From 3959873286956465627adeb5a66c7dab0aee6cad Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 25 Nov 2021 16:28:50 +0530 Subject: [PATCH 1/3] Added missing CSPs in Update.md Added the following policy entries: - Update/ConfigureDeadlineGracePeriodForFeatureUpdates - Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection - Update/SetPolicyDrivenUpdateSourceForDriverUpdates - Update/SetPolicyDrivenUpdateSourceForFeatureUpdates - Update/SetPolicyDrivenUpdateSourceForOtherUpdates - Update/SetPolicyDrivenUpdateSourceForQualityUpdates --- .../policy-configuration-service-provider.md | 18 + .../mdm/policy-csp-update.md | 482 ++++++++++++++++++ 2 files changed, 500 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..8edcf7dfe8 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8564,6 +8564,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Update/ConfigureDeadlineGracePeriod
+
+ Update/ConfigureDeadlineGracePeriodForFeatureUpdates +
Update/ConfigureDeadlineNoAutoReboot
@@ -8591,6 +8594,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Update/DisableWUfBSafeguards
+
+ Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection +
Update/EngagedRestartDeadline
@@ -8687,6 +8693,18 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Update/SetEDURestart
+
+ Update/SetPolicyDrivenUpdateSourceForDriverUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForFeatureUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForOtherUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForQualityUpdates +
Update/SetProxyBehaviorForUpdateDetection
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index c38caf5830..960936ef4d 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -72,6 +72,9 @@ manager: dansimp
Update/ConfigureDeadlineGracePeriod
+
+ Update/ConfigureDeadlineGracePeriodForFeatureUpdates +
Update/ConfigureDeadlineNoAutoReboot
@@ -99,6 +102,9 @@ manager: dansimp
Update/DisableWUfBSafeguards
+
+ Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection +
Update/EngagedRestartDeadline
@@ -195,6 +201,18 @@ manager: dansimp
Update/SetEDURestart
+
+ Update/SetPolicyDrivenUpdateSourceForDriverUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForFeatureUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForOtherUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForQualityUpdates +
Update/SetProxyBehaviorForUpdateDetection
@@ -1515,6 +1533,77 @@ Default value is 2.
+ +**Update/ConfigureDeadlineGracePeriodForFeatureUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Allows IT admins to set different grace periods for both Quality Updates and Feature Updates. Specifically, when used with used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates). + +IT Admins will be able to specify a minimum number of days until restarts occur automatically for Featur Updates. Setting the grace period may extend the effective deadline set by the deadline policies specifically for Feature Updates. + + + + +Supports a numeric value from 0 - 7, which indicates the minimum number of days. + +Default value is 2. + + + + + + + + + +
+ **Update/ConfigureDeadlineNoAutoReboot** @@ -2250,6 +2339,80 @@ The following list shows the supported values:
+ +**Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +To ensure the highest levels of security, we recommended leveraging WSUS TLS certificate pinning on all devices. + +By default, certificate pinning for Windows Update client is not enforced. + + + +ADMX Info: +- GP Friendly name: *Allow user proxy to be used as a fallback if detection using system proxy fails* +- GP name: *Allow user proxy to be used as a fallback if detection using system proxy fails* +- GP path: *Windows Update\SpecifyintranetMicrosoftupdateserviceLocation* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0 (default) -Do not enforce certificate pinning +- 1 - Do not enforce certificate pinning + + + + +
+ **Update/EngagedRestartDeadline** @@ -4557,6 +4720,325 @@ The following list shows the supported values:
+ +**Update/SetPolicyDrivenUpdateSourceForDriverUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. + +If you configure this policy, please also configure the scan source policies for other update types: +- SetPolicyDrivenUpdateSourceForFeatureUpdates +- SetPolicyDrivenUpdateSourceForQualityUpdates +- SetPolicyDrivenUpdateSourceForOtherUpdates + +>[!NOTE] +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. + + + +ADMX Info: +- GP Friendly name: *Specify source service for specific classes of Windows Updates* +- GP name: *SetPolicyDrivenUpdateSourceForDriverUpdates* +- GP path: *Windows Components/Windows Update* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0: (Default) Detect, download and deploy Driver Updates from Windows Update +- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) + + + + +
+ + +**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. + +If you configure this policy, please also configure the scan source policies for other update types: +- SetPolicyDrivenUpdateSourceForQualityUpdates +- SetPolicyDrivenUpdateSourceForDriverUpdates +- SetPolicyDrivenUpdateSourceForOtherUpdates + +>[!NOTE] +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. + + + +ADMX Info: +- GP Friendly name: *Specify source service for specific classes of Windows Updates* +- GP name: *SetPolicyDrivenUpdateSourceForFeatureUpdates* +- GP path: *Windows Components/Windows Update* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0: (Default) Detect, download and deploy Driver Updates from Windows Update +- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) + + + + +
