From 93dd413ce5c6bca582d49ffe74d00ac8a3b9de0f Mon Sep 17 00:00:00 2001 From: SaiDuanZX <44047860+SaiDuanZX@users.noreply.github.com> Date: Wed, 22 Jan 2020 15:39:25 +0800 Subject: [PATCH 001/100] Request more clear guidelines to add a Desktop App Please talk with WIP product team and get a more clear guideline about how to add a new Desktop app to protected apps or exempted apps based on the PowerShell, the current guideline does not provide anything about how to get the "Product Name" field which we must to fill in and there are many possible different format of Product Name we may able to use. --- .../create-wip-policy-using-intune-azure.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index b3f555bb13..a02c440908 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -214,6 +214,8 @@ Path Publisher Where `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the **Publisher** name and `WORDPAD.EXE` is the **File** name. +Regarding to how to get the Product Name for the Apps you wish to Add, please reach out to our Windows Support Team to request the guidelines + ### Import a list of apps This section covers two examples of using an AppLocker XML file to the **Protected apps** list. You’ll use this option if you want to add multiple apps at the same time. From 989cfad909656a6e216837bec4840f2939c18d38 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 4 May 2020 23:39:59 +0300 Subject: [PATCH 002/100] add info about 0x801c004D https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6505 --- .../hello-for-business/hello-errors-during-pin-creation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 300a074c68..6631350839 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -98,6 +98,7 @@ For errors listed in this table, contact Microsoft Support for assistance. | 0x801C03F0 | ​There is no key registered for the user. | | 0x801C03F1 | ​There is no UPN in the token. | | ​0x801C044C | There is no core window for the current thread. | +| 0x801c004D | Unable to enroll a device to use a PIN for login. | ## Related topics From f304ed45fec6e178836d4f3b187a5442488c68f8 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Tue, 12 May 2020 09:49:48 +0300 Subject: [PATCH 003/100] Update description for 0x801c004D as advised by mapalko in https://github.com/MicrosoftDocs/windows-itpro-docs/pull/6639 --- .../hello-for-business/hello-errors-during-pin-creation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 6631350839..01f18214de 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -98,7 +98,7 @@ For errors listed in this table, contact Microsoft Support for assistance. | 0x801C03F0 | ​There is no key registered for the user. | | 0x801C03F1 | ​There is no UPN in the token. | | ​0x801C044C | There is no core window for the current thread. | -| 0x801c004D | Unable to enroll a device to use a PIN for login. | +| 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request AAD token for provisioning. Unable to enroll a device to use a PIN for login. | ## Related topics From 9a7af3e19e1a04a537a198cb1579a26b0bab2663 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 2 Jul 2020 19:22:25 +0500 Subject: [PATCH 004/100] Update troubleshoot-tcpip-netmon.md --- windows/client-management/troubleshoot-tcpip-netmon.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index 739c11d55d..f708897928 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -16,6 +16,9 @@ manager: dansimp In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic. +> [Note] +> Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](https://docs.microsoft.com/message-analyzer/microsoft-message-analyzer-operating-guide). + To get started, [download and run NM34_x64.exe](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image. ![Adapters](images/nm-adapters.png) From 3f8e733234477e91ff02b739e1181f0cf77ecc7d Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Tue, 14 Jul 2020 12:19:48 +0300 Subject: [PATCH 005/100] remove extra method which was also incorrect (Certificate not EAP) https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6936 --- .../security/identity-protection/vpn/vpn-profile-options.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index 3d0fdc211e..19df534358 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -62,8 +62,7 @@ The following is a sample Native VPN profile. This blob would fall under the Pro - Eap - Eap + Eap From a943948b2601bb84fc172e4aba4b1201cf74a034 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 15 Jul 2020 10:50:46 +0500 Subject: [PATCH 006/100] Update hello-hybrid-key-whfb-settings-policy.md --- .../hello-hybrid-key-whfb-settings-policy.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 440ab1ea70..c92c871269 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -74,6 +74,9 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv The Windows Hello for Business Group Policy object delivers the correct Group Policy settings to the user, which enables them to enroll and use Windows Hello for Business to authenticate to Azure and Active Directory +> [!NOTE] +> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more details about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows 10 device settings to enable Windows Hello for Business in Intune](https://docs.microsoft.com/mem/intune/protect/identity-protection-windows-settings) and [PassportForWork CSP](https://docs.microsoft.com/windows/client-management/mdm/passportforwork-csp). + #### Enable Windows Hello for Business The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should be attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled. From 4a7806d9094e9d54b6845c27d4fe33d255a20db1 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 16 Jul 2020 07:14:16 +0500 Subject: [PATCH 007/100] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-whfb-settings-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index c92c871269..4037b136c8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -79,7 +79,7 @@ The Windows Hello for Business Group Policy object delivers the correct Group Po #### Enable Windows Hello for Business -The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should be attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled. +The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled. You can configure the Enable Windows Hello for Business Group Policy setting for computer or users. Deploying this policy setting to computers results in ALL users that sign-in that computer to attempt a Windows Hello for Business enrollment. Deploying this policy setting to a user results in only that user attempting a Windows Hello for Business enrollment. Additionally, you can deploy the policy setting to a group of users so only those users attempt a Windows Hello for Business enrollment. If both user and computer policy settings are deployed, the user policy setting has precedence. From efea56292626e1417a70d0601beea0c6dac3930f Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 16 Jul 2020 08:40:13 +0500 Subject: [PATCH 008/100] Update hello-hybrid-key-whfb-settings-policy.md --- .../hello-for-business/hello-hybrid-key-whfb-settings-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 4037b136c8..d7355b0c32 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -75,7 +75,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv The Windows Hello for Business Group Policy object delivers the correct Group Policy settings to the user, which enables them to enroll and use Windows Hello for Business to authenticate to Azure and Active Directory > [!NOTE] -> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more details about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows 10 device settings to enable Windows Hello for Business in Intune](https://docs.microsoft.com/mem/intune/protect/identity-protection-windows-settings) and [PassportForWork CSP](https://docs.microsoft.com/windows/client-management/mdm/passportforwork-csp). +> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more details about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows 10 device settings to enable Windows Hello for Business in Intune](https://docs.microsoft.com/mem/intune/protect/identity-protection-windows-settings) and [PassportForWork CSP](https://docs.microsoft.com/windows/client-management/mdm/passportforwork-csp). For more details about policy conflicts, see [Policy conflicts from multiple policy sources](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-manage-in-organization#policy-conflicts-from-multiple-policy-sources) #### Enable Windows Hello for Business From e7931044cc4a7151630cd2e264845a777d33f93c Mon Sep 17 00:00:00 2001 From: David Gardiner Date: Fri, 17 Jul 2020 10:27:45 +0930 Subject: [PATCH 009/100] Fix cmdlet usage Remove spurious space --- .../windows-sandbox/windows-sandbox-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md index fa85062872..5c421a9094 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md @@ -48,7 +48,7 @@ The following video provides an overview of Windows Sandbox. 2. Enable virtualization on the machine. - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS. - - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:
**Set -VMProcessor -VMName \ -ExposeVirtualizationExtensions $true** + - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:
**Set-VMProcessor -VMName \ -ExposeVirtualizationExtensions $true** 1. Use the search bar on the task bar and type **Turn Windows Features on and off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted. - If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2. From 551f0e39185f3f4a6916e40495acea82f732087f Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 20 Jul 2020 11:18:04 +0500 Subject: [PATCH 010/100] minor edits As user has mentioned that when he tried to run a delete function, it doesn't work. While checking for DMClient CSP, I have found that Provider/ProviderID/Push/PFN only supports Add, Get, and Replace function not Delete. See details at https://docs.microsoft.com/en-us/windows/client-management/mdm/dmclient-csp Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/7061 --- windows/client-management/mdm/dmclient-ddf-file.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md index 15b21d0197..44ff431b60 100644 --- a/windows/client-management/mdm/dmclient-ddf-file.md +++ b/windows/client-management/mdm/dmclient-ddf-file.md @@ -1022,7 +1022,6 @@ The XML below is for Windows 10, version 1803. - From d499690ab24be504a0bf81880b7a5985249ce7da Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 20 Jul 2020 12:28:20 +0300 Subject: [PATCH 011/100] Reg key breaks Windows Store connectivity https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6600 --- windows/deployment/update/waas-manage-updates-wsus.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index 13b02958f8..1e26155297 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -82,6 +82,9 @@ When using WSUS to manage updates on Windows client devices, start by configurin 9. Under **Options**, from the **Configure automatic updating** list, select **3 - Auto download and notify for install**, and then click **OK**. ![Example of UI](images/waas-wsus-fig5.png) + + >[!IMPORTANT] + > Under Group Policy Management Editor make sure the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateDoNotConnectToWindowsUpdateInternetLocations > [!NOTE] > There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](https://technet.microsoft.com/library/cc720539%28v=ws.10%29.aspx). From 296b68d7054a60bbb5a1dbcfb067184feaab022f Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 25 Jul 2020 18:27:10 +0500 Subject: [PATCH 012/100] updated information As checked in the portal, protected domains should be added with |. Updating the information in doc. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/7135 --- .../create-wip-policy-using-intune-azure.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index b3f555bb13..29ad99192e 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -461,10 +461,10 @@ contoso.sharepoint.com|contoso.visualstudio.com Specify the domains used for identities in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. -Separate multiple domains with the "," delimiter. +Separate multiple domains with the "|" delimiter. ```code -exchange.contoso.com,contoso.com,region.contoso.com +exchange.contoso.com|contoso.com|region.contoso.com ``` ### Network domains From 0b08be80aadc87c5d4af222a4e30b06bdde79b8b Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 25 Jul 2020 22:36:04 +0500 Subject: [PATCH 013/100] note additon As recommended by user, updated the note section in the doc. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/7062 --- windows/client-management/mdm/certificatestore-csp.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index 6e878defd1..7c534c850a 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -17,7 +17,9 @@ ms.date: 02/28/2020 The CertificateStore configuration service provider is used to add secure socket layers (SSL), intermediate, and self-signed certificates. -> **Note**   The CertificateStore configuration service provider does not support installing client certificates. +> [!Note] +> The CertificateStore configuration service provider does not support installing client certificates. +> Microsoft protocol version of OMA is case insensitive. From b134bccc6f3ec6bb78f289d4e0f618c5f8b23c67 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 26 Jul 2020 09:10:14 +0500 Subject: [PATCH 014/100] Update windows/client-management/mdm/certificatestore-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/certificatestore-csp.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index 7c534c850a..f709de39d0 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -19,7 +19,7 @@ The CertificateStore configuration service provider is used to add secure socket > [!Note] > The CertificateStore configuration service provider does not support installing client certificates. -> Microsoft protocol version of OMA is case insensitive. +> The Microsoft protocol version of Open Mobile Alliance (OMA) is case insensitive. @@ -645,4 +645,3 @@ Configure the device to automatically renew an MDM client certificate with the s - From 8455245852edd379dc678392dd6315a6b12e7664 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 29 Jul 2020 11:17:45 +0300 Subject: [PATCH 015/100] incorrect Editor name change from Group Policy Management Editor to Registry Editor --- windows/deployment/update/waas-manage-updates-wsus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index 1e26155297..5a2120fcb1 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -84,7 +84,7 @@ When using WSUS to manage updates on Windows client devices, start by configurin ![Example of UI](images/waas-wsus-fig5.png) >[!IMPORTANT] - > Under Group Policy Management Editor make sure the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateDoNotConnectToWindowsUpdateInternetLocations + > Under Registry Editor make sure the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateDoNotConnectToWindowsUpdateInternetLocations > [!NOTE] > There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](https://technet.microsoft.com/library/cc720539%28v=ws.10%29.aspx). From 98015a400d30e3f3d93f8e24319268ddd89f98a9 Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Wed, 29 Jul 2020 10:46:41 -0700 Subject: [PATCH 016/100] Update waas-manage-updates-wsus.md Slight rewording. --- windows/deployment/update/waas-manage-updates-wsus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index 5a2120fcb1..db7cd77c90 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -84,7 +84,7 @@ When using WSUS to manage updates on Windows client devices, start by configurin ![Example of UI](images/waas-wsus-fig5.png) >[!IMPORTANT] - > Under Registry Editor make sure the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateDoNotConnectToWindowsUpdateInternetLocations + > Use Regedit.exe to check that the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateDoNotConnectToWindowsUpdateInternetLocations > [!NOTE] > There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](https://technet.microsoft.com/library/cc720539%28v=ws.10%29.aspx). From 804603413b00c91580678f09123d6cfae971e1f9 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 30 Jul 2020 12:17:48 +0300 Subject: [PATCH 017/100] Update event-4624.md https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6534 --- windows/security/threat-protection/auditing/event-4624.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index cf8e0d63b8..b310cd06ca 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -146,6 +146,7 @@ This event generates when a logon session is created (on destination machine). I | Logon Type | Logon Title | Description | |:----------:|---------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `0` | `System` | Used only by the System account, for example at system startup. | | `2` | `Interactive` | A user logged on to this computer. | | `3` | `Network` | A user or computer logged on to this computer from the network. | | `4` | `Batch` | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. | @@ -155,6 +156,8 @@ This event generates when a logon session is created (on destination machine). I | `9` | `NewCredentials` | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. | | `10` | `RemoteInteractive` | A user logged on to this computer remotely using Terminal Services or Remote Desktop. | | `11` | `CachedInteractive` | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. | +| `12` | `CashedRemoteInteractive` | Same as RemoteInteractive. This is used for internal auditing. | +| `13` | `CachedUnlock` | Workstation logon. | - **Restricted Admin Mode** \[Version 2\] \[Type = UnicodeString\]**:** Only populated for **RemoteInteractive** logon type sessions. This is a Yes/No flag indicating if the credentials provided were passed using Restricted Admin mode. Restricted Admin mode was added in Win8.1/2012R2 but this flag was added to the event in Win10. From f6eb7f9e89c8a78e724bd7008256b87abb36a25b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 31 Jul 2020 22:59:23 +0530 Subject: [PATCH 018/100] added new link in related topics as per the user feedback, in issue #7981 .so i added the following link **https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914** --- .../microsoft-defender-atp/advanced-hunting-schema-reference.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md index 94c74051a1..59a850ea64 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md @@ -57,3 +57,4 @@ Table and column names are also listed within the Microsoft Defender Security Ce - [Advanced hunting overview](advanced-hunting-overview.md) - [Work with query results](advanced-hunting-query-results.md) - [Learn the query language](advanced-hunting-query-language.md) +- [Advanced hunting data schema changes](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914) From 300dfc0b00a6f0af60373514fe20cd24fd49496a Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 11 Aug 2020 13:53:11 -0700 Subject: [PATCH 019/100] acrolinx updates --- .../tvm-security-recommendation.md | 36 +++++++++---------- .../tvm-software-inventory.md | 24 ++++++------- .../tvm-supported-os.md | 2 +- .../microsoft-defender-atp/tvm-weaknesses.md | 24 ++++++------- 4 files changed, 43 insertions(+), 43 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 3555d2490e..3b9cd84b1d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -28,13 +28,13 @@ ms.topic: conceptual Cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact. Prioritized recommendations help shorten the time to mitigate or remediate vulnerabilities and drive compliance. -Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment. +Each security recommendation includes actionable remediation steps. To help with task management, the recommendation can also be sent using Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment. ## How it works Each device in the organization is scored based on three important factors to help customers to focus on the right things at the right time. -- **Threat** - Characteristics of the vulnerabilities and exploits in your organizations' devices and breach history. Based on these factors, the security recommendations shows the corresponding links to active alerts, ongoing threat campaigns, and their corresponding threat analytic reports. +- **Threat** - Characteristics of the vulnerabilities and exploits in your organizations' devices and breach history. Based on these factors, the security recommendations show the corresponding links to active alerts, ongoing threat campaigns, and their corresponding threat analytic reports. - **Breach likelihood** - Your organization's security posture and resilience against threats @@ -54,15 +54,15 @@ View related security recommendations in the following places: ### Navigation menu -Go to the threat and vulnerability management navigation menu and select **Security recommendations** to open the list of security recommendations for the threats and vulnerabilities found in your organization. +Go to the threat and vulnerability management navigation menu and select **Security recommendations**. The page contains a list of security recommendations for the threats and vulnerabilities found in your organization. ### Top security recommendations in the threat and vulnerability management dashboard -In a given day as a Security Administrator, you can take a look at the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's device security to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal. +In a given day as a Security Administrator, you can take a look at the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side by side with your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's device security to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal. ![Example of Top security recommendations card, with four security recommendations.](images/top-security-recommendations350.png) -The top security recommendations lists the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation will take you to the security recommendations page with more details about the recommendation. +The top security recommendations list the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation will take you to the security recommendations page with more details. ## Security recommendations overview @@ -74,7 +74,7 @@ The color of the **Exposed devices** graph changes as the trend changes. If the ### Icons -Useful icons also quickly calls your attention to: +Useful icons also quickly call your attention to: - ![arrow hitting a target](images/tvm_alert_icon.png) possible active alerts - ![red bug](images/tvm_bug_icon.png) associated public exploits - ![light bulb](images/tvm_insight_icon.png) recommendation insights @@ -85,13 +85,13 @@ Select the security recommendation that you want to investigate or process. ![Example of a security recommendation flyout page.](images/secrec-flyouteolsw.png) -From the flyout, you can do any of the following: +From the flyout, you can choose any of the following options: -- **Open software page** - Open the software page to get more context on the software and how it is distributed. The information can include threat context, associated recommendations, weaknesses discovered, number of exposed devices, discovered vulnerabilities, names and detailed of devices with the software installed, and version distribution. +- **Open software page** - Open the software page to get more context on the software and how it's distributed. The information can include threat context, associated recommendations, weaknesses discovered, number of exposed devices, discovered vulnerabilities, names and detailed of devices with the software installed, and version distribution. - [**Remediation options**](tvm-security-recommendation.md#request-remediation) - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address. -- [**Exception options**](tvm-security-recommendation.md#file-for-exception) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet. +- [**Exception options**](tvm-security-recommendation.md#file-for-exception) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue yet. >[!NOTE] >When a change is made on a device, it typically takes two hours for the data to be reflected in the Microsoft Defender Security Center. However, it may sometimes take longer. @@ -137,7 +137,7 @@ There are many reasons why organizations create exceptions for a recommendation. When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list. -1. Select a security recommendation you would like create an exception for, and then **Exception options**. +1. Select a security recommendation you would like to create an exception for, and then **Exception options**. ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) 2. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. @@ -171,30 +171,30 @@ You can report a false positive when you see any vague, inaccurate, incomplete, ## Find and remediate software or software versions which have reached end-of-support (EOS) -End-of-support (otherwise known as end-of-life) for software or software versions means that they will no longer be supported or serviced, and will not receive security updates. When you use software or software versions which have reached end-of-support, you're exposing your organization to security vulnerabilities, legal, and financial risks. +End-of-support (otherwise known as end-of-life) for software or software versions means that they will no longer be supported or serviced, and will not receive security updates. When you use software or software versions with ended support, you're exposing your organization to security vulnerabilities, legal, and financial risks. -It is crucial for Security and IT Administrators to work together and ensure that the organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem. They should examine the options to remove or replace apps that have reached end of support, and update versions that have reached end of support. It is best to create and implement a plan **before** the end of support dates. +It's crucial for Security and IT Administrators to work together and ensure that the organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem. They should examine the options to remove or replace apps that have reached end-of-support and update versions that are no longer supported. It's best to create and implement a plan **before** the end of support dates. -To find software or software versions which have reached end-of-support: +To find software or software versions that are no longer supported: 1. From the threat and vulnerability management menu, navigate to **Security recommendations**. 2. Go to the **Filters** panel and look for the tags section. Select one or more of the EOS tag options. Then **Apply**. ![Screenshot tags that say EOS software, EOS versions, and Upcoming EOS versions](images/tvm-eos-tag.png) -3. You will see a list recommendations related to software that is end of support, software versions that are end of support, or upcoming end of support versions. These tags are also visible in the [software inventory](tvm-software-inventory.md) page. +3. You'll see a list of recommendations related to software with ended support, software versions that are end of support, or versions with upcoming end of support. These tags are also visible in the [software inventory](tvm-software-inventory.md) page. ![Screenshot tags that say EOS software, EOS versions, and Upcoming EOS versions](images/tvm-eos-tags-column.png) ### List of versions and dates -To view a list of version that have reached end of support, or end or support soon, and those dates, follow the below steps: +To view a list of versions that have reached end of support, or end or support soon, and those dates, follow the below steps: -1. For software that has versions which have reached end of support, or will reach end of support soon, a message will appear in the flyout once the security recommendation is selected. +1. A message will appear in the security recommendation flyout for software with versions that have reached end of support, or will reach end of support soon. ![Screenshot of version distribution link](images/eos-upcoming-eos.png) -2. Select the **version distribution** link to go to the software drill down page. There, you can see a filtered list of versions with tags identifying them as end of support, or upcoming end of support. +2. Select the **version distribution** link to go to the software drill-down page. There, you can see a filtered list of versions with tags identifying them as end of support, or upcoming end of support. ![Screenshot of version distribution link](images/software-drilldown-eos.png) @@ -202,7 +202,7 @@ To view a list of version that have reached end of support, or end or support so ![Screenshot of version distribution link](images/version-eos-date.png) -After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. +Once you identify which software and software versions are vulnerable due to their end-of-support status, you must decide whether to update or remove them from your organization. Doing so will lower your organizations exposure to vulnerabilities and advanced persistent threats. ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index d0e00649f5..d157c8610f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -1,6 +1,6 @@ --- title: Software inventory in threat and vulnerability management -description: Microsoft Defender ATP threat and vulnerability management's software inventory page shows how many weaknesses and vulnerabilities have been detected in software. +description: The software inventory page for Microsoft Defender ATP's threat and vulnerability management shows how many weaknesses and vulnerabilities have been detected in software. keywords: threat and vulnerability management, microsoft defender atp, microsoft defender atp software inventory, mdatp threat & vulnerability management, mdatp threat & vulnerability management software inventory, mdatp tvm software inventory, tvm software inventory search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -23,26 +23,26 @@ ms.topic: conceptual >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -The software inventory in threat and vulnerability management is a list of all the software in your organization, including details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices. +The software inventory in threat and vulnerability management is a list of all the software in your organization. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices. ## How it works -In the field of discovery, we are leveraging the same set of signals that is responsible for detection and vulnerability assessment in [Microsoft Defender ATP endpoint detection and response capabilities](overview-endpoint-detection-response.md). +In the field of discovery, we're leveraging the same set of signals that is responsible for detection and vulnerability assessment in [Microsoft Defender ATP endpoint detection and response capabilities](overview-endpoint-detection-response.md). -Since it is real-time, in a matter of minutes, you will see vulnerability information as they get discovered. The engine automatically grabs information from multiple security feeds. In fact, you'll will see if a particular software is connected to a live threat campaign. It also provides a link to a Threat Analytics report soon as it's available. +Since it's real time, in a matter of minutes, you'll see vulnerability information as they get discovered. The engine automatically grabs information from multiple security feeds. In fact, you'll see if a particular software is connected to a live threat campaign. It also provides a link to a Threat Analytics report soon as it's available. ## Navigate to the Software inventory page -You can access the Software inventory page by selecting **Software inventory** from the threat and vulnerability management navigation menu in the [Microsoft Defender Security Center](portal-overview.md). +Access the Software inventory page by selecting **Software inventory** from the threat and vulnerability management navigation menu in the [Microsoft Defender Security Center](portal-overview.md). View software on specific devices in the individual devices pages from the [devices list](machines-view-overview.md). ## Software inventory overview -The **Software inventory** page opens with a list of software installed in your network, vendor name, weaknesses found, threats associated with them, exposed devices, impact to exposure score, and tags. You can also filter the software inventory list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached end-of-support. +The **Software inventory** page opens with a list of software installed in your network, including the vendor name, weaknesses found, threats associated with them, exposed devices, impact to exposure score, and tags. You can filter the list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached end-of-support. ![Example of the landing page for software inventory.](images/software_inventory_filter.png) -Select the software that you want to investigate and a flyout panel opens up with a more compact view of the information on the page. You can either dive deeper into the investigation and select **Open software page**, or flag any technical inconsistencies by selecting **Report inaccuracy**. +Select the software that you want to investigate. A flyout panel will open with a more compact view of the information on the page. You can either dive deeper into the investigation and select **Open software page**, or flag any technical inconsistencies by selecting **Report inaccuracy**. ![Flyout example page of "Visual Studio 2017" from the software inventory page.](images/tvm-software-inventory-flyout500.png) @@ -56,8 +56,8 @@ You can view software pages a few different ways: A full page will appear with all the details of a specific software and the following information: -- Side panel with vendor information, prevalence of the software in the organization (including number of devices it is installed on, and exposed devices that are not patched), whether and exploit is available, and impact to your exposure score -- Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs of the number of exposed devices +- Side panel with vendor information, prevalence of the software in the organization (including number of devices it's installed on, and exposed devices that aren't patched), whether and exploit is available, and impact to your exposure score +- Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs with the number of exposed devices - Tabs with lists of the corresponding security recommendations for the weaknesses and vulnerabilities identified, the named CVEs of discovered vulnerabilities, the names of the devices that the software is installed on, and the specific versions of the software with the number of devices that have each version installed and number of vulnerabilities. ![Software example page for Visual Studio 2017 with the software details, weaknesses, exposed devices, and more.](images/tvm-software-page-example.png) @@ -67,17 +67,17 @@ You can view software pages a few different ways: We now show evidence of where we detected a specific software on a device from the registry, disk or both. You can find it on any devices found in the [devices list](machines-view-overview.md) in a section called "Software Evidence." -From the Microsoft Defender Security Center navigation panel, go to **Devices list** > select the name of a device to open the device page (like Computer1) > select the **Software inventory** tab > select the software name to open the flyout and view software evidence. +From the Microsoft Defender Security Center navigation panel, go to the **Devices list**. Select the name of a device to open the device page (like Computer1) > select the **Software inventory** tab > select the software name to open the flyout and view software evidence. ![Software evidence example of Windows 10 from the devices list, showing software evidence registry path.](images/tvm-software-evidence.png) ## Report inaccuracy -You can report a false positive when you see any vague, inaccurate version, incomplete, or already remediated software inventory information. +Report a false positive when you see any vague, inaccurate, or incomplete information. You can also report on security recommendations that have already been remediated. 1. Open the software flyout on the Software inventory page. 2. Select **Report inaccuracy**. -3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy. +3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details about the inaccuracy. 4. Select **Submit**. Your feedback is immediately sent to the threat and vulnerability management experts. ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index 381f126c5b..889e5059e7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -39,7 +39,7 @@ Windows Server 2008 R2 | Operating System (OS) vulnerabilities
Software prod Windows Server 2012 R2 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment Windows Server 2016 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment Windows Server 2019 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment -MacOS | Not supported (planned) +macOS | Not supported (planned) Linux | Not supported (planned) ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index d82ae3d95c..37a974d932 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -27,7 +27,7 @@ ms.topic: conceptual Threat and vulnerability management uses the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities. -The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization by listing the Common Vulnerabilities and Exposures (CVE) ID, the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, threat insights, and more. +The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization by listing the Common Vulnerabilities and Exposures (CVE) ID. You can also view the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, threat insights, and more. >[!IMPORTANT] >To boost your vulnerability assessment detection rates, you can download the following mandatory security updates and deploy them in your network: @@ -52,13 +52,13 @@ Go to the threat and vulnerability management navigation menu and select **Weakn 1. Go to the global search drop-down menu. 2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you're looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you're looking for. ![Global search box with the dropdown option "vulnerability" selected and an example CVE.](images/tvm-vuln-globalsearch.png) -3. Select the CVE and a flyout panel opens up with more information, including the vulnerability description, details, threat insights, and exposed devices. +3. Select the CVE to open a flyout panel with more information, including the vulnerability description, details, threat insights, and exposed devices. To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then select search. ## Weaknesses overview -If exposed devices exist, the next step is to remediate the vulnerabilities in those devices to reduce the risk to your assets and organization. If the **Exposed Devices** column shows 0, that means you are not at risk. +Remediate the vulnerabilities in exposed devices to reduce the risk to your assets and organization. If the **Exposed Devices** column shows 0, that means you aren't at risk. ![Weaknesses landing page.](images/tvm-weaknesses-overview.png) @@ -69,10 +69,10 @@ View related breach and threat insights in the **Threat** column when the icons >[!NOTE] > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight icon ![Simple drawing of a red bug.](images/tvm_bug_icon.png) and breach insight icon ![Simple drawing of an arrow hitting a target.](images/tvm_alert_icon.png). -The breach insights icon is highlighted if there is a vulnerability found in your organization. +The breach insights icon is highlighted if there's a vulnerability found in your organization. ![Example of a breach insights text that could show up when hovering over icon. This one says "possible active alert is associated with this recommendation.](images/tvm-breach-insights.png) -The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. It also shows whether the threat is a part of an exploit kit or connected to specific advanced persistent campaigns or activity groups. Threat Analytics report links are provided that you can read with zero-day exploitation news, disclosures, or related security advisories. +The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. Hovering over the icon shows whether the threat is a part of an exploit kit, or connected to specific advanced persistent campaigns or activity groups. When available, there is a link to a Threat Analytics report with zero-day exploitation news, disclosures, or related security advisories. ![Threat insights text that that could show up when hovering over icon. This one has multiple bullet points and linked text.](images/tvm-threat-insights.png) @@ -88,11 +88,11 @@ The "OS Feature" category is shown in relevant scenarios. ### Top vulnerable software in the dashboard -1. Go to the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time. +1. Go to the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software, along with threat information and a high-level view of device exposure over time. ![Top vulnerable software card with four columns: software, weaknesses, threats, exposed devices.](images/tvm-top-vulnerable-software500.png) -2. Select the software you want to investigate to go to a drill down page. +2. Select the software you want to investigate to go to a drilldown page. 3. Select the **Discovered vulnerabilities** tab. 4. Select the vulnerability you want to investigate for more information on vulnerability details @@ -116,19 +116,19 @@ View related weaknesses information in the device page. #### CVE Detection logic -Similar to the software evidence, we now show the detection logic we applied on a device in order to state that it's vulnerable. This is a new section called "Detection Logic" (in any discovered vulnerability in the device page) that shows the detection logic and source. +Similar to the software evidence, we now show the detection logic we applied on a device in order to state that it's vulnerable. The new section is called "Detection Logic" (in any discovered vulnerability in the device page) and shows the detection logic and source. -The "OS Feature" category is also shown in relevant scenarios. For example, a CVE affects devices that run a vulnerable OS, only if a specific OS component is enabled on these devices. Let's say Windows Server 2019 has vulnerability in its DNS component. With this new capability, we’ll attach this CVE only to the Windows Server 2019 devices with DNS capability enabled in their OS. +The "OS Feature" category is also shown in relevant scenarios. A CVE would affect devices that run a vulnerable OS only if a specific OS component is enabled. Let's say Windows Server 2019 has vulnerability in its DNS component. With this new capability, we’ll only attach this CVE to the Windows Server 2019 devices with the DNS capability enabled in their OS. ![Detection Logic example which lists the software detected on the device and the KBs.](images/tvm-cve-detection-logic.png) ## Report inaccuracy -You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated security recommendation information. +Report a false positive when you see any vague, inaccurate, or incomplete information. You can also report on security recommendations that have already been remediated. 1. Open the CVE on the Weaknesses page. -2. Select **Report inaccuracy**. -3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy. +2. Select **Report inaccuracy** and a flyout pane will open. +3. Select the inaccuracy category from the drop-down menu and fill in your email address and inaccuracy details. 4. Select **Submit**. Your feedback is immediately sent to the threat and vulnerability management experts. ## Related topics From f1cc4629f9f329b078d566e14cedfe702e47a023 Mon Sep 17 00:00:00 2001 From: Caroline Gitonga Date: Wed, 12 Aug 2020 19:59:39 +0300 Subject: [PATCH 020/100] Remove fs.microsoft.com from Maps --- windows/privacy/manage-windows-2004-endpoints.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/privacy/manage-windows-2004-endpoints.md b/windows/privacy/manage-windows-2004-endpoints.md index 01990ccba5..5c4ad7c28d 100644 --- a/windows/privacy/manage-windows-2004-endpoints.md +++ b/windows/privacy/manage-windows-2004-endpoints.md @@ -71,7 +71,6 @@ The following methodology was used to derive these network endpoints: |||HTTPS|*licensing.mp.microsoft.com| |Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)| ||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|TLSv1.2|*maps.windows.com| -|| The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTP|fs.microsoft.com*| |Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)| ||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |TLSv1.2|*login.live.com| |Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com| From ea9e0c761fe5744bcb947f85ee4081eb1d6828ce Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 12 Aug 2020 11:40:10 -0700 Subject: [PATCH 021/100] network protection --- .../enable-network-protection.md | 87 +++++++++++-------- 1 file changed, 50 insertions(+), 37 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md index 298ace459d..69af9d5b7a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md @@ -1,6 +1,6 @@ --- title: Turn on network protection -description: Enable Network protection with Group Policy, PowerShell, or MDM CSPs +description: Enable Network protection with Group Policy, PowerShell, or Mobile Device Management and Configuration Manager keywords: ANetwork protection, exploits, malicious website, ip, domain, domains, enable, turn on search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -23,12 +23,11 @@ manager: dansimp * [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -[Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. -You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it. +[Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the internet. You can [audit network protection](evaluate-network-protection.md) in a test environment to view which apps would be blocked before you enable it. ## Check if network protection is enabled -You can see if network protection has been enabled on a local device by using Registry editor. +Check if network protection has been enabled on a local device by using Registry editor. 1. Select the **Start** button in the task bar and type **regedit** to open Registry editor 1. Choose **HKEY_LOCAL_MACHINE** from the side menu @@ -41,82 +40,96 @@ You can see if network protection has been enabled on a local device by using Re ## Enable network protection -You can enable network protection by using any of these methods: +Enable network protection by using any of these methods: * [PowerShell](#powershell) * [Microsoft Intune](#intune) -* [Mobile Device Management (MDM)](#mdm) +* [Mobile Device Management (MDM)](#mobile-device-management-mmd) * [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager) * [Group Policy](#group-policy) ### PowerShell -1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator** 2. Enter the following cmdlet: ```PowerShell Set-MpPreference -EnableNetworkProtection Enabled ``` -You can enable the feature in audit mode using the following cmdlet: +3. Optional: Enable the feature in audit mode using the following cmdlet: -```PowerShell -Set-MpPreference -EnableNetworkProtection AuditMode -``` + ```PowerShell + Set-MpPreference -EnableNetworkProtection AuditMode + ``` -Use `Disabled` instead of `AuditMode` or `Enabled` to turn the feature off. + Use `Disabled` instead of `AuditMode` or `Enabled` to turn off the feature. ### Intune 1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune. -1. Click **Device configuration** > **Profiles** > **Create profile**. -1. Name the profile, choose **Windows 10 and later** and **Endpoint protection**. - ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png) -1. Click **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**. - ![Enable network protection in Intune](../images/enable-np-intune.png) -1. Click **OK** to save each open blade and click **Create**. -1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**. -### MDM +2. Go to **Device configuration** > **Profiles** > **Create profile**. + +3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**. + + ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png) + +4. Select **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**. + + ![Enable network protection in Intune](../images/enable-np-intune.png) + +5. Select **OK** to save each open section and **Create**. + +6. Select the profile **Assignments**, assign to **All Users & All Devices**, and **Save**. + +### Mobile Device Management (MMD) Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable or disable network protection or enable audit mode. ## Microsoft Endpoint Configuration Manager -1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**. -1. Click **Home** > **Create Exploit Guard Policy**. -1. Enter a name and a description, click **Network protection**, and click **Next**. -1. Choose whether to block or audit access to suspicious domains and click **Next**. -1. Review the settings and click **Next** to create the policy. -1. After the policy is created, click **Close**. +1. In Microsoft Endpoint Configuration Manager, go to **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**. + +2. Then go to **Home** > **Create Exploit Guard Policy**. + +3. Enter a name and a description, select **Network protection**, and then **Next**. + +4. Choose whether to block or audit access to suspicious domains and select **Next**. + +5. Review the settings and select **Next** to create the policy. + +6. After the policy is created, **Close**. ### Group Policy -You can use the following procedure to enable network protection on domain-joined computers or on a standalone computer. +Use the following procedure to enable network protection on domain-joined computers or on a standalone computer. -1. On a standalone computer, click **Start**, type and then click **Edit group policy**. +1. On a standalone computer, go to **Start** and then type and select **Edit group policy**. *-Or-* - On a domain-joined Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. + On a domain-joined Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**. -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. +2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**. 3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Network protection**. -4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following: - * **Block** - Users will not be able to access malicious IP addresses and domains - * **Disable (Default)** - The Network protection feature will not work. Users will not be blocked from accessing malicious domains - * **Audit Mode** - If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log but the user will not be blocked from visiting the address. +4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following options: + * **Block** - Users can't access malicious IP addresses and domains + * **Disable (Default)** - The Network protection feature won't work. Users won't be blocked from accessing malicious domains + * **Audit Mode** - If a user visits a malicious IP address or domain, an event won't be recorded in the Windows event log. However, the user won't be blocked from visiting the address. > [!IMPORTANT] > To fully enable network protection, you must set the Group Policy option to **Enabled** and also select **Block** in the options drop-down menu. -You can confirm network protection is enabled on a local computer by using Registry editor: +Confirm network protection is enabled on a local computer by using Registry editor: + +1. Select **Start** and type **regedit** to open **Registry Editor**. -1. Click **Start** and type **regedit** to open **Registry Editor**. 2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection -3. Click **EnableNetworkProtection** and confirm the value: + +3. Select **EnableNetworkProtection** and confirm the value: * 0=Off * 1=On * 2=Audit From 6aa06dc5d0d8cc11dc9024c6229efa723dbeee8a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 11:41:56 -0700 Subject: [PATCH 022/100] hypens! --- windows/security/threat-protection/index.md | 2 +- .../security/threat-protection/intelligence/fileless-threats.md | 2 +- ...nfigure-block-at-first-sight-microsoft-defender-antivirus.md | 2 +- .../enable-cloud-protection-microsoft-defender-antivirus.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 3d52254721..b9739b8411 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -1,7 +1,7 @@ --- title: Threat Protection (Windows 10) description: Learn how Microsoft Defender ATP helps protect against threats. -keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, Microsoft Secure Score for Devices, advanced hunting, cyber threat hunting, web threat protection +keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next-generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, Microsoft Secure Score for Devices, advanced hunting, cyber threat hunting, web threat protection search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md index bc3ecd48d1..747950168f 100644 --- a/windows/security/threat-protection/intelligence/fileless-threats.md +++ b/windows/security/threat-protection/intelligence/fileless-threats.md @@ -2,7 +2,7 @@ title: Fileless threats ms.reviewer: description: Learn about the categories of fileless threats and malware that "live off the land" -keywords: fileless, fileless malware, living off the land, lolbins, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV, Microsoft Defender ATP, next generation protection +keywords: fileless, fileless malware, living off the land, lolbins, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV, Microsoft Defender ATP, next-generation protection ms.prod: w10 ms.mktglfcycl: secure ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md index 5fb8feab26..bdd8bb278d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md @@ -33,7 +33,7 @@ You can [specify how long the file should be prevented from running](configure-c When Microsoft Defender Antivirus encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend applies heuristics, machine learning, and automated analysis of the file to determine whether the files are malicious or clean. -Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). +Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). ![List of Microsoft Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) In Windows 10, version 1803, block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md index 84f310871d..3197d61ed2 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md @@ -25,7 +25,7 @@ ms.custom: nextgen > [!NOTE] > The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. -Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). +Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). ![List of Microsoft Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) You can enable or disable Microsoft Defender Antivirus cloud-delivered protection with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app. From d2438243f67aed7a50ff25ae1dd73b6db9b9b9e0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 11:42:58 -0700 Subject: [PATCH 023/100] hyphens --- windows/security/threat-protection/TOC.md | 10 +++++----- .../evaluate-microsoft-defender-antivirus.md | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 666cf8cb70..62e19133bd 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -193,11 +193,11 @@ ##### [Manage next-generation protection in your business]() ###### [Handle false positives/negatives in Microsoft Defender Antivirus](microsoft-defender-antivirus/antivirus-false-positives-negatives.md) ###### [Management overview](microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md) -###### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next generation protection](microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md) -###### [Use Group Policy settings to manage next generation protection](microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md) -###### [Use PowerShell cmdlets to manage next generation protection](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md) -###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md) -###### [Use the mpcmdrun.exe command line tool to manage next generation protection](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md) +###### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next-generation protection](microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md) +###### [Use Group Policy settings to manage next-generation protection](microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md) +###### [Use PowerShell cmdlets to manage next-generation protection](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md) +###### [Use Windows Management Instrumentation (WMI) to manage next-generation protection](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md) +###### [Use the mpcmdrun.exe command line tool to manage next-generation protection](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md) #### [Better together: Microsoft Defender Antivirus and Microsoft Defender ATP](microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md index 1c2dec92b5..b014e700ae 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md @@ -31,7 +31,7 @@ Use this guide to determine how well Microsoft Defender Antivirus protects you f >- Fast learning (including Block at first sight) >- Potentially unwanted application blocking -It explains the important next generation protection features of Microsoft Defender Antivirus available for both small and large enterprises, and how they increase malware detection and protection across your network. +It explains the important next-generation protection features of Microsoft Defender Antivirus available for both small and large enterprises, and how they increase malware detection and protection across your network. You can choose to configure and evaluate each setting independently, or all at once. We have grouped similar settings based upon typical evaluation scenarios, and include instructions for using PowerShell to enable the settings. From abab3f6db4f8032f461f55edede4e2bfe39d1943 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 11:44:59 -0700 Subject: [PATCH 024/100] hypens --- .../microsoft-defender-atp/evaluate-atp.md | 2 +- ...oft-defender-advanced-threat-protection.md | 2 +- .../microsoft-defender-atp/onboard.md | 6 ++--- .../microsoft-defender-atp/onboarding.md | 26 +++++++++---------- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md index bbcbd77dcc..e78e648ca5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md @@ -37,7 +37,7 @@ These capabilities help prevent attacks and exploitations from infecting your or - [Evaluate application guard](../microsoft-defender-application-guard/test-scenarios-md-app-guard.md) - [Evaluate network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) -## Evaluate next generation protection +## Evaluate next-generation protection Next gen protections help detect and block the latest threats. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md index 74190892a5..d7b9668d09 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Microsoft Defender Advanced Threat Protection description: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) is an enterprise endpoint security platform that helps defend against advanced persistent threats. -keywords: introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting +keywords: introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next-generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md index 37c447d3fc..6caf07270d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md @@ -1,8 +1,8 @@ --- title: Configure and manage Microsoft Defender ATP capabilities ms.reviewer: -description: Configure and manage Microsoft Defender ATP capabilities such as attack surface reduction, next generation protection, and security controls -keywords: configure, manage, capabilities, attack surface reduction, next generation protection, security controls, endpoint detection and response, auto investigation and remediation, security controls, controls +description: Configure and manage Microsoft Defender ATP capabilities such as attack surface reduction, next-generation protection, and security controls +keywords: configure, manage, capabilities, attack surface reduction, next-generation protection, security controls, endpoint detection and response, auto investigation and remediation, security controls, controls search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -30,7 +30,7 @@ Configure and manage all the Microsoft Defender ATP capabilities to get the best Topic | Description :---|:--- [Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) | By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. -[Configure next generation protection](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats. +[Configure next-generation protection](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats. [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts. [Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Microsoft Defender ATP. [Management and API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/management-apis)| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports. diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md index c73e519c52..4f3cebb348 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md @@ -217,8 +217,8 @@ Follow the steps below to identify the Microsoft Defender ATP Workspace ID and W Once completed, you should see onboarded endpoints in the portal within an hour. -## Next generation protection -Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. +## next-generation protection +Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. 1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**. @@ -226,7 +226,7 @@ Microsoft Defender Antivirus is a built-in antimalware solution that provides ne 2. Select **Scheduled scans**, **Scan settings**, **Default actions**, **Real-time protection**, **Exclusion settings**, **Advanced**, **Threat overrides**, **Cloud Protection Service** and **Security intelligence updates** and choose **OK**. - ![Image of next generation protection pane](images/1566ad81bae3d714cc9e0d47575a8cbd.png) + ![Image of next-generation protection pane](images/1566ad81bae3d714cc9e0d47575a8cbd.png) In certain industries or some select enterprise customers might have specific needs on how Antivirus is configured. @@ -237,29 +237,29 @@ needs on how Antivirus is configured. For more details, see [Windows Security configuration framework](https://docs.microsoft.com/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework) - ![Image of next generation protection pane](images/cd7daeb392ad5a36f2d3a15d650f1e96.png) + ![Image of next-generation protection pane](images/cd7daeb392ad5a36f2d3a15d650f1e96.png) - ![Image of next generation protection pane](images/36c7c2ed737f2f4b54918a4f20791d4b.png) + ![Image of next-generation protection pane](images/36c7c2ed737f2f4b54918a4f20791d4b.png) - ![Image of next generation protection pane](images/a28afc02c1940d5220b233640364970c.png) + ![Image of next-generation protection pane](images/a28afc02c1940d5220b233640364970c.png) - ![Image of next generation protection pane](images/5420a8790c550f39f189830775a6d4c9.png) + ![Image of next-generation protection pane](images/5420a8790c550f39f189830775a6d4c9.png) - ![Image of next generation protection pane](images/33f08a38f2f4dd12a364f8eac95e8c6b.png) + ![Image of next-generation protection pane](images/33f08a38f2f4dd12a364f8eac95e8c6b.png) - ![Image of next generation protection pane](images/41b9a023bc96364062c2041a8f5c344e.png) + ![Image of next-generation protection pane](images/41b9a023bc96364062c2041a8f5c344e.png) - ![Image of next generation protection pane](images/945c9c5d66797037c3caeaa5c19f135c.png) + ![Image of next-generation protection pane](images/945c9c5d66797037c3caeaa5c19f135c.png) - ![Image of next generation protection pane](images/3876ca687391bfc0ce215d221c683970.png) + ![Image of next-generation protection pane](images/3876ca687391bfc0ce215d221c683970.png) 3. Right-click on the newly created antimalware policy and select **Deploy**. - ![Image of next generation protection pane](images/f5508317cd8c7870627cb4726acd5f3d.png) + ![Image of next-generation protection pane](images/f5508317cd8c7870627cb4726acd5f3d.png) 4. Target the new antimalware policy to your Windows 10 collection and click **OK**. - ![Image of next generation protection pane](images/configmgr-select-collection.png) + ![Image of next-generation protection pane](images/configmgr-select-collection.png) After completing this task, you now have successfully configured Windows Defender Antivirus. From 7bb752893468e18559d9cd916bc523a803240d74 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 11:45:23 -0700 Subject: [PATCH 025/100] Update index.md --- windows/security/threat-protection/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index b9739b8411..ba7c78388a 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -27,7 +27,7 @@ ms.topic: conceptual

Threat & Vulnerability Management

Attack surface reduction
 -

Next generation protection
+

Next-generation protection

Endpoint detection and response

Automated investigation and remediation

Microsoft Threat Experts
From 55fb3889047f0d391d3ba85c32eeb97ca36c1313 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 11:46:29 -0700 Subject: [PATCH 026/100] hyphens --- windows/security/threat-protection/index.md | 2 +- ...crosoft-cloud-protection-microsoft-defender-antivirus.md | 2 +- .../microsoft-defender-atp/deployment-phases.md | 6 ++++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index ba7c78388a..7700bc1f06 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -77,7 +77,7 @@ The attack surface reduction set of capabilities provide the first line of defen -**[Next generation protection](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)**
+**[Next-generation protection](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)**
To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats. - [Behavior monitoring](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md index e998e86722..440cb7200f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md @@ -24,7 +24,7 @@ ms.custom: nextgen Microsoft next-generation technologies in Microsoft Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models. -Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). +Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/). ![List of Microsoft Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png) To take advantage of the power and speed of these next-generation technologies, Microsoft Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhances standard real-time protection, providing arguably the best antivirus defense. diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md index 5daf2b2aa2..a34a7e46b5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md +++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md @@ -38,13 +38,15 @@ There are several methods you can use to onboard to the service. For information ## In Scope The following is in scope for this deployment guide: + - Use of Microsoft Endpoint Configuration Manager to onboard endpoints into the service + - Enabling Microsoft Defender ATP endpoint protection platform (EPP) capabilities - - Next Generation Protection + - Next-generation protection - - Attack Surface Reduction + - Attack surface reduction - Enabling Microsoft Defender ATP endpoint detection and response (EDR) capabilities including automatic investigation and remediation From 7790de0663fcc715f7fba99de362278559173962 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 11:47:28 -0700 Subject: [PATCH 027/100] hyphens --- .../microsoft-defender-atp/oldTOC.txt | 14 +++++++------- .../microsoft-defender-atp/onboard.md | 2 +- .../microsoft-defender-atp/prepare-deployment.md | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt index b1e6285e7e..50e193d2d5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt +++ b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt @@ -286,13 +286,13 @@ ##### [Run and review the results of an offline scan](../microsoft-defender-antivirus/windows-defender-offline.md) ##### [Restore quarantined files](../microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md) -#### [Manage next generation protection in your business]() +#### [Manage next-generation protection in your business]() ##### [Management overview](../microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md) -##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md) -##### [Use Group Policy settings to manage next generation protection](../microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md) -##### [Use PowerShell cmdlets to manage next generation protection](../microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md) -##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](../microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md) -##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md) +##### [Use Microsoft Intune and System Center Configuration Manager to manage next-generation protection](../microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md) +##### [Use Group Policy settings to manage next-generation protection](../microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md) +##### [Use PowerShell cmdlets to manage next-generation protection](../microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md) +##### [Use Windows Management Instrumentation (WMI) to manage next-generation protection](../microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md) +##### [Use the mpcmdrun.exe command line tool to manage next-generation protection](../microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md) @@ -525,4 +525,4 @@ #### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md) -### [Troubleshoot next generation protection issues](../microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md) +### [Troubleshoot next-generation protection issues](../microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md index 6caf07270d..64b2b3236f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md @@ -30,7 +30,7 @@ Configure and manage all the Microsoft Defender ATP capabilities to get the best Topic | Description :---|:--- [Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) | By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. -[Configure next-generation protection](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats. +[Configure next-generation protection](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) | Configure next-generation protection to catch all types of emerging threats. [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts. [Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Microsoft Defender ATP. [Management and API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/management-apis)| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports. diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index e1d07ae2e0..0dd0f86840 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -172,7 +172,7 @@ how the endpoint security suite should be enabled. |-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------| | Endpoint Detection & Response (EDR) | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 | |Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including:
- Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
- Invaluable device vulnerability context during incident investigations
- Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager
[Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 | -| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes:
-Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.
- Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").
- Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research.
[Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). |3 | +| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes:
-Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.
- Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").
- Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research.
[Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). |3 | | Attack Surface Reduction (ASR) | Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in the organization from new and emerging threats.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) | 4 | | Auto Investigation & Remediation (AIR) | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable | | Microsoft Threat Experts (MTE) | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts) | Not applicable | From 06e96bdf78baa0eeb4745021d12cb410c41bf4fb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 11:48:20 -0700 Subject: [PATCH 028/100] hyphens --- .../threat-protection/microsoft-defender-atp/oldTOC.txt | 4 ++-- .../microsoft-defender-atp/prepare-deployment.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt index 50e193d2d5..c11ac172e2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt +++ b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt @@ -34,7 +34,7 @@ #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md) -### [Next generation protection](../microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md) +### [Next-generation protection](../microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md) ### [Endpoint detection and response]() @@ -203,7 +203,7 @@ #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md) -### [Configure next generation protection]() +### [Configure next-generation protection]() #### [Configure Microsoft Defender Antivirus features](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) #### [Utilize Microsoft cloud-delivered protection]() ##### [Understand cloud-delivered protection](../microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index 0dd0f86840..10d41c0a56 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -172,7 +172,7 @@ how the endpoint security suite should be enabled. |-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------| | Endpoint Detection & Response (EDR) | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 | |Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including:
- Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
- Invaluable device vulnerability context during incident investigations
- Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager
[Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 | -| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes:
-Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.
- Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").
- Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research.
[Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). |3 | +| Next-generation protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes:
-Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.
- Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").
- Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research.
[Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). |3 | | Attack Surface Reduction (ASR) | Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in the organization from new and emerging threats.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) | 4 | | Auto Investigation & Remediation (AIR) | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable | | Microsoft Threat Experts (MTE) | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts) | Not applicable | From ed5e82d5ce9c7998392b91c2959b4748601b25bb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 11:49:19 -0700 Subject: [PATCH 029/100] hyphens --- windows/security/threat-protection/index.md | 2 +- .../microsoft-defender-advanced-threat-protection.md | 6 +++--- .../threat-protection/microsoft-defender-atp/oldTOC.txt | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 7700bc1f06..7e2cc61fe3 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -78,7 +78,7 @@ The attack surface reduction set of capabilities provide the first line of defen **[Next-generation protection](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)**
-To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats. +To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next-generation protection designed to catch all types of emerging threats. - [Behavior monitoring](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) - [Cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md index d7b9668d09..a6a02c7133 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md @@ -52,7 +52,7 @@ Microsoft Defender ATP uses the following combination of technology built into W

Threat & Vulnerability Management

Attack surface reduction
 -

Next generation protection
+

Next-generation protection

Endpoint detection and response

Automated investigation and remediation

Microsoft Threat Experts
@@ -87,8 +87,8 @@ The attack surface reduction set of capabilities provide the first line of defen -**[Next generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)**
-To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats. +**[Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)**
+To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next-generation protection designed to catch all types of emerging threats. diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt index c11ac172e2..20f305fbfb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt +++ b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt @@ -158,7 +158,7 @@ ###### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md) ###### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md) ###### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) -##### [Evaluate next generation protection](../microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md) +##### [Evaluate next-generation protection](../microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md) ### [Access the Microsoft Defender Security Center Community Center](community.md) From 9a945f1cb93944a1de5d82ff6d738bed96909510 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 12 Aug 2020 12:13:23 -0700 Subject: [PATCH 030/100] acrolinx and extra page types --- .../attack-surface-reduction.md | 1 - .../microsoft-defender-atp/audit-windows-defender.md | 11 +++++------ .../customize-attack-surface-reduction.md | 2 -- .../enable-exploit-protection.md | 2 -- .../enable-network-protection.md | 2 -- 5 files changed, 5 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index dde4d8932b..de60666730 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -3,7 +3,6 @@ title: Use attack surface reduction rules to prevent malware infection description: Attack surface reduction rules can help prevent exploits from using apps and scripts to infect devices with malware. keywords: Attack surface reduction rules, asr, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md index db8dec5ba9..aaf4ef6472 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md +++ b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md @@ -1,9 +1,8 @@ --- title: Test how Microsoft Defender ATP features work -description: Audit mode lets you use the event log to see how Microsoft Defender ATP would protect your devices if it were enabled +description: Audit mode lets you use the event log to see how Microsoft Defender ATP would protect your devices if it was enabled. keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -23,17 +22,17 @@ manager: dansimp * [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature. +You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. Audit mode lets you see a record of what *would* have happened if you had enabled the feature. -You might want to do this when testing how the features will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period. +You may want to enable audit mode when testing how the features will work in your organization. Ensure it doesn't affect your line-of-business apps, and get an idea of how many suspicious file modification attempts generally occur over a certain period of time. -While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable audit mode and then review the event log to see what impact the feature would have had were it enabled. +The features won't block or prevent apps, scripts, or files from being modified. However, the Windows Event Log will record events as if the features were fully enabled. With audit mode, you can review the event log to see what impact the feature would have had if it was enabled. To find the audited entries, go to **Applications and Services** > **Microsoft** > **Windows** > **Windows Defender** > **Operational**. You can use Microsoft Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Microsoft Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). -This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer. +This article provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer. You can use Group Policy, PowerShell, and configuration service providers (CSPs) to enable audit mode. diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md index a7c6223e18..a2ba7967b3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md @@ -3,7 +3,6 @@ title: Configure how attack surface reduction rules work to fine-tune protection description: You can individually set rules in audit, block, or disabled modes, and add files and folders that should be excluded from ASR keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, customize, configure, exclude search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -12,7 +11,6 @@ ms.localizationpriority: medium audience: ITPro author: levinec ms.author: ellevin -ms.date: 05/20/2020 ms.reviewer: manager: dansimp --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md index 2251cef5dc..66b96ebf3f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md @@ -3,7 +3,6 @@ title: Turn on exploit protection to help mitigate against attacks keywords: exploit, mitigation, attacks, vulnerability description: Learn how to enable exploit protection in Windows 10. Exploit protection helps protect your device against malware. search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -12,7 +11,6 @@ ms.localizationpriority: medium audience: ITPro author: denisebmsft ms.author: deniseb -ms.date: 01/08/2020 ms.reviewer: manager: dansimp --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md index 69af9d5b7a..c50088ecc5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md @@ -3,13 +3,11 @@ title: Turn on network protection description: Enable Network protection with Group Policy, PowerShell, or Mobile Device Management and Configuration Manager keywords: ANetwork protection, exploits, malicious website, ip, domain, domains, enable, turn on search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: levinec ms.author: ellevin ms.reviewer: From eaf11214da35e939ef667a5ac624433c953bdd62 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:19:40 -0700 Subject: [PATCH 031/100] Update about-microsoft-edge.md --- browsers/edge/about-microsoft-edge.md | 1 - 1 file changed, 1 deletion(-) diff --git a/browsers/edge/about-microsoft-edge.md b/browsers/edge/about-microsoft-edge.md index e2453e5990..e0085148dd 100644 --- a/browsers/edge/about-microsoft-edge.md +++ b/browsers/edge/about-microsoft-edge.md @@ -11,7 +11,6 @@ ms.prod: edge ms.mktglfcycl: general ms.topic: reference ms.sitesec: library -title: Microsoft Edge for IT Pros ms.localizationpriority: medium ms.date: 10/02/2018 --- From 91268f06b49d97618989371561734e64937f5148 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:19:58 -0700 Subject: [PATCH 032/100] Update troubleshooting-microsoft-edge.md --- browsers/edge/troubleshooting-microsoft-edge.md | 1 - 1 file changed, 1 deletion(-) diff --git a/browsers/edge/troubleshooting-microsoft-edge.md b/browsers/edge/troubleshooting-microsoft-edge.md index 3c50d4d50e..5479f689f3 100644 --- a/browsers/edge/troubleshooting-microsoft-edge.md +++ b/browsers/edge/troubleshooting-microsoft-edge.md @@ -9,7 +9,6 @@ author: dansimp ms.author: dansimp ms.prod: edge ms.sitesec: library -title: Deploy Microsoft Edge kiosk mode ms.localizationpriority: medium ms.date: 10/15/2018 --- From 33ab7db942b6d35ae59b48f0a6878354ddf62162 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:20:21 -0700 Subject: [PATCH 033/100] Update use-powershell-to manage-group-policy.md --- browsers/edge/use-powershell-to manage-group-policy.md | 1 - 1 file changed, 1 deletion(-) diff --git a/browsers/edge/use-powershell-to manage-group-policy.md b/browsers/edge/use-powershell-to manage-group-policy.md index 58a6b06b27..1b6d2e9338 100644 --- a/browsers/edge/use-powershell-to manage-group-policy.md +++ b/browsers/edge/use-powershell-to manage-group-policy.md @@ -5,7 +5,6 @@ ms.prod: edge ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -title: Security enhancements for Microsoft Edge (Microsoft Edge for IT Pros) ms.localizationpriority: medium ms.date: 10/02/2018 ms.reviewer: From a4f58d68c28a82465111fb1dd66407568f006413 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:26:41 -0700 Subject: [PATCH 034/100] Update change-default-removal-policy-external-storage-media.md --- .../change-default-removal-policy-external-storage-media.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/change-default-removal-policy-external-storage-media.md b/windows/client-management/change-default-removal-policy-external-storage-media.md index 5de58be176..ee8a044508 100644 --- a/windows/client-management/change-default-removal-policy-external-storage-media.md +++ b/windows/client-management/change-default-removal-policy-external-storage-media.md @@ -5,7 +5,6 @@ ms.prod: w10 author: Teresa-Motiv ms.author: v-tea ms.date: 12/13/2019 -ms.prod: w10 ms.topic: article ms.custom: - CI 111493 From 532d46bd9243d02cf818e8d433ae216d9f9e65ad Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:27:16 -0700 Subject: [PATCH 035/100] Update configure-a-pxe-server-to-load-windows-pe.md --- windows/deployment/configure-a-pxe-server-to-load-windows-pe.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md index f9405d730e..301f8fd58d 100644 --- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md +++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md @@ -12,7 +12,6 @@ author: greg-lindsay ms.reviewer: manager: laurawi audience: itpro -author: greg-lindsay ms.author: greglin ms.topic: article --- From 0bfce89ecdea590476bd850e02d44117a7b92bfe Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:27:33 -0700 Subject: [PATCH 036/100] Update deploy.md --- windows/deployment/deploy.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md index d86cb2f2a8..4650acce95 100644 --- a/windows/deployment/deploy.md +++ b/windows/deployment/deploy.md @@ -11,7 +11,6 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium audience: itpro -author: greg-lindsay ms.topic: article --- From a8e265cee66a1bfcc4b32f05518dcba6972cc23b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:27:47 -0700 Subject: [PATCH 037/100] Update deploy-windows-to-go.md --- windows/deployment/deploy-windows-to-go.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md index 52cc80097b..76cdb58597 100644 --- a/windows/deployment/deploy-windows-to-go.md +++ b/windows/deployment/deploy-windows-to-go.md @@ -12,7 +12,6 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobility audience: itpro -author: greg-lindsay ms.topic: article --- From 8c6044bc45cdee0d245ab05d9f57c685cd583e01 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:28:08 -0700 Subject: [PATCH 038/100] Update mbr-to-gpt.md --- windows/deployment/mbr-to-gpt.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index 45e00f7007..412a9a556a 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -12,7 +12,6 @@ ms.date: 02/13/2018 ms.reviewer: manager: laurawi ms.audience: itpro -author: greg-lindsay ms.localizationpriority: medium ms.topic: article --- From 5c982d2403a156b8a2f13fb75f48bb494b87f074 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:29:39 -0700 Subject: [PATCH 039/100] Update windows-10-enterprise-faq-itpro.md --- windows/deployment/planning/windows-10-enterprise-faq-itpro.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md index 764b8d1ca5..0063f1c8ed 100644 --- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md +++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md @@ -13,7 +13,6 @@ ms.reviewer: manager: laurawi ms.author: greglin audience: itpro -author: greg-lindsay ms.topic: article --- From 53b8f77e3bde39c1a5dea62fcba37fa4d5505157 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:30:01 -0700 Subject: [PATCH 040/100] Update windows-10-enterprise-faq-itpro.md --- windows/deployment/planning/windows-10-enterprise-faq-itpro.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md index 0063f1c8ed..546b8de3af 100644 --- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md +++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md @@ -6,7 +6,6 @@ ms.prod: w10 ms.mktglfcycl: plan ms.localizationpriority: medium ms.sitesec: library -audience: itpro author: greg-lindsay ms.date: 08/18/2017 ms.reviewer: From bde1d68b1d018527f36c79014672c6ee7765f5a5 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:30:33 -0700 Subject: [PATCH 041/100] Update s-mode.md --- windows/deployment/s-mode.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md index bd9b8af4d0..94b207185c 100644 --- a/windows/deployment/s-mode.md +++ b/windows/deployment/s-mode.md @@ -12,7 +12,6 @@ manager: laurawi ms.audience: itpro author: greg-lindsay audience: itpro -author: greg-lindsay ms.topic: article --- From 66a74e9c2c3c1f7aa9d683cd514c05913c3e57b5 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:31:04 -0700 Subject: [PATCH 042/100] Update eval-infra-tools.md --- windows/deployment/update/eval-infra-tools.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md index af6fe156e8..77795ce1c4 100644 --- a/windows/deployment/update/eval-infra-tools.md +++ b/windows/deployment/update/eval-infra-tools.md @@ -10,7 +10,6 @@ audience: itpro author: jaimeo ms.localizationpriority: medium ms.audience: itpro -author: jaimeo ms.topic: article ms.collection: M365-modern-desktop --- From 47bb9dc6250447b595c491f93462f92988fe1628 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:31:24 -0700 Subject: [PATCH 043/100] Update plan-define-readiness.md --- windows/deployment/update/plan-define-readiness.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md index a2ff53df19..4264b434b1 100644 --- a/windows/deployment/update/plan-define-readiness.md +++ b/windows/deployment/update/plan-define-readiness.md @@ -10,7 +10,6 @@ audience: itpro author: jaimeo ms.localizationpriority: medium ms.audience: itpro -author: jaimeo ms.topic: article ms.collection: M365-modern-desktop --- From 88a771bbe048d2ed39dc3956bd147e5dd5441efd Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:31:44 -0700 Subject: [PATCH 044/100] Update plan-determine-app-readiness.md --- windows/deployment/update/plan-determine-app-readiness.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md index b7e1707a7d..688a3eabd6 100644 --- a/windows/deployment/update/plan-determine-app-readiness.md +++ b/windows/deployment/update/plan-determine-app-readiness.md @@ -10,7 +10,6 @@ audience: itpro author: jaimeo ms.localizationpriority: medium ms.audience: itpro -author: jaimeo ms.topic: article ms.collection: M365-modern-desktop --- From 26b35eb09dac9eb3b0bc485cd28c75b6cc6280a9 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:32:03 -0700 Subject: [PATCH 045/100] Update update-policies.md --- windows/deployment/update/update-policies.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index dbf94c9677..58e2b5e496 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -10,7 +10,6 @@ audience: itpro author: jaimeo ms.localizationpriority: medium ms.audience: itpro -author: jaimeo ms.topic: article ms.collection: M365-modern-desktop --- From 88b2de8c7892a21d14c4ae6531b2b9599f2ba001 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:32:36 -0700 Subject: [PATCH 046/100] Update waas-morenews.md --- windows/deployment/update/waas-morenews.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md index b23dfbb017..184cb42c11 100644 --- a/windows/deployment/update/waas-morenews.md +++ b/windows/deployment/update/waas-morenews.md @@ -4,7 +4,6 @@ ms.prod: w10 ms.topic: article ms.manager: elizapo audience: itpro -itproauthor: jaimeo author: jaimeo ms.author: jaimeo ms.reviewer: From c27afe3124822b11717a770d5e84f282d81c1eea Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:32:50 -0700 Subject: [PATCH 047/100] Update waas-servicing-differences.md --- windows/deployment/update/waas-servicing-differences.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/update/waas-servicing-differences.md b/windows/deployment/update/waas-servicing-differences.md index d55a28a5c1..81e33643c9 100644 --- a/windows/deployment/update/waas-servicing-differences.md +++ b/windows/deployment/update/waas-servicing-differences.md @@ -7,7 +7,6 @@ keywords: updates, servicing, current, deployment, semi-annual channel, feature, ms.prod: w10 ms.mktglfcycl: manage audience: itpro -author: jaimeo ms.localizationpriority: medium ms.audience: itpro author: jaimeo From 7e2f4aa518c5b5b6333f52807c8569754430acfc Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:33:08 -0700 Subject: [PATCH 048/100] Update waas-wufb-intune.md --- windows/deployment/update/waas-wufb-intune.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md index 30af2075e1..a39aa81b7e 100644 --- a/windows/deployment/update/waas-wufb-intune.md +++ b/windows/deployment/update/waas-wufb-intune.md @@ -7,7 +7,6 @@ audience: itpro author: jaimeo ms.localizationpriority: medium ms.audience: itpro -author: jaimeo ms.date: 07/27/2017 ms.reviewer: manager: laurawi From 6460dd532b7d91b0978ed6449fffbbe5c435ea3a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:34:20 -0700 Subject: [PATCH 049/100] Update waas-wu-settings.md --- windows/deployment/update/waas-wu-settings.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md index 83cc19c6e9..323e565a06 100644 --- a/windows/deployment/update/waas-wu-settings.md +++ b/windows/deployment/update/waas-wu-settings.md @@ -3,9 +3,7 @@ title: Manage additional Windows Update settings (Windows 10) description: Additional settings to control the behavior of Windows Update (WU) in Windows 10 ms.prod: w10 ms.mktglfcycl: deploy - audience: itpro -author: jaimeo ms.localizationpriority: medium ms.audience: itpro author: jaimeo From bbda8f5c1daeb8e8101d277ac374f043d96c5ea5 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:35:17 -0700 Subject: [PATCH 050/100] Update windows-update-error-reference.md --- windows/deployment/update/windows-update-error-reference.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md index b83dd307b0..eb75d04c0c 100644 --- a/windows/deployment/update/windows-update-error-reference.md +++ b/windows/deployment/update/windows-update-error-reference.md @@ -8,7 +8,6 @@ itproauthor: jaimeo author: jaimeo ms.localizationpriority: medium ms.audience: itpro -author: jaimeo ms.date: 09/18/2018 ms.reviewer: manager: laurawi From ea895e38b80e54c1dd42344fe4e682820f56458c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:35:48 -0700 Subject: [PATCH 051/100] Update windows-update-errors.md --- windows/deployment/update/windows-update-errors.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index cdb6ea9f85..e3d4342c33 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -5,8 +5,6 @@ ms.prod: w10 ms.mktglfcycl: audience: itpro itproauthor: jaimeo -author: jaimeo -ms.localizationprioauthor: jaimeo ms.audience: itpro author: jaimeo ms.date: 09/18/2018 From c52630648cda6d50cac1072984586336a144453d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:36:02 -0700 Subject: [PATCH 052/100] Update windows-update-logs.md --- windows/deployment/update/windows-update-logs.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md index 1e9deff347..32d22bb62b 100644 --- a/windows/deployment/update/windows-update-logs.md +++ b/windows/deployment/update/windows-update-logs.md @@ -5,8 +5,6 @@ ms.prod: w10 ms.mktglfcycl: audience: itpro itproauthor: jaimeo -author: jaimeo -ms.localizationprioauthor: jaimeo ms.audience: itpro author: jaimeo ms.date: 09/18/2018 From eaf4107d89fb1107cc1597b4613bed3ba108230b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:36:42 -0700 Subject: [PATCH 053/100] Update windows-update-resources.md --- windows/deployment/update/windows-update-resources.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/update/windows-update-resources.md b/windows/deployment/update/windows-update-resources.md index 0371ab7f89..7f9fd87d53 100644 --- a/windows/deployment/update/windows-update-resources.md +++ b/windows/deployment/update/windows-update-resources.md @@ -7,7 +7,6 @@ audience: itpro author: jaimeo ms.localizationpriority: medium ms.audience: itpro -author: jaimeo ms.date: 09/18/2018 ms.reviewer: manager: laurawi From d1e006d5c8f4f1c1b8665c6c6d54d67a54548e63 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:37:10 -0700 Subject: [PATCH 054/100] Update WIP4Biz-intro.md --- windows/deployment/update/WIP4Biz-intro.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md index 3534c08c5c..60eca32a28 100644 --- a/windows/deployment/update/WIP4Biz-intro.md +++ b/windows/deployment/update/WIP4Biz-intro.md @@ -7,7 +7,6 @@ ms.mktglfcycl: manage audience: itpro itproauthor: jaimeo author: jaimeo -ms.localizationprioauthor: jaimeo ms.audience: itpro author: jaimeo ms.reviewer: From c7355426103dcc85e0f99766f9d30d5e516dc241 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:37:33 -0700 Subject: [PATCH 055/100] Update wufb-autoupdate.md --- windows/deployment/update/wufb-autoupdate.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/deployment/update/wufb-autoupdate.md b/windows/deployment/update/wufb-autoupdate.md index ac584017e2..49657d8483 100644 --- a/windows/deployment/update/wufb-autoupdate.md +++ b/windows/deployment/update/wufb-autoupdate.md @@ -6,9 +6,7 @@ ms.mktglfcycl: manage audience: itpro itproauthor: jaimeo author: jaimeo -ms.localizationprioauthor: jaimeo ms.audience: itpro -author: jaimeo ms.date: 06/20/2018 ms.reviewer: manager: laurawi From c243b79ff291aeb0799cecc7277d52fac740e6ca Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:37:53 -0700 Subject: [PATCH 056/100] Update wufb-basics.md --- windows/deployment/update/wufb-basics.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/update/wufb-basics.md b/windows/deployment/update/wufb-basics.md index 719b115f4f..0c8f5c32db 100644 --- a/windows/deployment/update/wufb-basics.md +++ b/windows/deployment/update/wufb-basics.md @@ -8,7 +8,6 @@ itproauthor: jaimeo author: jaimeo ms.localizationprioauthor: jaimeo ms.audience: itpro -author: jaimeo ms.reviewer: manager: laurawi ms.topic: article From fb1337f31d8b89f77535c946f84eb81ef82f341f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:38:27 -0700 Subject: [PATCH 057/100] Update wufb-managedrivers.md --- windows/deployment/update/wufb-managedrivers.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/deployment/update/wufb-managedrivers.md b/windows/deployment/update/wufb-managedrivers.md index e451d7751a..56f956aae8 100644 --- a/windows/deployment/update/wufb-managedrivers.md +++ b/windows/deployment/update/wufb-managedrivers.md @@ -5,8 +5,6 @@ ms.prod: w10 ms.mktglfcycl: manage audience: itpro itproauthor: jaimeo -author: jaimeo -ms.localizationprioauthor: jaimeo ms.audience: itpro author: jaimeo ms.date: 06/21/2018 From af02601851e841e62e24ebf6fe7a75102bba3274 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:38:43 -0700 Subject: [PATCH 058/100] Update wufb-manageupdate.md --- windows/deployment/update/wufb-manageupdate.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/deployment/update/wufb-manageupdate.md b/windows/deployment/update/wufb-manageupdate.md index 10037c56b2..93a5ab27b7 100644 --- a/windows/deployment/update/wufb-manageupdate.md +++ b/windows/deployment/update/wufb-manageupdate.md @@ -6,9 +6,7 @@ ms.mktglfcycl: manage audience: itpro itproauthor: jaimeo author: jaimeo -ms.localizationprioauthor: jaimeo ms.audience: itpro -author: jaimeo ms.date: 06/20/2018 ms.reviewer: manager: laurawi From 7292c85807c448a34f3a411cab4ab84807d9a20a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:38:57 -0700 Subject: [PATCH 059/100] Update wufb-onboard.md --- windows/deployment/update/wufb-onboard.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/deployment/update/wufb-onboard.md b/windows/deployment/update/wufb-onboard.md index 058f595090..9956826543 100644 --- a/windows/deployment/update/wufb-onboard.md +++ b/windows/deployment/update/wufb-onboard.md @@ -5,8 +5,6 @@ ms.prod: w10 ms.mktglfcycl: manage audience: itpro itproauthor: jaimeo -author: jaimeo -ms.localizationprioauthor: jaimeo ms.audience: itpro author: jaimeo ms.reviewer: From 1ea2172a54d3a978754081a424dbec6aee24edcd Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:39:45 -0700 Subject: [PATCH 060/100] Update vda-subscription-activation.md --- windows/deployment/vda-subscription-activation.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md index 62a9dc2999..fb7c4cdf96 100644 --- a/windows/deployment/vda-subscription-activation.md +++ b/windows/deployment/vda-subscription-activation.md @@ -12,7 +12,6 @@ ms.localizationpriority: medium ms.sitesec: library ms.pagetype: mdt audience: itpro -author: greg-lindsay ms.topic: article ms.collection: M365-modern-desktop --- From e98d475c653c41f3bafe8205c673e6977a08e88b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:40:01 -0700 Subject: [PATCH 061/100] Update windows-10-deployment-posters.md --- windows/deployment/windows-10-deployment-posters.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/windows-10-deployment-posters.md b/windows/deployment/windows-10-deployment-posters.md index 3ae808a4af..99b5479318 100644 --- a/windows/deployment/windows-10-deployment-posters.md +++ b/windows/deployment/windows-10-deployment-posters.md @@ -12,7 +12,6 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library audience: itpro -author: greg-lindsay ms.topic: article --- From 896cf234bf9951c88a7e71687f1c119259b89c10 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:40:12 -0700 Subject: [PATCH 062/100] Update windows-10-deployment-scenarios.md --- windows/deployment/windows-10-deployment-scenarios.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md index 80dc7ea0eb..8f4d8855b6 100644 --- a/windows/deployment/windows-10-deployment-scenarios.md +++ b/windows/deployment/windows-10-deployment-scenarios.md @@ -12,7 +12,6 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library audience: itpro -author: greg-lindsay ms.topic: article --- From 213a83d49d0701000f2956cc0d628085ea74fd2c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:41:36 -0700 Subject: [PATCH 063/100] fixing build errors duplicate author lines in metadata --- .../windows-10-deployment-tools-reference.md | 1 - .../deployment/windows-10-deployment-tools.md | 1 - .../windows-10-enterprise-e3-overview.md | 1 - windows/deployment/windows-10-media.md | 1 - .../deployment/windows-10-missing-fonts.md | 207 +++++++++--------- windows/deployment/windows-10-poc-mdt.md | 1 - windows/deployment/windows-10-poc.md | 1 - 7 files changed, 104 insertions(+), 109 deletions(-) diff --git a/windows/deployment/windows-10-deployment-tools-reference.md b/windows/deployment/windows-10-deployment-tools-reference.md index 31c2c53103..9e00150048 100644 --- a/windows/deployment/windows-10-deployment-tools-reference.md +++ b/windows/deployment/windows-10-deployment-tools-reference.md @@ -10,7 +10,6 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library audience: itpro -author: greg-lindsay ms.date: 07/12/2017 ms.topic: article --- diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md index a71caf0006..7127572543 100644 --- a/windows/deployment/windows-10-deployment-tools.md +++ b/windows/deployment/windows-10-deployment-tools.md @@ -10,7 +10,6 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library audience: itpro -author: greg-lindsay ms.date: 10/16/2017 ms.topic: article --- diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md index c36f0c2cdc..d362478ccc 100644 --- a/windows/deployment/windows-10-enterprise-e3-overview.md +++ b/windows/deployment/windows-10-enterprise-e3-overview.md @@ -13,7 +13,6 @@ manager: laurawi ms.audience: itpro author: greg-lindsay audience: itpro -author: greg-lindsay ms.collection: M365-modern-desktop ms.topic: article --- diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md index 24743735e8..dd3d6bdf93 100644 --- a/windows/deployment/windows-10-media.md +++ b/windows/deployment/windows-10-media.md @@ -12,7 +12,6 @@ ms.audience: itpro author: greg-lindsay ms.sitesec: library audience: itpro -author: greg-lindsay ms.topic: article --- diff --git a/windows/deployment/windows-10-missing-fonts.md b/windows/deployment/windows-10-missing-fonts.md index dfa95cf6e1..7f9f5e72ad 100644 --- a/windows/deployment/windows-10-missing-fonts.md +++ b/windows/deployment/windows-10-missing-fonts.md @@ -1,103 +1,104 @@ ---- -title: How to install fonts missing after upgrading to Windows 10 -description: Some of the fonts are missing from the system after you upgrade to Windows 10. -keywords: deploy, upgrade, FoD, optional feature -ms.prod: w10 -ms.mktglfcycl: plan -ms.sitesec: library -ms.localizationpriority: medium -audience: itpro author: greg-lindsay -ms.audience: itpro author: greg-lindsay -ms.date: 10/31/2017 -ms.reviewer: -manager: laurawi -ms.topic: article ---- -# How to install fonts that are missing after upgrading to Windows 10 - -> Applies to: Windows 10 - -When you upgrade from the Windows 7, Windows 8, or Windows 8.1 operating system to Windows 10, certain fonts are no longer available by default post-upgrade. To reduce the operating system footprint, improve performance, and optimize disk space usage, we moved many of the fonts that were previously shipped with prior versions of Windows to the optional features of Windows 10. If you install a fresh instance of Windows 10, or upgrade an older version of Windows to Windows 10, these optional features are not enabled by default. As a result, these fonts appear to be missing from the system. - -If you have documents created using the missing fonts, these documents might display differently on Windows 10. - -For example, if you have an English (or French, German, or Spanish) version of Windows 10 installed, you might notice that fonts such as the following are appear to be missing: - -- Gautami -- Meiryo -- Narkism/Batang -- BatangChe -- Dotum -- DotumChe -- Gulim -- GulimChe -- Gungsuh -- GungsuhChe - -If you want to use these fonts, you can enable the optional feature to add these back to your system. Be aware that this is a permanent change in behavior for Windows 10, and it will remain this way in future releases. - -## Installing language-associated features via language settings: - -If you want to use the fonts from the optional feature and you know that you will want to view Web pages, edit documents, or use apps in the language associated with that feature, add that language into your user profile. You do this the Settings app. - -For example, here are the steps to install the fonts associated with the Hebrew language: - -1. Click **Start > Settings**. -2. In Settings, click **Time & language**, and then click **Region & language**. -3. If Hebrew is not included in the list of languages, click the plus sign (**+**) to add a language. -4. Find Hebrew, and then click it to add it to your language list. - -Once you have added Hebrew to your language list, then the optional Hebrew font feature and other optional features for Hebrew language support are installed. This should only take a few minutes. - -> Note: The optional features are installed by Windows Update. This means you need to be online for the Windows Update service to work. - -## Install optional fonts manually without changing language settings: - -If you want to use fonts in an optional feature but don't need to search web pages, edit documents, or use apps in the associated language, you can install the optional font features manually without changing your language settings. - -For example, here are the steps to install the fonts associated with the Hebrew language without adding the Hebrew language itself to your language preferences: - -1. Click **Start > Settings**. -2. In Settings, click **Apps**, click **Apps & features**, and then click **Manage optional features**. - -3. If you don't see **Hebrew Supplemental Fonts** in the list of installed features, click the plus sign (**+**) to add a feature. -4. Select **Hebrew Supplemental Fonts** in the list, and then click **Install**. - -> Note: The optional features are installed by Windows Update. You need to be online for the Windows Update service to work. - -## Fonts included in optional font features - -Here is a