disabled? +If you chose to disable EDR in block mode it can take up to 30 minutes for the system to disable this capability. + ## See also - [Tech Community blog: Introducing EDR in block mode: Stopping attacks in their tracks](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/introducing-edr-in-block-mode-stopping-attacks-in-their-tracks/ba-p/1596617) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index 30d1bceeed..ae6ac815b2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -21,7 +21,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md index 82ad65a1b2..d74eec6cf4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md @@ -21,7 +21,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md index 046a880398..fb8f884edd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md @@ -20,7 +20,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md index 08db900053..ec322632d7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md @@ -20,7 +20,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md index fe94731159..058650cb78 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md index 66707cf26c..08cbf22511 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md @@ -24,12 +24,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) -[Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. +[Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. You can evaluate Microsoft Defender for Endpoint in your organization by [starting your free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md index 24fda19f6c..05a3b7c6e7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md @@ -21,7 +21,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md index 6ae477dd83..fce918a95c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md @@ -20,12 +20,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) - [Controlled folder access](controlled-folders.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients. It is especially useful in helping protect against [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that attempts to encrypt your files and hold them hostage. diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md index 963d383c5a..185e733e48 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md index 8be04a87c7..77d41cea29 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md @@ -20,7 +20,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) [Network protection](network-protection.md) helps prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md index 608e465720..d22560fa18 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md index 6fbb30d6e3..573314eac7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md +++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md @@ -27,7 +27,7 @@ ms.technology: mde **Applies to:** - Event Viewer -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-views.md b/windows/security/threat-protection/microsoft-defender-atp/event-views.md index e8b667e82c..913dc4b2dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/event-views.md +++ b/windows/security/threat-protection/microsoft-defender-atp/event-views.md @@ -20,7 +20,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md index 79a6fd80df..8b29ab6b3d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md index 60c5bce436..9d3123817d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md @@ -7,11 +7,11 @@ ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: high audience: ITPro author: denisebmsft ms.author: deniseb -ms.date: 10/21/2020 +ms.date: 03/10/2021 ms.reviewer: manager: dansimp ms.custom: asr @@ -24,23 +24,19 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) ->Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) +Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) Exploit protection automatically applies a number of exploit mitigation techniques to operating system processes and apps. Exploit protection is supported beginning with Windows 10, version 1709 and Windows Server, version 1803. > [!TIP] > You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. -Exploit protection works best with [Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). +Exploit protection works best with [Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). You can [enable exploit protection](enable-exploit-protection.md) on an individual device, and then use [Group Policy](import-export-exploit-protection-emet-xml.md) to distribute the XML file to multiple devices at once. -You can [enable exploit protection](enable-exploit-protection.md) on an individual device, and then use [Group Policy](import-export-exploit-protection-emet-xml.md) to distribute the XML file to multiple devices at once. - -When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. - -You can also use [audit mode](evaluate-exploit-protection.md) to evaluate how exploit protection would impact your organization if it were enabled. +When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. You can also use [audit mode](evaluate-exploit-protection.md) to evaluate how exploit protection would impact your organization if it were enabled. Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) are included in exploit protection. In fact, you can convert and import existing your EMET configuration profiles into exploit protection. To learn more, see [Import, export, and deploy exploit protection configurations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml). @@ -52,9 +48,7 @@ Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](http ## Review exploit protection events in the Microsoft Security Center -Defender for Endpoint provides detailed reporting into events and blocks as part of its alert investigation scenarios. - -You can query Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how exploit protection settings could affect your environment. +Defender for Endpoint provides detailed reporting into events and blocks as part of its alert investigation scenarios. You can query Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how exploit protection settings could affect your environment. Here is an example query: @@ -100,7 +94,7 @@ You can review the Windows event log to see events that are created when exploit The mitigations available in EMET are included natively in Windows 10 (starting with version 1709) and Windows Server (starting with version 1803), under [Exploit protection](exploit-protection.md). -The table in this section indicates the availability and support of native mitigations between EMET and exploit protection. +The following table indicates the availability and support of native mitigations between EMET and exploit protection. |Mitigation | Available under exploit protection | Available in EMET | |:---|:---|:---| diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index ca1f1ea37e..054ff7b35b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md index 664f1c63be..509ac1e964 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md @@ -22,8 +22,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md index dc6a1df497..357f8f3af9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md @@ -23,7 +23,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) + - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md index e2ceff454e..b07bb430be 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md @@ -23,7 +23,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md index 4bca78843c..5a165e77ff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md @@ -23,7 +23,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md index 1f9f6cb3b5..8c19965c36 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md index 49256a6cd9..b414cf0799 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) ## Overview diff --git a/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md b/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md index 97b76caa30..7b33c41b18 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/files.md b/windows/security/threat-protection/microsoft-defender-atp/files.md index eb0cf41168..af08109636 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/files.md @@ -22,7 +22,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md index 091e9c45de..fb67090a7b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md @@ -22,7 +22,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md index a16e71db5b..71eabbd343 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md @@ -21,7 +21,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md index 301115a087..5b6c706b9a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md +++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-fixsensor-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md index 097719cb86..46aafe20cc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md @@ -22,7 +22,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md index 969b33a84e..dcb2fe02c8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md @@ -20,7 +20,7 @@ ms.technology: mde # Get alert related domain information API **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md index 648d480102..554c6811bb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md index 457bc11238..f70015d288 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md index e818c55e82..ef2c58345d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md @@ -23,9 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md index 337150ad2c..3c9fdcc2ad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md @@ -22,9 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md index 20bd761327..36887a8462 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md index 21b2e1ebd9..0fb9f00800 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md @@ -22,9 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md index 0bb2f8a653..dcf6509263 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md index 1acf21401e..a82619f7a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md index 2fe3ae2a8b..9099978bde 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md @@ -24,8 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index fc18d97935..92fcf97ac0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -22,10 +22,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md index 54078f8925..9364076f9b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md index 3721566568..8b237ff15e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md index 14b95f8007..bd4c6a6070 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md index a8aa5990dd..772772e6c1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index 2d3c69d629..8bf6505cb6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md index ee1527e69b..74e7c21298 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md index 0c29cd245d..9f60c7c40d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md index f69053927b..62c7371723 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md index cc1e435b61..e99abc3904 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md index 