deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 05:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

deployment staging, updates

Browse Source
This commit is contained in:
iaanw 2017-03-05 21:05:06 -08:00
parent 08dba5994c
commit 432ccac715
21 changed files with 479 additions and 470 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
windows/keep-secure/WDAV-working/1.5-00 troubleshoot-windows-defender-in-windows-10.md → windows/keep-secure/WDAV-working/-00 troubleshoot-windows-defender-in-windows-10.md
View File

0
windows/keep-secure/WDAV-working/1.2.3.1-00 windows-defender-enhanced-notifications.md → windows/keep-secure/WDAV-working/-00 windows-defender-enhanced-notifications.md
View File

8
windows/keep-secure/WDAV-working/1.2.1 deploy-windows-defender-antivirus.md
View File

@ -1,8 +0,0 @@
When you enable endpoint protection for your clients, it will install an additional management layer on Windows Defender to manage the in-box Windows Defender agent. While the client user interface will still appear as Windows Defender, the management layer for Endpoint Protection will be listed in the **Add/Remove Programs** control panel, though it will appear as if the full product is installed.

37
windows/keep-secure/WDAV-working/1.2.1.1 use-active-directory-group-policy-deploy-windows-defender-antivirus.md
View File

@ -1,37 +0,0 @@
---
title:
description:
keywords: windows defender antivirus, antimalware, security, defender,
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author:
---
# H1
**Applies to:**
- Windows 10, version 1703
**Audience**
- Enterprise security administrators
## Related topics
- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)

37
windows/keep-secure/WDAV-working/1.2.1.2 use-config-manager-deploy-windows-defender-antivrus.md
View File

@ -1,37 +0,0 @@
---
title:
description:
keywords: windows defender antivirus, antimalware, security, defender,
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author:
---
# H1
**Applies to:**
- Windows 10, version 1703
**Audience**
- Enterprise security administrators
## Related topics
- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)

37
windows/keep-secure/WDAV-working/1.2.1.3 use-wmi-powershell-deploy-windows-defender-antivirus.md
View File

@ -1,37 +0,0 @@
---
title:
description:
keywords: windows defender antivirus, antimalware, security, defender,
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author:
---
# H1
**Applies to:**
- Windows 10, version 1703
**Audience**
- Enterprise security administrators
## Related topics
- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)

37
windows/keep-secure/WDAV-working/1.2.1.4 use-intune-deploy-windows-defender-antivirus.md
View File

@ -1,37 +0,0 @@
---
title:
description:
keywords: windows defender antivirus, antimalware, security, defender,
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author:
---
# H1
**Applies to:**
- Windows 10, version 1703
**Audience**
- Enterprise security administrators
## Related topics
- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)

22
windows/keep-secure/WDAV-working/1.3 configure-windows-defender-antivirus-features.md
View File

@ -30,29 +30,7 @@ You can configure Windows Defender Antivirus features in a number of ways, inclu
- Windows Management Instrumentation (WMI)
- PowerShell
## Manage Windows Defender endpoints through Active Directory and WSUS
All Windows 10 endpoints are installed with Windows Defender and include support for management through:
- Active Directory
- WSUS
You can use the Active Directory to configure the settings; Group policies can be used for centralized configuration and enforcement of many Windows Defender settings including client user interface, scan settings, and exclusions.
WSUS can be used to view basic update compliance and deploy updates manually or through automatic rules.
Note that System Center 2012 R2 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, and Microsoft Intune can provide centralized management of Windows Defender, including:
- Settings management
- Definition update management
- Alerts and alert management
- Reports and reporting
When you enable *Endpoint Protection* on your clients, it will install an additional management layer on Windows Defender to manage the in-box Windows Defender agent. While the client user interface will still appear as Windows Defender, the management layer for System Center Endpoint Protection or Intune will be listed in the **Add/Remove Programs** control panel, though it will appear as if the full product is installed. Learn more about managing *Endpoint Protection*:
- [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://technet.microsoft.com/library/dn646970.aspx)
- [Endpoint Protection in Configuration Manager](https://technet.microsoft.com/library/hh508760.aspx)
Read more about System Center Configuration Manager in [Introduction to Endpoint Protection in Configuration Manager](https://technet.microsoft.com/library/hh508781.aspx).
> **Important:** You must be licensed to use *Endpoint Protection* to manage clients in your Configuration Manager hierarchy.
## Apply updates to Windows Defender endpoints

205
windows/keep-secure/WDAV-working/1.3.1 configure-update-options-windows-defender-antivirus.md
View File