comprehensive list of the font families in each of the optional features. Some font families might include multiple fonts for different weights and styles. - -- Arabic Script Supplemental Fonts: Aldhabi, Andalus, Arabic Typesetting, Microsoft Uighur, Sakkal Majalla, Simplified Arabic, Traditional Arabic, Urdu Typesetting -- Bangla Script Supplemental Fonts: Shonar Bangla, Vrinda -- Canadian Aboriginal Syllabics Supplemental Fonts: Euphemia -- Cherokee Supplemental Fonts: Plantagenet Cherokee -- Chinese (Simplified) Supplemental Fonts: DengXian, FangSong, KaiTi, SimHei -- Chinese (Traditional) Supplemental Fonts: DFKai-SB, MingLiU, MingLiU_HKSCS, PMingLiU -- Devanagari Supplemental Fonts: Aparajita, Kokila, Mangal, Sanskrit Text, Utsaah -- Ethiopic Supplemental Fonts: Nyala -- Gujarati Supplemental Fonts: Shruti -- Gurmukhi Supplemental Fonts: Raavi -- Hebrew Supplemental Fonts: Aharoni Bold, David, FrankRuehl, Gisha, Levanim MT, Miriam, Miriam Fixed, Narkism, Rod -- Japanese Supplemental Fonts: Meiryo, Meiryo UI, MS Gothic, MS PGothic, MS UI Gothic, MS Mincho, MS PMincho, Yu Mincho -- Kannada Supplemental Fonts: Tunga -- Khmer Supplemental Fonts: DaunPenh, Khmer UI, MoolBoran -- Korean Supplemental Fonts: Batang, BatangChe, Dotum, DotumChe, Gulim, GulimChe, Gungsuh, GungsuhChe -- Lao Supplemental Fonts: DokChampa, Lao UI -- Malayalam Supplemental Fonts: Karthika -- Odia Supplemental Fonts: Kalinga -- Pan-European Supplemental Fonts: Arial Nova, Georgia Pro, Gill Sans Nova, Neue Haas Grotesk, Rockwell Nova, Verdana Pro -- Sinhala Supplemental Fonts: Iskoola Pota -- Syriac Supplemental Fonts: Estrangelo Edessa -- Tamil Supplemental Fonts: Latha, Vijaya -- Telugu Supplemental Fonts: Gautami, Vani -- Thai Supplemental Fonts: Angsana New, AngsanaUPC, Browallia New, BrowalliaUPC, Cordia New, CordiaUPC, DilleniaUPC, EucrosiaUPC, FreesiaUPC, IrisUPC, JasmineUPC, KodchiangUPC, Leelawadee, LilyUPC - -## Related Topics - -[Download the list of all available language FODs](https://download.microsoft.com/download/0/A/A/0AA4342D-3933-4216-A90D-3BA8392FB1D1/Windows%2010%201703%20FOD%20to%20LP%20Mapping%20Table.xlsx) - -[Features On Demand V2 (Capabilities)](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities#span-idrelatedtopicsspanrelated-topics) - -[Add Language Packs to Windows](/windows-hardware/manufacture/desktop/add-language-packs-to-windows) +--- +title: How to install fonts missing after upgrading to Windows 10 +description: Some of the fonts are missing from the system after you upgrade to Windows 10. +keywords: deploy, upgrade, FoD, optional feature +ms.prod: w10 +ms.mktglfcycl: plan +ms.sitesec: library +ms.localizationpriority: medium +audience: itpro +author: greg-lindsay +ms.audience: itpro +ms.date: 10/31/2017 +ms.reviewer: +manager: laurawi +ms.topic: article +--- +# How to install fonts that are missing after upgrading to Windows 10 + +> Applies to: Windows 10 + +When you upgrade from the Windows 7, Windows 8, or Windows 8.1 operating system to Windows 10, certain fonts are no longer available by default post-upgrade. To reduce the operating system footprint, improve performance, and optimize disk space usage, we moved many of the fonts that were previously shipped with prior versions of Windows to the optional features of Windows 10. If you install a fresh instance of Windows 10, or upgrade an older version of Windows to Windows 10, these optional features are not enabled by default. As a result, these fonts appear to be missing from the system. + +If you have documents created using the missing fonts, these documents might display differently on Windows 10. + +For example, if you have an English (or French, German, or Spanish) version of Windows 10 installed, you might notice that fonts such as the following are appear to be missing: + +- Gautami +- Meiryo +- Narkism/Batang +- BatangChe +- Dotum +- DotumChe +- Gulim +- GulimChe +- Gungsuh +- GungsuhChe + +If you want to use these fonts, you can enable the optional feature to add these back to your system. Be aware that this is a permanent change in behavior for Windows 10, and it will remain this way in future releases. + +## Installing language-associated features via language settings: + +If you want to use the fonts from the optional feature and you know that you will want to view Web pages, edit documents, or use apps in the language associated with that feature, add that language into your user profile. You do this the Settings app. + +For example, here are the steps to install the fonts associated with the Hebrew language: + +1. Click **Start > Settings**. +2. In Settings, click **Time & language**, and then click **Region & language**. +3. If Hebrew is not included in the list of languages, click the plus sign (**+**) to add a language. +4. Find Hebrew, and then click it to add it to your language list. + +Once you have added Hebrew to your language list, then the optional Hebrew font feature and other optional features for Hebrew language support are installed. This should only take a few minutes. + +> Note: The optional features are installed by Windows Update. This means you need to be online for the Windows Update service to work. + +## Install optional fonts manually without changing language settings: + +If you want to use fonts in an optional feature but don't need to search web pages, edit documents, or use apps in the associated language, you can install the optional font features manually without changing your language settings. + +For example, here are the steps to install the fonts associated with the Hebrew language without adding the Hebrew language itself to your language preferences: + +1. Click **Start > Settings**. +2. In Settings, click **Apps**, click **Apps & features**, and then click **Manage optional features**. + +3. If you don't see **Hebrew Supplemental Fonts** in the list of installed features, click the plus sign (**+**) to add a feature. +4. Select **Hebrew Supplemental Fonts** in the list, and then click **Install**. + +> Note: The optional features are installed by Windows Update. You need to be online for the Windows Update service to work. + +## Fonts included in optional font features + +Here is a comprehensive list of the font families in each of the optional features. Some font families might include multiple fonts for different weights and styles. + +- Arabic Script Supplemental Fonts: Aldhabi, Andalus, Arabic Typesetting, Microsoft Uighur, Sakkal Majalla, Simplified Arabic, Traditional Arabic, Urdu Typesetting +- Bangla Script Supplemental Fonts: Shonar Bangla, Vrinda +- Canadian Aboriginal Syllabics Supplemental Fonts: Euphemia +- Cherokee Supplemental Fonts: Plantagenet Cherokee +- Chinese (Simplified) Supplemental Fonts: DengXian, FangSong, KaiTi, SimHei +- Chinese (Traditional) Supplemental Fonts: DFKai-SB, MingLiU, MingLiU_HKSCS, PMingLiU +- Devanagari Supplemental Fonts: Aparajita, Kokila, Mangal, Sanskrit Text, Utsaah +- Ethiopic Supplemental Fonts: Nyala +- Gujarati Supplemental Fonts: Shruti +- Gurmukhi Supplemental Fonts: Raavi +- Hebrew Supplemental Fonts: Aharoni Bold, David, FrankRuehl, Gisha, Levanim MT, Miriam, Miriam Fixed, Narkism, Rod +- Japanese Supplemental Fonts: Meiryo, Meiryo UI, MS Gothic, MS PGothic, MS UI Gothic, MS Mincho, MS PMincho, Yu Mincho +- Kannada Supplemental Fonts: Tunga +- Khmer Supplemental Fonts: DaunPenh, Khmer UI, MoolBoran +- Korean Supplemental Fonts: Batang, BatangChe, Dotum, DotumChe, Gulim, GulimChe, Gungsuh, GungsuhChe +- Lao Supplemental Fonts: DokChampa, Lao UI +- Malayalam Supplemental Fonts: Karthika +- Odia Supplemental Fonts: Kalinga +- Pan-European Supplemental Fonts: Arial Nova, Georgia Pro, Gill Sans Nova, Neue Haas Grotesk, Rockwell Nova, Verdana Pro +- Sinhala Supplemental Fonts: Iskoola Pota +- Syriac Supplemental Fonts: Estrangelo Edessa +- Tamil Supplemental Fonts: Latha, Vijaya +- Telugu Supplemental Fonts: Gautami, Vani +- Thai Supplemental Fonts: Angsana New, AngsanaUPC, Browallia New, BrowalliaUPC, Cordia New, CordiaUPC, DilleniaUPC, EucrosiaUPC, FreesiaUPC, IrisUPC, JasmineUPC, KodchiangUPC, Leelawadee, LilyUPC + +## Related Topics + +[Download the list of all available language FODs](https://download.microsoft.com/download/0/A/A/0AA4342D-3933-4216-A90D-3BA8392FB1D1/Windows%2010%201703%20FOD%20to%20LP%20Mapping%20Table.xlsx) + +[Features On Demand V2 (Capabilities)](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities#span-idrelatedtopicsspanrelated-topics) + +[Add Language Packs to Windows](/windows-hardware/manufacture/desktop/add-language-packs-to-windows) diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md index a9ffbb1c73..f27287fbe6 100644 --- a/windows/deployment/windows-10-poc-mdt.md +++ b/windows/deployment/windows-10-poc-mdt.md @@ -13,7 +13,6 @@ manager: laurawi ms.audience: itpro author: greg-lindsay audience: itpro -author: greg-lindsay ms.topic: article --- diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index e86a065bf5..ba60b6e31d 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -12,7 +12,6 @@ ms.pagetype: deploy keywords: deployment, automate, tools, configure, mdt, sccm ms.localizationpriority: medium audience: itpro -author: greg-lindsay ms.topic: article --- From 2a6ba176345772a00b71e1c97498ca514e4874f9 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:44:18 -0700 Subject: [PATCH 064/100] Update windows-defender-security-center.md --- .../windows-defender-security-center.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md index 0f263a291a..3afda2997c 100644 --- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp From 305106c005768d742a3804f71be2353d595e2dba Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:44:39 -0700 Subject: [PATCH 065/100] Update wdsc-windows-10-in-s-mode.md --- .../wdsc-windows-10-in-s-mode.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md index 5431868198..6be93c64cb 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md @@ -3,7 +3,6 @@ title: Manage Windows Security in Windows 10 in S mode description: Windows Security settings are different in Windows 10 in S mode keywords: windows 10 in s mode, windows 10 s, windows 10 s mode, wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From 9dd200f052e6d5075662989a85380853316fdc27 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:44:51 -0700 Subject: [PATCH 066/100] Update wdsc-virus-threat-protection.md --- .../wdsc-virus-threat-protection.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md index df2646c94e..f3c4b5e3d9 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md @@ -3,7 +3,6 @@ title: Virus and threat protection in the Windows Security app description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party AV products. keywords: wdav, smartscreen, antivirus, wdsc, exploit, protection, hide search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From 01d1bfa88a2e042d155eaa99ac8cfb54f4e619b7 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:46:10 -0700 Subject: [PATCH 067/100] build error fixes removed duplicate page type metadata values --- .../windows-defender-security-center/wdsc-account-protection.md | 1 - .../windows-defender-security-center/wdsc-app-browser-control.md | 1 - .../wdsc-customize-contact-information.md | 1 - .../wdsc-device-performance-health.md | 1 - .../windows-defender-security-center/wdsc-device-security.md | 1 - .../windows-defender-security-center/wdsc-family-options.md | 1 - .../wdsc-firewall-network-protection.md | 1 - .../windows-defender-security-center/wdsc-hide-notifications.md | 1 - 8 files changed, 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md index 2ab6468f1e..3179f10cb2 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md @@ -3,7 +3,6 @@ title: Account protection in the Windows Security app description: Use the Account protection section to manage security for your account and sign in to Microsoft. keywords: account protection, wdav, smartscreen, antivirus, wdsc, exploit, protection, hide, Windows Defender SmartScreen, SmartScreen Filter, Windows SmartScreen search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md index 001c490193..bbfe0a7bd0 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md @@ -3,7 +3,6 @@ title: App & browser control in the Windows Security app description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings. keywords: wdav, smartscreen, antivirus, wdsc, exploit, protection, hide search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md index cb2c999276..1611fdc1c9 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md @@ -3,7 +3,6 @@ title: Customize Windows Security contact information description: Provide information to your employees on how to contact your IT department when a security issue occurs keywords: wdsc, security center, defender, notification, customize, contact, it department, help desk, call, help site search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md index d02b829376..ca606e3a6b 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md @@ -3,7 +3,6 @@ title: Device & performance health in the Windows Security app description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues keywords: wdsc, windows update, storage, driver, device, installation, battery, health, status search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md index 2acf81e5cf..26a2da094f 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md @@ -3,7 +3,6 @@ title: Device security in the Windows Security app description: Use the Device security section to manage security built into your device, including virtualization-based security. keywords: device security, device guard, wdav, smartscreen, antivirus, wdsc, exploit, protection, hide search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md index d785a3f420..47bf414bc9 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md @@ -3,7 +3,6 @@ title: Family options in the Windows Security app description: Hide the Family options section in enterprise environments keywords: wdsc, family options, hide, suppress, remove, disable, uninstall, kids, parents, safety, parental, child, screen time search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md index 141a5c002f..74fc51d25f 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index 7210da90bf..e4ee0c83a3 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -3,7 +3,6 @@ title: Hide notifications from the Windows Security app description: Prevent Windows Security app notifications from appearing on user endpoints keywords: defender, security center, app, notifications, av, alerts search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From b7c7726aece0fa3a5d7fa5af929a587953be8f21 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:48:48 -0700 Subject: [PATCH 068/100] Update use-a-reference-computer-to-create-and-maintain-applocker-policies.md --- ...ference-computer-to-create-and-maintain-applocker-policies.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md index 610fcc1a0c..f051177f0c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md @@ -14,7 +14,6 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6 ms.reviewer: --- From 6237f42cbea78e5912ace5c651c5295baa88536f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:50:59 -0700 Subject: [PATCH 069/100] Update oldTOC.md --- .../windows-defender-security-center/oldTOC.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md index 4ca95e5608..b992752bf0 100644 --- a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md +++ b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md @@ -1,5 +1,9 @@ -# [The Microsoft Defender Security Center app](windows-defender-security-center.md) +--- +ms.author: dansimp +author: dansimp +--- +# [The Microsoft Defender Security Center app](windows-defender-security-center.md) ## [Customize the Microsoft Defender Security Center app for your organization](wdsc-customize-contact-information.md) ## [Hide Microsoft Defender Security Center app notifications](wdsc-hide-notifications.md) From afa70717618e99898e75737360e028d3fa4e0457 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:51:28 -0700 Subject: [PATCH 070/100] Update oldTOC.md --- .../threat-protection/windows-defender-security-center/oldTOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md index b992752bf0..0533ec00f5 100644 --- a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md +++ b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md @@ -1,6 +1,7 @@ --- ms.author: dansimp author: dansimp +title: The Microsoft Defender Security Center app --- # [The Microsoft Defender Security Center app](windows-defender-security-center.md) From d16f1156205157a7c0a9e575dff163d15683f4d3 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 12 Aug 2020 12:51:50 -0700 Subject: [PATCH 071/100] Rinna --- windows/deployment/planning/windows-10-removed-features.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md index b79a9e0b9d..95db4ede75 100644 --- a/windows/deployment/planning/windows-10-removed-features.md +++ b/windows/deployment/planning/windows-10-removed-features.md @@ -27,6 +27,7 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Removed in version | | ----------- | --------------------- | ------ | +| Rinna and Japanese Address suggestion | The Rinna and Japanese Address suggestion service for Microsoft Japanese Input Method Editor (IME) will end on August 13th, 2020. For more information, see [Rinna and Japanese Address suggestion will no longer be offered](https://support.microsoft.com/help/4576767/windows-10-rinna-and-japanese-address-suggestion) | 8/13/2020 | | Cortana | Cortana has been updated and enhanced in the Windows 10 May 2020 Update. With [these changes](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-2004#cortana), some previously available consumer skills such as music, connected home, and other non-Microsoft skills are no longer available. | 2004 | | Windows To Go | Windows To Go was announced as deprecated in Windows 10, version 1903 and is removed in this release. | 2004 | | Mobile Plans and Messaging apps | Both apps are still supported, but are now distributed in a different way. OEMs can now include these apps in Windows images for cellular enabled devices. The apps are removed for non-cellular devices.| 2004 | From 55c376ff8c3373600f9818258b9f7642f7cecdeb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:52:17 -0700 Subject: [PATCH 072/100] Update troubleshoot-exploit-protection-mitigations.md --- .../troubleshoot-exploit-protection-mitigations.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md index 882df03a74..86607dd332 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md @@ -3,7 +3,6 @@ title: Troubleshoot exploit protection mitigations keywords: Exploit protection, mitigations, troubleshoot, import, export, configure, emet, convert, conversion, deploy, install description: Remove unwanted Exploit protection mitigations. search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From 8b6d81f2b3e25c7fbe32c327560e11c84fc95414 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:53:25 -0700 Subject: [PATCH 073/100] Update import-export-exploit-protection-emet-xml.md --- .../import-export-exploit-protection-emet-xml.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md index f5439add6d..d6cbe89a02 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md +++ b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium audience: ITPro author: levinec From 891c440414bbd3fd15626ef62858c5d3714f85e2 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 12:55:34 -0700 Subject: [PATCH 074/100] build errors duplicate metadata values --- .../microsoft-defender-atp/customize-exploit-protection.md | 1 - .../microsoft-defender-atp/emet-exploit-protection.md | 1 - .../microsoft-defender-atp/enable-controlled-folders.md | 1 - .../microsoft-defender-atp/enable-exploit-protection.md | 1 - .../threat-protection/microsoft-defender-atp/event-views.md | 2 -- 5 files changed, 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md index 13358eb288..147860f476 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium audience: ITPro author: levinec diff --git a/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md index 040f644860..825f4d94d1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md @@ -3,7 +3,6 @@ title: Compare the features in Exploit protection with EMET keywords: emet, enhanced mitigation experience toolkit, configuration, exploit, compare, difference between, versus, upgrade, convert description: Exploit protection in Microsoft Defender ATP is our successor to Enhanced Mitigation Experience Toolkit (EMET) and provides stronger protection, more customization, an easier user interface, and better configuration and management options. search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md index 4fa6b49fc9..899fb8234a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md @@ -3,7 +3,6 @@ title: Turn on the protected folders feature in Windows 10 keywords: Controlled folder access, windows 10, windows defender, ransomware, protect, files, folders, enable, turn on, use description: Learn how to protect your important files by enabling Controlled folder access search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md index 2251cef5dc..c5e491ba4b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium audience: ITPro author: denisebmsft diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-views.md b/windows/security/threat-protection/microsoft-defender-atp/event-views.md index 2fe08915a1..403e42a63e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/event-views.md +++ b/windows/security/threat-protection/microsoft-defender-atp/event-views.md @@ -8,8 +8,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security -ms.date: 04/16/2018 ms.localizationpriority: medium audience: ITPro author: levinec From a274383e3591b6f6a4f530dcc84f3c64aef7cfd7 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 13:01:00 -0700 Subject: [PATCH 075/100] build errors removed duplicate metadata --- .../collect-diagnostic-data-update-compliance.md | 1 - .../microsoft-defender-antivirus/collect-diagnostic-data.md | 1 - ...nfigure-end-user-interaction-microsoft-defender-antivirus.md | 2 -- ...igure-local-policy-overrides-microsoft-defender-antivirus.md | 1 - .../configure-notifications-microsoft-defender-antivirus.md | 1 - ...e-run-review-remediate-scans-microsoft-defender-antivirus.md | 1 - ...ize-run-review-remediate-scans-windows-defender-antivirus.md | 1 - .../microsoft-defender-security-center-antivirus.md | 1 - .../microsoft-defender-atp/audit-windows-defender.md | 1 - 9 files changed, 10 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md index 691027c34e..072cc3c421 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md @@ -3,7 +3,6 @@ title: Collect diagnostic data for Update Compliance and Windows Defender Micros description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Microsoft Defender Antivirus Assessment add in keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender AV search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md index 876f707fc7..9c9ec19ea9 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md @@ -3,7 +3,6 @@ title: Collect diagnostic data of Microsoft Defender Antivirus description: Use a tool to collect data to troubleshoot Microsoft Defender Antivirus keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender av search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md index b7af3e0452..0c3ce33cac 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Configure how users can interact with Microsoft Defender AV description: Configure how end-users interact with Microsoft Defender AV, what notifications they see, and if they can override settings. keywords: endpoint, user, interaction, notifications, ui lockdown mode, headless mode, hide interface search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -12,7 +11,6 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 09/03/2018 ms.reviewer: manager: dansimp --- diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md index 16fc08a832..e77c12eda2 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Configure local overrides for Microsoft Defender AV settings description: Enable or disable users from locally changing settings in Microsoft Defender AV. keywords: local override, local policy, group policy, gpo, lockdown,merge, lists search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md index 57a0ea6f0e..945265b8a3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Configure Microsoft Defender Antivirus notifications description: Configure and customize Microsoft Defender Antivirus notifications. keywords: notifications, defender, antivirus, endpoint, management, admin search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md index 0a108f47da..440b53b85c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Run and customize scheduled and on-demand scans description: Customize and initiate Microsoft Defender Antivirus scans on endpoints across your network. keywords: scan, schedule, customize, exclusions, exclude files, remediation, scan results, quarantine, remove threat, quick scan, full scan, Microsoft Defender Antivirus search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md index 0a108f47da..440b53b85c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md @@ -3,7 +3,6 @@ title: Run and customize scheduled and on-demand scans description: Customize and initiate Microsoft Defender Antivirus scans on endpoints across your network. keywords: scan, schedule, customize, exclusions, exclude files, remediation, scan results, quarantine, remove threat, quick scan, full scan, Microsoft Defender Antivirus search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md index 1bb6d1137c..d32346b285 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md @@ -3,7 +3,6 @@ title: Microsoft Defender Antivirus in the Windows Security app description: With Microsoft Defender AV now included in the Windows Security app, you can review, compare, and perform common tasks. keywords: wdav, antivirus, firewall, security, windows search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md index db8dec5ba9..89a9fb3e06 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md +++ b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md @@ -3,7 +3,6 @@ title: Test how Microsoft Defender ATP features work description: Audit mode lets you use the event log to see how Microsoft Defender ATP would protect your devices if it were enabled keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From b09a476326bad1968e97df0d3f814cce9f633465 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 13:05:32 -0700 Subject: [PATCH 076/100] build errors removed duplicate metadata values --- .../hello-for-business/hello-key-trust-validate-ad-prereq.md | 1 - .../user-account-control/user-account-control-overview.md | 1 - .../windows-information-protection/app-behavior-with-wip.md | 1 - .../security/threat-protection/device-guard/memory-integrity.md | 1 - 4 files changed, 4 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index cb6105c66b..51d246f3f4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -8,7 +8,6 @@ ms.sitesec: library ms.pagetype: security, mobile author: DaniHalfin audience: ITPro -author: mikestephens-MS ms.author: dolmont manager: dansimp ms.collection: M365-identity-device-management diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md index 15ea04101f..9c9011d7ad 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md @@ -14,7 +14,6 @@ ms.author: dansimp manager: dansimp ms.collection: M365-identity-device-management ms.topic: article -ms.localizationpriority: medium ms.date: 07/27/2017 --- diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index 60283edd89..23f23e50da 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -4,7 +4,6 @@ description: Learn how unenlightened and enlightened apps might behave, based on keywords: WIP, Enterprise Data Protection, EDP, Windows Information Protection, unenlightened apps, enlightened apps ms.prod: w10 ms.mktglfcycl: explore -ms.pagetype: security ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium diff --git a/windows/security/threat-protection/device-guard/memory-integrity.md b/windows/security/threat-protection/device-guard/memory-integrity.md index 7cdda06143..5e2defcf75 100644 --- a/windows/security/threat-protection/device-guard/memory-integrity.md +++ b/windows/security/threat-protection/device-guard/memory-integrity.md @@ -3,7 +3,6 @@ title: Memory integrity keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet description: Memory integrity. search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From 051058c934ba28e12aa7138e80ac13489fcb997a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 13:16:04 -0700 Subject: [PATCH 077/100] build errors removed duplicate metadata entries --- ...de-signing-cert-for-windows-defender-application-control.md | 3 --- ...ows-defender-application-control-policy-design-decisions.md | 3 --- ...ify-application-control-for-classic-windows-applications.md | 3 --- ...ice-guard-signing-portal-in-microsoft-store-for-business.md | 3 --- ...-policy-to-control-specific-plug-ins-add-ins-and-modules.md | 3 --- 5 files changed, 15 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md index a7e35f839e..da15b10af4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md @@ -3,9 +3,6 @@ title: Create a code signing cert for Windows Defender Application Control (Win description: Learn how to set up a publicly-issued code signing certificate, so you can sign catalog files or WDAC policies internally. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.reviewer: -manager: dansimp -ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 266e60b744..ae0cd53f63 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -3,9 +3,7 @@ title: Understand Windows Defender Application Control policy design decisions description: Understand Windows Defender Application Control policy design decisions. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.reviewer: manager: dansimp -ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -16,7 +14,6 @@ ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp -manager: dansimp ms.date: 02/08/2018 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md index 555168716a..f49176ee48 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md @@ -3,9 +3,6 @@ title: Use code signing to simplify application control for classic Windows appl description: With embedded signing, your WDAC policies typically do not have to be updated when an app is updated. To set this up, you can choose from a variety of methods. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.reviewer: -manager: dansimp -ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md index d050e42b00..766037be4b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -3,8 +3,6 @@ title: Use the Device Guard Signing Portal in the Microsoft Store for Business description: You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.reviewer: -manager: dansimp ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy @@ -15,7 +13,6 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp manager: dansimp ms.date: 02/19/2019 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index 43cc718d71..79a167e2a1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -3,7 +3,6 @@ title: Use a Windows Defender Application Control policy to control specific plu description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.reviewer: manager: dansimp ms.author: dansimp ms.prod: w10 @@ -15,8 +14,6 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp ms.date: 05/03/2018 --- From 0ab833da7f13394f398b3770a56cb2ddc6526baf Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 13:20:20 -0700 Subject: [PATCH 078/100] build errors removed duplicate metadata values --- windows/deployment/configure-a-pxe-server-to-load-windows-pe.md | 1 - windows/deployment/update/WIP4Biz-intro.md | 1 - windows/deployment/update/waas-morenews.md | 1 - ...onfigure-block-at-first-sight-microsoft-defender-antivirus.md | 1 - .../enable-cloud-protection-microsoft-defender-antivirus.md | 1 - .../evaluate-microsoft-defender-antivirus.md | 1 - ...ze-microsoft-cloud-protection-microsoft-defender-antivirus.md | 1 - 7 files changed, 7 deletions(-) diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md index 301f8fd58d..834b94f381 100644 --- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md +++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md @@ -11,7 +11,6 @@ audience: itpro author: greg-lindsay ms.reviewer: manager: laurawi -audience: itpro ms.author: greglin ms.topic: article --- diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md index 60eca32a28..97f6eb21e1 100644 --- a/windows/deployment/update/WIP4Biz-intro.md +++ b/windows/deployment/update/WIP4Biz-intro.md @@ -8,7 +8,6 @@ audience: itpro itproauthor: jaimeo author: jaimeo ms.audience: itpro -author: jaimeo ms.reviewer: manager: laurawi ms.topic: article diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md index 184cb42c11..377895abf7 100644 --- a/windows/deployment/update/waas-morenews.md +++ b/windows/deployment/update/waas-morenews.md @@ -9,7 +9,6 @@ ms.author: jaimeo ms.reviewer: manager: laurawi ms.localizationpriority: high -ms.topic: article --- # Windows as a service - More news diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md index bdd8bb278d..e03a127100 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md index 3197d61ed2..c103a08e37 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md index b014e700ae..a4ea00ac81 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md index 440cb7200f..9ae508bf57 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb From 86b5d505b7427faf7bef15529c256633d9bf3d47 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 13:26:52 -0700 Subject: [PATCH 079/100] build errors removed duplicate metadata values --- .../identity-protection/enterprise-certificate-pinning.md | 1 - .../antivirus-false-positives-negatives.md | 1 - .../common-exclusion-mistakes-microsoft-defender-antivirus.md | 1 - ...guration-management-reference-microsoft-defender-antivirus.md | 1 - .../configure-exclusions-microsoft-defender-antivirus.md | 1 - ...ure-extension-file-exclusions-microsoft-defender-antivirus.md | 1 - .../configure-microsoft-defender-antivirus-features.md | 1 - ...configure-network-connections-microsoft-defender-antivirus.md | 1 - ...rocess-opened-file-exclusions-microsoft-defender-antivirus.md | 1 - ...configure-protection-features-microsoft-defender-antivirus.md | 1 - ...onfigure-real-time-protection-microsoft-defender-antivirus.md | 1 - .../configure-remediation-microsoft-defender-antivirus.md | 1 - .../configure-server-exclusions-microsoft-defender-antivirus.md | 1 - .../deploy-manage-report-microsoft-defender-antivirus.md | 1 - .../deploy-microsoft-defender-antivirus.md | 1 - .../deployment-vdi-microsoft-defender-antivirus.md | 1 - ...ock-potentially-unwanted-apps-microsoft-defender-antivirus.md | 1 - 17 files changed, 17 deletions(-) diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md index eff4754797..8a678b6ff4 100644 --- a/windows/security/identity-protection/enterprise-certificate-pinning.md +++ b/windows/security/identity-protection/enterprise-certificate-pinning.md @@ -11,7 +11,6 @@ ms.collection: M365-identity-device-management ms.topic: article ms.prod: w10 ms.technology: windows -ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium ms.date: 07/27/2017 diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md index e9fd6a400e..a0e3d27f66 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md @@ -3,7 +3,6 @@ title: What to do with false positives/negatives in Microsoft Defender Antivirus description: Did Microsoft Defender Antivirus miss or wrongly detect something? Find out what you can do. keywords: Microsoft Defender Antivirus, false positives, false negatives, exclusions search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md index 7be3761332..53d9dc6877 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Common mistakes to avoid when defining exclusions description: Avoid common mistakes when defining exclusions for Microsoft Defender Antivirus scans. keywords: exclusions, files, extension, file type, folder name, file name, scans search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md index 9ca273c668..ac38745a10 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Manage Windows Defender in your business description: Learn how to use Group Policy, Configuration Manager, PowerShell, WMI, Intune, and the command line to manage Microsoft Defender AV keywords: group policy, gpo, config manager, sccm, scep, powershell, wmi, intune, defender, antivirus, antimalware, security, protection search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md index 0e81659418..a9eec223d6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md index bbbbe12908..a5aa25898c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md index 3f6f29e47b..c705e4b465 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md @@ -3,7 +3,6 @@ title: Configure Microsoft Defender Antivirus features description: You can configure Microsoft Defender Antivirus features with Intune, Microsoft Endpoint Configuration Manager, Group Policy, and PowerShell. keywords: Microsoft Defender Antivirus, antimalware, security, defender, configure, configuration, Config Manager, Microsoft Endpoint Configuration Manager, SCCM, Intune, MDM, mobile device management, GP, group policy, PowerShell search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md index 3f3d1f0b07..1901905edb 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Configure and validate Microsoft Defender Antivirus network connections description: Configure and test your connection to the Microsoft Defender Antivirus cloud protection service. keywords: antivirus, Microsoft Defender Antivirus, antimalware, security, defender, cloud, aggressiveness, protection level search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md index 9fb92406dc..31d62322c4 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Configure exclusions for files opened by specific processes description: You can exclude files from scans if they have been opened by a specific process. keywords: Microsoft Defender Antivirus, process, exclusion, files, scans search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md index 2f09169a15..20f94ac46b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Enable and configure Microsoft Defender Antivirus protection features description: Enable behavior-based, heuristic, and real-time protection in Microsoft Defender AV. keywords: heuristic, machine-learning, behavior monitor, real-time protection, always-on, Microsoft Defender Antivirus, antimalware, security, defender search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md index 727463b3d6..6bcef11259 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Enable and configure Microsoft Defender Antivirus protection capabilities description: Enable and configure Microsoft Defender Antivirus real-time protection features such as behavior monitoring, heuristics, and machine-learning keywords: antivirus, real-time protection, rtp, machine-learning, behavior monitoring, heuristics search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md index 65400ddb8c..8b66efba75 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Remediate and resolve infections detected by Microsoft Defender Antivirus description: Configure what Microsoft Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder keywords: remediation, fix, remove, threats, quarantine, scan, restore search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md index f0a52f7827..ab7fa39e3c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md @@ -5,7 +5,6 @@ manager: dansimp description: Windows Servers 2016 and 2019 include automatic exclusions, based on server role. You can also add custom exclusions. keywords: exclusions, server, auto-exclusions, automatic, custom, scans, Microsoft Defender Antivirus search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md index b9406da6f4..0036dd3c81 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Deploy, manage, and report on Microsoft Defender Antivirus description: You can deploy and manage Microsoft Defender Antivirus with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, or WMI keywords: deploy, manage, update, protection, Microsoft Defender Antivirus search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md index 6e0bb71ecc..56d1a243c9 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Deploy and enable Microsoft Defender Antivirus description: Deploy Microsoft Defender Antivirus for protection of your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or WMI. keywords: deploy, enable, Microsoft Defender Antivirus search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index a906762b9a..9280ff0f2b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md index 40994831c4..55ad69c7e3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: detect ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb From 39e04547b815c608203c7dc02c8e636603bc88e1 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 13:48:51 -0700 Subject: [PATCH 080/100] build errors removed duplicate metadata values --- .../update/windows-update-overview.md | 2 - .../windows-10-poc-sc-config-mgr.md | 1 - .../deployment/windows-10-pro-in-s-mode.md | 181 ++++++++-------- .../windows-adk-scenarios-for-it-pros.md | 195 +++++++++--------- .../windows-deployment-scenarios-and-tools.md | 1 - .../attack-surface-reduction.md | 1 - .../controlled-folders.md | 2 - .../customize-attack-surface-reduction.md | 1 - .../enable-attack-surface-reduction.md | 1 - .../evaluate-attack-surface-reduction.md | 1 - .../evaluate-controlled-folder-access.md | 1 - .../exploit-protection.md | 1 - ...r-application-control-against-tampering.md | 3 - 13 files changed, 189 insertions(+), 202 deletions(-) diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md index 47cb14f395..d96f16274f 100644 --- a/windows/deployment/update/windows-update-overview.md +++ b/windows/deployment/update/windows-update-overview.md @@ -6,9 +6,7 @@ ms.mktglfcycl: audience: itpro itproauthor: jaimeo author: jaimeo -ms.localizationprioauthor: jaimeo ms.audience: itpro -author: jaimeo ms.date: 09/18/2018 ms.reviewer: manager: laurawi diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index ba8078e40c..30be17e250 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -12,7 +12,6 @@ manager: laurawi ms.audience: itpro author: greg-lindsay audience: itpro -author: greg-lindsay ms.topic: article --- diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md index 412dceea4f..bd8b4b1db5 100644 --- a/windows/deployment/windows-10-pro-in-s-mode.md +++ b/windows/deployment/windows-10-pro-in-s-mode.md @@ -1,90 +1,91 @@ ---- -title: Switch to Windows 10 Pro/Enterprise from S mode -ms.reviewer: -manager: laurawi -ms.audience: itpro author: greg-lindsay -description: Overview of Windows 10 Pro/Enterprise in S mode. S mode switch options are also outlined in this document. Switching out of S mode is optional. -keywords: Windows 10 S switch, S mode Switch, Switch in S mode, s mode switch, Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Pro in S mode -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.prod: w10 -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.collection: M365-modern-desktop -ms.topic: article ---- - -# Switch to Windows 10 Pro or Enterprise from S mode - -We recommend staying in S mode. However, in some limited scenarios, you might need to switch to Windows 10 Pro, Home, or Enterprise (not in S mode). You can switch devices running Windows 10, version 1709 or later. - - -A number of other transformations are possible depending on which version and edition of Windows 10 you are starting with. Depending on the details, you might *switch* between S mode and the ordinary version or *convert* between different editions while staying in or out of S mode. The following quick reference table summarizes all of the switches or conversions that are supported by various means: - - - - -| If a device is running this version of Windows 10 | and this edition of Windows 10 | then you can switch or convert it to this edition of Windows 10 by these methods: | | | -|-------------|---------------------|-----------------------------------|-------------------------------|--------------------------------------------| -| | | **Store for Education** (switch/convert all devices in your tenant) | **Microsoft Store** (switch/convert one device at a time) | **Intune** (switch/convert any number of devices selected by admin) | -| **Windows 10, version 1709** | Pro in S mode | Pro EDU | Pro | Not by this method | -| | Pro | Pro EDU | Not by any method | Not by any method | -| | Home | Not by any method | Not by any method | Not by any method | -| | | | | | -| **Windows 10, version 1803** | Pro in S mode | Pro EDU in S mode | Pro | Not by this method | -| | Pro | Pro EDU | Not by any method | Not by any method | -| | Home in S mode | Not by any method | Home | Not by this method | -| | Home | Not by any method | Not by any method | Not by any method | -| | | | | | -| **Windows 10, version 1809** | Pro in S mode | Pro EDU in S mode | Pro | Pro | -| | Pro | Pro EDU | Not by any method | Not by any method | -| | Home in S mode | Not by any method | Home | Home | -| | Home | Not by any method | Not by any method | Not by any method | - - -Use the following information to switch to Windows 10 Pro through the Microsoft Store. -> [!IMPORTANT] -> While it’s free to switch to Windows 10 Pro, it’s not reversible. The only way to rollback this kind of switch is through a [bare-metal recovery (BMR)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset. - -## Switch one device through the Microsoft Store -Use the following information to switch to Windows 10 Pro through the Microsoft Store or by navigating to **Settings** and then **Activation** on the device. - -Note these differences affecting switching modes in various releases of Windows 10: - -- In Windows 10, version 1709, you can switch devices one at a time from Windows 10 Pro in S mode to Windows 10 Pro by using the Microsoft Store or **Settings**. No other switches are possible. -- In Windows 10, version 1803, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store or **Settings**. -- Windows 10, version 1809, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store, **Settings**, or you can switch multiple devices in bulk by using Intune. You can also block users from switching devices themselves. - - -1. Sign into the Microsoft Store using your Microsoft account. -2. Search for "S mode". -3. In the offer, select **Buy**, **Get**, or **Learn more.** - -You'll be prompted to save your files before the switch starts. Follow the prompts to switch to Windows 10 Pro. - -## Switch one or more devices by using Microsoft Intune - -Starting with Windows 10, version 1809, if you need to switch multiple devices in your environment from Windows 10 Pro in S mode to Windows 10 Pro, you can use Microsoft Intune or any other supported mobile device management software. You can configure devices to switch out of S mode during OOBE or post-OOBE - this gives you flexibility to manage Windows 10 in S mode devices at any point during the device lifecycle. - -1. Start Microsoft Intune. -2. Navigate to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch**. -3. Follow the instructions to complete the switch. - - -## Block users from switching - -You can control which devices or users can use the Microsoft Store to switch out of S mode in Windows 10. -To set this, go to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch in Microsoft Intune**, and then choose **Keep in S mode**. - -## S mode management with CSPs - -In addition to using Microsoft Intune or another modern device management tool to manage S mode, you can also use the [WindowsLicensing](https://docs.microsoft.com/windows/client-management/mdm/windowslicensing-csp) configuration service provider (CSP). In Windows 10, version 1809, we added S mode functionality that lets you switch devices, block devices from switching, and check the status (whether a device is in S mode). - - -## Related topics - -[FAQs](https://support.microsoft.com/help/4020089/windows-10-in-s-mode-faq)
-[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
-[Windows 10 Pro Education](https://docs.microsoft.com/education/windows/test-windows10s-for-edu)
-[Introduction to Microsoft Intune in the Azure portal](https://docs.microsoft.com/intune/what-is-intune) +--- +title: Switch to Windows 10 Pro/Enterprise from S mode +ms.reviewer: +manager: laurawi +ms.audience: itpro +author: greg-lindsay +description: Overview of Windows 10 Pro/Enterprise in S mode. S mode switch options are also outlined in this document. Switching out of S mode is optional. +keywords: Windows 10 S switch, S mode Switch, Switch in S mode, s mode switch, Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Pro in S mode +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.prod: w10 +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +ms.collection: M365-modern-desktop +ms.topic: article +--- + +# Switch to Windows 10 Pro or Enterprise from S mode + +We recommend staying in S mode. However, in some limited scenarios, you might need to switch to Windows 10 Pro, Home, or Enterprise (not in S mode). You can switch devices running Windows 10, version 1709 or later. + + +A number of other transformations are possible depending on which version and edition of Windows 10 you are starting with. Depending on the details, you might *switch* between S mode and the ordinary version or *convert* between different editions while staying in or out of S mode. The following quick reference table summarizes all of the switches or conversions that are supported by various means: + + + + +| If a device is running this version of Windows 10 | and this edition of Windows 10 | then you can switch or convert it to this edition of Windows 10 by these methods: | | | +|-------------|---------------------|-----------------------------------|-------------------------------|--------------------------------------------| +| | | **Store for Education** (switch/convert all devices in your tenant) | **Microsoft Store** (switch/convert one device at a time) | **Intune** (switch/convert any number of devices selected by admin) | +| **Windows 10, version 1709** | Pro in S mode | Pro EDU | Pro | Not by this method | +| | Pro | Pro EDU | Not by any method | Not by any method | +| | Home | Not by any method | Not by any method | Not by any method | +| | | | | | +| **Windows 10, version 1803** | Pro in S mode | Pro EDU in S mode | Pro | Not by this method | +| | Pro | Pro EDU | Not by any method | Not by any method | +| | Home in S mode | Not by any method | Home | Not by this method | +| | Home | Not by any method | Not by any method | Not by any method | +| | | | | | +| **Windows 10, version 1809** | Pro in S mode | Pro EDU in S mode | Pro | Pro | +| | Pro | Pro EDU | Not by any method | Not by any method | +| | Home in S mode | Not by any method | Home | Home | +| | Home | Not by any method | Not by any method | Not by any method | + + +Use the following information to switch to Windows 10 Pro through the Microsoft Store. +> [!IMPORTANT] +> While it’s free to switch to Windows 10 Pro, it’s not reversible. The only way to rollback this kind of switch is through a [bare-metal recovery (BMR)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset. + +## Switch one device through the Microsoft Store +Use the following information to switch to Windows 10 Pro through the Microsoft Store or by navigating to **Settings** and then **Activation** on the device. + +Note these differences affecting switching modes in various releases of Windows 10: + +- In Windows 10, version 1709, you can switch devices one at a time from Windows 10 Pro in S mode to Windows 10 Pro by using the Microsoft Store or **Settings**. No other switches are possible. +- In Windows 10, version 1803, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store or **Settings**. +- Windows 10, version 1809, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store, **Settings**, or you can switch multiple devices in bulk by using Intune. You can also block users from switching devices themselves. + + +1. Sign into the Microsoft Store using your Microsoft account. +2. Search for "S mode". +3. In the offer, select **Buy**, **Get**, or **Learn more.** + +You'll be prompted to save your files before the switch starts. Follow the prompts to switch to Windows 10 Pro. + +## Switch one or more devices by using Microsoft Intune + +Starting with Windows 10, version 1809, if you need to switch multiple devices in your environment from Windows 10 Pro in S mode to Windows 10 Pro, you can use Microsoft Intune or any other supported mobile device management software. You can configure devices to switch out of S mode during OOBE or post-OOBE - this gives you flexibility to manage Windows 10 in S mode devices at any point during the device lifecycle. + +1. Start Microsoft Intune. +2. Navigate to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch**. +3. Follow the instructions to complete the switch. + + +## Block users from switching + +You can control which devices or users can use the Microsoft Store to switch out of S mode in Windows 10. +To set this, go to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch in Microsoft Intune**, and then choose **Keep in S mode**. + +## S mode management with CSPs + +In addition to using Microsoft Intune or another modern device management tool to manage S mode, you can also use the [WindowsLicensing](https://docs.microsoft.com/windows/client-management/mdm/windowslicensing-csp) configuration service provider (CSP). In Windows 10, version 1809, we added S mode functionality that lets you switch devices, block devices from switching, and check the status (whether a device is in S mode). + + +## Related topics + +[FAQs](https://support.microsoft.com/help/4020089/windows-10-in-s-mode-faq)
+[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
+[Windows 10 Pro Education](https://docs.microsoft.com/education/windows/test-windows10s-for-edu)
+[Introduction to Microsoft Intune in the Azure portal](https://docs.microsoft.com/intune/what-is-intune) diff --git a/windows/deployment/windows-adk-scenarios-for-it-pros.md b/windows/deployment/windows-adk-scenarios-for-it-pros.md index 861ef1b1ad..d8d6f47273 100644 --- a/windows/deployment/windows-adk-scenarios-for-it-pros.md +++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md @@ -1,97 +1,98 @@ ---- -title: Windows ADK for Windows 10 scenarios for IT Pros (Windows 10) -description: The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. -ms.assetid: FC4EB39B-29BA-4920-87C2-A00D711AE48B -ms.reviewer: -manager: laurawi -ms.audience: itpro author: greg-lindsay -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 07/27/2017 -ms.topic: article ---- - -# Windows ADK for Windows 10 scenarios for IT Pros - - -The [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](https://msdn.microsoft.com/library/windows/hardware/dn927348.aspx). - -In previous releases of Windows, the Windows ADK docs were published on both TechNet and the MSDN Hardware Dev Center. Starting with the Windows 10 release, Windows ADK documentation is available on the MSDN Hardware Dev Center. For the Windows 10 ADK reference content, see [Desktop manufacturing](https://msdn.microsoft.com/library/windows/hardware/dn938361.aspx). - -Here are some key scenarios that will help you find the content on the MSDN Hardware Dev Center. - -### Create a Windows image using command-line tools - -[DISM](https://msdn.microsoft.com/library/windows/hardware/dn898558.aspx) is used to mount and service Windows images. - -Here are some things you can do with DISM: - -- [Mount an offline image](https://msdn.microsoft.com/library/windows/hardware/dn938321.aspx) -- [Add drivers to an offline image](https://msdn.microsoft.com/library/windows/hardware/dn898469.aspx) -- [Enable or disable Windows features](https://msdn.microsoft.com/library/windows/hardware/dn898567.aspx) -- [Add or remove packages](https://msdn.microsoft.com/library/windows/hardware/dn898481.aspx) -- [Add language packs](https://msdn.microsoft.com/library/windows/hardware/dn898470.aspx) -- [Add Universal Windows apps](https://msdn.microsoft.com/library/windows/hardware/dn898600.aspx) -- [Upgrade the Windows edition](https://msdn.microsoft.com/library/windows/hardware/dn898500.aspx) - -[Sysprep](https://msdn.microsoft.com/library/windows/hardware/dn938335.aspx) prepares a Windows installation for imaging and allows you to capture a customized installation. - -Here are some things you can do with Sysprep: - -- [Generalize a Windows installation](https://msdn.microsoft.com/library/windows/hardware/dn938334.aspx) -- [Customize the default user profile](https://msdn.microsoft.com/library/windows/hardware/dn898521.aspx) -- [Use answer files](https://msdn.microsoft.com/library/windows/hardware/dn938346.aspx) - -[Windows PE (WinPE)](https://msdn.microsoft.com/library/windows/hardware/dn938389.aspx) is a small operating system used to boot a computer that does not have an operating system. You can boot to Windows PE and then install a new operating system, recover data, or repair an existing operating system. - -Here are ways you can create a WinPE image: - -- [Create a bootable USB drive](https://msdn.microsoft.com/library/windows/hardware/dn938386.aspx) -- [Create a Boot CD, DVD, ISO, or VHD](https://msdn.microsoft.com/library/windows/hardware/dn938385.aspx) - -[Windows Recovery Environment (Windows RE)](https://msdn.microsoft.com/library/windows/hardware/dn938364.aspx) is a recovery environment that can repair common operating system problems. - -Here are some things you can do with Windows RE: - -- [Customize Windows RE](https://msdn.microsoft.com/library/windows/hardware/dn898523.aspx) -- [Push-button reset](https://msdn.microsoft.com/library/windows/hardware/dn938307.aspx) - -[Windows System Image Manager (Windows SIM)](https://msdn.microsoft.com/library/windows/hardware/dn922445.aspx) helps you create answer files that change Windows settings and run scripts during installation. - -Here are some things you can do with Windows SIM: - -- [Create answer file](https://msdn.microsoft.com/library/windows/hardware/dn915085.aspx) -- [Add a driver path to an answer file](https://msdn.microsoft.com/library/windows/hardware/dn915062.aspx) -- [Add a package to an answer file](https://msdn.microsoft.com/library/windows/hardware/dn915066.aspx) -- [Add a custom command to an answer file](https://msdn.microsoft.com/library/windows/hardware/dn915058.aspx) - -For a list of settings you can change, see [Unattended Windows Setup Reference](https://msdn.microsoft.com/library/windows/hardware/dn923277.aspx) on the MSDN Hardware Dev Center. - -### Create a Windows image using Windows ICD - -Introduced in Windows 10, [Windows Imaging and Configuration Designer (ICD)](https://msdn.microsoft.com/library/windows/hardware/dn916113.aspx) streamlines the customizing and provisioning of a Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), Windows 10 Mobile, or Windows 10 IoT Core (IoT Core) image. - -Here are some things you can do with Windows ICD: - -- [Build and apply a provisioning package](https://msdn.microsoft.com/library/windows/hardware/dn916107.aspx) -- [Export a provisioning package](https://msdn.microsoft.com/library/windows/hardware/dn916110.aspx) -- [Build and deploy an image for Windows 10 for desktop editions](https://msdn.microsoft.com/library/windows/hardware/dn916105.aspx) - -### IT Pro Windows deployment tools - -There are also a few tools included in the Windows ADK that are specific to IT Pros and this documentation is available on TechNet: - -- [Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) -- [User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) - -  - -  - - - - - +--- +title: Windows ADK for Windows 10 scenarios for IT Pros (Windows 10) +description: The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. +ms.assetid: FC4EB39B-29BA-4920-87C2-A00D711AE48B +ms.reviewer: +manager: laurawi +ms.audience: itpro +author: greg-lindsay +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +ms.date: 07/27/2017 +ms.topic: article +--- + +# Windows ADK for Windows 10 scenarios for IT Pros + + +The [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](https://msdn.microsoft.com/library/windows/hardware/dn927348.aspx). + +In previous releases of Windows, the Windows ADK docs were published on both TechNet and the MSDN Hardware Dev Center. Starting with the Windows 10 release, Windows ADK documentation is available on the MSDN Hardware Dev Center. For the Windows 10 ADK reference content, see [Desktop manufacturing](https://msdn.microsoft.com/library/windows/hardware/dn938361.aspx). + +Here are some key scenarios that will help you find the content on the MSDN Hardware Dev Center. + +### Create a Windows image using command-line tools + +[DISM](https://msdn.microsoft.com/library/windows/hardware/dn898558.aspx) is used to mount and service Windows images. + +Here are some things you can do with DISM: + +- [Mount an offline image](https://msdn.microsoft.com/library/windows/hardware/dn938321.aspx) +- [Add drivers to an offline image](https://msdn.microsoft.com/library/windows/hardware/dn898469.aspx) +- [Enable or disable Windows features](https://msdn.microsoft.com/library/windows/hardware/dn898567.aspx) +- [Add or remove packages](https://msdn.microsoft.com/library/windows/hardware/dn898481.aspx) +- [Add language packs](https://msdn.microsoft.com/library/windows/hardware/dn898470.aspx) +- [Add Universal Windows apps](https://msdn.microsoft.com/library/windows/hardware/dn898600.aspx) +- [Upgrade the Windows edition](https://msdn.microsoft.com/library/windows/hardware/dn898500.aspx) + +[Sysprep](https://msdn.microsoft.com/library/windows/hardware/dn938335.aspx) prepares a Windows installation for imaging and allows you to capture a customized installation. + +Here are some things you can do with Sysprep: + +- [Generalize a Windows installation](https://msdn.microsoft.com/library/windows/hardware/dn938334.aspx) +- [Customize the default user profile](https://msdn.microsoft.com/library/windows/hardware/dn898521.aspx) +- [Use answer files](https://msdn.microsoft.com/library/windows/hardware/dn938346.aspx) + +[Windows PE (WinPE)](https://msdn.microsoft.com/library/windows/hardware/dn938389.aspx) is a small operating system used to boot a computer that does not have an operating system. You can boot to Windows PE and then install a new operating system, recover data, or repair an existing operating system. + +Here are ways you can create a WinPE image: + +- [Create a bootable USB drive](https://msdn.microsoft.com/library/windows/hardware/dn938386.aspx) +- [Create a Boot CD, DVD, ISO, or VHD](https://msdn.microsoft.com/library/windows/hardware/dn938385.aspx) + +[Windows Recovery Environment (Windows RE)](https://msdn.microsoft.com/library/windows/hardware/dn938364.aspx) is a recovery environment that can repair common operating system problems. + +Here are some things you can do with Windows RE: + +- [Customize Windows RE](https://msdn.microsoft.com/library/windows/hardware/dn898523.aspx) +- [Push-button reset](https://msdn.microsoft.com/library/windows/hardware/dn938307.aspx) + +[Windows System Image Manager (Windows SIM)](https://msdn.microsoft.com/library/windows/hardware/dn922445.aspx) helps you create answer files that change Windows settings and run scripts during installation. + +Here are some things you can do with Windows SIM: + +- [Create answer file](https://msdn.microsoft.com/library/windows/hardware/dn915085.aspx) +- [Add a driver path to an answer file](https://msdn.microsoft.com/library/windows/hardware/dn915062.aspx) +- [Add a package to an answer file](https://msdn.microsoft.com/library/windows/hardware/dn915066.aspx) +- [Add a custom command to an answer file](https://msdn.microsoft.com/library/windows/hardware/dn915058.aspx) + +For a list of settings you can change, see [Unattended Windows Setup Reference](https://msdn.microsoft.com/library/windows/hardware/dn923277.aspx) on the MSDN Hardware Dev Center. + +### Create a Windows image using Windows ICD + +Introduced in Windows 10, [Windows Imaging and Configuration Designer (ICD)](https://msdn.microsoft.com/library/windows/hardware/dn916113.aspx) streamlines the customizing and provisioning of a Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), Windows 10 Mobile, or Windows 10 IoT Core (IoT Core) image. + +Here are some things you can do with Windows ICD: + +- [Build and apply a provisioning package](https://msdn.microsoft.com/library/windows/hardware/dn916107.aspx) +- [Export a provisioning package](https://msdn.microsoft.com/library/windows/hardware/dn916110.aspx) +- [Build and deploy an image for Windows 10 for desktop editions](https://msdn.microsoft.com/library/windows/hardware/dn916105.aspx) + +### IT Pro Windows deployment tools + +There are also a few tools included in the Windows ADK that are specific to IT Pros and this documentation is available on TechNet: + +- [Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) +- [User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) + +  + +  + + + + + diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md index a9089d86bc..8c13ed1a1f 100644 --- a/windows/deployment/windows-deployment-scenarios-and-tools.md +++ b/windows/deployment/windows-deployment-scenarios-and-tools.md @@ -11,7 +11,6 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library audience: itpro -author: greg-lindsay ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index dde4d8932b..de60666730 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -3,7 +3,6 @@ title: Use attack surface reduction rules to prevent malware infection description: Attack surface reduction rules can help prevent exploits from using apps and scripts to infect devices with malware. keywords: Attack surface reduction rules, asr, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index 6efcb63fd5..d48749b987 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -3,13 +3,11 @@ title: Prevent ransomware and threats from encrypting and changing files description: Files in default folders can be protected from being changed by malicious apps. This can help prevent ransomware from encrypting your files. keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -audience: ITPro author: denisebmsft ms.author: deniseb audience: ITPro diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md index a7c6223e18..af8bd90091 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium audience: ITPro author: levinec diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index 2506f2934b..1a434b7441 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -3,7 +3,6 @@ title: Enable attack surface reduction rules individually to protect your organi description: Enable attack surface reduction (ASR) rules to protect your devices from attacks that use macros, scripts, and common injection techniques. keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, enable, turn on search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md index 980238995f..5cfdade464 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium audience: ITPro author: levinec diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md index ae0a15fe7f..c266301cb6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium audience: ITPro author: levinec diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md index bab625f913..354df454ab 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md @@ -3,7 +3,6 @@ title: Apply mitigations to help prevent attacks through vulnerabilities keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet description: Protect devices against exploits with Windows 10. Windows 10 has advanced exploit protection capabilities, building upon and improving the settings available in Enhanced Mitigation Experience Toolkit (EMET). search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md index 5bbcb531fa..f5a09fc5c6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md @@ -3,9 +3,6 @@ title: Use signed policies to protect Windows Defender Application Control again description: Signed WDAC policies give organizations the highest level of malware protection available in Windows 10. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.reviewer: -manager: dansimp -ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library From 1b0427f6271b1b23a1359c0f0cdcebdd9f4cef8a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 13:52:18 -0700 Subject: [PATCH 081/100] build errors removed duplicate metadata values --- .../deployment/Windows-AutoPilot-EULA-note.md | 49 ++++++++++--------- .../update/windows-update-troubleshooting.md | 2 - ...-arguments-microsoft-defender-antivirus.md | 1 - ...out-period-microsoft-defender-antivirus.md | 2 - ...c-scanning-microsoft-defender-antivirus.md | 1 - ...rosoft-defender-antivirus-in-windows-10.md | 1 - ...oup-policy-microsoft-defender-antivirus.md | 1 - ...ig-manager-microsoft-defender-antivirus.md | 1 - ...ll-cmdlets-microsoft-defender-antivirus.md | 1 - .../use-wmi-microsoft-defender-antivirus.md | 1 - 10 files changed, 25 insertions(+), 35 deletions(-) diff --git a/windows/deployment/Windows-AutoPilot-EULA-note.md b/windows/deployment/Windows-AutoPilot-EULA-note.md index ae15ebea5c..a57384798d 100644 --- a/windows/deployment/Windows-AutoPilot-EULA-note.md +++ b/windows/deployment/Windows-AutoPilot-EULA-note.md @@ -1,24 +1,25 @@ ---- -title: Windows Autopilot EULA dismissal – important information -description: A notice about EULA dismissal through Windows Autopilot -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -ms.localizationpriority: medium -ms.audience: itpro author: greg-lindsay -ms.date: 08/22/2017 -ms.reviewer: -manager: laurawi -audience: itpro author: greg-lindsay -ROBOTS: noindex,nofollow -ms.topic: article ---- -# Windows Autopilot EULA dismissal – important information - ->[!IMPORTANT] ->The information below isn't the EULA. It is a notice of awareness to the administrator that's configuring to skip End User License Agreement (EULA) during the OOBE (Out-of-Box Experience). - -Using this tool allows you to configure individual installations of Windows on devices managed by your organization. You may choose to suppress or hide certain set-up screens that are normally presented to users when setting up Windows, including the EULA acceptance screen. - -By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms. This includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you did not suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you have not validly acquired a license for the software from Microsoft or its licensed distributors. +--- +title: Windows Autopilot EULA dismissal – important information +description: A notice about EULA dismissal through Windows Autopilot +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +ms.localizationpriority: medium +ms.audience: itpro +author: greg-lindsay +ms.date: 08/22/2017 +ms.reviewer: +manager: laurawi +audience: itpro +ROBOTS: noindex,nofollow +ms.topic: article +--- +# Windows Autopilot EULA dismissal – important information + +>[!IMPORTANT] +>The information below isn't the EULA. It is a notice of awareness to the administrator that's configuring to skip End User License Agreement (EULA) during the OOBE (Out-of-Box Experience). + +Using this tool allows you to configure individual installations of Windows on devices managed by your organization. You may choose to suppress or hide certain set-up screens that are normally presented to users when setting up Windows, including the EULA acceptance screen. + +By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms. This includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you did not suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you have not validly acquired a license for the software from Microsoft or its licensed distributors. diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md index 967245b7d0..f2f001b980 100644 --- a/windows/deployment/update/windows-update-troubleshooting.md +++ b/windows/deployment/update/windows-update-troubleshooting.md @@ -5,8 +5,6 @@ ms.prod: w10 ms.mktglfcycl: audience: itpro itproauthor: jaimeo -author: jaimeo -ms.localizationprioauthor: jaimeo ms.audience: itpro author: jaimeo ms.reviewer: diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md index 0286462e81..07dc2431b4 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md index 7840be58fc..3d86286bb7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Configure the Microsoft Defender AV cloud block timeout period description: You can configure how long Microsoft Defender Antivirus will block a file from running while waiting for a cloud determination. keywords: Microsoft Defender Antivirus, antimalware, security, defender, cloud, timeout, block, period, seconds search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -15,7 +14,6 @@ ms.custom: nextgen ms.date: 09/03/2018 ms.reviewer: manager: dansimp -ms.custom: nextgen --- # Configure the cloud block timeout period diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md index 545f77a114..020b4fc5b2 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md index 4be2a05301..3952f63c4c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md @@ -3,7 +3,6 @@ title: Next-generation protection in Windows 10, Windows Server 2016, and Window description: Learn how to manage, configure, and use Microsoft Defender AV, the built-in antimalware and antivirus product available in Windows 10 and Windows Server 2016 keywords: Microsoft Defender Antivirus, windows defender, antimalware, scep, system center endpoint protection, system center configuration manager, virus, malware, threat, detection, protection, security search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md index 266e82be31..82871ab8d7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md index 37d31d6dc7..71edcfc785 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Configure Microsoft Defender Antivirus with Configuration Manager and Int description: Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure Microsoft Defender AV and Endpoint Protection keywords: scep, intune, endpoint protection, configuration search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md index 6c5cb6074b..2bfad82a62 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Use PowerShell cmdlets to configure and run Microsoft Defender AV description: In Windows 10, you can use PowerShell cmdlets to run scans, update Security intelligence, and change settings in Microsoft Defender Antivirus. keywords: scan, command line, mpcmdrun, defender search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md index 5a54bd4546..49f9134d53 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Configure Microsoft Defender Antivirus with WMI description: Use WMI scripts to configure Microsoft Defender AV. keywords: wmi, scripts, windows management instrumentation, configuration search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From 5e968f0628f44fd7fbf492e0df607883d8b4fd5c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 13:54:02 -0700 Subject: [PATCH 082/100] Update report-monitor-microsoft-defender-antivirus.md --- .../report-monitor-microsoft-defender-antivirus.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md index aa0b387ceb..da205310f1 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Monitor and report on Microsoft Defender Antivirus protection description: Use Configuration Manager or security information and event management (SIEM) tools to consume reports, and monitor Microsoft Defender AV with PowerShell and WMI. keywords: siem, monitor, report, Microsoft Defender AV search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From 6b998ff42dcf7bfd3ec30f15036756df12e8af4e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 14:00:03 -0700 Subject: [PATCH 083/100] errors removed duplicate metadata values --- .../manage-event-based-updates-microsoft-defender-antivirus.md | 1 - .../manage-outdated-endpoints-microsoft-defender-antivirus.md | 1 - ...ge-protection-update-schedule-microsoft-defender-antivirus.md | 1 - .../manage-protection-updates-microsoft-defender-antivirus.md | 1 - .../manage-updates-baselines-microsoft-defender-antivirus.md | 1 - ...ge-updates-mobile-devices-vms-microsoft-defender-antivirus.md | 1 - .../microsoft-defender-antivirus/microsoft-defender-offline.md | 1 - .../office-365-microsoft-defender-antivirus.md | 1 - .../prevent-end-user-interaction-microsoft-defender-antivirus.md | 1 - .../restore-quarantined-files-microsoft-defender-antivirus.md | 1 - .../review-scan-results-microsoft-defender-antivirus.md | 1 - .../run-scan-microsoft-defender-antivirus.md | 1 - .../scheduled-catch-up-scans-microsoft-defender-antivirus.md | 1 - .../troubleshoot-microsoft-defender-antivirus.md | 1 - .../microsoft-defender-antivirus/troubleshoot-reporting.md | 1 - 15 files changed, 15 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md index c29455e452..8b91ba2fde 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Apply Microsoft Defender Antivirus updates after certain events description: Manage how Microsoft Defender Antivirus applies security intelligence updates after startup or receiving cloud-delivered detection reports. keywords: updates, protection, force updates, events, startup, check for latest, notifications search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md index 8956c31df7..690a9eee6a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Apply Microsoft Defender AV protection updates to out of date endpoints description: Define when and how updates should be applied for endpoints that have not updated in a while. keywords: updates, protection, out-of-date, outdated, old, catch-up search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md index 5ba75a3387..b626c962ef 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Schedule Microsoft Defender Antivirus protection updates description: Schedule the day, time, and interval for when protection updates should be downloaded keywords: updates, security baselines, schedule updates search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 search.appverid: met150 ms.mktglfcycl: manage diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md index 58e3fd0a6f..38a6d28737 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Manage how and where Microsoft Defender AV receives updates description: Manage the fallback order for how Microsoft Defender Antivirus receives protection updates. keywords: updates, security baselines, protection, fallback order, ADL, MMPC, UNC, file path, share, wsus search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index f730a9670c..6f73b79b2b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Manage Microsoft Defender Antivirus updates and apply baselines description: Manage how Microsoft Defender Antivirus receives protection and product updates. keywords: updates, security baselines, protection, schedule updates, force updates, mobile updates, wsus search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md index fb9cbcf454..86217f98d9 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Define how mobile devices are updated by Microsoft Defender AV description: Manage how mobile devices, such as laptops, should be updated with Microsoft Defender AV protection updates. keywords: updates, protection, schedule updates, battery, mobile device, laptop, notebook, opt-in, microsoft update, wsus, override search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md index 0a396c5667..e824427101 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md @@ -3,7 +3,6 @@ title: Microsoft Defender Offline in Windows 10 description: You can use Microsoft Defender Offline straight from the Windows Defender Antivirus app. You can also manage how it is deployed in your network. keywords: scan, defender, offline search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md index 58f370b7dd..55931f992b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: "Better together - Microsoft Defender Antivirus and Office 365 (including description: "Office 365, which includes OneDrive, goes together wonderfully with Microsoft Defender Antivirus. Read this article to learn more." keywords: windows defender, antivirus, office 365, onedrive, restore, ransomware search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md index 18c0fdfc15..a2c6bdee36 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Hide the Microsoft Defender Antivirus interface description: You can hide virus and threat protection tile in the Windows Security app. keywords: ui lockdown, headless mode, hide app, hide settings, hide interface search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md index 325b0800ee..434a02f941 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Restore quarantined files in Microsoft Defender AV description: You can restore files and folders that were quarantined by Microsoft Defender AV. keywords: search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md index 1e4a2b7142..d23aa3b802 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Review the results of Microsoft Defender AV scans description: Review the results of scans using Microsoft Endpoint Configuration Manager, Microsoft Intune, or the Windows Security app keywords: scan results, remediation, full scan, quick scan search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md index a0fc81be46..5266967e27 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Run and customize on-demand scans in Microsoft Defender AV description: Run and configure on-demand scans using PowerShell, Windows Management Instrumentation, or individually on endpoints with the Windows Security app keywords: scan, on-demand, dos, intune, instant scan search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md index ce7ad86555..7c297d11d4 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md @@ -3,7 +3,6 @@ title: Schedule regular quick and full scans with Microsoft Defender AV description: Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans keywords: quick scan, full scan, quick vs full, schedule scan, daily, weekly, time, scheduled, recurring, regular search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md index 75665404c2..207ec6c5dd 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md index 43310f4b21..a2747a705d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md @@ -3,7 +3,6 @@ title: Troubleshoot problems with reporting tools for Microsoft Defender AV description: Identify and solve common problems when attempting to report in Microsoft Defender AV protection status in Update Compliance keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender AV search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From c754f7e4e2590379fecd828f41acbd829494eb7b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 14:05:13 -0700 Subject: [PATCH 084/100] build errors removed duplicate metadata lines --- .../microsoft-defender-atp/customize-controlled-folders.md | 1 - .../microsoft-defender-atp/enable-network-protection.md | 2 -- .../microsoft-defender-atp/evaluate-exploit-protection.md | 1 - .../microsoft-defender-atp/evaluate-network-protection.md | 1 - .../microsoft-defender-atp/network-protection.md | 1 - .../microsoft-defender-atp/troubleshoot-asr.md | 1 - .../threat-protection/microsoft-defender-atp/troubleshoot-np.md | 1 - ...-access-restrict-clients-allowed-to-make-remote-sam-calls.md | 1 - 8 files changed, 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 6a0da83f4f..304c656193 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium audience: ITPro author: levinec diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md index 298ace459d..ab755a39af 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md @@ -3,7 +3,6 @@ title: Turn on network protection description: Enable Network protection with Group Policy, PowerShell, or MDM CSPs keywords: ANetwork protection, exploits, malicious website, ip, domain, domains, enable, turn on search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -13,7 +12,6 @@ audience: ITPro author: levinec ms.author: ellevin ms.reviewer: -audience: ITPro manager: dansimp --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md index d0ad0448da..dabee673ee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md @@ -3,7 +3,6 @@ title: See how exploit protection works in a demo description: See how exploit protection can prevent suspicious behaviors from occurring on specific apps. keywords: Exploit protection, exploits, kernel, events, evaluate, demo, try, mitigation search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md index 6e3840831e..de8a7c8384 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium audience: ITPro author: levinec diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index eb56826c55..9453feda1e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -3,7 +3,6 @@ title: Use network protection to help prevent connections to bad sites description: Protect your network by preventing users from accessing known malicious and suspicious network addresses keywords: Network protection, exploits, malicious website, ip, domain, domains search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md index 8f87ff3707..be0e27f27a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium audience: ITPro author: denisebmsft diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md index b435c4b723..1118d17529 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md @@ -3,7 +3,6 @@ title: Troubleshoot problems with Network protection description: Resources and sample code to troubleshoot issues with Network protection in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking, microsoft defender atp, microsoft defender advanced threat protection search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md index f5a0e5c08f..df59384aa5 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md @@ -6,7 +6,6 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -ms.localizationpriority: medium author: dansimp ms.date: 09/17/2018 ms.reviewer: From e7a7543b2b91f955542b4e5b101bd3bbec14509f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 14:09:43 -0700 Subject: [PATCH 085/100] Update why-use-microsoft-defender-antivirus.md --- .../why-use-microsoft-defender-antivirus.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md index 51cc0fbe72..db9a721fca 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md @@ -7,7 +7,6 @@ ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.topic: article From 2ec26fca448c9cc4e94bd381a39e9daa786959ed Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 12 Aug 2020 14:28:33 -0700 Subject: [PATCH 086/100] acrolinx updates --- .../customize-attack-surface-reduction.md | 22 +++++++++---------- .../customize-controlled-folders.md | 16 ++++++-------- 2 files changed, 18 insertions(+), 20 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md index a2ba7967b3..75d6a37233 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md @@ -1,6 +1,6 @@ --- title: Configure how attack surface reduction rules work to fine-tune protection in your network -description: You can individually set rules in audit, block, or disabled modes, and add files and folders that should be excluded from ASR +description: Individually set rules in audit, block, or disabled modes, and add files and folders that should be excluded from attack surface reduction rules keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, customize, configure, exclude search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -33,21 +33,21 @@ You can set attack surface reduction rules for devices running any of the follow - Windows 10 Enterprise, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later - Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) -You can use Group Policy, PowerShell, and MDM CSPs to configure these settings. +You can use Group Policy, PowerShell, and Mobile Device Management (MDM) configuration service providers (CSP) to configure these settings. ## Exclude files and folders -You can exclude files and folders from being evaluated by attack surface reduction rules. This means that even if an attack surface reduction rule detects that the file contains malicious behavior, the file will not be blocked from running. +You can choose to exclude files and folders from being evaluated by attack surface reduction rules. Once excluded, the file won't be blocked from running even if an attack surface reduction rule detects that the file contains malicious behavior. > [!WARNING] > This could potentially allow unsafe files to run and infect your devices. Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Files that would have been blocked by a rule will be allowed to run, and there will be no report or event recorded. -An exclusion applies to all rules that allow exclusions. You can specify an individual file, folder path, or the fully qualified domain name for a resource, but you cannot limit an exclusion to a specific rule. +An exclusion applies to all rules that allow exclusions. You can specify an individual file, folder path, or the fully qualified domain name for a resource. However, you cannot limit an exclusion to a specific rule. An exclusion is applied only when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. -Attack surface reduction supports environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). -If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode to test the rule](evaluate-attack-surface-reduction.md). +Attack surface reduction supports environment variables and wildcards. For information about using wildcards, see [use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). +If you are encountering problems with rules detecting files that you believe should not be detected, [use audit mode to test the rule](evaluate-attack-surface-reduction.md). Rule description | GUID -|-|- @@ -71,20 +71,20 @@ See the [attack surface reduction](attack-surface-reduction.md) topic for detail ### Use Group Policy to exclude files and folders -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**. -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. +2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**. 3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**. -4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. +4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Select **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. > [!WARNING] > Do not use quotes as they are not supported for either the **Value name** column or the **Value** column. ### Use PowerShell to exclude files and folders -1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator** 2. Enter the following cmdlet: ```PowerShell @@ -102,7 +102,7 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusio ## Customize the notification -See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file. +You can customize the notification for when a rule is triggered and blocks an app or file. See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) article. ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 6a0da83f4f..a2cc81dc02 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -1,9 +1,8 @@ --- title: Add additional folders and apps to be protected -description: Add additional folders that should be protected by Controlled folder access, or allow apps that are incorrectly blocking changes to important files. +description: Add additional folders that should be protected by controlled folder access, or allow apps that are incorrectly blocking changes to important files. keywords: Controlled folder access, windows 10, windows defender, ransomware, protect, files, folders, customize, add folder, add app, allow, add executable search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -12,7 +11,6 @@ ms.localizationpriority: medium audience: ITPro author: levinec ms.author: ellevin -ms.date: 05/13/2019 ms.reviewer: manager: dansimp --- @@ -23,9 +21,9 @@ manager: dansimp * [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. +Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients. -This topic describes how to customize the following settings of the controlled folder access feature with the Windows Security app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs): +This article describes how to customize the following settings of the controlled folder access feature with the Windows Security app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs): * [Add additional folders to be protected](#protect-additional-folders) * [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders) @@ -37,9 +35,9 @@ This topic describes how to customize the following settings of the controlled f ## Protect additional folders -Controlled folder access applies to a number of system folders and default locations, including folders such as Documents, Pictures, Movies, and Desktop. +Controlled folder access applies to a number of system folders and default locations, such as Documents, Pictures, Movies, and Desktop. -You can add additional folders to be protected, but you cannot remove the default folders in the default list. +You can add additional folders to be protected, but you can't remove the default folders in the default list. Adding other folders to controlled folder access can be useful, for example, if you don't store files in the default Windows libraries or you've changed the location of the libraries away from the defaults. @@ -49,7 +47,7 @@ You can use the Windows Security app or Group Policy to add and remove additiona ### Use the Windows Security app to protect additional folders -1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. +1. Open the Windows Security app by selecting the shield icon in the task bar or searching the start menu for **Defender**. 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**: @@ -69,7 +67,7 @@ You can use the Windows Security app or Group Policy to add and remove additiona ### Use PowerShell to protect additional folders -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: ```PowerShell From de49a49b84f48962f63a2dc31ca9b79fc8fcd269 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 12 Aug 2020 15:35:21 -0700 Subject: [PATCH 087/100] renamed oldtoc.md --- .../microsoft-defender-atp/{oldTOC.txt => oldTOC.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/security/threat-protection/microsoft-defender-atp/{oldTOC.txt => oldTOC.md} (100%) diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md similarity index 100% rename from windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt rename to windows/security/threat-protection/microsoft-defender-atp/oldTOC.md From 7b8b6168c68040f1eb2f362792175e2ba7287800 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 12 Aug 2020 16:56:47 -0700 Subject: [PATCH 088/100] acrolinx updates --- .../customize-controlled-folders.md | 46 +++++++++---------- .../customize-exploit-protection.md | 3 +- 2 files changed, 23 insertions(+), 26 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index a2cc81dc02..b864590a79 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -23,7 +23,7 @@ manager: dansimp Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients. -This article describes how to customize the following settings of the controlled folder access feature with the Windows Security app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs): +This article describes how to customize the following settings of the controlled folder access feature with the Windows Security app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs). * [Add additional folders to be protected](#protect-additional-folders) * [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders) @@ -35,11 +35,9 @@ This article describes how to customize the following settings of the controlled ## Protect additional folders -Controlled folder access applies to a number of system folders and default locations, such as Documents, Pictures, Movies, and Desktop. +Controlled folder access applies to a number of system folders and default locations, such as Documents, Pictures, Movies, and Desktop. You can add additional folders to be protected, but you can't remove the default folders in the default list. -You can add additional folders to be protected, but you can't remove the default folders in the default list. - -Adding other folders to controlled folder access can be useful, for example, if you don't store files in the default Windows libraries or you've changed the location of the libraries away from the defaults. +Adding other folders to controlled folder access can be useful. Some use-cases include if you don't store files in the default Windows libraries, or you've changed the location of the libraries away from the defaults. You can also enter network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). @@ -49,25 +47,25 @@ You can use the Windows Security app or Group Policy to add and remove additiona 1. Open the Windows Security app by selecting the shield icon in the task bar or searching the start menu for **Defender**. -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**: +2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then select **Ransomware protection**. -3. Under the **Controlled folder access** section, click **Protected folders** +3. Under the **Controlled folder access** section, select **Protected folders**. -4. Click **Add a protected folder** and follow the prompts to add apps. +4. Select **Add a protected folder** and follow the prompts to add apps. ### Use Group Policy to protect additional folders -1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**. -2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**. +2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**. 3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**. -4. Double-click **Configured protected folders** and set the option to **Enabled**. Click **Show** and enter each folder. +4. Double-click **Configured protected folders** and set the option to **Enabled**. Select **Show** and enter each folder. ### Use PowerShell to protect additional folders -1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator** 2. Enter the following cmdlet: ```PowerShell @@ -87,41 +85,41 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.m ## Allow specific apps to make changes to controlled folders -You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if you're finding a particular app that you know and trust is being blocked by the controlled folder access feature. +You can specify if certain apps are always considered safe and give write access to files in protected folders. Allowing apps can be useful if a particular app you know and trust is being blocked by the controlled folder access feature. > [!IMPORTANT] > By default, Windows adds apps that it considers friendly to the allowed list—apps added automatically by Windows are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets. > You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness. -When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by controlled folder access. +When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders. If the app (with the same name) is in a different location, it will not be added to the allow list and may be blocked by controlled folder access. -An allowed application or service only has write access to a controlled folder after it starts. For example, if you allow an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. +An allowed application or service only has write access to a controlled folder after it starts. For example, an update service will continue to trigger events after it's allowed until it is stopped and restarted. ### Use the Windows Defender Security app to allow specific apps -1. Open the Windows Security by clicking the shield icon in the task bar or searching the start menu for **Defender**. +1. Open the Windows Security by selecting the shield icon in the task bar or searching the start menu for **Defender**. -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**. +2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then select **Ransomware protection**. -3. Under the **Controlled folder access** section, click **Allow an app through Controlled folder access** +3. Under the **Controlled folder access** section, select **Allow an app through Controlled folder access** -4. Click **Add an allowed app** and follow the prompts to add apps. +4. Select **Add an allowed app** and follow the prompts to add apps. ![Screenshot of how to add an allowed app button](../images/cfa-allow-app.png) ### Use Group Policy to allow specific apps -1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**. -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. +2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**. 