45f23bcd3e..368d22ec9f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md index 108d89871f..7d0bcec2b5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md index 561c68ac0b..3e636739b0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md index 1526b8bf98..ac80ccb76c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md index e2f3068fe9..b4aa122f9f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md index 34acf86538..b45eb0a8f5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md @@ -24,8 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md index 576fcd15b9..4ebc4d2fda 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md index cc2ba67cc2..baee987b84 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md @@ -21,8 +21,7 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md index 755cbedeae..9a6202a447 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md @@ -21,7 +21,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md index dfc2b78eba..bd2ea23017 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md index 2f71cafa18..87e981c4cd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md index a5a15025f7..c9bf10af9e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md @@ -21,7 +21,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md index 863252fd1f..d72c03fd04 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md index 99a384d3b8..d38f67120e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md index f2dd4772c8..1a77becba9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md index 985254debd..9ad65f6d79 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md @@ -22,7 +22,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md index 87a51d2dc8..fef956f2a5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md index 0b757eed84..4e0f67a9d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md index aabc11d20d..0e7bbbc23b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md index 8a6f9bd314..6e5aa77b56 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md index a4088c53db..2f0a193eb3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md index 08e690c094..0cb8bcbadd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md index 5db01dafa2..62ca0c06e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md index ba78b38a52..d3d4199ce3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md index f7b1637a35..4f569d8044 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md index f2eb40ffa3..aed4653c93 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md index 301708d92d..8335f9da8d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md b/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md index 3582717501..5ef32b3918 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md @@ -23,7 +23,7 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md index 96de9049fc..c7ac60dd92 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md index 3fdd092e57..95f593128a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md @@ -20,7 +20,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md index 55a7c50119..ab7c4410d2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md index 592e5ebbde..07bbe5df04 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md index a8bf3252ea..ffe84f80f5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md @@ -22,8 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md index 5b09a4bb67..030c13dc0d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md @@ -22,9 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index 98632acbf5..e40a3ed5d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) -Microsoft Defender for Endpoint for US Government customers, built in the US Azure Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial. +Microsoft Defender for Endpoint for US Government customers, built in the Azure US Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial. This offering is available to GCC, GCC High, and DoD customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some differences in the availability of capabilities for this offering. @@ -37,8 +37,8 @@ Microsoft Defender for Endpoint for US Government customers requires one of the GCC | GCC High | DoD :---|:---|:--- Windows 10 Enterprise E5 GCC | Windows 10 Enterprise E5 for GCC High | Windows 10 Enterprise E5 for DOD -| | Microsoft 365 E5 for GCC High | -| | Microsoft 365 G5 Security for GCC High | +| | Microsoft 365 E5 for GCC High | Microsoft 365 G5 for DOD +| | Microsoft 365 G5 Security for GCC High | Microsoft 365 G5 Security for DOD Microsoft Defender for Endpoint - GCC | Microsoft Defender for Endpoint for GCC High | Microsoft Defender for Endpoint for DOD ### Server licensing @@ -86,8 +86,8 @@ Windows 8.1 Enterprise | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/ Windows 8 Pro | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 7 SP1 Enterprise | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 7 SP1 Pro | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) -Linux | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development -macOS | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development +Linux | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out +macOS | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out Android | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog iOS | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog @@ -120,7 +120,23 @@ Spreadsheet of domains list | Description For more information, see [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md). > [!NOTE] -> The spreadsheet contains commercial URLs as well, make sure you check the "US Gov" tabs.
When filtering look for the records labeled as "US Gov" and your specific cloud under the geography column. +> The spreadsheet contains commercial URLs as well, make sure you check the "US Gov" tabs. +> +> When filtering, look for the records labeled as "US Gov" and your specific cloud under the geography column. + +### Service backend IP ranges + +If your network devices don't support DNS-based rules, use IP ranges instead. + +Defender for Endpoint for US Government customers is built in the Azure US Government environment, deployed in the following regions: + +- AzureCloud.usgovtexas +- AzureCloud.usgovvirginia + +You can find the Azure IP ranges in [Azure IP Ranges and Service Tags – US Government Cloud](https://www.microsoft.com/download/details.aspx?id=57063). + +> [!NOTE] +> As a cloud-based solution, the IP address ranges can change. It's recommended you move to DNS-based rules.
@@ -136,18 +152,18 @@ SIEM | `https://wdatp-alertexporter-us.gcc.securitycenter.windows.us` | `https:/
## Feature parity with commercial -Defender for Endpoint doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight. +Defender for Endpoint for US Government customers doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight. -These are the known gaps as of February 2021: +These are the known gaps as of March 2021: Feature name | GCC | GCC High | DoD (PREVIEW) :---|:---|:---|:--- Automated investigation and remediation: Live response | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Automated investigation and remediation: Response to Office 365 alerts | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog -Email notifications | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out +Email notifications | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Evaluation lab | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Management and APIs: Device health and compliance report | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) -Management and APIs: Integration with third-party products | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development +Management and APIs: Integration with third-party products | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out Management and APIs: Streaming API | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development Management and APIs: Threat protection report | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Threat & vulnerability management | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) @@ -155,7 +171,7 @@ Threat analytics | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/ch Web content filtering | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development Integrations: Azure Sentinel | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development Integrations: Microsoft Cloud App Security | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog -Integrations: Microsoft Compliance Center | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog +Integrations: Microsoft Compliance Manager | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog Integrations: Microsoft Defender for Identity | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog Integrations: Microsoft Defender for Office 365 | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog Integrations: Microsoft Endpoint DLP | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog diff --git a/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md b/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md index 5a2af69aab..d0f076113c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md index e20fd67535..1e1cd63909 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/alert-landing-view-upd.png b/windows/security/threat-protection/microsoft-defender-atp/images/alert-landing-view-upd.png new file mode 100644 index 0000000000..1f42e280fe Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/alert-landing-view-upd.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/detection-status-detected-upd.png b/windows/security/threat-protection/microsoft-defender-atp/images/detection-status-detected-upd.png new file mode 100644 index 0000000000..ab92777602 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/detection-status-detected-upd.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/detection-status-detected.png b/windows/security/threat-protection/microsoft-defender-atp/images/detection-status-detected.png new file mode 100644 index 0000000000..a629704d07 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/detection-status-detected.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/detection-status-prevented-mac-upd.png b/windows/security/threat-protection/microsoft-defender-atp/images/detection-status-prevented-mac-upd.png new file mode 100644 index 0000000000..8b6427d7f8 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/detection-status-prevented-mac-upd.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/detection-status-prevented-mac.png b/windows/security/threat-protection/microsoft-defender-atp/images/detection-status-prevented-mac.png new file mode 100644 index 0000000000..785afce704 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/detection-status-prevented-mac.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/detstat-blocked.png b/windows/security/threat-protection/microsoft-defender-atp/images/detstat-blocked.png new file mode 100644 index 0000000000..82fbc297a1 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/detstat-blocked.