@ -1,205 +0,0 @@
---
title: Configure and use Windows Defender in Windows 10
description: IT professionals can configure definition updates and cloud-based protection in Windows Defender in Windows 10 through Microsoft Active Directory and Windows Server Update Services (WSUS).
ms.assetid: 22649663-AC7A-40D8-B1F7-5CAD9E49653D
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author: iaanw
---
# Configure Windows Defender in Windows 10
**Applies to**
- Windows 10
You can configure definition updates and cloud-based protection in Windows Defender in Windows 10 through Microsoft Active Directory and Windows Server Update Services (WSUS).
You can also enable and configure the Microsoft Active Protection Service to ensure endpoints are protected by cloud-based protection technologies.
## Configure definition updates
<!-- this has been used as anchor in VDI content -->
It is important to update definitions regularly to ensure that your endpoints are protected. Definition updates can be configured to suit the requirements of your organization.
Windows Defender supports the same updating options (such as using multiple definition sources) as other Microsoft endpoint protection products; for more information, see [Configuring Definition Updates](https://technet.microsoft.com/library/gg412502.aspx).
When you configure multiple definition sources in Windows Defender, you can configure the fallback order using the following values through *Group Policy* settings:
- InternalDefinitionUpdateServer - WSUS
- MicrosoftUpdateServer - Microsoft Update
- MMPC - [Microsoft Malware Protection Center definitions page](http://www.microsoft.com/security/portal/definitions/adl.aspx)
- FileShares - file share
Read about deploying administrative template files for Windows Defender in the article [Description of the Windows Defender Group Policy administrative template settings](https://support.microsoft.com/kb/927367).
You can also manage your Windows Defender update configuration settings through System Center Configuration Manager. See [How to Configure Definition Updates for Endpoint Protection in Configuration Manager](https://technet.microsoft.com/library/jj822983.aspx) for details.
## Definition update logic
You can update Windows Defender definitions in four ways depending on your business requirements:
- WSUS, the managed server. You can manage the distribution of updates that are released through Microsoft Update to computers in your enterprise environment; read more on the [Windows Server Update Services](https://technet.microsoft.com/windowsserver/bb332157.aspx) website.
- Microsoft Update, the unmanaged server. You can use this method to get regular updates from Microsoft Update.
- The [Microsoft Malware Protection Center definitions page](http://www.microsoft.com/security/portal/definitions/adl.aspx), as an alternate download location. You can use this method if you want to download the latest definitions.
- File share, where the definition package is downloaded. You can retrieve definition updates from a file share. The file share must be provisioned on a regular basis with the update files.
## Update Windows Defender definitions through Active Directory and WSUS
This section details how to update Windows Defender definitions for Windows 10 endpoints through Active Directory and WSUS.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Method</th>
<th align="left">Instructions</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>WSUS</p></td>
<td align="left"><p>See [Software Updates and Windows Server Update Services Definition Updates](https://technet.microsoft.com/library/gg398036.aspx) in the [Configuring Definition Updates](https://technet.microsoft.com/library/gg412502.aspx) topic that also applies to Windows Defender.</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Update</p></td>
<td align="left"><p>Set the following fallback order <em>Group Policy</em> to enable Microsoft Update:</p>
<ol>
<li>Open the <strong>Group Policy Editor</strong>.</li>
<li>In the <strong>Local Computer Policy</strong> tree, expand <strong>Computer Configuration</strong>, then <strong>Administrative Templates</strong>, then <strong>Windows Components</strong>, then <strong>Windows Defender</strong>.</li>
<li>Click on <strong>Signature Updates</strong>.</li>
<li><p>Double-click on <strong>Define the order of sources for downloading definition updates</strong>.</p>
<p>This will open the <strong>Define the order of sources for downloading definition updates</strong> window.</p></li>
<li>Click <strong>Enable</strong>.</li>
<li><p>In the <strong>Options</strong> pane, define the following <em>Group Policy</em> to enable Microsoft Update:</p>
<p><strong>{MicrosoftUpdateServer}</strong></p>
<p><img src="images/defender-gp-defsourcefield.png" alt="&quot;Define the order of sources for downloading definition updates&quot; field" /></p></li>
<li><p>Click <strong>OK</strong>.</p>
<p>The window will close automatically.</p></li>
</ol></td>
</tr>
<tr class="odd">
<td align="left"><p>[Microsoft Malware Protection Center definitions page](http://www.microsoft.com/security/portal/definitions/adl.aspx)</p></td>
<td align="left"><p>Set the following fallback order <em>Group Policy</em> to enable Windows Defender to download updated signatures:</p>
<ol>
<li>Open the <strong>Group Policy Editor</strong>.</li>
<li>In the <strong>Local Computer Policy</strong> tree, expand <strong>Computer Configuration</strong>, then <strong>Administrative Templates</strong>, then <strong>Windows Components</strong>, then <strong>Windows Defender</strong>.</li>
<li>Click on <strong>Signature Updates</strong>.</li>
<li><p>Double-click on <strong>Define the order of sources for downloading definition updates</strong>.</p>
<p>This will open the <strong>Define the order of sources for downloading definition updates</strong> window.</p></li>
<li>Click <strong>Enable</strong>.</li>
<li><p>In the <strong>Options</strong> pane, define the following <em>Group Policy</em> to enable Windows Defender to download updated signatures:</p>
<p><strong>{MMPC}</strong></p>
<p><img src="images/defender-gp-defsourcefield.png" alt="&quot;Define the order of sources for downloading definition updates&quot; field" /></p></li>
<li><p>Click <strong>OK</strong>.</p>
<p>The window will close automatically.</p></li>
</ol></td>
</tr>
<tr class="even">
<td align="left"><p>File share</p></td>
<td align="left"><p></p>
<ol>
<li>Open the <strong>Group Policy Editor</strong>.</li>
<li>In the <strong>Local Computer Policy</strong> tree, expand <strong>Computer Configuration</strong>, then <strong>Administrative Templates</strong>, then <strong>Windows Components</strong>, then <strong>Windows Defender</strong>.</li>
<li>Click on <strong>Signature Updates</strong>.</li>
<li><p>Double-click on <strong>Define the order of sources for downloading definition updates</strong>.</p>
<p>This will open the <strong>Define the order of sources for downloading definition updates</strong> window:</p></li>
<li>Click <strong>Enable</strong>.</li>
<li><p>In the <strong>Options</strong> pane, define the following <em>Group Policy</em> to enable Windows Defender to download updated signatures:</p>
<p><strong>{FileShares}</strong></p>
<p><img src="images/defender-gp-defsourcefield.png" alt="&quot;Define the order of sources for downloading definition updates&quot; field" /></p></li>
<li><p>Click <strong>OK</strong>.</p>
<p>The window will close automatically.</p></li>
<li><p>Double-click on <strong>Define file shares for downloading definition updates</strong>.</p>
<p>This will open the <strong>Define file shares for downloading definition updates</strong> window.</p></li>
<li>Click <strong>Enable</strong>.</li>
<li><p>In the <strong>Options</strong> pane, define the following <em>Group Policy</em> to specify the Universal Naming Convention (UNC) share source:</p>
<p><strong>{\\unc1\\unc2}</strong> - where you define [unc] as the UNC shares.</p>
<p><img src="images/defender-gp-defsharesfield.png" alt="&quot;Define the file shares for downloading definition updates&quot; field" /></p></li>
<li><p>Click <strong>OK</strong>.</p>
<p>The window will close automatically.</p></li>
</ol></td>
</tr>
</tbody>
</table>
 