3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access**. -4. Double-click the **Configure allowed applications** setting and set the option to **Enabled**. Click **Show** and enter each app. +4. Double-click the **Configure allowed applications** setting and set the option to **Enabled**. Select **Show** and enter each app. ### Use PowerShell to allow specific apps -1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator** 2. Enter the following cmdlet: ```PowerShell @@ -147,7 +145,7 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications] ## Customize the notification -See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file. +For more information about customizing the notification when a rule is triggered and blocks an app or file, see [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center). ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md index 13358eb288..ca74cf863f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md @@ -1,9 +1,8 @@ --- -title: Enable or disable specific mitigations used by Exploit protection +title: Enable or disable specific mitigations used by exploit protection keywords: Exploit protection, mitigations, enable, powershell, dep, cfg, emet, aslr description: You can enable individual mitigations using the Windows Security app or PowerShell. You can also audit mitigations and export configurations. search.product: eADQiWindows 10XVcnh -ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library From 9c595dc0316ca23b68bfbd07f3efcd31c9c8f5a7 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 12 Aug 2020 17:02:42 -0700 Subject: [PATCH 089/100] Split, refresh --- windows/security/threat-protection/TOC.md | 5 +- .../custom-detection-rules.md | 60 ++++++----------- .../custom-detections-manage.md | 67 +++++++++++++++++++ .../overview-custom-detections.md | 9 +-- 4 files changed, 93 insertions(+), 48 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 6a30c6da4d..3bab5df58d 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -338,8 +338,9 @@ #### [Custom detections]() -##### [Understand custom detections](microsoft-defender-atp/overview-custom-detections.md) -##### [Create and manage detection rules](microsoft-defender-atp/custom-detection-rules.md) +##### [Custom detections overview](microsoft-defender-atp/overview-custom-detections.md) +##### [Create detection rules](microsoft-defender-atp/custom-detection-rules.md) +##### [View & manage detection rules](microsoft-defender-atp/custom-detections-manage.md) ### [Behavioral blocking and containment]() #### [Behavioral blocking and containment](microsoft-defender-atp/behavioral-blocking-containment.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 223e5b4295..a6f7579d12 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -1,7 +1,7 @@ --- -title: Create and manage custom detection rules in Microsoft Defender ATP +title: Create detection rules in Microsoft Defender ATP ms.reviewer: -description: Learn how to create and manage custom detection rules based on advanced hunting queries +description: Learn how to create custom detection rules based on advanced hunting queries keywords: custom detections, create, manage, alerts, edit, run on demand, frequency, interval, detection rules, advanced hunting, hunt, query, response actions, mdatp, microsoft defender atp search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -23,10 +23,13 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Custom detection rules built from [Advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. +Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. -> [!NOTE] -> To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. +Read this article to learn how to create new custom detection rules, or [see viewing and managing existing rules](custom-detections-manage.md). + +## Required permissions + +To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. ## Create a custom detection rule ### 1. Prepare the query. @@ -61,6 +64,7 @@ With the query in the query editor, select **Create detection rule** and specify - **Alert title** — title displayed with alerts triggered by the rule - **Severity** — potential risk of the component or activity identified by the rule. [Read about alert severities](alerts-queue.md#severity) - **Category** — type of threat component or activity, if any. [Read about alert categories](alerts-queue.md#understanding-alert-categories) +- **MITRE ATT&CK techniques** — one or more attack techniques identified by the rule as documented in the MITRE ATT&CK framework. This section does not apply and is hidden for certain alert categories, including malware, ransomware, suspicious activity, and unwanted software - **Description** — more information about the component or activity identified by the rule - **Recommended actions** — additional actions that responders might take in response to an alert @@ -91,44 +95,20 @@ These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1` - **Allow/Block** — automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule. - **Quarantine file** — deletes the file from its current location and places a copy in quarantine -### 4. Click **Create** to save and turn on the rule. +### 4. Set the rule scope. +Set the scope to specify which devices are covered by the rule: + +- All devices +- Specific device groups + +Only data from devices in scope will be queried. Also, actions will be taken only on those devices. + +### 5. Review and turn on the rule. After reviewing the rule, click **Create** to save it. The custom detection rule immediately runs. It runs again based on configured frequency to check for matches, generate alerts, and take response actions. -## Manage existing custom detection rules -In **Settings** > **Custom detections**, you can view the list of existing custom detection rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it. -### View existing rules - -To view all existing custom detection rules, navigate to **Settings** > **Custom detections**. The page lists all the rules with the following run information: - -- **Last run** — when a rule was last run to check for query matches and generate alerts -- **Last run status** — whether a rule ran successfully -- **Next run** — the next scheduled run -- **Status** — whether a rule has been turned on or off - -### View rule details, modify rule, and run rule - -To view comprehensive information about a custom detection rule, select the name of rule from the list of rules in **Settings** > **Custom detections**. This opens a page about the custom detection rule with the following information: - -- General information about the rule, including the details of the alert, run status, and scope -- List of triggered alerts -- List of triggered actions - -![Custom detection rule page](images/atp-custom-detection-rule-details.png)
-*Custom detection rule page* - -You can also take the following actions on the rule from this page: - -- **Run** — run the rule immediately. This also resets the interval for the next run. -- **Edit** — modify the rule without changing the query -- **Modify query** — edit the query in advanced hunting -- **Turn on** / **Turn off** — enable the rule or stop it from running -- **Delete** — turn off the rule and remove it - ->[!TIP] ->To quickly view information and take action on an item in a table, use the selection column [✓] at the left of the table. - -## Related topic +## Related topics +- [View and manage detection rules](custom-detections-manage.md) - [Custom detections overview](overview-custom-detections.md) - [Advanced hunting overview](advanced-hunting-overview.md) - [Learn the advanced hunting query language](advanced-hunting-query-language.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md new file mode 100644 index 0000000000..cb58a0ae93 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md @@ -0,0 +1,67 @@ +--- +title: View and manage custom detection rules in Microsoft Defender ATP +ms.reviewer: +description: Learn how to view and manage custom detection rules +keywords: custom detections, view, manage, alerts, edit, run on demand, detection rules, advanced hunting, hunt, query, response actions, mdatp, microsoft defender atp +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: lomayor +author: lomayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + + +# View and manage custom detection rules +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +Manage your existing [custom detection rules](custom-detections-rules.md) to ensure they are effectively finding threats and taking actions on threats you want to address proactively. Learn how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it. + +## Required permissions + +To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. + +## View existing rules + +To view all existing custom detection rules, navigate to **Settings** > **Custom detections**. The page lists all the rules with the following run information: + +- **Last run** — when a rule was last run to check for query matches and generate alerts +- **Last run status** — whether a rule ran successfully +- **Next run** — the next scheduled run +- **Status** — whether a rule has been turned on or off + +## View rule details, modify rule, and run rule + +To view comprehensive information about a custom detection rule, select the name of rule from the list of rules in **Settings** > **Custom detections**. This opens a page about the custom detection rule with the following information: + +- General information about the rule, including the details of the alert, run status, and scope +- List of triggered alerts +- List of triggered actions + +![Custom detection rule page](images/atp-custom-detection-rule-details.png)
+*Custom detection rule page* + +You can also take the following actions on the rule from this page: + +- **Run** — run the rule immediately. This also resets the interval for the next run. +- **Edit** — modify the rule without changing the query +- **Modify query** — edit the query in advanced hunting +- **Turn on** / **Turn off** — enable the rule or stop it from running +- **Delete** — turn off the rule and remove it + +>[!TIP] +>To quickly view information and take action on an item in a table, use the selection column [✓] at the left of the table. + +## Related topics +- [Custom detections overview](overview-custom-detections.md) +- [Create detection rules](custom-detection-rules.md) +- [Advanced hunting overview](advanced-hunting-overview.md) +- [View and organize alerts](alerts-queue.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md index c98c0a6c38..304e964c67 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md @@ -18,22 +18,19 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- - # Custom detections overview **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. This is made possible by customizable detection rules that automatically trigger alerts as well as response actions. -Custom detections work with [Advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. +Custom detections work with [advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. Custom detections provide: - Alerts for rule-based detections built from advanced hunting queries - Automatic response actions that apply to files and devices ->[!NOTE] ->To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. - ## Related topic -- [Create and manage custom detection rules](custom-detection-rules.md) +- [Create detection rules](custom-detection-rules.md) +- [View and manage detection rules](custom-detections-manage.md) - [Advanced hunting overview](advanced-hunting-overview.md) \ No newline at end of file From 2c11114dbdc5050a2fd7f0c4a4c7caeaab36a1f9 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 12 Aug 2020 17:20:07 -0700 Subject: [PATCH 090/100] acrotweaks --- .../custom-detection-rules.md | 40 +++++++++---------- .../custom-detections-manage.md | 20 +++++----- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index a6f7579d12..e9b1845ce1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -25,7 +25,7 @@ ms.topic: article Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. -Read this article to learn how to create new custom detection rules, or [see viewing and managing existing rules](custom-detections-manage.md). +Read this article to learn how to create new custom detection rules. Or [see viewing and managing existing rules](custom-detections-manage.md). ## Required permissions @@ -34,7 +34,7 @@ To create or manage custom detections, [your role](user-roles.md#create-roles-an ## Create a custom detection rule ### 1. Prepare the query. -In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using an new query, run the query to identify errors and understand possible results. +In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using a new query, run the query to identify errors and understand possible results. >[!IMPORTANT] >To prevent the service from returning too many alerts, each rule is limited to generating only 100 alerts whenever it runs. Before creating a rule, tweak your query to avoid alerting for normal, day-to-day activity. @@ -59,24 +59,24 @@ DeviceEvents With the query in the query editor, select **Create detection rule** and specify the following alert details: -- **Detection name** — name of the detection rule -- **Frequency** — interval for running the query and taking action. [See additional guidance below](#rule-frequency) -- **Alert title** — title displayed with alerts triggered by the rule -- **Severity** — potential risk of the component or activity identified by the rule. [Read about alert severities](alerts-queue.md#severity) -- **Category** — type of threat component or activity, if any. [Read about alert categories](alerts-queue.md#understanding-alert-categories) -- **MITRE ATT&CK techniques** — one or more attack techniques identified by the rule as documented in the MITRE ATT&CK framework. This section does not apply and is hidden for certain alert categories, including malware, ransomware, suspicious activity, and unwanted software -- **Description** — more information about the component or activity identified by the rule -- **Recommended actions** — additional actions that responders might take in response to an alert +- **Detection name**—name of the detection rule +- **Frequency**—interval for running the query and taking action. [See additional guidance below](#rule-frequency) +- **Alert title**—title displayed with alerts triggered by the rule +- **Severity**—potential risk of the component or activity identified by the rule. [Read about alert severities](alerts-queue.md#severity) +- **Category**—type of threat component or activity, if any. [Read about alert categories](alerts-queue.md#understanding-alert-categories) +- **MITRE ATT&CK techniques**—one or more attack techniques identified by the rule as documented in the MITRE ATT&CK framework. This section is not available with alert categories, such as malware, ransomware, suspicious activity, and unwanted software +- **Description**—more information about the component or activity identified by the rule +- **Recommended actions**—additional actions that responders might take in response to an alert For more information about how alert details are displayed, [read about the alert queue](alerts-queue.md). #### Rule frequency When saved, a new or edited custom detection rule immediately runs and checks for matches from the past 30 days of data. The rule then runs again at fixed intervals and lookback durations based on the frequency you choose: -- **Every 24 hours** — runs every 24 hours, checking data from the past 30 days -- **Every 12 hours** — runs every 12 hours, checking data from the past 24 hours -- **Every 3 hours** — runs every 3 hours, checking data from the past 6 hours -- **Every hour** — runs hourly, checking data from the past 2 hours +- **Every 24 hours**—runs every 24 hours, checking data from the past 30 days +- **Every 12 hours**—runs every 12 hours, checking data from the past 24 hours +- **Every 3 hours**—runs every 3 hours, checking data from the past 6 hours +- **Every hour**—runs hourly, checking data from the past 2 hours Select the frequency that matches how closely you want to monitor detections, and consider your organization's capacity to respond to the alerts. @@ -85,15 +85,15 @@ Your custom detection rule can automatically take actions on files or devices th #### Actions on devices These actions are applied to devices in the `DeviceId` column of the query results: -- **Isolate device** — applies full network isolation, preventing the device from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network) -- **Collect investigation package** — collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices) -- **Run antivirus scan** — performs a full Microsoft Defender Antivirus scan on the device -- **Initiate investigation** — initiates an [automated investigation](automated-investigations.md) on the device +- **Isolate device**—applies full network isolation, preventing the device from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network) +- **Collect investigation package**—collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices) +- **Run antivirus scan**—performs a full Microsoft Defender Antivirus scan on the device +- **Initiate investigation**—starts an [automated investigation](automated-investigations.md) on the device #### Actions on files These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1` column of the query results: -- **Allow/Block** — automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule. -- **Quarantine file** — deletes the file from its current location and places a copy in quarantine +- **Allow/Block**—automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule. +- **Quarantine file**—deletes the file from its current location and places a copy in quarantine ### 4. Set the rule scope. Set the scope to specify which devices are covered by the rule: diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md index cb58a0ae93..06309d4989 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md @@ -33,14 +33,14 @@ To create or manage custom detections, [your role](user-roles.md#create-roles-an To view all existing custom detection rules, navigate to **Settings** > **Custom detections**. The page lists all the rules with the following run information: -- **Last run** — when a rule was last run to check for query matches and generate alerts -- **Last run status** — whether a rule ran successfully -- **Next run** — the next scheduled run -- **Status** — whether a rule has been turned on or off +- **Last run**—when a rule was last run to check for query matches and generate alerts +- **Last run status**—whether a rule ran successfully +- **Next run**—the next scheduled run +- **Status**—whether a rule has been turned on or off ## View rule details, modify rule, and run rule -To view comprehensive information about a custom detection rule, select the name of rule from the list of rules in **Settings** > **Custom detections**. This opens a page about the custom detection rule with the following information: +To view comprehensive information about a custom detection rule, select the name of rule from the list of rules in **Settings** > **Custom detections**. A page about the selected rule displays the the following information: - General information about the rule, including the details of the alert, run status, and scope - List of triggered alerts @@ -51,11 +51,11 @@ To view comprehensive information about a custom detection rule, select the name You can also take the following actions on the rule from this page: -- **Run** — run the rule immediately. This also resets the interval for the next run. -- **Edit** — modify the rule without changing the query -- **Modify query** — edit the query in advanced hunting -- **Turn on** / **Turn off** — enable the rule or stop it from running -- **Delete** — turn off the rule and remove it +- **Run**—run the rule immediately. This action also resets the interval for the next run. +- **Edit**—modify the rule without changing the query +- **Modify query**—edit the query in advanced hunting +- **Turn on** / **Turn off**—enable the rule or stop it from running +- **Delete**—turn off the rule and remove it >[!TIP] >To quickly view information and take action on an item in a table, use the selection column [✓] at the left of the table. From 23a0c6584508d7d75b76d32f6c3c999f6d026563 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 12 Aug 2020 17:21:56 -0700 Subject: [PATCH 091/100] Update custom-detections-manage.md --- .../microsoft-defender-atp/custom-detections-manage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md index 06309d4989..407de115df 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md @@ -23,7 +23,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Manage your existing [custom detection rules](custom-detections-rules.md) to ensure they are effectively finding threats and taking actions on threats you want to address proactively. Learn how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it. +Manage your existing [custom detection rules](custom-detection-rules.md) to ensure they are effectively finding threats and taking actions on threats you want to address proactively. Learn how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it. ## Required permissions From 6aa3b64561c6b04431c45301d1e5ba19c26ade98 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 12 Aug 2020 17:29:57 -0700 Subject: [PATCH 092/100] AcroTweaks --- .../microsoft-defender-atp/custom-detection-rules.md | 2 +- .../microsoft-defender-atp/custom-detections-manage.md | 4 ++-- .../microsoft-defender-atp/overview-custom-detections.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index e9b1845ce1..1806f29868 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -104,7 +104,7 @@ Set the scope to specify which devices are covered by the rule: Only data from devices in scope will be queried. Also, actions will be taken only on those devices. ### 5. Review and turn on the rule. -After reviewing the rule, click **Create** to save it. The custom detection rule immediately runs. It runs again based on configured frequency to check for matches, generate alerts, and take response actions. +After reviewing the rule, select **Create** to save it. The custom detection rule immediately runs. It runs again based on configured frequency to check for matches, generate alerts, and take response actions. ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md index 407de115df..bae067bcec 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md @@ -23,7 +23,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Manage your existing [custom detection rules](custom-detection-rules.md) to ensure they are effectively finding threats and taking actions on threats you want to address proactively. Learn how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it. +Manage your existing [custom detection rules](custom-detection-rules.md) to ensure they are effectively finding threats and taking actions. Explore how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it. ## Required permissions @@ -40,7 +40,7 @@ To view all existing custom detection rules, navigate to **Settings** > **Custom ## View rule details, modify rule, and run rule -To view comprehensive information about a custom detection rule, select the name of rule from the list of rules in **Settings** > **Custom detections**. A page about the selected rule displays the the following information: +To view comprehensive information about a custom detection rule, select the name of rule from the list of rules in **Settings** > **Custom detections**. A page about the selected rule displays the following information: - General information about the rule, including the details of the alert, run status, and scope - List of triggered alerts diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md index 304e964c67..0f17cc548c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md @@ -22,7 +22,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. This is made possible by customizable detection rules that automatically trigger alerts as well as response actions. +With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. You can do this with customizable detection rules that automatically trigger alerts as well as response actions. Custom detections work with [advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. From 159663aef048fdf1ca26cec00f307e34c239960a Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 12 Aug 2020 17:36:38 -0700 Subject: [PATCH 093/100] More tweakaroos --- .../microsoft-defender-atp/custom-detection-rules.md | 2 +- .../microsoft-defender-atp/overview-custom-detections.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 1806f29868..a9b8d6cb29 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -1,5 +1,5 @@ --- -title: Create detection rules in Microsoft Defender ATP +title: Create custom detection rules in Microsoft Defender ATP ms.reviewer: description: Learn how to create custom detection rules based on advanced hunting queries keywords: custom detections, create, manage, alerts, edit, run on demand, frequency, interval, detection rules, advanced hunting, hunt, query, response actions, mdatp, microsoft defender atp diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md index 0f17cc548c..fd8438a07e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md @@ -22,7 +22,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. You can do this with customizable detection rules that automatically trigger alerts as well as response actions. +With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. You can do this with customizable detection rules that automatically trigger alerts and response actions. Custom detections work with [advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. @@ -30,7 +30,7 @@ Custom detections provide: - Alerts for rule-based detections built from advanced hunting queries - Automatic response actions that apply to files and devices -## Related topic +## Related topics - [Create detection rules](custom-detection-rules.md) - [View and manage detection rules](custom-detections-manage.md) - [Advanced hunting overview](advanced-hunting-overview.md) \ No newline at end of file From 00f774bd539f9bcf9d52e7c4da2481bdcb1fd433 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 12 Aug 2020 17:54:08 -0700 Subject: [PATCH 094/100] tweaks --- .../custom-detection-rules.md | 26 ++++++++++--------- .../custom-detections-manage.md | 2 ++ .../overview-custom-detections.md | 2 ++ 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index a9b8d6cb29..a6ef0b57b7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -19,20 +19,22 @@ ms.topic: article --- -# Create and manage custom detection rules +# Create custom detection rules **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +>[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) + + Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. Read this article to learn how to create new custom detection rules. Or [see viewing and managing existing rules](custom-detections-manage.md). -## Required permissions +## 1. Check required permissions To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. -## Create a custom detection rule -### 1. Prepare the query. +## 2. Prepare the query In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using a new query, run the query to identify errors and understand possible results. @@ -40,7 +42,7 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an >To prevent the service from returning too many alerts, each rule is limited to generating only 100 alerts whenever it runs. Before creating a rule, tweak your query to avoid alerting for normal, day-to-day activity. -#### Required columns in the query results +### Required columns in the query results To use a query for a custom detection rule, the query must return the `Timestamp`, `DeviceId`, and `ReportId` columns in the results. Simple queries, such as those that don't use the `project` or `summarize` operator to customize or aggregate results, typically return these common columns. There are various ways to ensure more complex queries return these columns. For example, if you prefer to aggregate and count by `DeviceId`, you can still return `Timestamp` and `ReportId` by getting them from the most recent event involving each device. @@ -55,7 +57,7 @@ DeviceEvents | where count_ > 5 ``` -### 2. Create new rule and provide alert details. +## 3. Create new rule and provide alert details With the query in the query editor, select **Create detection rule** and specify the following alert details: @@ -70,7 +72,7 @@ With the query in the query editor, select **Create detection rule** and specify For more information about how alert details are displayed, [read about the alert queue](alerts-queue.md). -#### Rule frequency +### Rule frequency When saved, a new or edited custom detection rule immediately runs and checks for matches from the past 30 days of data. The rule then runs again at fixed intervals and lookback durations based on the frequency you choose: - **Every 24 hours**—runs every 24 hours, checking data from the past 30 days @@ -80,22 +82,22 @@ When saved, a new or edited custom detection rule immediately runs and checks fo Select the frequency that matches how closely you want to monitor detections, and consider your organization's capacity to respond to the alerts. -### 3. Specify actions on files or devices. +## 4. Specify actions on files or devices Your custom detection rule can automatically take actions on files or devices that are returned by the query. -#### Actions on devices +### Actions on devices These actions are applied to devices in the `DeviceId` column of the query results: - **Isolate device**—applies full network isolation, preventing the device from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network) - **Collect investigation package**—collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices) - **Run antivirus scan**—performs a full Microsoft Defender Antivirus scan on the device - **Initiate investigation**—starts an [automated investigation](automated-investigations.md) on the device -#### Actions on files +### Actions on files These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1` column of the query results: - **Allow/Block**—automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule. - **Quarantine file**—deletes the file from its current location and places a copy in quarantine -### 4. Set the rule scope. +## 5. Set the rule scope Set the scope to specify which devices are covered by the rule: - All devices @@ -103,7 +105,7 @@ Set the scope to specify which devices are covered by the rule: Only data from devices in scope will be queried. Also, actions will be taken only on those devices. -### 5. Review and turn on the rule. +## 6. Review and turn on the rule After reviewing the rule, select **Create** to save it. The custom detection rule immediately runs. It runs again based on configured frequency to check for matches, generate alerts, and take response actions. diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md index bae067bcec..3594f09bb8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md @@ -23,6 +23,8 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +>[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) + Manage your existing [custom detection rules](custom-detection-rules.md) to ensure they are effectively finding threats and taking actions. Explore how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it. ## Required permissions diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md index fd8438a07e..87ad24897b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md @@ -22,6 +22,8 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +>[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) + With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. You can do this with customizable detection rules that automatically trigger alerts and response actions. Custom detections work with [advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. From e7e9f64418fbc2a3c7805a5af5ee4e6a6c1eb2b9 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 12 Aug 2020 17:59:51 -0700 Subject: [PATCH 095/100] Update custom-detection-rules.md --- .../microsoft-defender-atp/custom-detection-rules.