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/detstat-detected.png b/windows/security/threat-protection/microsoft-defender-atp/images/detstat-detected.png new file mode 100644 index 0000000000..15d95de0e8 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/detstat-detected.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/detstat-prevented.png b/windows/security/threat-protection/microsoft-defender-atp/images/detstat-prevented.png new file mode 100644 index 0000000000..91686e3ec6 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/detstat-prevented.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/device-page-details.png b/windows/security/threat-protection/microsoft-defender-atp/images/device-page-details.png new file mode 100644 index 0000000000..ee5931d336 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/device-page-details.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/user-page-details.PNG b/windows/security/threat-protection/microsoft-defender-atp/images/user-page-details.PNG new file mode 100644 index 0000000000..3fa411e426 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/user-page-details.PNG differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md index e14a1a1440..5be27ed843 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md +++ b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md @@ -22,7 +22,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md index a6642a76d6..57d5271cb8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md +++ b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md @@ -21,7 +21,8 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md index 9cb3e7fef1..75364d15d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md index ed32a99990..8bb9d29001 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md index 6bd26e04a7..330ed5159c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md index 946eeb3008..5ab320b0d4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md index baef9c8ecb..5baa7d4de3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md index e3d8274f25..cdb4ce99d1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md index f36d4f2fd7..0313f72ffd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md @@ -21,7 +21,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md index 8121e79ad5..f077b93b17 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md @@ -26,7 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatealerts-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md index 40b569b13d..b82c842c40 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md index 46c6efd790..43cfbb5d76 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md @@ -26,7 +26,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatedomain-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md index e8ab071434..bbec992744 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md @@ -26,7 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md index 04c380c532..6e8ffe303f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md index 408450f834..fe7d86c394 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md @@ -27,7 +27,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md index dbe3c86cce..f12edaa907 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md @@ -26,7 +26,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md index d1db196189..266769ab1f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigation.md b/windows/security/threat-protection/microsoft-defender-atp/investigation.md index 5db24608de..c2ef414f1d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index 0aa8395536..e8d69bbb20 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -26,8 +26,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/p/?linkid=2118804) + +**Platforms** +- iOS > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) @@ -99,3 +102,10 @@ Defender for Endpoint for iOS enables admins to configure custom indicators on i ## Report unsafe site Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit the [Provide feedback about network protection](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) page if you want to report a website that could be a phishing site. + +## Battery Consumption issues on iOS when Microsoft Defender for Endpoint is installed + +The battery usage by an app is computed by Apple based on a multitude of factors including CPU and Network usage. Microsoft Defender for Endpoint uses a local/loop-back VPN in the background to check web traffic for any malicious websites or connections. Network packets from any app go through this check and that causes the battery usage of Microsoft Defender for Endpoint to be computed inaccurately. This gives a false impression to the user. The actual battery consumption of Microsoft Defender for Endpoint is lesser than what is shown on the Battery Settings page on the device. This is based on conducted tests done on the Microsoft Defender for Endpoint app to understand battery consumption. + +Also the VPN used is a local VPN and unlike traditional VPNs, network traffic is not sent outside the device. + diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index d3614e3095..214affec0e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -26,9 +26,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platforms** +- iOS + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This topic describes deploying Defender for Endpoint for iOS on Intune Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll iOS/iPadOS devices in Intune](https://docs.microsoft.com/mem/intune/enrollment/ios-enroll). diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md index 489a76edb4..7d39d25fb3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md @@ -24,9 +24,12 @@ ms.technology: mde # Privacy information - Microsoft Defender for Endpoint for iOS **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platforms** +- iOS + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) > [!NOTE] diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md index ddb445f85a..e977b143b4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md @@ -24,9 +24,6 @@ ms.technology: mde # Microsoft Defender for Endpoint for iOS application license terms -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - ## MICROSOFT APPLICATION LICENSE TERMS: MICROSOFT DEFENDER FOR ENDPOINT These license terms ("Terms") are an agreement between Microsoft Corporation (or diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md new file mode 100644 index 0000000000..b8d75b40e7 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md @@ -0,0 +1,36 @@ +--- +title: What's new in Microsoft Defender for Endpoint for iOS +description: Learn about the major changes for previous versions of Microsoft Defender for Endpoint for iOS. +keywords: microsoft, defender, atp, mac, installation, macos, whatsnew +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: m365-security +ms.mktglfcycl: security +ms.sitesec: library +ms.pagetype: security +ms.author: sunasing +author: sunasing +ms.localizationpriority: medium +manager: sunasing +audience: ITPro +ms.collection: + - m365-security-compliance + - m365initiative-defender-endpoint +ms.topic: conceptual +ms.technology: mde +--- + +# What's new in Microsoft Defender for Endpoint for iOS + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## 1.1.15010101 + +- With this version, we are announcing support for iPadOS/iPad devices. +- Bug fixes. diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md index c3eaf21d3f..37130284b0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md @@ -23,9 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index a2fcd856c4..7e57f3d813 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -26,9 +26,12 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platforms** +- Linux + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index e017a9cca2..37d64ec702 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -27,9 +27,12 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platforms** +- Linux + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This article describes how to deploy Microsoft Defender for Endpoint for Linux manually. A successful deployment requires the completion of all of the following tasks: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 111a241a5c..6638528929 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -27,9 +27,13 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platforms** +- Linux + + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This article describes how to deploy Defender for Endpoint for Linux using Ansible. A successful deployment requires the completion of all of the following tasks: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index f3363b34dd..49e9133e71 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -27,9 +27,12 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platforms** +- Linux + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This article describes how to deploy Defender for Endpoint for Linux using Puppet. A successful deployment requires the completion of all of the following tasks: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md index 7da256d6f9..997e47a213 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md @@ -27,9 +27,12 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platforms** +- Linux + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) >[!IMPORTANT] diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md index e8f59927aa..18b52f1d98 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md @@ -23,9 +23,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platforms** +- Linux + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Defender for Endpoint for Linux. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md index cd239ed756..b3405316e9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md @@ -26,9 +26,12 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platforms** +- Linux + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) The potentially unwanted application (PUA) protection feature in Defender for Endpoint for Linux can detect and block PUA files on endpoints in your network. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index 0fcf1d929e..12887fa1fc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -25,11 +25,13 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +**Platforms** +- Linux + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) ## Collect diagnostic information diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index f8853d02af..9eca01d7ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -20,6 +20,15 @@ ms.technology: mde # Schedule scans with Microsoft Defender for Endpoint (Linux) +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +**Platforms** +- Linux + To run a scan for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md index 9f54cc52f1..8a889f3212 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md @@ -27,8 +27,11 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +**Platforms** +- Linux > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index 87430c9333..396d61aac7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -26,8 +26,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +**Platforms** +- Linux + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-events.