## Manage cloud-based protection
Windows Defender offers improved cloud-based protection and threat intelligence for endpoint protection clients using the Microsoft Active Protection Service. Read more about the Microsoft Active Protection Service community in [Join the Microsoft Active Protection Service community](http://windows.microsoft.com/windows-8/join-maps-community).
You can enable or disable the Microsoft Active Protection Service using *Group Policy* settings and administrative template files.
More information on deploying administrative template files for Windows Defender is available in the article [Description of the Windows Defender Group Policy administrative template settings](https://support.microsoft.com/kb/927367).
The Microsoft Active Protection Service can be configured with the following *Group Policy* settings:
1. Open the **Group Policy Editor**.
2. In the **Local Computer Policy** tree, expand **Computer Configuration**, then **Administrative Templates**, then **Windows Components**, then **Windows Defender**.
3. Click on **MAPS**.
4. Double-click on **Join Microsoft MAPS**.
5. Select your configuration option from the **Join Microsoft MAPS** list.
>**Note:**  Any settings modified on an endpoint will be overridden by the administrator's policy setting.
 
Use the Windowsdefender.adm *Group Policy* template file to control the policy settings for Windows Defender in Windows 10:
Policy setting: **Configure Microsoft SpyNet Reporting**
Registry key name: **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\SpyNet\\SpyNetReporting**
Policy description: **Adjusts membership in Microsoft Active Protection Service**
You can also configure preferences using the following PowerShell parameters:
- Turn Microsoft Active Protection Service off: *Set-MpPreference -MAPSReporting 0*
- Turn Microsoft Active Protection Service on: *Set-MpPreference -MAPSReporting 2*
Read more about this in:
- [Scripting with Windows PowerShell](https://technet.microsoft.com/library/bb978526.aspx)
- [Defender Cmdlets](https://technet.microsoft.com/library/dn433280.aspx)
>**Note:**  Any information that Windows Defender collects is encrypted in transit to our servers, and then stored in secure facilities. Microsoft takes several steps to avoid collecting any information that directly identifies you, such as your name, email address, or account ID.
 
Read more about how to manage your privacy settings in [Setting your preferences for Windows 10 services](http://windows.microsoft.com/windows-10/services-setting-preferences).
## Opt-in to Microsoft Update
You can use Microsoft Update to keep definitions on mobile computers running Windows Defender in Windows 10 up to date when they are not connected to the corporate network. If the mobile computer doesn't have a [Windows Server Update Service](https://technet.microsoft.com/windowsserver/bb332157.aspx) (WSUS) connection, the signatures will still come from Microsoft Update. This means that signatures can be pushed down (via Microsoft Update) even if WSUS overrides Windows Update.
You need to opt-in to Microsoft Update on the mobile computer before it can retrieve the definition updates from Microsoft Update.
There are two ways you can opt-in to Microsoft Update in Windows Defender for Windows 10:
1. Use a VBScript to create a script, then run it on each computer in your network.
2. Manually opt-in every computer on your network through the **Settings** menu.
You can create a VBScript and run it on each computer on your network; this is an efficient way to opt-in to Microsoft Update.
**Use a VBScript to opt in to Microsoft Update**
1. Use the instructions in the MSDN article [Opt-In to Microsoft Update](https://msdn.microsoft.com/library/windows/desktop/aa826676.aspx) to create the VBScript.
2. Run the VBScript you created on each computer in your network.
You can manually opt-in each individual computer on your network to receive Microsoft Update.
**Manually opt-in to Microsoft Update**
1. Open **Windows Update** in **Update & security** settings on the computer you want to opt-in.
2. Click **Advanced** options.
3. Select the checkbox for **Give me updates for other Microsoft products when I update Windows**.
## Schedule updates for Microsoft Update
Opting-in to Microsoft Update means that your system administrator can schedule updates to your mobile computer, so that it keeps up-to-date with the latest software versions and security definitions, even when youre on the road.
For more information on scheduling updates, see [Configure definition updates](https://technet.microsoft.com/library/mt622088.aspx#configure-definition-updates).
## Related topics
- [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)
- [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)

0
windows/keep-secure/WDAV-working/1.2.3.1 configure-notifications-windows-defender-antivirus.md → windows/keep-secure/WDAV-working/configure-notifications-windows-defender-antivirus.md
View File

20
windows/keep-secure/WDAV-working/deploy-manage-report-windows-defender-antivirus.md
View File