+ + +**Update/SetPolicyDrivenUpdateSourceForOtherUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. + +If you configure this policy, please also configure the scan source policies for other update types: +- SetPolicyDrivenUpdateSourceForFeatureUpdates +- SetPolicyDrivenUpdateSourceForQualityUpdates +- SetPolicyDrivenUpdateSourceForDriverUpdates + +>[!NOTE] +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. + + + +ADMX Info: +- GP Friendly name: *Specify source service for specific classes of Windows Updates* +- GP name: *SetPolicyDrivenUpdateSourceForOtherUpdates* +- GP path: *Windows Components/Windows Update* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0: (Default) Detect, download and deploy Driver Updates from Windows Update +- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) + + + + +
+ + +**Update/SetPolicyDrivenUpdateSourceForQualityUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. + +If you configure this policy, please also configure the scan source policies for other update types: +- SetPolicyDrivenUpdateSourceForFeatureUpdates +- SetPolicyDrivenUpdateSourceForDriverUpdates +- SetPolicyDrivenUpdateSourceForOtherUpdates + +>[!NOTE] +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. + + + +ADMX Info: +- GP Friendly name: *Specify source service for specific classes of Windows Updates* +- GP name: *SetPolicyDrivenUpdateSourceForQualityUpdates* +- GP path: *Windows Components/Windows Update* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0: (Default) Detect, download and deploy Driver Updates from Windows Update +- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) + + + + +
**Update/SetProxyBehaviorForUpdateDetection** From ec1fb5a62838323edd5e99addd5a58f81544c5f2 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 8 Dec 2021 14:06:22 +0530 Subject: [PATCH 2/3] Update as per feedback --- .../policy-configuration-service-provider.md | 8 +- .../mdm/policy-csp-update.md | 344 +++++------------- 2 files changed, 92 insertions(+), 260 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 30b2527203..7e9298a46a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8695,16 +8695,16 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC Update/SetEDURestart
- Update/SetPolicyDrivenUpdateSourceForDriverUpdates + Update/SetPolicyDrivenUpdateSourceForDriver
- Update/SetPolicyDrivenUpdateSourceForFeatureUpdates + Update/SetPolicyDrivenUpdateSourceForFeature
- Update/SetPolicyDrivenUpdateSourceForOtherUpdates + Update/SetPolicyDrivenUpdateSourceForOther
- Update/SetPolicyDrivenUpdateSourceForQualityUpdates + Update/SetPolicyDrivenUpdateSourceForQuality
Update/SetProxyBehaviorForUpdateDetection diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 771148ce3c..f0b2bc62e2 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -203,16 +203,16 @@ ms.collection: highpri Update/SetEDURestart
- Update/SetPolicyDrivenUpdateSourceForDriverUpdates + Update/SetPolicyDrivenUpdateSourceForDriver
- Update/SetPolicyDrivenUpdateSourceForFeatureUpdates + Update/SetPolicyDrivenUpdateSourceForFeature
- Update/SetPolicyDrivenUpdateSourceForOtherUpdates + Update/SetPolicyDrivenUpdateSourceForOther
- Update/SetPolicyDrivenUpdateSourceForQualityUpdates + Update/SetPolicyDrivenUpdateSourceForQuality
Update/SetProxyBehaviorForUpdateDetection @@ -1130,38 +1130,14 @@ Default value is 2. **Update/ConfigureDeadlineGracePeriodForFeatureUpdates** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1669,38 +1645,14 @@ The following list shows the supported values: **Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2585,38 +2537,14 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd **Update/ProductVersion** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3385,41 +3313,17 @@ The following list shows the supported values:
-**Update/SetPolicyDrivenUpdateSourceForDriverUpdates** +**Update/SetPolicyDrivenUpdateSourceForDriver** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3437,9 +3341,9 @@ The following list shows the supported values: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, please also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForFeatureUpdates -- SetPolicyDrivenUpdateSourceForQualityUpdates -- SetPolicyDrivenUpdateSourceForOtherUpdates +- SetPolicyDrivenUpdateSourceForFeature +- SetPolicyDrivenUpdateSourceForQuality +- SetPolicyDrivenUpdateSourceForOther >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. @@ -3448,7 +3352,7 @@ If you configure this policy, please also configure the scan source policies for ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* -- GP name: *SetPolicyDrivenUpdateSourceForDriverUpdates* +- GP name: *SetPolicyDrivenUpdateSourceForDriver* - GP path: *Windows Components/Windows Update* - GP ADMX file name: *WindowsUpdate.admx* @@ -3456,8 +3360,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download and deploy Driver Updates from Windows Update -- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download and deploy Driver from Windows Update +- 1: Enabled, Detect, download and deploy Driver from Windows Server Update Server (WSUS) @@ -3465,41 +3369,17 @@ The following list shows the supported values:
