From 9c91f86b19370b98c4cc3427b3bd4bc5d8c33ee2 Mon Sep 17 00:00:00 2001 From: Jess Krynitsky Date: Thu, 21 Jul 2022 14:02:56 -0700 Subject: [PATCH 1/7] Update firewall-csp.md Added nodes and descriptions for dynamic keywords, which enables FQDN and reusable groups in firewall using MDE/MEM. This feature is planned to release to public preview at the end of the month. --- windows/client-management/mdm/firewall-csp.md | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 2812409a82..7006c1d456 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -112,6 +112,13 @@ Firewall ----------------FriendlyName ----------------Status ----------------Name +----------------RemoteAddressDynamicKeywords +--------DynamicKeywords +----------------Addresses +-------------------------Id +---------------------------------Keyword +---------------------------------Addresses +---------------------------------AutoResolve ``` **./Vendor/MSFT/Firewall** @@ -445,6 +452,42 @@ Value type is string. Supported operation is Get. Name of the rule. Value type is string. Supported operations are Add, Get, Replace, and Delete. +**FirewallRules/_FirewallRuleName_/RemoteAddressDynamicKeywords** +Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying the remote addresses covered by the rule. +Value type is string. Supported operations are Add, Get, Replace, and Delete. + + +**MdmStore/DynamicKeywords** +Interior node. +Supported operation is Get. + +**MdmStore/DynamicKeywords/Addresses** +Interior node. +Supported operation is Get. + +**MdmStore/DynamicKeywords/Addresses/Id** +A unique GUID string identifier for this dynamic keyword address. +Value type is string. Supported operations are Add, Delete, and Get. + +**MdmStore/DynamicKeywords/Addresses/Id/Keyword** +A String representing a keyword. If the AutoResolve value is true, this should be a Fully Qualified Domain name (wildcards accepted, for example "contoso.com" or "*.contoso.com"). +Value type is string. Supported operations are Add, Delete, and Get. + +**MdmStore/DynamicKeywords/Addresses/Id/Addresses** +Consists of one or more comma-delimited tokens specifying the addresses covered by this keyword. This value should not be set if AutoResolve is true. + +Valid tokens include: + - A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. +- A valid IPv6 address. +- An IPv4 address range in the format of "start address-end address" with no spaces included. +- An IPv6 address range in the format of "start address-end address" with no spaces included. +Supported operations are Add, Delete, Replace, and Get. + +**MdmStore/DynamicKeywords/Addresses/Id/AutoResolve** +Boolean value. If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a fully qualified domain name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present. +Value type is string. Supported operations are Add, Delete, and Get. + + ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) From 482e260094ac7f29db83a3a3e149323de3bc6faf Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 2 Aug 2022 11:51:01 -0400 Subject: [PATCH 2/7] More changes to Breadcrumb --- windows/security/breadcrumb/toc.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/breadcrumb/toc.yml b/windows/security/breadcrumb/toc.yml index 6c5b49c520..2531ffba73 100644 --- a/windows/security/breadcrumb/toc.yml +++ b/windows/security/breadcrumb/toc.yml @@ -8,5 +8,5 @@ items: topicHref: /windows/resources/ items: - name: Security - tocHref: /windows/security/ - topicHref: /windows/security/ + tocHref: /windows-server/security/credentials-protection-and-management/ + topicHref: /windows/security/ From a9a6e91c5ad1f7fbbf41fd781788b7386b2fa383 Mon Sep 17 00:00:00 2001 From: Jess Krynitsky Date: Tue, 2 Aug 2022 09:34:05 -0700 Subject: [PATCH 3/7] Update windows/client-management/mdm/firewall-csp.md capitalization Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> --- windows/client-management/mdm/firewall-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 7006c1d456..9911f55a2f 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -470,7 +470,7 @@ A unique GUID string identifier for this dynamic keyword address. Value type is string. Supported operations are Add, Delete, and Get. **MdmStore/DynamicKeywords/Addresses/Id/Keyword** -A String representing a keyword. If the AutoResolve value is true, this should be a Fully Qualified Domain name (wildcards accepted, for example "contoso.com" or "*.contoso.com"). +A String representing a keyword. If the AutoResolve value is true, this should be a Fully Qualified Domain Name (wildcards accepted, for example "contoso.com" or "*.contoso.com"). Value type is string. Supported operations are Add, Delete, and Get. **MdmStore/DynamicKeywords/Addresses/Id/Addresses** From b8a38dc0275e9ba35d18a298bfc6591dcd75e8e7 Mon Sep 17 00:00:00 2001 From: Jess Krynitsky Date: Tue, 2 Aug 2022 09:34:43 -0700 Subject: [PATCH 4/7] Update windows/client-management/mdm/firewall-csp.md capitalization Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> --- windows/client-management/mdm/firewall-csp.