@ -24,11 +24,13 @@ author: iaanw
You can deploy, manage, and report on Windows Defender Antivirus in a number of ways.
The following table illustrates how each function can be managed or accessed. The topics in this section provide links or describe how to use each product:
- To deploy or enable the Windows Defender Antivirus protection client on endpoints or servers
- To manage and report on Windows Defender Antivirus protection, including managing product and protection updates
- To report on Windows Defender Antivirus protection
As the Windows Defender AV client is installed as a core part of Windows 10, traditional deployment of a client to your endpoints does not apply.
However, in most cases you will still need to enable the protection service on your endpoints with System Center Configuration Manager, Microsoft Intune, Azure Secrutiy Center, or Group Policy Objects, which is described in the following table.
You'll also see additional links for:
- Managing Windows Defender Antivirus protection, including managing product and protection updates
- Reporting on Windows Defender Antivirus protection
> [!IMPORTANT]
> In most cases, Windows 10 will disable Windows Defender Antivirus if it finds another antivirus product running and up-to-date. You must disable or uninstall third-party antivirus products before Windows Defender Antivirus will be functioning. If you re-enable or install third-part antivirus products, then Windows 10 will automatically disable Windows Defender Antivirus.
@ -41,7 +43,7 @@ Microsoft Intune|[Deploy the Microsoft Intune client to endpoints][]|Use and dep
Windows Management Instrumentation|Deploy with Group Policy, System Center Configuration Manager, or manually on individual endpoints.|Use the [Set method of the MSFT_MpPreference class][] and the [Update method of the MSFT_MpSignature class][]|Use the [MSFT_MpComputerStatus][] class and the get method of associated classes in the [Windows Defender WMIv2 Provider][]
PowerShell|Deploy with Group Policy, System Center Configuration Manager, or manually on individual endpoints.|Use the [Set-MpPreference][] and [Update-MpSignature] [] cmdlets available in the Defender module|Use the appropriate [Get- cmdlets available in the Defender module][]
Group Policy and Active Directory (domain-joined)|Use a Group Policy Object to deploy configuration changes and ensure Windows Defender Antivirus is enabled.|Use Group Policy Objects (GPOs) to [Configure update options for Windows Defender Antivirus][] and [Configure Windows Defender features][]|Endpoint reporting is not available with Group Policy. You can generate a list of [Group Policies to determine if any settings or policies are not applied][]
Azure Active Directory|Deploy with Group Policy, System Center Configuration Manager, or manually on individual endpoints.|You cannot use AAD to manage Windows Defender Antivirus protection. Use other management options (such as Configuration Manager, Intune, GPO, WMI, or PowerShell). |Endpoint protection reporting is not available in AAD. You can review usage reports to determine suspicious activity, including the [Possibly infected devices][] report. You can also configure an SIEM tool to report on [Windows Defender Antivirus events][] and add that tool as an app in AAD.
Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](https://docs.microsoft.com/en-us/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Azure Security Center](https://docs.microsoft.com/en-us/azure/security-center/security-center-install-endpoint-protection)|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/en-us/powershell/servicemanagement/azure.antimalware/v3.4.0/azure.antimalware) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe)|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/en-us/powershell/servicemanagement/azure.antimalware/v3.4.0/azure.antimalware) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the [Possibly infected devices][] report and configure an SIEM tool to report on [Windows Defender Antivirus events][] and add that tool as an app in AAD.
1. <span id="fn1" />The availability of some functions and features, especially related to cloud-delivered protection, differ between System Center Configuration Manager, current branch (for example, System Center Configuration Manager 2016) and System Center Configuration Manager 2012. In this library, we've focused on Windows 10, Windows Server 2016, and System Center Configuration Manager, current branch (2016). See the [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) topic for a table that describes the major differences. [(Return to table)](#ref1)
@ -68,9 +70,9 @@ Azure Active Directory|Deploy with Group Policy, System Center Configuration Man
[Update method of the MSFT_MpSignature class]: https://msdn.microsoft.com/en-us/library/dn439474
[MSFT_MpComputerStatus]: https://msdn.microsoft.com/en-us/library/dn455321
[Windows Defender WMIv2 Provider]: https://msdn.microsoft.com/en-us/library/dn439477
[Set-MpPreference]: ../itpro/powershell/windows/defender/set-mppreference.md
[Update-MpSignature]: ../itpro/powershell/windows/defender/update-mpsignature
[Get- cmdlets available in the Defender module]: ../itpro/powershell/windows/defender/index.md
[Set-MpPreference]: https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference.md
[Update-MpSignature]: https://technet.microsoft.com/itpro/powershell/windows/defender/update-mpsignature
[Get- cmdlets available in the Defender module]: https://technet.microsoft.com/itpro/powershell/windows/defender/index
[Configure update options for Windows Defender Antivirus]: configure-update-options-windows-defender-antivirus.md
[Configure Windows Defender features]: configure-windows-defender-antivirus-features.md
[Group Policies to determine if any settings or policies are not applied]: https://technet.microsoft.com/en-us/library/cc771389.aspx
@ -84,7 +86,7 @@ Topic | Description
---|---
[Deploy and enable Windows Defender Antivirus protection](deploy-windows-defender-antivirus.md) | While the client is installed as a core part of Windows 10, and traditional deployment does not apply, you will still need to enable the client on your endpoints with System Center Configuration Manager, Microsoft Intune, or Group Policy Objects.
[Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) | There are two parts to updating Windows Defender Antivirus: updating the client on endpoints (product updates), and updating definitions (protection updates). You can update definitions in a number of ways, using System Center Configuration Manager, Microsoft Intune, WSUS, and others.
[Monitor and report on Windows Defender Antivirus protection](report-monitor-windows-defender-antiviirus.md) | You can use System Center Configuration Manager, a third-party SIEM product (by consuming Windows event logs), or Microsoft Intune to monitor the protection status and create reports on endpoints
[Monitor and report on Windows Defender Antivirus protection](report-monitor-windows-defender-antiviirus.md) | You can use System Center Configuration Manager, a third-party SIEM product (by consuming Windows event logs), or Microsoft Intune to monitor protection status and create reports about endpoint protection
## Related topics

40
windows/keep-secure/WDAV-working/deploy-windows-defender-antivirus.md Normal file
View File