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-events.md index 33072a0f3f..043bdc0f0e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-events.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-events.md @@ -25,8 +25,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +**Platforms** +- Linux -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) This article provides some general steps to mitigate missing events or alerts in the [security center](https://securitycenter.windows.com/) portal. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 1ed0260fb6..b31d5df5a1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -26,8 +26,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +**Platforms** +- Linux > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index 9c286456bd..6c14ee8b43 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -25,8 +25,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +**Platforms** +- Linux + > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This article provides some general steps that can be used to narrow down performance issues related to Defender for Endpoint for Linux. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-update-MDE-Linux.md b/windows/security/threat-protection/microsoft-defender-atp/linux-update-MDE-Linux.md index 24da7b0066..bb87b252d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-update-MDE-Linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-update-MDE-Linux.md @@ -20,6 +20,13 @@ ms.technology: mde # Schedule an update of the Microsoft Defender for Endpoint (Linux) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +**Platforms** +- Linux + To run an update on Microsoft Defender for Endpoint for Linux, see [Deploy updates for Microsoft Defender for Endpoint for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-updates). Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md index f2f2749165..968cc87ecc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md @@ -25,11 +25,13 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - + +**Platforms** +- Linux +- > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md index 99d7be60b1..ee12c298b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -22,8 +22,21 @@ ms.technology: mde # What's new in Microsoft Defender for Endpoint for Linux +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +**Platforms** +- Linux + [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +## 101.23.64 (30.121021.12364.0) + +- Performance improvement for the situation where an entire mount point is added to the antivirus exclusion list. Prior to this version, file activity originating from the mount point was still processed by the product. Starting with this version, file activity for excluded mount points is suppressed, leading to better product performance +- Added a new option to the command-line tool to view information about the last on-demand scan. To view information about the last on-demand scan, run `mdatp health --details antivirus` +- Other performance improvements & bug fixes + ## 101.18.53 - EDR for Linux is now [generally available](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/edr-for-linux-is-now-is-generally-available/ba-p/2048539) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md index 80665010c7..5512e5de90 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index cf0e1e7fd8..69a3f5b8cd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 1e866f42d9..8f5055b2dc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -26,7 +26,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md index 8989813e71..eb606f9b95 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md index 515ed636df..1fb0eb409b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md index e0cb7de973..e2ad0838d0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md @@ -155,9 +155,9 @@ To approve the system extensions: 2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Extensions**. Select **Create**. -3. In the `Basics` tab, give a name to this new profile. +3. In the **Basics** tab, give a name to this new profile. -4. In the `Configuration settings` tab, add the following entries in the `Allowed system extensions` section: +4. In the **Configuration settings** tab, add the following entries in the **Allowed system extensions** section: Bundle identifier | Team identifier --------------------------|---------------- @@ -165,9 +165,9 @@ To approve the system extensions: com.microsoft.wdav.netext | UBF8T346G9 > [!div class="mx-imgBorder"] - > ![System configuration profiles screenshot](images/mac-system-extension-intune2.png) + > ![System extension settings in Configuration settings on the Basics tab](images/mac-system-extension-intune2.png) -5. In the `Assignments` tab, assign this profile to **All Users & All devices**. +5. In the **Assignments** tab, assign this profile to **All Users & All devices**. 6. Review and create this configuration profile. @@ -181,7 +181,7 @@ To approve the system extensions: 4. Select **OK**. - ![System configuration profiles screenshot](../microsoft-defender-antivirus/images/MDATP-6-SystemConfigurationProfiles.png) + ![Import a configuration from a file for Custom Configuration Profile](../microsoft-defender-antivirus/images/MDATP-6-SystemConfigurationProfiles.png) 5. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. @@ -205,7 +205,7 @@ To approve the system extensions: Once the Intune changes are propagated to the enrolled devices, you can see them listed under **Monitor** > **Device status**: > [!div class="mx-imgBorder"] -> ![System configuration profiles screenshot](../microsoft-defender-antivirus/images/MDATP-7-DeviceStatusBlade.png) +> ![View of Device Status in Monitor](../microsoft-defender-antivirus/images/MDATP-7-DeviceStatusBlade.png) ## Publish application @@ -217,7 +217,7 @@ Once the Intune changes are propagated to the enrolled devices, you can see them 4. Select **Configure** and add the required information. -5. Use **macOS High Sierra 10.13** as the minimum OS. +5. Use **macOS High Sierra 10.14** as the minimum OS. 6. Set *Ignore app version* to **Yes**. Other settings can be any arbitrary value. @@ -227,12 +227,12 @@ Once the Intune changes are propagated to the enrolled devices, you can see them > If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Microsoft Defender for Endpoint. This could result in a non-functioning application. See [Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md) for additional information about how the product is updated. If you deployed Microsoft Defender for Endpoint with *Ignore app version* set to **No**, please change it to **Yes**. If Microsoft Defender for Endpoint still cannot be installed on a client device, then uninstall Microsoft Defender for Endpoint and push the updated policy. > [!div class="mx-imgBorder"] - > ![Device status blade screenshot](../microsoft-defender-antivirus/images/MDATP-8-IntuneAppInfo.png) + > ![Display of App information in App add](../microsoft-defender-antivirus/images/MDATP-8-IntuneAppInfo.png) 7. Select **OK** and **Add**. > [!div class="mx-imgBorder"] - > ![Device status blade screenshot](../microsoft-defender-antivirus/images/MDATP-9-IntunePkgInfo.png) + > ![Device status shown in Notifications window](../microsoft-defender-antivirus/images/MDATP-9-IntunePkgInfo.png) 8. It may take a few moments to upload the package. After it's done, select the package from the list and go to **Assignments** and **Add group**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index 9ca979d54b..69a40e23a2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -26,7 +26,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md index 1138236d4b..8084b7182f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md @@ -26,7 +26,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) @@ -96,12 +96,12 @@ Grant Full Disk Access to the following components: - Microsoft Defender for Endpoint - Identifier: `com.microsoft.wdav` - Identifier Type: Bundle ID - - Code Requirement: identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /\* exists \*/ and certificate leaf[field.1.2.840.113635.100.6.1.13] /\* exists \*/ and certificate leaf[subject.OU] = UBF8T346G9 + - Code Requirement: `identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9` - Microsoft Defender for Endpoint Security Extension - Identifier: `com.microsoft.wdav.epsext` - Identifier Type: Bundle ID - - Code Requirement: identifier "com.microsoft.wdav.epsext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 + - Code Requirement: `identifier "com.microsoft.wdav.epsext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9` ### Network extension policy @@ -110,7 +110,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender - Filter type: Plugin - Plugin bundle identifier: `com.microsoft.wdav` - Filter data provider bundle identifier: `com.microsoft.wdav.netext` -- Filter data provider designated requirement: identifier "com.microsoft.wdav.netext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 +- Filter data provider designated requirement: `identifier "com.microsoft.wdav.tunnelext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9` - Filter sockets: `true` ## Check installation status diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md index d6c2b96c1a..585448c30f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md index 584cf1782d..bf3dcae2d1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md @@ -26,7 +26,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md index 780f0d40dd..7fdbbda41d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md @@ -512,7 +512,7 @@ These steps are applicable of macOS 10.15 (Catalina) or newer. - Identifier: `com.microsoft.wdav` - Identifier Type: Bundle ID - - Code Requirement: identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /\* exists \*/ and certificate leaf[field.1.2.840.113635.100.6.1.13] /\* exists \*/ and certificate leaf[subject.OU] = UBF8T346G9 + - Code Requirement: `identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9` ![Image of configuration setting](images/22cb439de958101c0a12f3038f905b27.png) @@ -537,7 +537,7 @@ These steps are applicable of macOS 10.15 (Catalina) or newer. - Identifier: `com.microsoft.wdav.epsext` - Identifier Type: Bundle ID - - Code Requirement: identifier "com.microsoft.wdav.epsext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 + - Code Requirement: `identifier "com.microsoft.wdav.epsext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9` 10. Select **+ Add**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md