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 9911f55a2f..f16f9d97b4 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -484,7 +484,8 @@ Valid tokens include: Supported operations are Add, Delete, Replace, and Get. **MdmStore/DynamicKeywords/Addresses/Id/AutoResolve** -Boolean value. If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a fully qualified domain name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present. +Boolean value. If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a Fully Qualified Domain Name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present. +Value type is string. Supported operations are Add, Delete, and Get. Value type is string. Supported operations are Add, Delete, and Get. From 2e91ff1439f8029b5eacffb47d1c5dfded7aec6a Mon Sep 17 00:00:00 2001 From: Jess Krynitsky Date: Tue, 2 Aug 2022 09:35:25 -0700 Subject: [PATCH 5/7] Update windows/client-management/mdm/firewall-csp.md formatting Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> --- windows/client-management/mdm/firewall-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index f16f9d97b4..6659b3de62 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -477,7 +477,7 @@ Value type is string. Supported operations are Add, Delete, and Get. Consists of one or more comma-delimited tokens specifying the addresses covered by this keyword. This value should not be set if AutoResolve is true. Valid tokens include: - - A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. +- A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. - A valid IPv6 address. - An IPv4 address range in the format of "start address-end address" with no spaces included. - An IPv6 address range in the format of "start address-end address" with no spaces included. From efcb097cb1f5471d9c3f432c9afc691bf68ccf54 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 2 Aug 2022 13:30:15 -0400 Subject: [PATCH 6/7] Update firewall-csp.md --- windows/client-management/mdm/firewall-csp.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 6659b3de62..a9fdc01c6d 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -359,6 +359,7 @@ Comma-separated list of local addresses covered by the rule. The default value i - "*" indicates any local address. If present, the local address must be the only token included. - A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255. +- A valid IPv4 address. - A valid IPv6 address. - An IPv4 address range in the format of "start address - end address" with no spaces included. - An IPv6 address range in the format of "start address - end address" with no spaces included. From 1a8e0fa25e70c1a58354e30465e2b97563891d3c Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 2 Aug 2022 13:35:31 -0400 Subject: [PATCH 7/7] Update firewall-csp.md --- windows/client-management/mdm/firewall-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index a9fdc01c6d..9c114bccc7 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -380,7 +380,7 @@ List of comma separated tokens specifying the remote addresses covered by the ru - "Internet" - "Ply2Renders" - "LocalSubnet" indicates any local address on the local subnet. This token isn't case-sensitive. -- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. +- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255. - A valid IPv6 address. - An IPv4 address range in the format of "start address - end address" with no spaces included. - An IPv6 address range in the format of "start address - end address" with no spaces included. @@ -478,7 +478,7 @@ Value type is string. Supported operations are Add, Delete, and Get. Consists of one or more comma-delimited tokens specifying the addresses covered by this keyword. This value should not be set if AutoResolve is true. Valid tokens include: -- A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. +- A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255. - A valid IPv6 address. - An IPv4 address range in the format of "start address-end address" with no spaces included. - An IPv6 address range in the format of "start address-end address" with no spaces included.