@ -0,0 +1,40 @@
---
title: Deploy and enable Windows Defender Antivirus
description: Deploy Windows Defender AV for protection of your endpoints, using System Center Configuration Manager, Microsoft Intune, Group Policy, PowerShell cmdlets, or WMI.
keywords:
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author: iaanw
---
# Deploy and enable Windows Defender Antivirus
**Applies to:**
- Windows 10
**Audience**
- Network administrators
- IT administrators
Depending on the management tool you are using, you may need to specifically enable or configure Windows Defender AV protection.
See the [(Deployment, managament, and reporting options table)](deploy-manage-report-windows-defender-antivirus.md#ref1) for instructions on how to enable protection with System Center Configuration Manager, Group Policy, Active Directory, Microsoft Azure, Microsoft Intune, PowerShell cmdlets, and Windows Management Instruction (WMI).
Some scenarios require additional guidance on how to successfully deploy or configure Windows Defender AV protection, such as Virtual Desktop Infrastructure (VDI) environments.
The remaining topic in this section provides end-to-end advice and best practices for [setting up Windows Defender AV ion virtual machines (VMs) in a VDI or Remote Desktop Services (RDS) environment](deployment-vdi-windows-defender-antivirus.md).
## Related topics
- [Windows Defender Antivirus in Windows 10](windows-defender-in-windows-10.md)
- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
- [Deployment guide for Windows Defender Antivirus in a virtual desktop infrasructure (VDI) environment](deployment-vdi-windows-defender-antivirus.md)

48
windows/keep-secure/WDAV-working/deployment-guide-vdi-windows-defender-antivirus.md
View File

@ -1,48 +0,0 @@
---
title:
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author: iaanw
---
# H1
**Applies to:**
- Windows 10
- Windows 10, version 1703
**Audience**
- Network administrators
- IT professionals
- IT administrators
**Manageability available with**
- Group Policy
- Windows Settings
When you enable endpoint protection for your clients, it will install an additional management layer on Windows Defender to manage the in-box Windows Defender agent. While the client user interface will still appear as Windows Defender, the management layer for Endpoint Protection will be listed in the **Add/Remove Programs** control panel, though it will appear as if the full product is installed.
## Related topics
- [Windows Defender Antivirus in Windows 10](windows-defender-in-windows-10.md)
- [Configure Windows Defender Antivirus features](configure-windows-defender-antivirus-features.md)
- [Deploy and enable Windows Defender Antivirus protection](deploy-windows-defender-antivirus.md)
- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
- [Monitor and report on Windows Defender Antivirus protection](report-monitor-windows-defender-antiviirus.md)

8
windows/keep-secure/WDAV-working/deployment-vdi-windows-defender-antivirus.md
View File

@ -33,9 +33,9 @@ In addition to standard on-premises or hardware configurations, you can also use
See the [Microsoft Desktop virtualization site](https://www.microsoft.com/en-us/server-cloud/products/virtual-desktop-infrastructure/) for more details on Microsoft Remote Desktop Services and VDI support.
This guide provides instructions and help on the following within the context of using Windows Defender Antivirus on Windows 10 virtual machines (VMs):
For Azure-based virutal machines, you can also review the [Install Endpoint Protection in Azure Security Center](https://docs.microsoft.com/en-us/azure/security-center/security-center-install-endpoint-protection) topic.
There are four steps in this guide to roll out Windows Defender AV protection across your VDI:
There are three main steps in this guide to help roll out Windows Defender AV protection across your VDI:
1. Create and deploy the base image (for example, as a virtual hard disk (VHD)) that your virtual machines (VMs) will use
2. Manage the base image and updates for your VMs
@ -111,6 +111,8 @@ You can reduce network overhead by using a persistent VDI environment, so that y
Therefore, the first step youll need to take is to determine when to create the base image that youll use on your VMs. This should align with the persistence of your VMs.
For example, if you are using a non-persistent VDI, it may make sense to update and deploy your base image daily. This way, youll ensure your VMs receive the most up-to-date protection each day, without having to individually download updates when they are each started.
You could also use a pre-configured PowerShell script as part of a scheduled task to help automate the download and application of protection updates from a centralized location, to prevent each VM from individually downloading the update.
For example, the [SignatureDownloadCustomTask PowerShell script](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4/DisplayScript) will pull the latest updates via a UNC share that is updated by the VM host. That way the individual VM will not need to obtain protection updates from the Internet, and you will only need to download the updates once (on the VM host).
Alternatively, if you have a persistent or semi-persistent VDI, you could update your base image monthly, in conjunction with the monthly “Patch Tuesday” Microsoft Updates to reduce the network bandwidth across your VDI.
In both of these scenarios, the VMs will only need to download “delta” updates the differences between an existing definition set and the next one. Delta updates are typically much smaller (a few kilobytes) than a full definition download (which can average around 150 mb).
@ -126,6 +128,7 @@ You may be able to automate this by following the instructions in [Orchestrated
In both scenarios, its important to run a quick scan on the updated image before you deploy it to your VMs.
## Configure endpoints for optimal performance
There are a number of settings that can help ensure optimal performance on your VMs and VDI without affecting the level of protection.
@ -295,4 +298,5 @@ Windows Server 2016 contains Windows Defender Antivirus and will automatically d
- [Video: Microsoft Senior Program Manager Bryan Keller on how System Center Configuration Manger 2012 manages VDI and integrates with App-V]( http://channel9.msdn.com/Shows/Edge/Edge-Show-5-Manage-VDI-using-SCCM-2012#time=03m02s)
- [Project VRC: Antivirus impact and best practices on VDI](https://blogs.technet.microsoft.com/privatecloud/2013/12/06/orchestrated-offline-vm-patching-using-service-management-automation/)
- [TechNet forums on Remote Desktop Services and VDI](https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverTS)
- [SignatureDownloadCustomTask PowerShell script](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4/DisplayScript)

