mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-22 05:43:41 +00:00
Merge remote-tracking branch 'origin/master' into atp-auto-ir
This commit is contained in:
Joey Caparas
@ -117,7 +117,7 @@ Here are the typical provisioned Windows apps in Windows 10 versions 1607, 1703,
|
||||
| Get Skype/Skype (preview)/Skype | Microsoft.SkypeApp | x | x | x | Yes |
|
||||
| Get Started/Tips | Microsoft.Getstarted | x | x | x | Yes |
|
||||
| Groove | Microsoft.ZuneMusic | x | x | x | No |
|
||||
| Mail and Calendar | Microsoft.windows communicationsapps | x | x | x | No |
|
||||
| Mail and Calendar | microsoft.windowscommunicationsapps | x | x | x | No |
|
||||
| Maps | Microsoft.WindowsMaps | x | x | x | No |
|
||||
| Messaging | Microsoft.Messaging | x | x | x | No |
|
||||
| Microsoft 3D Viewer | Microsoft.Microsoft3DViewer | | x | x | No |
|
||||
@ -128,11 +128,11 @@ Here are the typical provisioned Windows apps in Windows 10 versions 1607, 1703,
|
||||
| People | Microsoft.People | x | x | x | No |
|
||||
| Photos | Microsoft.Windows.Photos | x | x | x | No |
|
||||
| Print 3D | Microsoft.Print3D | | | x | No |
|
||||
| Solitaire | Microsoft.Microsoft SolitaireCollection | x | x | x | Yes |
|
||||
| Solitaire | Microsoft.MicrosoftSolitaireCollection | x | x | x | Yes |
|
||||
| Sticky Notes | Microsoft.MicrosoftStickyNotes | x | x | x | No |
|
||||
| Store | Microsoft.WindowsStore | x | x | x | No |
|
||||
| Sway | Microsoft.Office.Sway | * | * | x | Yes |
|
||||
| Voice Recorder | Microsoft.SoundRecorder | x | x | x | No |
|
||||
| Voice Recorder | Microsoft.WindowsSoundRecorder | x | x | x | No |
|
||||
| Wallet | Microsoft.Wallet | | x | x | No |
|
||||
| Weather | Microsoft.BingWeather | x | x | x | Yes |
|
||||
| Xbox | Microsoft.XboxApp | x | x | x | No |
|
||||
@ -143,4 +143,4 @@ Here are the typical provisioned Windows apps in Windows 10 versions 1607, 1703,
|
||||
| | Microsoft.XboxIdentityProvider | x | x | * | No |
|
||||
| | Microsoft.XboxSpeech ToTextOverlay | | x | x | No |
|
||||
|
||||
\* moved from "provisioned" to "installed" in this version.
|
||||
\* moved from "provisioned" to "installed" in this version.
|
||||
|
||||
@ -34,14 +34,18 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se
|
||||
<a href="" id="clipboardfiletype"></a>**Settings/ClipboardFileType**
|
||||
<p style="margin-left: 20px">Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Value type is integer. Supported operations are Add, Get, Replace, and Delete.</p>
|
||||
|
||||
- 0 - Allow text copying.
|
||||
- 1 - Allow text and image copying.
|
||||
- 0 - Disables content copying.
|
||||
- 1 - Allow text copying.
|
||||
- 2 - Allow image copying.
|
||||
- 3 - Allow text and image copying.
|
||||
|
||||
<a href="" id="clipboardsettings"></a>**Settings/ClipboardSettings**
|
||||
<p style="margin-left: 20px">This policy setting allows you to decide how the clipboard behaves while in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete</p>
|
||||
|
||||
- 0 (default) - Completely turns Off the clipboard functionality for the Application Guard.
|
||||
- 1 - Turns On the clipboard functionality and lets you choose whether to additionally enable copying of certain content from Application Guard into Microsoft Edge and enable copying of certain content from Microsoft Edge into Application Guard.
|
||||
- 1 - Turns On clipboard operation from an isolated session to the host
|
||||
- 2 - Turns On clipboard operation from the host to an isolated session
|
||||
- 3 - Turns On clipboard operation in both the directions
|
||||
|
||||
> [!Important]
|
||||
> Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
|
||||
|
||||
@ -36,6 +36,7 @@ You should not extract this package to the windows\\system32 folder because it w
|
||||
|
||||
Applying the Windows Restricted Traffic Limited Functionality Baseline is the same as applying each setting covered in this article.
|
||||
It is recommended that you restart a device after making configuration changes to it.
|
||||
Note that **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied.