-**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates** +**Update/SetPolicyDrivenUpdateSourceForFeature** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3517,9 +3397,9 @@ The following list shows the supported values: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, please also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForQualityUpdates -- SetPolicyDrivenUpdateSourceForDriverUpdates -- SetPolicyDrivenUpdateSourceForOtherUpdates +- SetPolicyDrivenUpdateSourceForQuality +- SetPolicyDrivenUpdateSourceForDriver +- SetPolicyDrivenUpdateSourceForOther >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. @@ -3528,7 +3408,7 @@ If you configure this policy, please also configure the scan source policies for ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* -- GP name: *SetPolicyDrivenUpdateSourceForFeatureUpdates* +- GP name: *SetPolicyDrivenUpdateSourceForFeature* - GP path: *Windows Components/Windows Update* - GP ADMX file name: *WindowsUpdate.admx* @@ -3536,8 +3416,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download and deploy Driver Updates from Windows Update -- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download and deploy Feature from Windows Update +- 1: Enabled, Detect, download and deploy Feature from Windows Server Update Server (WSUS) @@ -3545,41 +3425,17 @@ The following list shows the supported values:
-**Update/SetPolicyDrivenUpdateSourceForOtherUpdates** +**Update/SetPolicyDrivenUpdateSourceForOther** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3597,9 +3453,9 @@ The following list shows the supported values: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, please also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForFeatureUpdates -- SetPolicyDrivenUpdateSourceForQualityUpdates -- SetPolicyDrivenUpdateSourceForDriverUpdates +- SetPolicyDrivenUpdateSourceForFeature +- SetPolicyDrivenUpdateSourceForQuality +- SetPolicyDrivenUpdateSourceForDriver >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. @@ -3608,7 +3464,7 @@ If you configure this policy, please also configure the scan source policies for ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* -- GP name: *SetPolicyDrivenUpdateSourceForOtherUpdates* +- GP name: *SetPolicyDrivenUpdateSourceForOther* - GP path: *Windows Components/Windows Update* - GP ADMX file name: *WindowsUpdate.admx* @@ -3616,8 +3472,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download and deploy Driver Updates from Windows Update -- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download and deploy Other from Windows Update +- 1: Enabled, Detect, download and deploy Other from Windows Server Update Server (WSUS) @@ -3625,41 +3481,17 @@ The following list shows the supported values:
-**Update/SetPolicyDrivenUpdateSourceForQualityUpdates** +**Update/SetPolicyDrivenUpdateSourceForQuality** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3677,9 +3509,9 @@ The following list shows the supported values: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, please also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForFeatureUpdates -- SetPolicyDrivenUpdateSourceForDriverUpdates -- SetPolicyDrivenUpdateSourceForOtherUpdates +- SetPolicyDrivenUpdateSourceForFeature +- SetPolicyDrivenUpdateSourceForDriver +- SetPolicyDrivenUpdateSourceForOther >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. @@ -3688,7 +3520,7 @@ If you configure this policy, please also configure the scan source policies for ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* -- GP name: *SetPolicyDrivenUpdateSourceForQualityUpdates* +- GP name: *SetPolicyDrivenUpdateSourceForQuality* - GP path: *Windows Components/Windows Update* - GP ADMX file name: *WindowsUpdate.admx* @@ -3696,8 +3528,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download and deploy Driver Updates from Windows Update -- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download and deploy Quality from Windows Update +- 1: Enabled, Detect, download and deploy Quality from Windows Server Update Server (WSUS) From 829eeb881b1ab7f977f3a4451904c4c686a184bb Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Mon, 13 Dec 2021 15:17:31 +0530 Subject: [PATCH 3/3] Updated the topic as per task 5628377 --- windows/security/threat-protection/intelligence/criteria.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 1f07f8975c..12e405077b 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 10/04/2021 +ms.date: 12/13/2021 search.appverid: met150 ms.technology: windows-sec --- @@ -49,6 +49,8 @@ Microsoft classifies most malicious software into one of the following categorie * **Backdoor:** A type of malware that gives malicious hackers remote access to and control of your device. +* **Command and Control:** A type of malware that infects your device and establishes communication with the hackers’ command-and-control server to receive instructions. Once communication is established, hackers can send commands that can steal data, shut down and reboot the device, and disrupt web services. + * **Downloader:** A type of malware that downloads other malware onto your device. It must connect to the internet to download files. * **Dropper:** A type of malware that installs other malware files onto your device. Unlike a downloader, a dropper doesn't have to connect to the internet to drop malicious files. The dropped files are typically embedded in the dropper itself.