6
windows/keep-secure/WDAV-working/1.1 evaluate-windows-defender-antivirus.md → windows/keep-secure/WDAV-working/evaluate-windows-defender-antivirus.md
View File

@ -31,10 +31,10 @@ It explains the important features available for both small and large enterprise
You can choose to configure and evaluate each setting independently, or all at once. We have grouped similar settings based upon typical evaluation scenarios, and include instructions for using PowerShell to enable the settings.
The guide is available in PDF format for offline viewing:
- [Download the guide in PDF format](#)
- [Download the guide in PDF format](https://www.microsoft.com/download/details.aspx?id=54795)
You can also download a PowerShell script that will enable all the settings described in the guide automatically:
- [Download the PowerShell script to automatically configure the settings](#)
You can also download a PowerShell that will enable all the settings described in the guide automatically. You can obtain the script alongside the PDF download above, or individually from PowerShell Gallery:
- [Download the PowerShell script to automatically configure the settings](https://www.powershellgallery.com/packages/WindowsDefender_InternalEvaluationSettings/1.0/DisplayScript)
> [!IMPORTANT]
> The guide is currently intended for single-machine evaluation of Windows Defender Antivirus protection. Enabling all of the settings in this guide may not be suitable for real-world deployment.

156
windows/keep-secure/WDAV-working/manage-endpoint-product-updates-windows-defender-antivirus.md Normal file
View File

@ -0,0 +1,156 @@
---
title:
description:
ms.assetid: 22649663-AC7A-40D8-B1F7-5CAD9E49653D
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author: iaanw
---
# Manage Windows Defender Antivirus protection and definition updates
**Applies to**
- Windows 10
**Audience**
- Network administrators
**Manageability available with**
- Group Policy
- System Center Configuration Manager
- Microsoft Intune
- PowerShell cmdlets
- Windows Management Instruction (WMI)
<span id="protection-updates"/>
<!-- this has been used as anchor in VDI content -->
Windows Defender Antivirus requires regular protection updates to help ensure your network and endpoints are fully protected. These protection updates are also known as "definitions" or "signature updates".
There are a number of ways you can obtain and manage protection updates.
## Obtain protection updates
There are four locations where you can specify where an endpoint should obtain updates. Typically, you would configure each endpoint to individually download the updates from a primary source and specify fallback sources in case the primary source is unavailble.
- [Windows Server Update Service (WSUS)](https://technet.microsoft.com/windowsserver/bb332157.aspx).
- Microsoft Update.
- The [Microsoft Malware Protection Center definitions page (MMPC)](http://www.microsoft.com/security/portal/definitions/adl.aspx).
- A network file share.
Each location has typical scenarios (in addition to acting as fallback locations) for when you would use that source, as described in the following table:
Location | Sample scenario
---|---
WSUS | https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus
Microsoft Update | Internet...
MMPC | You need to download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-windows-defender-antivirus.md).
File share | You have non-Internet-connected devices (such as VMs). You can use your Internet-connected VM host download the updates to a network share, from which the VMs can obtain the updates.
You can manage how you obtain the protection updates with System Center Configuration Manager, Microsoft Intune, Group Policy, or PowerShell cmdlets and WMI.
> [!IMPORTANT]
> If you set WSUS as a download location, you must approve the updates - regardless of what management tool you use to specify the location. You can set up an automatic approval rule with WSUS, which may be useful as updates arrive at least once a day. See [To synchronize endpoint protection updates in standalone WSUS](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus) for more details.
**Use Group Policy to manage the update location:**
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender > Client Interface** and configure the following settings:
1. Double-click the **Suppress all notifications** setting and set the option to **Enabled**. Click **OK**. This will disable all notifications shown by the Windows Defender client.
1. Double-click the **Suppresses reboot notifications** setting and set the option to **Enabled**. Click **Ok**. This will disable notifications that ask the endpoint user to reboot the machine to perform additional cleaning.
2.In the Local Computer Policy tree, expand Computer Configuration, then Administrative Templates, then Windows Components, then Windows Defender.
3.Click on Signature Updates.
{\\unc1\\unc2} - where you define [unc] as the UNC shares.
**Use PowerShell and WMI cmdlets to manage the update location:**
Use the following PowerShell cmdlets to enable cloud-delivered protection:
```PowerShell
Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -SubmitSamplesConsent 3
```
See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-windows-defender-antivirus) and [Defender cmdlets](https://technet.microsoft.com/en-us/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
Use the following WMI cmdlets to enable cloud-delivered protection:
```WMI
```
**Use Configuration Manager to manage the update location:**
1. See [Configure Definition Updates for Endpoint Protection](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-definition-updates) for details on configuring System Center Configuration Manager (current branch).
**Use Microsoft Intune to manage the update location:**
### Configure protection update options
-schedule scans
-etc...
## Opt-in to Microsoft Update on mobile computers without a WSUS connection
You can use Microsoft Update to keep definitions on mobile computers running Windows Defender in Windows 10 up to date when they are not connected to the corporate network. If the mobile computer doesn't have a [Windows Server Update Service](https://technet.microsoft.com/windowsserver/bb332157.aspx) (WSUS) connection, the signatures will still come from Microsoft Update. This means that signatures can be pushed down (via Microsoft Update) even if WSUS overrides Windows Update.
You need to opt-in to Microsoft Update on the mobile computer before it can retrieve the definition updates from Microsoft Update.
There are two ways you can opt-in to Microsoft Update in Windows Defender for Windows 10:
1. Use a VBScript to create a script, then run it on each computer in your network.
2. Manually opt-in every computer on your network through the **Settings** menu.
You can create a VBScript and run it on each computer on your network; this is an efficient way to opt-in to Microsoft Update.
**Use a VBScript to opt in to Microsoft Update**
1. Use the instructions in the MSDN article [Opt-In to Microsoft Update](https://msdn.microsoft.com/library/windows/desktop/aa826676.aspx) to create the VBScript.
2. Run the VBScript you created on each computer in your network.
You can manually opt-in each individual computer on your network to receive Microsoft Update.
**Manually opt-in to Microsoft Update**
1. Open **Windows Update** in **Update & security** settings on the computer you want to opt-in.
2. Click **Advanced** options.
3. Select the checkbox for **Give me updates for other Microsoft products when I update Windows**.
## Related topics
- [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)
- [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)