|
||||
|
||||
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
|
||||
|
||||
@ -88,17 +89,17 @@ See the following table for a summary of the management settings for Windows 10
|
||||
| Setting | UI | Group Policy | MDM policy | Registry | Command line |
|
||||
| - | :-: | :-: | :-: | :-: | :-: |
|
||||
| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  | | | |
|
||||
| [2. Cortana and Search](#bkmk-cortana) |  |  |  |  |  |
|
||||
| [2. Cortana and Search](#bkmk-cortana) |  |  |  |  | |
|
||||
| [3. Date & Time](#bkmk-datetime) |  |  | |  | |
|
||||
| [4. Device metadata retrieval](#bkmk-devinst) | |  | |  | |
|
||||
| [5. Find My Device](#find-my-device) | |  | | | |
|
||||
| [6. Font streaming](#font-streaming) | |  | |  | |
|
||||
| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  |  |  |
|
||||
| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  |  | |
|
||||
| [8. Internet Explorer](#bkmk-ie) |  |  | |  | |
|
||||
| [9. Live Tiles](#live-tiles) | |  | |  | |
|
||||
| [10. Mail synchronization](#bkmk-mailsync) |  | |  |  | |
|
||||
| [11. Microsoft Account](#bkmk-microsoft-account) | |  |  |  | |
|
||||
| [12. Microsoft Edge](#bkmk-edge) |  |  |  |  |  |
|
||||
| [12. Microsoft Edge](#bkmk-edge) |  |  |  |  | |
|
||||
| [13. Network Connection Status Indicator](#bkmk-ncsi) | |  | |  | |
|
||||
| [14. Offline maps](#bkmk-offlinemaps) |  |  | |  | |
|
||||
| [15. OneDrive](#bkmk-onedrive) | |  | |  | |
|
||||
@ -1065,7 +1066,17 @@ To turn off **Choose apps that can use your microphone**:
|
||||
|
||||
### <a href="" id="bkmk-priv-notifications"></a>17.5 Notifications
|
||||
|
||||
In the **Notifications** area, you can choose which apps have access to notifications.
|
||||
To turn off notifications network usage:
|
||||
|
||||
- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn off Notifications network usage**
|
||||
|
||||
- Set to **Enabled**.
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications!NoCloudApplicationNotification**, with a value of 1 (one)
|
||||
|
||||
In the **Notifications** area, you can also choose which apps have access to notifications.
|
||||
|
||||
To turn off **Let apps access my notifications**:
|
||||
|
||||
|
||||
@ -425,6 +425,7 @@ The following table shows the scenarios supported by this customization:
|
||||
|
||||
|
||||
Multivariant setting set?|SPN provisioned?|MSISDN (last 4 digits: 1234, for example) provisioned?|Default SIM name
|
||||
--- | --- | --- | ---
|
||||
Yes|Yes|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234
|
||||
Yes|No|No|*MultivariantProvisionedSPN* (up to 16 characters)
|
||||
Yes|Yes|No|*MultivariantProvisionedSPN* (up to 16 characters)
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
### [Overview of Windows AutoPilot](windows-autopilot/windows-10-autopilot.md)
|
||||
|
||||
### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
|
||||
#### [Windows 10 downgrade paths](upgrade/windows-10-downgrade-paths.md)
|
||||
### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)
|
||||
### [Windows 10 volume license media](windows-10-media.md)
|
||||
|
||||
|
||||
@ -31,7 +31,7 @@ To request an Olympia Corp account, please fill out the survey at [https://aka.m
|
||||
|
||||
## Enrollment guidelines
|
||||
|
||||
Welcome to Olympia Corp. Here are the steps to add your account to your PC.
|
||||
Welcome to Olympia Corp. Here are the steps needed to Enroll.
|
||||
|
||||
As part of Windows Insider Lab for Enterprise, you can upgrade to Windows 10 Enterprise from Windows 10 Pro. This upgrade is optional. Since certain features such as Windows Defender Application Guard are only available on Windows 10 Enterprise, we recommend you to upgrade.
|
||||
|
||||
@ -43,7 +43,9 @@ Choose one of the following two enrollment options:
|
||||
|
||||
<a id="enrollment-keep-current-edition"></a>
|
||||
|
||||
### Keep your current Windows 10 edition
|
||||
### Set up an Azure Active Directory REGISTERED Windows 10 device
|
||||
|
||||
- This is the Bring Your Own Device (BYOD) method - your device will receive Olympia policies and features, but a new account will not be created ([additional info]).(https://docs.microsoft.com/en-us/azure/active-directory/device-management-azuread-registered-devices-windows10-setup)
|
||||
|
||||
1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
|
||||
|
||||
@ -77,7 +79,9 @@ Choose one of the following two enrollment options:
|
||||
|
||||
<a id="enrollment-upgrade-to-enterprise"></a>
|
||||
|
||||
### Upgrade your Windows 10 edition from Pro to Enterprise
|
||||
### Set up Azure Active Directory JOINED Windows 10 device
|
||||
|
||||
- This method will upgrade your Windows 10 Pro license to Enterprise and create a new account ([additional info]).(https://docs.microsoft.com/en-us/azure/active-directory/device-management-azuread-joined-devices-setup)
|
||||
|
||||
1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
|
||||
|
||||
|
||||
@ -57,7 +57,6 @@ If you are not using OMS:
|
||||
|
||||
5. To add the Upgrade Readiness solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Readiness** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Readiness.