index 2c0d778f02..7927312e0c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md index 2dcf7cdb1d..5bdeca7c6e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index fe3f27eb84..85bde27c12 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md index dcdfc97f08..3fe47c0778 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md index 794b22f614..ac569853c6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md @@ -28,7 +28,7 @@ ms.technology: mde **Applies to:** - [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md index dac89cd0e0..855d11a5d4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md @@ -28,7 +28,7 @@ ms.technology: mde **Applies to:** - [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md index f5fffd8908..37625ec1cd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md @@ -28,7 +28,7 @@ ms.technology: mde **Applies to:** - [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md index f7fc2a6d90..f8dd7f0bd7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md @@ -28,7 +28,7 @@ ms.technology: mde **Applies to:** - [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 87e9d428dc..35326644e1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -26,7 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md index d77b0c8e35..57c75b7e1f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md @@ -25,7 +25,7 @@ ms.technology: mde # Microsoft Defender for Endpoint for Mac - system extensions public preview) **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md index f5f21dd264..518755e4a6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md @@ -28,7 +28,7 @@ ms.technology: mde **Applies to:** - [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 73179f83a8..a7440b08d2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) @@ -34,7 +34,11 @@ ms.technology: mde > On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md). > [!IMPORTANT] -> Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021. +> Support for macOS 10.13 (High Sierra) has been discontinued on February 15th, 2021. + +## 101.22.79 (20.121012.12279.0) + +- Performance improvements & bug fixes ## 101.19.88 (20.121011.11988.0) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md index 50499f53c7..081b760682 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md index 33158122e0..34e1781825 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 4e94851be0..6a4f0c7315 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md index 83b5b8f8de..0017af7fc6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md index 97acdb209c..0fa8b8e889 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-machinesview-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md index b3c72eb278..145eb8b0aa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md index c1a3662efb..cecede1e33 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md @@ -27,7 +27,7 @@ ms.reviewer: chventou [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md index c200ef678f..bfd925cb47 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md @@ -27,7 +27,7 @@ ms.reviewer: chventou [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md index 093f7f6712..593c1bec26 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md @@ -27,7 +27,7 @@ ms.reviewer: chventou [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md index e37ba456ce..7cd9f58346 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md @@ -27,7 +27,7 @@ ms.reviewer: chventou [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md index 99daf91009..7db3e6839f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md @@ -27,7 +27,7 @@ ms.reviewer: chventou [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md index 48a1efeb78..1082c91ed5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md index 11d49454fd..0f249eea6c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automationexclusionfolder-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md index bb8890d383..b7ac795984 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md @@ -26,7 +26,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md index 8f63f16b11..2458860aa3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md index 97a7f5bb15..340f07544f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md index 9f7564dcb1..c27b680ea9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md +++ b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mgt-apis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md index f32f4af0d0..5afe092c66 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md @@ -27,7 +27,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho # Migrate from McAfee to Microsoft Defender for Endpoint **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) If you are planning to switch from McAfee Endpoint Security (McAfee) to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md index 14270c916e..052610c0e1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md @@ -27,7 +27,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho # Migrate from McAfee - Phase 3: Onboard to Microsoft Defender for Endpoint **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md index 4b9d123c45..573be1a46f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md @@ -27,7 +27,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho # Migrate from McAfee - Phase 1: Prepare for your migration **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) |![Phase 1: Prepare](images/phase-diagrams/prepare.png)
Phase 1: Prepare |[![Phase 2: Set up](images/phase-diagrams/setup.png)](mcafee-to-microsoft-defender-setup.md)
[Phase 2: Set up](mcafee-to-microsoft-defender-setup.md) |[![Phase 3: Onboard](images/phase-diagrams/onboard.png)](mcafee-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](mcafee-to-microsoft-defender-onboard.md) | diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md index dc706c0bbc..510766d248 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md @@ -27,7 +27,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho # Migrate from McAfee - Phase 2: Set up Microsoft Defender for Endpoint **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) |[![Phase 1: Prepare](images/phase-diagrams/prepare.png)](mcafee-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](mcafee-to-microsoft-defender-prepare.md) |![Phase 2: Set up](images/phase-diagrams/setup.png)
Phase 2: Set up |[![Phase 3: Onboard](images/phase-diagrams/onboard.png)](mcafee-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](mcafee-to-microsoft-defender-onboard.md) | diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md index c12ba0d4e0..f0f9c14dc7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md @@ -1,7 +1,7 @@ --- title: Configure Microsoft Cloud App Security integration ms.reviewer: -description: Learn how to turn on the settings to enable the Microsoft Defender ATP integration with Microsoft Cloud App Security. +description: Learn how to turn on the settings to enable the Microsoft Defender for Endpoint integration with Microsoft Cloud App Security. keywords: cloud, app, security, settings, integration, discovery, report search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) @@ -35,7 +35,7 @@ To benefit from Microsoft Defender for Endpoint cloud app discovery signals, tur >[!NOTE] >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on devices running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions. -> See [Microsoft Defender for Endpoint integration with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender for Endpoint with Microsoft Cloud App Security. +> See [Microsoft Defender for Endpoint integration with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/mde-integration) for detailed integration of Microsoft Defender for Endpoint with Microsoft Cloud App Security. ## Enable Microsoft Cloud App Security in Microsoft Defender for Endpoint @@ -52,7 +52,7 @@ To view and access Microsoft Defender for Endpoint data in Microsoft Cloud Apps For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps). -If you are interested in trying Microsoft Cloud App Security, see [Microsoft Cloud App Security Trial](https://signup.microsoft.com/Signup?OfferId=757c4c34-d589-46e4-9579-120bba5c92ed&ali=1). +If you're interested in trying Microsoft Cloud App Security, see [Microsoft Cloud App Security Trial](https://signup.microsoft.com/Signup?OfferId=757c4c34-d589-46e4-9579-120bba5c92ed&ali=1). ## Related topic - [Microsoft Cloud App Security integration](microsoft-cloud-app-security-integration.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md index 09d31106dd..8d7c70971d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md @@ -27,7 +27,7 @@ ms.technology: mde [!include[Prerelease information](../../includes/prerelease.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md index 8e68ee578b..f4251947bb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md index 5787716e3b..595aea5003 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md @@ -26,7 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md index 8030e5ba81..067002c611 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md @@ -26,7 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) @@ -74,7 +74,7 @@ For more information, see [Deploy Microsoft Defender for Endpoint for iOS](ios-i ## Resources -- Stay informed about upcoming releases by visiting our [blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/iOS). +- Stay informed about upcoming releases by visiting [What's new in Microsoft Defender for Endpoint for iOS](ios-whatsnew.md) or our [blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/iOS). - Provide feedback through in-app feedback system or through [SecOps portal](https://securitycenter.microsoft.com) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 7ffe532e84..e3ffc3614b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -26,7 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 5d914f0a39..df5d442626 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -2,7 +2,7 @@ title: Microsoft Defender ATP for Mac ms.reviewer: description: Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Mac. -keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, big sur, catalina, mojave search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security @@ -26,7 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) @@ -75,9 +75,9 @@ The three most recent major releases of macOS are supported. > On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md). > [!IMPORTANT] -> Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021. +> Support for macOS 10.13 (High Sierra) has been discontinued on February 15th, 2021. -- 11 (Big Sur), 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra) +- 11 (Big Sur), 10.15 (Catalina), 10.14 (Mojave) - Disk space: 1GB Beta versions of macOS are not supported. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md index f459bd1990..caa5ac5509 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md index 20ecaac216..460b94e65a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md @@ -26,7 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md index bda2c4c2d0..e88f62cdb5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md +++ b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index a5ff2e08a5..bebf547a9e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md index 32dbed7b43..9eeb7ce1d4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md @@ -21,7 +21,7 @@ ms.technology: mde # Supported managed security service providers **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md index 5b69830dc9..af2aaccbc0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index 065da4f483..7ff00a13e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -15,6 +15,7 @@ ms.reviewer: manager: dansimp ms.custom: asr ms.technology: mde +ms.date: 03/08/2021 --- # Protect your network @@ -22,38 +23,38 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that might host phishing scams, exploits, and other malicious content on the Internet. Network protection expands the scope of [Microsoft Defender SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname). -Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. - -Network protection expands the scope of [Microsoft Defender SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname). - -Network protection is supported beginning with Windows 10, version 1709. +Network protection is supported on Windows, beginning with Windows 10, version 1709. For more information about how to enable network protection, see [Enable network protection](enable-network-protection.md). Use Group Policy, PowerShell, or MDM CSPs to enable and manage network protection in your network. > [!TIP] -> You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. +> See the Microsoft Defender ATP testground site at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how network protection works. -Network protection works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). +Network protection works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into exploit protection events and blocks as part of [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). -When network protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. +When network protection blocks a connection, a notification is displayed from the Action Center. Your security operations team can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your organization's details and contact information. In addition, individual attack surface reduction rules can be enabled and customized to suit certain techniques to monitor. -You can also use [audit mode](audit-windows-defender.md) to evaluate how Network protection would impact your organization if it were enabled. +You can also use [audit mode](audit-windows-defender.md) to evaluate how network protection would impact your organization if it were enabled. + +> [!NOTE] +> If network protection is enabled and platform updates are managed, it could cause some systems to lose network connectivity if their systems aren't updated. As a result, some devices might lose network connectivity. In a managed environment, make sure that Configuration Manager auto deployment rule is updating the platform. Make sure this is fully deployed to all clients before turning on network protection. ## Requirements Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender Antivirus real-time protection. -| Windows 10 version | Microsoft Defender Antivirus | +| Windows version | Microsoft Defender Antivirus | |:---|:---| -| Windows 10 version 1709 or later | [Microsoft Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled | +| Windows 10 version 1709 or later

Windows Server 1803 or later | [Microsoft Defender Antivirus real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled | -After you have enabled the services, you might need to configure your network or firewall to allow the connections between the services and your endpoints. +After you have enabled the services, you might need to configure your network or firewall to allow the connections between the services and your devices (also referred to as endpoints). - .smartscreen.microsoft.com - .smartscreen-prod.microsoft.com @@ -79,13 +80,13 @@ You can review the Windows event log to see events that are created when network 2. Select **OK**. -3. This will create a custom view that filters to only show the following events related to network protection: +This procedure creates a custom view that filters to only show the following events related to network protection: - | Event ID | Description | - |:---|:---| - | 5007 | Event when settings are changed | - | 1125 | Event when network protection fires in audit mode | - | 1126 | Event when network protection fires in block mode | +| Event ID | Description | +|:---|:---| +| 5007 | Event when settings are changed | +| 1125 | Event when network protection fires in audit mode | +| 1126 | Event when network protection fires in block mode | ## Related articles diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md index 1a62b95bac..8f700be3fc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md index 517c697b71..3dbe1d53a5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md index a994c90a5b..70caff12de 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md index 8fd79337d1..9350bcaf03 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) **Platforms** diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md index 0449f8b2c1..344e118e8d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) [!include[Prerelease information](../../includes/prerelease.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md index 28fcfa5a1f..6760f395a0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) **Platforms** diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md index f8f4833fc7..94196812e5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md index e38231a50b..ed6a1b3019 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md index cfac9fcfd7..b8553123ad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md index b7d42d9142..dc142a7ba3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md index 1cdfe2f6b4..a42909b38d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md index 641f78a4e3..db5317f020 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md index 48b9e9bb5a..90910ef229 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md index bc94c1f8f6..35cfd28f21 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md index 73e56c353d..cfafd8f540 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md index e9fbf258b4..bc271ee631 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index 998b06013b..886b9dd8be 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md index 3d1b8e911d..4ffa007d8e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md index 0efb827699..357a1847dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md index 2cd109f94f..41dc5c18e0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md +++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md index abe5f6b57a..a14e13cf93 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index 8dab515d0f..58c5fe70f6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -26,7 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md index 2464347292..fa023756c3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index 5e35758c3f..845231f559 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -28,7 +28,7 @@ ms.technology: mde >The preview versions are provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 015d6437b3..5a69318c36 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -1,6 +1,6 @@ --- -title: Set up Microsoft Defender ATP deployment -description: Learn how to setup the deployment for Microsoft Defender ATP +title: Set up Microsoft Defender for Endpoint deployment +description: Learn how to set up the deployment for Microsoft Defender for Endpoint keywords: deploy, setup, licensing validation, tenant configuration, network configuration search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -27,7 +27,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) @@ -47,7 +47,7 @@ In this deployment scenario, you'll be guided through the steps on: >[!NOTE] ->For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md). +>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but won't cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md). ## Check license state @@ -59,7 +59,7 @@ Checking for the license state and whether it got properly provisioned, can be d 1. Alternately, in the admin center, navigate to **Billing** > **Subscriptions**. - On the screen, you will see all the provisioned licenses and their current **Status**. + On the screen, you'll see all the provisioned licenses and their current **Status**. ![Image of billing licenses](images/atp-billing-subscriptions.png) @@ -93,7 +93,7 @@ When accessing Microsoft Defender Security Center for the first time, a wizard t 4. Set up preferences. - **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU, or UK. You cannot change the location after this set up and Microsoft will not transfer the data from the specified geolocation. + **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU, or UK. You can't change the location after this set up and Microsoft won't transfer the data from the specified geolocation. **Data retention** - The default is six months. @@ -109,7 +109,7 @@ When accessing Microsoft Defender Security Center for the first time, a wizard t ## Network configuration -If the organization does not require the endpoints to use a Proxy to access the +If the organization doesn't require the endpoints to use a Proxy to access the Internet, skip this section. The Microsoft Defender for Endpoint sensor requires Microsoft Windows HTTP (WinHTTP) to @@ -127,15 +127,11 @@ the following discovery methods: - Web Proxy Autodiscovery Protocol (WPAD) -If a Transparent proxy or WPAD has been implemented in the network topology, +If a Transparent proxy or WPAD has been implemented in the network topology, there is no need for special configuration settings. For more information on Microsoft Defender for Endpoint URL exclusions in the proxy, see the -Appendix section in this document for the URLs allow list or on -[Microsoft -Docs](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server). - -> [!NOTE] -> For a detailed list of URLs that need to be allowed, please see [this article](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus). +[Proxy Service URLs](production-deployment.md#proxy-service-urls) section in this document for the URLs allow list or on +[Configure device proxy and Internet connectivity settings](configure-proxy-internet.md#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server). **Manual static proxy configuration:** @@ -229,24 +225,27 @@ The following downloadable spreadsheet lists the services and their associated U |![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS.