156
windows/keep-secure/WDAV-working/manage-protection-updates-windows-defender-antivirus.md Normal file
View File

@ -0,0 +1,156 @@
---
title:
description:
ms.assetid: 22649663-AC7A-40D8-B1F7-5CAD9E49653D
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author: iaanw
---
# Manage Windows Defender Antivirus protection and definition updates
**Applies to**
- Windows 10
**Audience**
- Network administrators
**Manageability available with**
- Group Policy
- System Center Configuration Manager
- Microsoft Intune
- PowerShell cmdlets
- Windows Management Instruction (WMI)
<span id="protection-updates"/>
<!-- this has been used as anchor in VDI content -->
Windows Defender Antivirus requires regular protection updates to help ensure your network and endpoints are fully protected. These protection updates are also known as "definitions" or "signature updates".
There are a number of ways you can obtain and manage protection updates.
## Obtain protection updates
There are four locations where you can specify where an endpoint should obtain updates. Typically, you would configure each endpoint to individually download the updates from a primary source and specify fallback sources in case the primary source is unavailble.
- [Windows Server Update Service (WSUS)](https://technet.microsoft.com/windowsserver/bb332157.aspx).
- Microsoft Update.
- The [Microsoft Malware Protection Center definitions page (MMPC)](http://www.microsoft.com/security/portal/definitions/adl.aspx).
- A network file share.
Each location has typical scenarios (in addition to acting as fallback locations) for when you would use that source, as described in the following table:
Location | Sample scenario
---|---
WSUS | https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus
Microsoft Update | Internet...
MMPC | You need to download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-windows-defender-antivirus.md).
File share | You have non-Internet-connected devices (such as VMs). You can use your Internet-connected VM host download the updates to a network share, from which the VMs can obtain the updates.
You can manage how you obtain the protection updates with System Center Configuration Manager, Microsoft Intune, Group Policy, or PowerShell cmdlets and WMI.
> [!IMPORTANT]
> If you set WSUS as a download location, you must approve the updates - regardless of what management tool you use to specify the location. You can set up an automatic approval rule with WSUS, which may be useful as updates arrive at least once a day. See [To synchronize endpoint protection updates in standalone WSUS](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus) for more details.
**Use Group Policy to manage the update location:**
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender > Client Interface** and configure the following settings:
1. Double-click the **Suppress all notifications** setting and set the option to **Enabled**. Click **OK**. This will disable all notifications shown by the Windows Defender client.
1. Double-click the **Suppresses reboot notifications** setting and set the option to **Enabled**. Click **Ok**. This will disable notifications that ask the endpoint user to reboot the machine to perform additional cleaning.
2.In the Local Computer Policy tree, expand Computer Configuration, then Administrative Templates, then Windows Components, then Windows Defender.
3.Click on Signature Updates.
{\\unc1\\unc2} - where you define [unc] as the UNC shares.
**Use PowerShell and WMI cmdlets to manage the update location:**
Use the following PowerShell cmdlets to enable cloud-delivered protection:
```PowerShell
Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -SubmitSamplesConsent 3
```
See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-windows-defender-antivirus) and [Defender cmdlets](https://technet.microsoft.com/en-us/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
Use the following WMI cmdlets to enable cloud-delivered protection:
```WMI
```
**Use Configuration Manager to manage the update location:**
1. See [Configure Definition Updates for Endpoint Protection](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-definition-updates) for details on configuring System Center Configuration Manager (current branch).
**Use Microsoft Intune to manage the update location:**
### Configure protection update options
-schedule scans
-etc...
## Opt-in to Microsoft Update on mobile computers without a WSUS connection
You can use Microsoft Update to keep definitions on mobile computers running Windows Defender in Windows 10 up to date when they are not connected to the corporate network. If the mobile computer doesn't have a [Windows Server Update Service](https://technet.microsoft.com/windowsserver/bb332157.aspx) (WSUS) connection, the signatures will still come from Microsoft Update. This means that signatures can be pushed down (via Microsoft Update) even if WSUS overrides Windows Update.
You need to opt-in to Microsoft Update on the mobile computer before it can retrieve the definition updates from Microsoft Update.
There are two ways you can opt-in to Microsoft Update in Windows Defender for Windows 10:
1. Use a VBScript to create a script, then run it on each computer in your network.
2. Manually opt-in every computer on your network through the **Settings** menu.
You can create a VBScript and run it on each computer on your network; this is an efficient way to opt-in to Microsoft Update.
**Use a VBScript to opt in to Microsoft Update**
1. Use the instructions in the MSDN article [Opt-In to Microsoft Update](https://msdn.microsoft.com/library/windows/desktop/aa826676.aspx) to create the VBScript.
2. Run the VBScript you created on each computer in your network.
You can manually opt-in each individual computer on your network to receive Microsoft Update.
**Manually opt-in to Microsoft Update**
1. Open **Windows Update** in **Update & security** settings on the computer you want to opt-in.
2. Click **Advanced** options.
3. Select the checkbox for **Give me updates for other Microsoft products when I update Windows**.
## Related topics
- [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)
- [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)

50
windows/keep-secure/WDAV-working/manage-updates-baselines-windows-defender-antivirus.md.md
View File