|
||||
|
||||
|
||||
### Copy your commercial ID key
|
||||
|
||||
Microsoft uses a unique commercial ID to map information from user computers to your OMS workspace. This should be generated for you automatically. Copy your commercial ID key in OMS and then deploy it to user computers.
|
||||
@ -85,7 +84,7 @@ To enable data sharing, whitelist the following endpoints. Note that you may nee
|
||||
| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for Windows 10 computers. User computers send data to Microsoft through this endpoint.
|
||||
| `https://vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for operating systems older than Windows 10
|
||||
| `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft.
|
||||
| `https://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
|
||||
| `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
|
||||
|
||||
Note: The compatibility update KB runs under the computer’s system account.
|
||||
|
||||
|
||||
160
windows/deployment/upgrade/windows-10-downgrade-paths.md
Normal file
160
windows/deployment/upgrade/windows-10-downgrade-paths.md
Normal file
@ -0,0 +1,160 @@
|
||||
---
|
||||
title: Windows 10 downgrade paths (Windows 10)
|
||||
description: You can downgrade Windows 10 if the downgrade path is supported.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: high
|
||||
ms.pagetype: mobile
|
||||
author: greg-lindsay
|
||||
ms.date: 02/15/2018
|
||||
---
|
||||
|
||||
# Windows 10 downgrade paths
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
|
||||
## Downgrading Windows 10
|
||||
|
||||
This topic provides a summary of supported Windows 10 downgrade paths. You might need to downgrade the edition of Windows 10, for example, if an Enterprise license is expired.
|
||||
|
||||
If a downgrade is supported, then your apps and settings can be migrated from the current edition to the downgraded edition. If a path is not supported, then a clean install is required.
|
||||
|
||||
To perform a downgrade, you can use the same methods as when performing an [edition upgrade](windows-10-edition-upgrades.md).
|
||||
|
||||
Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not supported, unless you are performing a rollback of a previous upgrade. You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used.
|
||||
|
||||
>**Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
|
||||
|
||||
>**Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown below.
|
||||
|
||||
### Supported Windows 10 downgrade paths
|
||||
|
||||
>[!NOTE]
|
||||
>Edition changes that are considered upgrades (Ex: Pro to Enterprise) are not shown here. Switching between different editions of Pro is supported. This is not strictly considered an edition downgrade, but is included here for clarity.
|
||||
|
||||
✔ = Supported downgrade path<br>
|
||||
|
||||
<br>
|
||||
<table border="0" cellpadding="1">
|
||||
<tr>
|
||||
<td colspan="10" align="center">Destination edition</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td> </td>
|
||||
<td></td>
|
||||
<td>Home</td>
|
||||
<td>Pro</td>
|
||||
<td>Pro for Workstations</td>
|
||||
<td>Pro Education</td>
|
||||
<td>S</td>
|
||||
<td>Education</td>
|
||||
<td>Enterprise LTSC</td>
|
||||
<td>Enterprise</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td rowspan="9" nowrap="nowrap" valign="middle">Starting edition</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Home</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Pro</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Pro for Workstations</td>
|
||||
<td></td>
|
||||
<td align="center">✔</td>
|
||||
<td></td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Pro Education</td>
|
||||
<td></td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td></td>
|
||||
<td align="center">✔</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>S</td>
|
||||
<td></td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Education</td>
|
||||
<td></td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Enterprise LTSC</td>
|
||||
<td></td>
|
||||
<td align="center"></td>
|
||||
<td align="center"></td>
|
||||
<td align="center"></td>
|
||||
<td align="center"></td>
|
||||
<td align="center"></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Enterprise</td>
|
||||
<td></td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
||||
## Related Topics
|
||||
|
||||
[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)<br>
|
||||
[Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)<br>
|
||||
[Windows 10 edition upgrade](windows-10-edition-upgrades.md)<br>
|
||||
[Windows 10 upgrade paths](windows-10-upgrade-paths.md)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -91,6 +91,11 @@ You can run the changepk.exe command-line tool to upgrade devices to a supported
|
||||
|
||||
`changepk.exe /ProductKey <enter your new product key here>`
|
||||
|
||||
You can also upgrade using slmgr.vbs and a [KMS client setup key](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v%3dws.11)). For example, the following command will upgrade to Windows 10 Enterprise.