[Download the spreadsheet here.](https://download.microsoft.com/download/8/a/5/8a51eee5-cd02-431c-9d78-a58b7f77c070/mde-urls.xlsx) -### Microsoft Defender for Endpoint service backend IP range +### Microsoft Defender for Endpoint service backend IP ranges -If you network devices don't support the URLs listed in the prior section, you can use the following information. +If your network devices don't support DNS-based rules, use IP ranges instead. -Defender for Endpoint is built on Azure cloud, deployed in the following regions: +Defender for Endpoint is built in Azure cloud, deployed in the following regions: -- \+\ -- \+\ -- \+\ -- \+\ -- \+\ -- \+\ -- \+\ +- AzureCloud.eastus +- AzureCloud.eastus2 +- AzureCloud.westcentralus +- AzureCloud.northeurope +- AzureCloud.westeurope +- AzureCloud.uksouth +- AzureCloud.ukwest -You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https://www.microsoft.com/en-us/download/details.aspx?id=41653). +You can find the Azure IP ranges in [Azure IP Ranges and Service Tags – Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519). > [!NOTE] -> As a cloud-based solution, the IP address range can change. It's recommended you move to DNS resolving setting. +> As a cloud-based solution, the IP address ranges can change. It's recommended you move to DNS-based rules. + +> [!NOTE] +> If you are a US Government customer, please see the corresponding section in the [Defender for Endpoint for US Government](gov.md#service-backend-ip-ranges) page. ## Next step diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md index bed5597bce..c22b4a504f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md index 16ce7dcb31..c66d90bd4e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md +++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md index 262969540e..ce6bda70ca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md index f124eec8b0..2367dfc93a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md +++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index a79f5f4029..a75788222a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -22,7 +22,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index d3a21ba3a1..5c99f08ced 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) [!include[Prerelease information](../../includes/prerelease.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md index 45004c7b04..2f22080f6f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-respondmachine-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md index fac76273f1..bd6555f905 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md @@ -22,10 +22,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md index 9467a76c50..817881e715 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-managealerts-abovefoldlink) @@ -44,23 +44,37 @@ Selecting an alert's name in Defender for Endpoint will land you on its alert pa 3. The **alert story** displays all entities related to the alert, interconnected by a tree view. The alert in the title will be the one in focus when you first land on your selected alert's page. Entities in the alert story are expandable and clickable, to provide additional information and expedite response by allowing you to take actions right in the context of the alert page. Use the alert story to start your investigation. Learn how in [Investigate alerts in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts). 4. The **details pane** will show the details of the selected alert at first, with details and actions related to this alert. If you select any of the affected assets or entities in the alert story, the details pane will change to provide contextual information and actions for the selected object. -![An alert page when you first land on it](images/alert-landing-view.png) +Note the detection status for your alert. +- Prevented – The attempted suspicious action was avoided. For example, a file either wasn’t written to disk or executed. +![An alert page showing threat was prevented](images/detstat-prevented.png) +- Blocked – Suspicious behavior was executed and then blocked. For example, a process was executed but because it subsequently exhibited suspicious behaviors, the process was terminated. +![An alert page showing threat was blocked](images/detstat-blocked.png) +- Detected – An attack was detected and is possibly still active. +![An alert page showing threat was detected](images/detstat-detected.png) -Note the detection status for your alert. Blocked, or prevented means actions were already taken by Defender for Endpoint. -Start by reviewing the *automated investigation details* in your alert's details pane, to see which actions were already taken, as well as reading the alert's description for recommended actions. + + + +You can then also review the *automated investigation details* in your alert's details pane, to see which actions were already taken, as well as reading the alert's description for recommended actions. ![A snippet of the details pane with the alert description and automatic investigation sections highlighted](images/alert-air-and-alert-description.png) Other information available in the details pane when the alert opens includes MITRE techniques, source, and additional contextual details. + + + ## Review affected assets Selecting a device or a user card in the affected assets sections will switch to the details of the device or user in the details pane. -- **For devices** the details pane will display information about the device itself, like Domain, Operating System, and IP. Active alerts and the logged on users on that device are also available. You can take immediate action by isolating the device, restricting app execution, or running an antivirus scan. Alternatively, you could collect an investigation package, initiate an automated investigation, or go to the device page to investigate from the device's point of view. -- **For users** the details pane will display detailed user information, such as the user's SAM name and SID, as well as logon types performed by this user and any alerts and incidents related to it. You can select *Open user page* to continue the investigation from that user's point of view. +- **For devices**, the details pane will display information about the device itself, like Domain, Operating System, and IP. Active alerts and the logged on users on that device are also available. You can take immediate action by isolating the device, restricting app execution, or running an antivirus scan. Alternatively, you could collect an investigation package, initiate an automated investigation, or go to the device page to investigate from the device's point of view. - ![A snippet of the details pane when a device is selected](images/alert-device-details.png) + ![A snippet of the details pane when a device is selected](images/device-page-details.png) + +- **For users**, the details pane will display detailed user information, such as the user's SAM name and SID, as well as logon types performed by this user and any alerts and incidents related to it. You can select *Open user page* to continue the investigation from that user's point of view. + + ![A snippet of the details pane when a user is selected](images/user-page-details.png) ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md index 102567ceca..d039c604ad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md @@ -23,7 +23,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md index 2ba2ea5174..36bb91f345 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md @@ -22,7 +22,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md index f55687551f..2f8edd38ca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md @@ -22,7 +22,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md index 391ed99e1c..40069b0eb1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md @@ -21,7 +21,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md index 86b7d73c1d..d62f18fd7b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md @@ -31,7 +31,7 @@ ms.technology: mde - Windows Server 2016 - Windows Server, version 1803 - Windows Server, 2019 -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md index 99c8566590..80e49afc9f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/score.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md index 31dd3d807f..9c7cd442e1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/service-status.md b/windows/security/threat-protection/microsoft-defender-atp/service-status.md index c0c35a7e8e..b5010f0005 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/service-status.md +++ b/windows/security/threat-protection/microsoft-defender-atp/service-status.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) diff --git a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md index e0f9065062..cf8b130e5d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md +++ b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md @@ -22,10 +22,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index d158ad400f..244d65b7fa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -22,10 +22,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md index 7e2f2ae7e4..9ff1630d67 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md +++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md @@ -21,7 +21,8 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md index fc39b63653..3ccef460bb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md @@ -26,7 +26,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho # Switch to Microsoft Defender for Endpoint - Phase 3: Onboard **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) | [![Phase 1: Prepare3](images/phase-diagrams/prepare.png)](switch-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](switch-to-microsoft-defender-prepare.md) | [![Phase 2: Set up](images/phase-diagrams/setup.png)](switch-to-microsoft-defender-setup.md)
[Phase 2: Set up](switch-to-microsoft-defender-setup.md) | ![Phase 3: Onboard](images/phase-diagrams/onboard.png)
Phase 3: Onboard | diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md index c34bb7e48e..fc69720be1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md +++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md @@ -26,7 +26,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho # Switch to Microsoft Defender for Endpoint - Phase 1: Prepare **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) | ![Phase 1: Prepare](images/phase-diagrams/prepare.png)
Phase 1: Prepare | [![Phase 2: Set up](images/phase-diagrams/setup.png)](switch-to-microsoft-defender-setup.md)
[Phase 2: Set up](switch-to-microsoft-defender-setup.md) | [![Phase 3: Onboard](images/phase-diagrams/onboard.png)](switch-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](switch-to-microsoft-defender-onboard.md) | diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md index fb128c2f4b..970af4ece2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md @@ -26,7 +26,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho # Switch to Microsoft Defender for Endpoint - Phase 2: Setup **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) |[![Phase 1: Prepare](images/phase-diagrams/prepare.png)](switch-to-microsoft-defender-prepare.md)
[Phase 1: Prepare](switch-to-microsoft-defender-prepare.md) |![Phase 2: Set up](images/phase-diagrams/setup.png)
Phase 2: Set up |[![Phase 3: Onboard3](images/phase-diagrams/onboard.png)](switch-to-microsoft-defender-onboard.md)
[Phase 3: Onboard](switch-to-microsoft-defender-onboard.md) | diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md index fd3455c364..cb5859a019 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md @@ -28,7 +28,7 @@ ms.reviewer: depicker, yongrhee, chriggs If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide. **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) :::image type="content" source="images/symantec-mde-migration.png" alt-text="Overview of migrating from Symantec to Defender for Endpoint"::: diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md index af35ec691e..5f3bee240a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md @@ -26,7 +26,7 @@ ms.reviewer: depicker, yongrhee, chriggs # Migrate from Symantec - Phase 3: Onboard to Microsoft Defender for Endpoint **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) |[![Phase 1: Prepare](images/phase-diagrams/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)