@ -1,27 +1,31 @@
---
title: Manage Windows Defender Antivirus updates and apply baselines
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author: iaanw
---
# Manage Windows Defender Antivirus updates and apply baselines
**Applies to:**
- Windows 10
- Windows 10, version 1703
**Audience**
- Network administrators
There are two parts of updating - definition updates and product updates.
## Manage Windows Defender endpoints through Active Directory and WSUS
All Windows 10 endpoints are installed with Windows Defender and include support for management through:
- Active Directory
- WSUS
You can use the Active Directory to configure the settings; Group policies can be used for centralized configuration and enforcement of many Windows Defender settings including client user interface, scan settings, and exclusions.
WSUS can be used to view basic update compliance and deploy updates manually or through automatic rules.
Note that System Center 2012 R2 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, and Microsoft Intune can provide centralized management of Windows Defender, including:
- Settings management
- Definition update management
- Alerts and alert management
- Reports and reporting
When you enable *Endpoint Protection* on your clients, it will install an additional management layer on Windows Defender to manage the in-box Windows Defender agent. While the client user interface will still appear as Windows Defender, the management layer for System Center Endpoint Protection or Intune will be listed in the **Add/Remove Programs** control panel, though it will appear as if the full product is installed. Learn more about managing *Endpoint Protection*:
- [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://technet.microsoft.com/library/dn646970.aspx)
- [Endpoint Protection in Configuration Manager](https://technet.microsoft.com/library/hh508760.aspx)
Read more about System Center Configuration Manager in [Introduction to Endpoint Protection in Configuration Manager](https://technet.microsoft.com/library/hh508781.aspx).
> **Important:** You must be licensed to use *Endpoint Protection* to manage clients in your Configuration Manager hierarchy.
You can also apply security baselines.

38
windows/keep-secure/WDAV-working/report-monitor-windows-defender-antivirus.md Normal file
View File

@ -0,0 +1,38 @@
---
title: Monitor and report on Windows Defender Antivirus protection
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author: iaanw
---
# Report on Windows Defender Antivirus protection
**Applies to:**
- Windows 10
**Audience**
- IT administrators
There are a number of ways you can review protection status and alerts, depending on the management tool you are using for Windows Defender AV.
You can use System Center Configuration Manager to [monitor Windows Defender AV protection](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-configure-alerts), or you can also monitor protection using the [Microsoft Intune console](ttps://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#monitor-endpoint-protection).
If you have a third-party security information and event management (SIEM) tool, you can also consume [Windows Defender client event IDs](troubleshoot-windows-defender-antivirus.md#windows-defender-av-ids) to review specific events and errors from your endpoints.
For monitoring or determining status with PowerShell, WMI, or Microsoft Azure, see the [(Deployment, managament, and reporting options table)](deploy-manage-report-windows-defender-antivirus.md#ref1).
## Related topics
- [Windows Defender Antivirus in Windows 10](windows-defender-in-windows-10.md)
- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)

2
windows/keep-secure/WDAV-working/1.5 troublshoot-windows-defender-antivirus.md → windows/keep-secure/WDAV-working/troublshoot-windows-defender-antivirus.md
View File

@ -16,7 +16,7 @@ author: jasesso
- Windows 10
IT professionals can review information about event IDs in Windows Defender for Windows 10 and see any relevant action they can take.
<span id="windows-defender-av-ids" />
## Windows Defender client event IDs
This section provides the following information about Windows Defender client events:

40
windows/keep-secure/WDAV-working/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
View File

@ -53,4 +53,44 @@ Cloud block timeout period | No | No | Configurable | Not configurable | Configu
## Manage cloud-based protection
Windows Defender offers improved cloud-based protection and threat intelligence for endpoint protection clients using the Microsoft Active Protection Service. Read more about the Microsoft Active Protection Service community in [Join the Microsoft Active Protection Service community](http://windows.microsoft.com/windows-8/join-maps-community).
You can enable or disable the Microsoft Active Protection Service using *Group Policy* settings and administrative template files.
More information on deploying administrative template files for Windows Defender is available in the article [Description of the Windows Defender Group Policy administrative template settings](https://support.microsoft.com/kb/927367).
The Microsoft Active Protection Service can be configured with the following *Group Policy* settings:
1. Open the **Group Policy Editor**.
2. In the **Local Computer Policy** tree, expand **Computer Configuration**, then **Administrative Templates**, then **Windows Components**, then **Windows Defender**.
3. Click on **MAPS**.
4. Double-click on **Join Microsoft MAPS**.
5. Select your configuration option from the **Join Microsoft MAPS** list.
>**Note:**  Any settings modified on an endpoint will be overridden by the administrator's policy setting.
 
Use the Windowsdefender.adm *Group Policy* template file to control the policy settings for Windows Defender in Windows 10:
Policy setting: **Configure Microsoft SpyNet Reporting**
Registry key name: **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\SpyNet\\SpyNetReporting**
Policy description: **Adjusts membership in Microsoft Active Protection Service**
You can also configure preferences using the following PowerShell parameters:
- Turn Microsoft Active Protection Service off: *Set-MpPreference -MAPSReporting 0*
- Turn Microsoft Active Protection Service on: *Set-MpPreference -MAPSReporting 2*
Read more about this in:
- [Scripting with Windows PowerShell](https://technet.microsoft.com/library/bb978526.aspx)
- [Defender Cmdlets](https://technet.microsoft.com/library/dn433280.aspx)
>**Note:**  Any information that Windows Defender collects is encrypted in transit to our servers, and then stored in secure facilities. Microsoft takes several steps to avoid collecting any information that directly identifies you, such as your name, email address, or account ID.
 
Read more about how to manage your privacy settings in [Setting your preferences for Windows 10 services](http://windows.microsoft.com/windows-10/services-setting-preferences).