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index a6ef0b57b7..20cba1c034 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -23,13 +23,16 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) +> [Learn about this feature in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. Read this article to learn how to create new custom detection rules. Or [see viewing and managing existing rules](custom-detections-manage.md). +>[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) + + ## 1. Check required permissions To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. From ad2172c71f4ad60d993e1c41fe829d0881972c9e Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 12 Aug 2020 20:38:46 -0700 Subject: [PATCH 096/100] Finalizing --- .../microsoft-defender-atp/custom-detection-rules.md | 9 +-------- .../microsoft-defender-atp/custom-detections-manage.md | 2 -- .../microsoft-defender-atp/overview-custom-detections.md | 2 -- 3 files changed, 1 insertion(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 20cba1c034..6021933e52 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -18,21 +18,14 @@ ms.collection: M365-security-compliance ms.topic: article --- - # Create custom detection rules **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -> [Learn about this feature in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) - - Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. Read this article to learn how to create new custom detection rules. Or [see viewing and managing existing rules](custom-detections-manage.md). ->[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) - - ## 1. Check required permissions To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. @@ -69,7 +62,7 @@ With the query in the query editor, select **Create detection rule** and specify - **Alert title**—title displayed with alerts triggered by the rule - **Severity**—potential risk of the component or activity identified by the rule. [Read about alert severities](alerts-queue.md#severity) - **Category**—type of threat component or activity, if any. [Read about alert categories](alerts-queue.md#understanding-alert-categories) -- **MITRE ATT&CK techniques**—one or more attack techniques identified by the rule as documented in the MITRE ATT&CK framework. This section is not available with alert categories, such as malware, ransomware, suspicious activity, and unwanted software +- **MITRE ATT&CK techniques**—one or more attack techniques identified by the rule as documented in the MITRE ATT&CK framework. This section is not available with certain alert categories, such as malware, ransomware, suspicious activity, and unwanted software - **Description**—more information about the component or activity identified by the rule - **Recommended actions**—additional actions that responders might take in response to an alert diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md index 3594f09bb8..bae067bcec 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md @@ -23,8 +23,6 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) - Manage your existing [custom detection rules](custom-detection-rules.md) to ensure they are effectively finding threats and taking actions. Explore how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it. ## Required permissions diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md index 87ad24897b..fd8438a07e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md @@ -22,8 +22,6 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) - With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. You can do this with customizable detection rules that automatically trigger alerts and response actions. Custom detections work with [advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. From b273db911c5a1b048127958cb61273090a9bbba1 Mon Sep 17 00:00:00 2001 From: JECRISPO <69607805+JECRISPO@users.noreply.github.com> Date: Thu, 13 Aug 2020 07:42:06 -0700 Subject: [PATCH 097/100] Added clarifying language about reccomendations Change was reccomended by MCB Privacy to ensure there is discoverable notice. --- windows/configuration/windows-spotlight.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/windows-spotlight.md index fa8b0e3378..c5fc3f7733 100644 --- a/windows/configuration/windows-spotlight.md +++ b/windows/configuration/windows-spotlight.md @@ -44,7 +44,7 @@ For managed devices running Windows 10 Enterprise and Windows 10 Education, en - **Feature suggestions, fun facts, tips** - The lock screen background will occasionally suggest Windows 10 features that the user hasn't tried yet, such as **Snap assist**. + The lock screen background will occasionally make reccomendations on how to enhance your productivity and enjoyment of Microsoft products including suggesting other relevant Microsoft products and services. ![fun facts](images/funfacts.png) From 469cbfd93f9ee10f1640f5708e45a14f5088fdec Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 13 Aug 2020 11:10:27 -0700 Subject: [PATCH 098/100] Delete oldTOC.md --- .../microsoft-defender-atp/oldTOC.md | 528 ------------------ 1 file changed, 528 deletions(-) delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/oldTOC.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md deleted file mode 100644 index 20f305fbfb..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md +++ /dev/null @@ -1,528 +0,0 @@ -# [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md) - -## [Overview]() -### [Overview of Microsoft Defender ATP capabilities](overview.md) -### [Threat & Vulnerability Management]() -#### [Next-generation capabilities](next-gen-threat-and-vuln-mgt.md) -#### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md) -#### [Exposure score](tvm-exposure-score.md) -#### [Configuration score](configuration-score.md) -#### [Security recommendation](tvm-security-recommendation.md) -#### [Remediation](tvm-remediation.md) -#### [Software inventory](tvm-software-inventory.md) -#### [Weaknesses](tvm-weaknesses.md) -#### [Scenarios](threat-and-vuln-mgt-scenarios.md) - - -### [Attack surface reduction]() -#### [Hardware-based isolation]() -##### [Hardware-based isolation in Windows 10](overview-hardware-based-isolation.md) - -##### [Application isolation]() -###### [Application guard overview](../windows-defender-application-guard/wd-app-guard-overview.md) -###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md) - -##### [System integrity](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) - -#### [Application control]() -##### [Windows Defender Application Guard](../windows-defender-application-control/windows-defender-application-control.md) - -#### [Exploit protection](../windows-defender-exploit-guard/exploit-protection.md) -#### [Network protection](../windows-defender-exploit-guard/network-protection.md) -#### [Controlled folder access](../windows-defender-exploit-guard/controlled-folders.md) -#### [Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction.md) -#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md) - - -### [Next-generation protection](../microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md) - - -### [Endpoint detection and response]() -#### [Endpoint detection and response overview](overview-endpoint-detection-response.md) -#### [Security operations dashboard](security-operations-dashboard.md) - -#### [Incidents queue]() -##### [View and organize the Incidents queue](view-incidents-queue.md) -##### [Manage incidents](manage-incidents.md) -##### [Investigate incidents](investigate-incidents.md) - -#### [Alerts queue]() -##### [View and organize the Alerts queue](alerts-queue.md) -##### [Manage alerts](manage-alerts.md) -##### [Investigate alerts](investigate-alerts.md) -##### [Investigate files](investigate-files.md) -##### [Investigate machines](investigate-machines.md) -##### [Investigate an IP address](investigate-ip.md) -##### [Investigate a domain](investigate-domain.md) -##### [Investigate a user account](investigate-user.md) - -#### [Machines list]() -##### [View and organize the Machines list](machines-view-overview.md) - -##### [Investigate machines]() -###### [Machine details](investigate-machines.md#machine-details) -###### [Response actions](investigate-machines.md#response-actions) -###### [Cards](investigate-machines.md#cards) -###### [Tabs](investigate-machines.md#tabs) - -#### [Take response actions]() -##### [Take response actions on a machine]() -###### [Understand response actions](respond-machine-alerts.md) -###### [Manage tags](respond-machine-alerts.md#manage-tags) -###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation) -###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session) -###### [Collect investigation package from machines](respond-machine-alerts.md#collect-investigation-package-from-machines) -###### [Run Microsoft Defender Antivirus scan on machines](respond-machine-alerts.md#run-microsoft-defender-antivirus-scan-on-machines) -###### [Restrict app execution](respond-machine-alerts.md#restrict-app-execution) -###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) -###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center) - -##### [Take response actions on a file]() -###### [Understand response actions](respond-file-alerts.md) -###### [Stop and quarantine files in your network](respond-file-alerts.md#stop-and-quarantine-files-in-your-network) -###### [Restore file from quarantine](respond-file-alerts.md#restore-file-from-quarantine) -###### [Add an indicator to block or allow a file](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) -###### [Deep analysis](respond-file-alerts.md#deep-analysis) - -##### [Live response]() -###### [Investigate entities on machines](live-response.md) -###### [Live response command examples](live-response-command-examples.md) - - -### [Automated investigation and remediation]() -#### [Understand Automated investigations](automated-investigations.md) -#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md) -#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md) - - -### [Threat analytics](threat-analytics.md) - - -### [Microsoft Threat Experts](microsoft-threat-experts.md) - - -### [Advanced hunting]() -#### [Advanced hunting overview](advanced-hunting-overview.md) - -#### [Query data using Advanced hunting]() -##### [Data querying basics](advanced-hunting-query-language.md) -##### [Advanced hunting reference](advanced-hunting-schema-reference.md) -##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md) - -#### [Custom detections]() -##### [Understand custom detection rules](overview-custom-detections.md) -##### [Create custom detections rules](custom-detection-rules.md) - -### [Management and APIs]() -#### [Overview of management and APIs](management-apis.md) -#### [Understand threat intelligence concepts](threat-indicator-concepts.md) -#### [Microsoft Defender ATP APIs](apis-intro.md) -#### [Managed security service provider support](mssp-support.md) - - -### [Integrations]() -#### [Microsoft Defender ATP integrations](threat-protection-integration.md) -#### [Conditional Access integration overview](conditional-access.md) -#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md) - -#### [Information protection in Windows overview]() -##### [Windows integration](information-protection-in-windows-overview.md) -##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md) - - -### [Microsoft Threat Experts](microsoft-threat-experts.md) - - -### [Portal overview](portal-overview.md) - - - -## [Get started]() -### [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md) -### [Preview features](preview.md) -### [Evaluation lab](evaluation-lab.md) -### [Minimum requirements](minimum-requirements.md) -### [Validate licensing and complete setup](licensing.md) - -### [Data storage and privacy](data-storage-privacy.md) -### [Assign user access to the portal](assign-portal-access.md) - -### [Evaluate Microsoft Defender ATP capabilities]() -#### [Evaluate attack surface reduction]() - -##### [Evaluate attack surface reduction and next-generation capabilities](evaluate-atp.md) -###### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md) -###### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md) -###### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md) -###### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md) -###### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md) -###### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md) -###### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) -##### [Evaluate next-generation protection](../microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md) - -### [Access the Microsoft Defender Security Center Community Center](community.md) - -## [Configure and manage capabilities]() - -### [Configure attack surface reduction](configure-attack-surface-reduction.md) - -### [Hardware-based isolation]() -#### [System integrity](../windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) - -#### [Application isolation]() -##### [Install Windows Defender Application Guard](../windows-defender-application-guard/install-wd-app-guard.md) -##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md) - -#### [Application control](../windows-defender-application-control/windows-defender-application-control.md) - -#### [Device control]() -##### [Control USB devices](../device-control/control-usb-devices-using-intune.md) - -##### [Device Guard]() -###### [Code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) - -###### [Memory integrity]() -####### [Understand memory integrity](../windows-defender-exploit-guard/memory-integrity.md) -####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md) -####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md) - -#### [Exploit protection]() -##### [Enable exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md) -##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md) - -#### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md) - -#### [Controlled folder access]() -##### [Enable controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders.md) -##### [Customize controlled folder access](../windows-defender-exploit-guard/customize-controlled-folders.md) - -#### [Attack surface reduction controls]() -##### [Enable attack surface reduction rules](../windows-defender-exploit-guard/enable-attack-surface-reduction.md) -##### [Customize attack surface reduction rules](../windows-defender-exploit-guard/customize-attack-surface-reduction.md) - -#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md) - - -### [Configure next-generation protection]() -#### [Configure Microsoft Defender Antivirus features](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) -#### [Utilize Microsoft cloud-delivered protection]() -##### [Understand cloud-delivered protection](../microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) -##### [Enable cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) -##### [Specify the cloud-delivered protection level](../microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md) -##### [Configure and validate network connections](../microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md) -##### [Enable Block at first sight](../microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md) -##### [Configure the cloud block timeout period](../microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md) - -#### [Configure behavioral, heuristic, and real-time protection]() -##### [Configuration overview](../microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md) -##### [Detect and block potentially unwanted applications](../microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) -##### [Enable and configure always-on protection and monitoring](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) - -#### [Antivirus on Windows Server 2016](../microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md) - -#### [Antivirus compatibility]() -##### [Compatibility charts](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md) -##### [Use limited periodic antivirus scanning](../microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md) - -#### [Deploy, manage updates, and report on antivirus]() -##### [Using Microsoft Defender Antivirus](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md) - -##### [Deploy and enable antivirus]() -###### [Preparing to deploy](../microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md) -###### [Deployment guide for VDI environments](../microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md) - -##### [Report on antivirus protection]() -###### [Review protection status and aqlerts](../microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md) -###### [Troubleshoot antivirus reporting in Update Compliance](../microsoft-defender-antivirus/troubleshoot-reporting.md) - -##### [Manage updates and apply baselines]() -###### [Learn about the different kinds of updates](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md) -###### [Manage protection and Security intelligence updates](../microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md) -###### [Manage when protection updates should be downloaded and applied](../microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md) -###### [Manage updates for endpoints that are out of date](../microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md) -###### [Manage event-based forced updates](../microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md) -###### [Manage updates for mobile devices and VMs](../microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) - -#### [Customize, initiate, and review the results of scans and remediation]() -##### [Configuration overview](../microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md) - -##### [Configure and validate exclusions in antivirus scans]() -###### [Exclusions overview](../microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md) -###### [Configure and validate exclusions based on file name, extension, and folder location](../microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md) -###### [Configure and validate exclusions for files opened by processes](../microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) -###### [Configure antivirus exclusions Windows Server 2016](../microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md) - -##### [Configure antivirus scanning options](../microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md) -##### [Configure remediation for scans](../microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md) -##### [Configure scheduled scans](../microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md) -##### [Configure and run scans](../microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md) -##### [Review scan results](../microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md) -##### [Run and review the results of an offline scan](../microsoft-defender-antivirus/windows-defender-offline.md) - -#### [Restore quarantined files](../microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md) - -#### [Manage antivirus in your business]() -##### [Management overview](../microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md) -##### [Use Group Policy settings to configure and manage antivirus](../microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md) -##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md) -##### [Use PowerShell cmdlets to configure and manage antivirus](../microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md) -##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md) -##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md) - -#### [Manage scans and remediation]() -##### [Management overview](../microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md) - -##### [Configure and validate exclusions in antivirus scans]() -###### [Exclusions overview](../microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md) -###### [Configure and validate exclusions based on file name, extension, and folder location](../microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md) -###### [Configure and validate exclusions for files opened by processes](../microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) -###### [Configure antivirus exclusions on Windows Server 2016](../microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md) - -##### [Configure scanning options](../microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md) -##### [Configure remediation for scans](../microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md) -##### [Configure scheduled scans](../microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md) -##### [Configure and run scans](../microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md) -##### [Review scan results](../microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md) -##### [Run and review the results of an offline scan](../microsoft-defender-antivirus/windows-defender-offline.md) -##### [Restore quarantined files](../microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md) - -#### [Manage next-generation protection in your business]() -##### [Management overview](../microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md) -##### [Use Microsoft Intune and System Center Configuration Manager to manage next-generation protection](../microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md) -##### [Use Group Policy settings to manage next-generation protection](../microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md) -##### [Use PowerShell cmdlets to manage next-generation protection](../microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md) -##### [Use Windows Management Instrumentation (WMI) to manage next-generation protection](../microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md) -##### [Use the mpcmdrun.exe command line tool to manage next-generation protection](../microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md) - - - -### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) - - -### [Endpoint detection and response management and API support]() - -#### [Onboard machines]() -##### [Onboarding overview](onboard-configure.md) -##### [Onboard previous versions of Windows](onboard-downlevel.md) - -##### [Onboard Windows 10 machines]() -###### [Ways to onboard](configure-endpoints.md) -###### [Onboard machines using Group Policy](configure-endpoints-gp.md) -###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm.md) - -###### [Onboard machines using Mobile Device Management tools]() -####### [Overview](configure-endpoints-mdm.md) -####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune) -###### [Onboard machines using a local script](configure-endpoints-script.md) -###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md) - -##### [Onboard servers](configure-server-endpoints.md) -##### [Onboard non-Windows machines](configure-endpoints-non-windows.md) -##### [Onboard machines without Internet access](onboard-offline-machines.md) -##### [Run a detection test on a newly onboarded machine](run-detection-test.md) -##### [Run simulated attacks on machines](attack-simulations.md) -##### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) - -##### [Troubleshoot onboarding issues]() -###### [Troubleshooting basics](troubleshoot-onboarding.md) -###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md) - -#### [Microsoft Defender ATP API]() -##### [Understand Microsoft Defender ATP APIs](use-apis.md) -##### [Microsoft Defender ATP API license and terms](api-terms-of-use.md) - -##### [Get started]() -###### [Introduction](apis-intro.md) -###### [Hello World](api-hello-world.md) -###### [Get access with application context](exposed-apis-create-app-webapp.md) -###### [Get access with user context](exposed-apis-create-app-nativeapp.md) -###### [Get partner application access](microsoft-defender-atp/exposed-apis-create-app-partners.md) - -##### [APIs]() -###### [Supported Microsoft Defender ATP APIs](exposed-apis-list.md) -###### [Common REST API error codes](common-errors.md) -###### [Advanced Hunting](run-advanced-query-api.md) - -###### [Alert]() -####### [Methods, properties, and JSON representation](alerts.md) -####### [List alerts](get-alerts.md) -####### [Create alert](create-alert-by-reference.md) -####### [Update Alert](update-alert.md) -####### [Get alert information by ID](get-alert-info-by-id.md) -####### [Get alert related domains information](get-alert-related-domain-info.md) -####### [Get alert related file information](get-alert-related-files-info.md) -####### [Get alert related IPs information](get-alert-related-ip-info.md) -####### [Get alert related machine information](get-alert-related-machine-info.md) -####### [Get alert related user information](get-alert-related-user-info.md) - -###### [Machine]() -####### [Methods and properties](machine.md) -####### [List machines](get-machines.md) -####### [Get machine by ID](get-machine-by-id.md) -####### [Get machine log on users](get-machine-log-on-users.md) -####### [Get machine related alerts](get-machine-related-alerts.md) -####### [Add or Remove machine tags](add-or-remove-machine-tags.md) -####### [Find machines by IP](find-machines-by-ip.md) - -###### [Machine Action]() -####### [Methods and properties](machineaction.md) -####### [List Machine Actions](get-machineactions-collection.md) -####### [Get Machine Action](get-machineaction-object.md) -####### [Collect investigation package](collect-investigation-package.md) -####### [Get investigation package SAS URI](get-package-sas-uri.md) -####### [Isolate machine](isolate-machine.md) -####### [Release machine from isolation](unisolate-machine.md) -####### [Restrict app execution](restrict-code-execution.md) -####### [Remove app restriction](unrestrict-code-execution.md) -####### [Run antivirus scan](run-av-scan.md) -####### [Offboard machine](offboard-machine-api.md) -####### [Stop and quarantine file](stop-and-quarantine-file.md) - -###### [Automated Investigation]() -####### [Investigation methods and properties](microsoft-defender-atp/investigation.md) -####### [List Investigation](microsoft-defender-atp/get-investigation-collection.md) -####### [Get Investigation](microsoft-defender-atp/get-investigation-object.md) -####### [Start Investigation](microsoft-defender-atp/initiate-autoir-investigation.md) - -###### [Indicators]() -####### [Methods and properties](ti-indicator.md) -####### [Submit Indicator](post-ti-indicator.md) -####### [List Indicators](get-ti-indicators-collection.md) -####### [Delete Indicator](delete-ti-indicator-by-id.md) - -###### [Domain]() -####### [Get domain related alerts](get-domain-related-alerts.md) -####### [Get domain related machines](get-domain-related-machines.md) -####### [Get domain statistics](get-domain-statistics.md) - -###### [File]() -####### [Methods and properties](files.md) -####### [Get file information](get-file-information.md) -####### [Get file related alerts](get-file-related-alerts.md) -####### [Get file related machines](get-file-related-machines.md) -####### [Get file statistics](get-file-statistics.md) - -###### [IP]() -####### [Get IP related alerts](get-ip-related-alerts.md) -####### [Get IP statistics](get-ip-statistics.md) - -###### [User]() -####### [Methods](user.md) -####### [Get user related alerts](get-user-related-alerts.md) -####### [Get user related machines](get-user-related-machines.md) - -##### [How to use APIs - Samples]() -###### [Microsoft Flow](api-microsoft-flow.md) -###### [Power BI](api-power-bi.md) -###### [Advanced Hunting using Python](run-advanced-query-sample-python.md) -###### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md) -###### [Using OData Queries](exposed-apis-odata-samples.md) - -#### [API for custom alerts]() -##### [Enable the custom threat intelligence application](enable-custom-ti.md) -##### [Use the threat intelligence API to create custom alerts](use-custom-ti.md) -##### [Create custom threat intelligence alerts](custom-ti-api.md) -##### [PowerShell code examples](powershell-example-code.md) -##### [Python code examples](python-example-code.md) -##### [Experiment with custom threat intelligence alerts](experiment-custom-ti.md) -##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md) - -#### [Pull Detections to your SIEM tools]() -##### [Learn about different ways to pull Detections](configure-siem.md) -##### [Enable SIEM integration](enable-siem-integration.md) -##### [Configure Splunk to pull Detections](configure-splunk.md) -##### [Configure HP ArcSight to pull Detections](configure-arcsight.md) -##### [Microsoft Defender ATP Detection fields](api-portal-mapping.md) -##### [Pull Detections using SIEM REST API](pull-alerts-using-rest-api.md) -##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md) - -#### [Reporting]() -##### [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md) -##### [Threat protection reports](threat-protection-reports.md) -##### [Machine health and compliance reports](machine-reports.md) - -#### [Interoperability]() -##### [Partner applications](partner-applications.md) - -#### [Manage machine configuration]() -##### [Ensure your machines are configured properly](configure-machines.md) -##### [Monitor and increase machine onboarding](configure-machines-onboarding.md) -##### [Increase compliance to the security baseline](configure-machines-security-baseline.md) -##### [Optimize ASR rule deployment and detections](configure-machines-asr.md) - -#### [Role-based access control]() - -##### [Manage portal access using RBAC]() -###### [Using RBAC](rbac.md) -###### [Create and manage roles](user-roles.md) - -###### [Create and manage machine groups]() -####### [Using machine groups](machine-groups.md) -####### [Create and manage machine tags](machine-tags.md) - -#### [Configure managed security service provider (MSSP) support](configure-mssp-support.md) - - -### [Configure Microsoft threat protection integration]() -#### [Configure Conditional Access](configure-conditional-access.md) -#### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md) -#### [Configure information protection in Windows](information-protection-in-windows-config.md) - - -### [Configure portal settings]() -#### [Set up preferences](preferences-setup.md) - -#### [General]() -##### [Update data retention settings](data-retention-settings.md) -##### [Configure alert notifications](configure-email-notifications.md) -##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md) -##### [Configure advanced features](advanced-features.md) - -#### [Permissions]() -##### [Use basic permissions to access the portal](basic-permissions.md) -##### [Manage portal access using RBAC](rbac.md) -###### [Create and manage roles](user-roles.md) -###### [Create and manage machine groups](machine-groups.md) -####### [Create and manage machine tags](machine-tags.md) - -#### [APIs]() -##### [Enable Threat intel](enable-custom-ti.md) -##### [Enable SIEM integration](enable-siem-integration.md) - -#### [Rules]() -##### [Manage suppression rules](manage-suppression-rules.md) -##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md) -##### [Manage indicators](manage-indicators.md) -##### [Manage automation file uploads](manage-automation-file-uploads.md) -##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md) - -#### [Machine management]() -##### [Onboarding machines](onboard-configure.md) -##### [Offboarding machines](offboard-machines.md) - -#### [Configure time zone settings](time-settings.md) - - - -## [Troubleshoot Microsoft Defender ATP]() - -### [Troubleshoot sensor state]() -#### [Check sensor state](check-sensor-status.md) -#### [Fix unhealthy sensors](fix-unhealthy-sensors.md) -#### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines) -#### [Misconfigured machines](fix-unhealthy-sensors.md#misconfigured-machines) -#### [Review sensor events and errors on machines with Event Viewer](event-error-codes.md) - - -### [Troubleshoot service issues]() -#### [Troubleshooting issues](troubleshoot-mdatp.md) -#### [Check service health](service-status.md) - - -### [Troubleshoot attack surface reduction issues]() -#### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md) -#### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md) -#### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md) - - -### [Troubleshoot next-generation protection issues](../microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md) From 8d8fbd86a5edc5d43447b946a0350817fe5ebcb3 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 13 Aug 2020 11:15:34 -0700 Subject: [PATCH 099/100] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index c77fa4d405..fd5ee69c89 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -8,7 +8,7 @@ { "source_path": "devices/hololens/hololens-whats-new.md", "redirect_url": "https://docs.microsoft.com/hololens/hololens-release-notes", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "devices/hololens/hololens-upgrade-enterprise.md", @@ -28,7 +28,7 @@ { "source_path": "devices/hololens/hololens-setup.md", "redirect_url": "https://docs.microsoft.com/hololens/hololens1-setup", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "devices/hololens/hololens-use-apps.md", @@ -38,17 +38,17 @@ { "source_path": "devices/hololens/hololens-get-apps.md", "redirect_url": "https://docs.microsoft.com/hololens/holographic-store-apps", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "devices/hololens/hololens-spaces-on-hololens.md", "redirect_url": "https://docs.microsoft.com/hololens/hololens-spaces", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "devices/hololens/hololens-clicker.md", "redirect_url": "https://docs.microsoft.com/hololens/hololens1-clicker", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "devices/hololens/hololens-clicker-restart-recover.md", @@ -108,7 +108,7 @@ { "source_path": "windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-containers-help-protect-windows", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md", @@ -173,12 +173,12 @@ { "source_path": "windows/deployment/update/waas-windows-insider-for-business-aad.md", "redirect_url": "https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-add", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "windows/deployment/update/waas-windows-insider-for-business-faq.md", "redirect_url": "https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-get-started", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md", From e59a5e7371c23d962f831a1ae1f9951cc15ad49c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 13 Aug 2020 11:21:58 -0700 Subject: [PATCH 100/100] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index fd5ee69c89..2af22cbca1 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -6213,27 +6213,27 @@ { "source_path": "devices/surface/surface-diagnostic-toolkit.md", "redirect_url": "https://docs.microsoft.com/surface/index", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "devices/surface/manage-surface-dock-firmware-updates.md", "redirect_url": "https://docs.microsoft.com/surface/indexdevices/surface/update", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md", "redirect_url": "https://docs.microsoft.com/surface-hub/finishing-your-surface-hub-meeting", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "devices/hololens/hololens-microsoft-layout-app.md", "redirect_url": "https://docs.microsoft.com/hololens/hololens-microsoft-dynamics-365-layout-app", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "devices/hololens/hololens-microsoft-dynamics-365-layout-app.md", "redirect_url": "https://docs.microsoft.com/dynamics365/mixed-reality/layout/", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "devices/hololens/hololens-microsoft-remote-assist-app.md",