[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[![Phase 2: Set up](images/phase-diagrams/setup.png)](symantec-to-microsoft-defender-atp-setup.md)
[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |![Phase 3: Onboard](images/phase-diagrams/onboard.png)
Phase 3: Onboard | diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md index 170fae78d0..3f8cc61874 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md @@ -26,7 +26,7 @@ ms.reviewer: depicker, yongrhee, chriggs # Migrate from Symantec - Phase 1: Prepare for your migration **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) |![Phase 1: Prepare](images/phase-diagrams/prepare.png)
Phase 1: Prepare |[![Phase 2: Set up](images/phase-diagrams/setup.png)](symantec-to-microsoft-defender-atp-setup.md)
[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[![Phase 3: Onboard](images/phase-diagrams/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)
[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) | diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md index da841e02fc..abd322e3ee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md @@ -26,7 +26,7 @@ ms.reviewer: depicker, yongrhee, chriggs # Migrate from Symantec - Phase 2: Set up Microsoft Defender for Endpoint **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) |[![Phase 1: Prepare](images/phase-diagrams/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)
[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |![Phase 2: Set up](images/phase-diagrams/setup.png)
Phase 2: Set up |[![Phase 3: Onboard](images/phase-diagrams/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)
[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) | diff --git a/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md index 88ed8944d4..45a9704289 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md @@ -22,21 +22,19 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) You can gain more insight in an investigation by analyzing the events that happened on a specific device. First, select the device of interest from the [Devices list](machines-view-overview.md). On the device page, you can select the **Timeline** tab to view all the events that occurred on the device. ## Understand techniques in the timeline ->[!IMPORTANT] ->Some information relates to a prereleased product feature in public preview which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - -In Microsoft Defender for Endpoint, **Techniques** are an additional data type in the event timeline. Techniques provide more insight on activities associated with [MITRE ATT&CK](https://attack.mitre.org/) techniques or sub-techniques. +**Techniques** are an additional data type in the event timeline. Techniques provide more insight on activities associated with [MITRE ATT&CK](https://attack.mitre.org/) techniques or sub-techniques. This feature simplifies the investigation experience by helping analysts understand the activities that were observed on a device. Analysts can then decide to investigate further. -For public preview, Techniques are available by default and shown together with events when a device's timeline is viewed. +Techniques are available by default and shown together with events when a device's timeline is viewed. ![Techniques in device timeline screenshot](images/device-timeline-2.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md index ef1e4801c8..7813bbd865 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md index 1e5cfd7dc1..ce4ce6d1c1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md @@ -26,7 +26,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md index 7a945710f7..b075dfe8ef 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md b/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md index 114c394734..bfe080ae6f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md index 291206bd32..e917926773 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md index 8fbeab0216..2b30eb668f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md index e01601e03d..3a26c041e4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/time-settings.md b/windows/security/threat-protection/microsoft-defender-atp/time-settings.md index 3a6fb8e000..d0391b327a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/time-settings.md +++ b/windows/security/threat-protection/microsoft-defender-atp/time-settings.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md index ec74e725a5..6faeadc3da 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md index dd9da22a6d..3c133c1065 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md @@ -22,7 +22,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md index ebdc8c0a2a..1b6b18ee84 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md index 9655ed861e..fc89a31c61 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md index b1fc3b50af..1f6ae285c2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md index 609d3153a1..216975a8ec 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md index c06e227e7a..a3d95dab49 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index 4e1d6bcc04..d507c9bad0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - Windows Server 2012 R2 - Windows Server 2016 - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md index c5b909cf91..39eba2ad55 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md index 28924cdac8..311b6cbcd6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md @@ -26,7 +26,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index 1c89fb12df..9d932e8c8a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md index f1f2519d03..8a1784a67d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md index 17596316a5..c8044f01ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index 5f92a2153f..4ff5414e25 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md index 88b4999711..10c5eb997e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md @@ -26,7 +26,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md index 1118e64dd3..b23bdc1eb2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md index cc8de342e7..4a6f5fb270 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 972694233d..4b5de5cb5d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 0e8b95ad50..ffc4fdbe49 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 448a705241..101e9b587e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index e56be4f333..99ae66be80 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -25,7 +25,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) @@ -46,7 +46,7 @@ Windows Server 2008 R2 | Operating System (OS) vulnerabilities
Software prod Windows Server 2012 R2 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment Windows Server 2016 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment Windows Server 2019 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment -macOS 10.13 "High Sierra" and above | Operating System (OS) vulnerabilities
Software product vulnerabilities +macOS 10.14 "Mojave" and above | Operating System (OS) vulnerabilities
Software product vulnerabilities Linux | Not supported (planned) ## Related articles diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md index b30303b3e4..28c96991d2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md @@ -26,7 +26,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index a43ed74fe2..238669f895 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md index f152b702aa..ad817ee872 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md @@ -26,7 +26,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md index 4024923c26..e6cc404531 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md index 8c400b2ef4..fe53556fbc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md index fc757c6f0c..99e22c296d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md +++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/use.md b/windows/security/threat-protection/microsoft-defender-atp/use.md index 1211463ba1..4e11bd536b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/use.md +++ b/windows/security/threat-protection/microsoft-defender-atp/use.md @@ -24,7 +24,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md index 5533555522..20e4411e21 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-roles-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/user.md b/windows/security/threat-protection/microsoft-defender-atp/user.md index 0226020ed9..1d8a657de3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user.md @@ -22,7 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md index 82af44a227..73a548ae7b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md @@ -24,7 +24,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index 188fa50263..8a7ab28891 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index 1f4b3d7e89..eda7cb84f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > [!IMPORTANT] diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md index 2f3b363f08..4593faab73 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md index 98c2c0942f..7421fd2904 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md index ffe7d80226..d028e88040 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md index d8df81f307..805d4e70f7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md @@ -23,7 +23,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index dbac12f064..ded06dabfd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -25,7 +25,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md index ace344e032..022c938160 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md @@ -26,7 +26,7 @@ See [Windows 10 (and later) settings to protect devices using Intune](https://do ## Group Policy settings -SmartScreen uses registry-based Administrative Template policy settings. For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. +SmartScreen uses registry-based Administrative Template policy settings.

diff --git a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md index 5022db6039..6858bbce7e 100644 --- a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md +++ b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md @@ -103,7 +103,7 @@ Ensure that only the local Administrators group is assigned the **Modify firmwar ### Potential impact -None. Restricting the **Modify firmware environment values** user right to the members of the local Administrators group is the default configuration. +Removing the local Administrators group from the **Modify firmware environment values** user right could cause inoperability of the BitLocker Drive Encryption feature. ## Related topics diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md index a47d50ae43..bd01350eee 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md @@ -65,7 +65,7 @@ To create an inbound firewall rule for a program or service To set a SID type on a service, run the following command: - **sc** **sidtype** *<Type> <ServiceName>* + **sc** **sidtype** *<ServiceName> <Type>* In the preceding command, the value of *<Type>* can be **UNRESTRICTED** or **RESTRICTED**. Although the command also permits the value of **NONE**, that setting means the service cannot be used in a firewall rule as described here. By default, most services in Windows are configured as **UNRESTRICTED**. If you change the SID type to **RESTRICTED**, the service might fail to start. We recommend that you change the SID type only on services that you want to use in firewall rules, and that you change the SID type to **UNRESTRICTED**.
Setting