|
||||
|
||||
`Cscript.exe c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43`
|
||||
|
||||
|
||||
## Upgrade by manually entering a product key
|
||||
If you are upgrading only a few devices, you may want to enter a product key for the upgraded edition manually.
|
||||
|
||||
|
||||
@ -29,6 +29,7 @@ This topic provides a summary of available upgrade paths to Windows 10. You can
|
||||
✔ = Full upgrade is supported including personal data, settings, and applications.<BR>
|
||||
D = Edition downgrade; personal data is maintained, applications and settings are removed.
|
||||
|
||||
<br>
|
||||
<table border="0" cellpadding="1">
|
||||
<tr>
|
||||
<td> </td>
|
||||
@ -380,7 +381,8 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
|
||||
|
||||
[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)<br>
|
||||
[Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)<br>
|
||||
[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
|
||||
[Windows 10 edition upgrade](windows-10-edition-upgrades.md)<br>
|
||||
[Windows 10 downgrade paths](windows-10-downgrade-paths.md)
|
||||
|
||||
|
||||
|
||||
|
||||
@ -68,7 +68,7 @@ With Windows 10 Enterprise, businesses can benefit from enterprise-level securit
|
||||
You can benefit by moving to Windows as an online service in the following ways:
|
||||
|
||||
1. Licenses for Windows 10 Enterprise are checked based on Azure Active Directory (Azure AD) credentials, so now businesses have a systematic way to assign licenses to end users and groups in their organization.
|
||||
2. Azure AD logon triggers a silent edition upgrade, with no reboot required
|
||||
2. User logon triggers a silent edition upgrade, with no reboot required
|
||||
3. Support for mobile worker/BYOD activation; transition away from on-prem KMS and MAK keys.
|
||||
4. Compliance support via seat assignment.
|
||||
|
||||
|
||||
@ -190,9 +190,6 @@
|
||||
#### [Review events and errors on endpoints with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
|
||||
### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
## [Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
|
||||
### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
|
||||
## [Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
|
||||
### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
|
||||
|
||||
|
||||
@ -12,6 +12,12 @@ ms.date: 10/31/2017
|
||||
# Change history for threat protection
|
||||
This topic lists new and updated topics in the [Threat protection](index.md) documentation.
|
||||
|
||||
## February 2018
|
||||
|
||||
New or changed topic | Description
|
||||
---------------------|------------
|
||||
[Security Compliance Toolkit](security-compliance-toolkit-10.md) | Added Office 2016 Security Baseline.
|
||||
|
||||
## January 2018
|
||||
|New or changed topic |Description |
|
||||
|---------------------|------------|
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: high
|
||||
ms.author: sagaudre
|
||||
author: brianlic-msft
|
||||
ms.date: 10/16/2017
|
||||
ms.date: 02/16/2018
|
||||
---
|
||||
|
||||
# Microsoft Security Compliance Toolkit 1.0
|
||||
@ -32,6 +32,9 @@ The Security Compliance Toolkit consists of:
|
||||
- Windows Server 2016
|
||||
- Windows Server 2012 R2
|
||||
|
||||
- Microsoft Office Security Baselines
|
||||
- Office 2016
|
||||
|
||||
- Tools
|
||||
- Policy Analyzer tool
|
||||
- Local Group Policy Object (LGPO) tool
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: tedhardyMSFT
|
||||
ms.date: 10/27/2017
|
||||
ms.date: 02/16/2018
|
||||
---
|
||||
|
||||
# Use Windows Event Forwarding to help with intrusion detection
|
||||
@ -636,9 +636,9 @@ Here are the minimum steps for WEF to operate:
|
||||
<!-- Detect User-Mode drivers loaded - for potential BadUSB detection. -->
|
||||
<Select Path="Microsoft-Windows-DriverFrameworks-UserMode/Operational">*[System[(EventID=2004)]]</Select>
|
||||
</Query>
|
||||
<Query Id="14" Path=" Windows PowerShell">
|
||||
<Query Id="14" Path="Windows PowerShell">
|
||||
<!-- Legacy PowerShell pipeline execution details (800) -->
|
||||
<Select Path=" Windows PowerShell">*[System[(EventID=800)]]</Select>
|
||||
<Select Path="Windows PowerShell">*[System[(EventID=800)]]</Select>
|
||||
</Query>
|
||||
</QueryList>
|
||||
```
|
||||
|
||||
@ -72,7 +72,7 @@ The numbers beside the green triangle icon on each recommended action represents
|
||||
>[!IMPORTANT]
|
||||
>Recommendations that do not display a green triangle icon are informational only and no action is required.
|
||||
|
||||
Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice.
|
||||
Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice.
|
||||
|
||||
The following image shows an example list of machines where the EDR sensor is not turned on.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user