deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into v-gmoor-fix-pr-5361

Browse Source
This commit is contained in:
Gary Moore 2021-07-01 15:23:57 -07:00 committed by GitHub
commit 3dd57a2da5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
windows/client-management/mdm/defender-csp.md
View File

@ -62,6 +62,7 @@ Defender
--------PlatformUpdatesChannel (Added with the 4.18.2106.5 Defender platform release) --------PlatformUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
--------EngineUpdatesChannel (Added with the 4.18.2106.5 Defender platform release) --------EngineUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
--------SignaturesUpdatesChannel (Added with the 4.18.2106.5 Defender platform release) --------SignaturesUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
--------DisableGradualRelease (Added with the 4.18.2106.5 Defender platform release)
----Scan ----Scan
----UpdateSignature ----UpdateSignature
----OfflineScan (Added in Windows 10 version 1803) ----OfflineScan (Added in Windows 10 version 1803)
@ -524,8 +525,7 @@ More details:
- [Microsoft Defender Antivirus diagnostic data](/microsoft-365/security/defender-endpoint/collect-diagnostic-data) - [Microsoft Defender Antivirus diagnostic data](/microsoft-365/security/defender-endpoint/collect-diagnostic-data)
- [Collect investigation package from devices](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices) - [Collect investigation package from devices](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices)
<a href="" id="configuration-supportloglocation"></a>**Configuration/PlatformUpdatesChannel** <a href="" id="configuration-platformupdateschannel"></a>**Configuration/PlatformUpdatesChannel**
Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout.
Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices. Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.
@ -549,8 +549,12 @@ Valid values are:
- 3: Current Channel (Staged) - 3: Current Channel (Staged)
- 4: Current Channel (Broad) - 4: Current Channel (Broad)
<a href="" id="configuration-supportloglocation"></a>**Configuration/EngineUpdatesChannel** More details:
- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
<a href="" id="configuration-engineupdateschannel"></a>**Configuration/EngineUpdatesChannel**
Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout.
Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices. Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.
@ -574,8 +578,12 @@ Valid values are:
- 3 - Current Channel (Staged) - 3 - Current Channel (Staged)
- 4 - Current Channel (Broad) - 4 - Current Channel (Broad)
<a href="" id="configuration-supportloglocation"></a>**Configuration/SignaturesUpdatesChannel** More details:
- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
<a href="" id="configuration-definitionupdateschannel"></a>**Configuration/DefinitionUpdatesChannel**
Enable this policy to specify when devices receive daily Microsoft Defender definition updates during the daily gradual rollout. Enable this policy to specify when devices receive daily Microsoft Defender definition updates during the daily gradual rollout.
Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
@ -590,6 +598,33 @@ Valid Values are:
- 3: Current Channel (Staged) - 3: Current Channel (Staged)
- 4: Current Channel (Broad) - 4: Current Channel (Broad)
More details:
- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
<a href="" id="configuration-disablegradualrelease"></a>**Configuration/DisableGradualRelease**
Enable this policy to disable gradual rollout of monthly and daily Microsoft Defender updates.
Devices will be offered all Microsoft Defender updates after the gradual release cycle completes. This is best for datacenters that only receive limited updates.
> [!NOTE]
> This setting applies to both monthly as well as daily Microsoft Defender updates and will override any previously configured channel selections for platform and engine updates.
If you disable or do not configure this policy, the device will remain in Current Channel (Default) unless specified otherwise in specific channels for platform and engine updates. Stay up to date automatically during the gradual release cycle. Suitable for most devices.
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid values are:
• 1 Enabled.
• 0 (default) Not Configured.
More details:
- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
<a href="" id="scan"></a>**Scan** <a href="" id="scan"></a>**Scan**
Node that can be used to start a Windows Defender scan on a device. Node that can be used to start a Windows Defender scan on a device.

4
windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
View File

@ -79,7 +79,7 @@ All auditing capabilities are integrated in Group Policy. You can configure, dep
To audit attempts to access global system objects, you can use one of two security audit policy settings: To audit attempts to access global system objects, you can use one of two security audit policy settings:
- [Audit Kernel Object](../auditing/audit-kernel-object.md) in Advanced Security Audit Policy Settings\\Object Access - [Audit Kernel Object](../auditing/audit-kernel-object.md) in Advanced Security Audit Policy Settings\\Object Access
- [Audit object access](../auditing/basic-audit-object-access.md) under Security Settings\\Local Policies\\Audit Policy - [Audit Object Access](../auditing/basic-audit-object-access.md) under Security Settings\\Local Policies\\Audit Policy
If possible, use the Advanced Security Audit Policy option to reduce the number of unrelated audit events that you generate. If possible, use the Advanced Security Audit Policy option to reduce the number of unrelated audit events that you generate.
@ -92,7 +92,7 @@ If the [Audit Kernel Object](../auditing/audit-kernel-object.md) setting is conf
| 4661 | A handle to an object was requested. | | 4661 | A handle to an object was requested. |
| 4663 | An attempt was made to access an object. | | 4663 | An attempt was made to access an object. |
If the [Audit Kernel Object](../auditing/audit-kernel-object.md) setting is configured, the following events are generated: If the [Audit Object Access](../auditing/basic-audit-object-access.md) setting is configured, the following events are generated:
| Event ID | Event message | | Event ID | Event message |
| - | - | | - | - |