diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 024db75e72..b7d933aee0 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -62,27 +62,27 @@ }, { "source_path": "devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md", -"redirect_url": "/itpro/surface-hub/finishing-your-surface-hub-meeting", +"redirect_url": "/surface-hub/finishing-your-surface-hub-meeting", "redirect_document_id": true }, { "source_path": "devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md", -"redirect_url": "/itpro/surface-hub/provisioning-packages-for-surface-hub", +"redirect_url": "/surface-hub/provisioning-packages-for-surface-hub", "redirect_document_id": true }, { "source_path": "devices/surface-hub/manage-settings-with-local-admin-account-surface-hub.md", -"redirect_url": "/itpro/surface-hub/admin-group-management-for-surface-hub", +"redirect_url": "/surface-hub/admin-group-management-for-surface-hub", "redirect_document_id": true }, { "source_path": "devices/surface-hub/surface-hub-administrators-guide.md", -"redirect_url": "/itpro/surface-hub/index", +"redirect_url": "/surface-hub/index", "redirect_document_id": true }, { "source_path": "devices/surface-hub/intro-to-surface-hub.md", -"redirect_url": "/itpro/surface-hub/index", +"redirect_url": "/surface-hub/index", "redirect_document_id": false }, { diff --git a/education/get-started/get-started-with-microsoft-education.md b/education/get-started/get-started-with-microsoft-education.md index fd891a0750..572a8caa85 100644 --- a/education/get-started/get-started-with-microsoft-education.md +++ b/education/get-started/get-started-with-microsoft-education.md @@ -174,20 +174,22 @@ To learn more about the CSV files that are required and the info you need to inc **Assign Classroom license** -The Classroom application is retired, but you will need to assign the Classroom Preview license to yourself and other global admins so that you can access the services. The single license will allow global admins to access both Classroom Preview and School Data Sync. +The Classroom application is retired, but you will need to assign the Classroom Preview license to global admin accounts that will be used to administer SDS. The single license allows global admins to access both Classroom Preview and School Data Sync. 1. In the Office 365 admin center, select **Users > Active users**. 2. Select the checkbox for your global admin account. 3. In the account details window, under **Product licenses**, click **Edit**. 4. In the **Product licenses** page, turn on **Microsoft Classroom** and then click **Save**. -5. Confirm that you can access SDS. To do this, log in to https://sds.microsoft.com. +5. Confirm that you can access SDS. To do this: + - Navigate to https://sds.microsoft.com and click **Sign in**. When prompted, enter your global admin username and password to access the SDS portal. Or, + - From the Office 365 admin portal, go to **Admin centers** and click on **School Data Sync** to go to the SDS portal. > [!NOTE] > Only global admins can access SDS. **Use SDS to import student data** -1. If you haven't done so already, To do this, go to https://sds.microsoft.com. +1. If you haven't done so already, go to the SDS portal, https://sds.microsoft.com. 2. Click **Sign in**. You will see the **Settings** option for **Manage School Data Sync**. **Figure 6** - Settings for managing SDS @@ -211,7 +213,7 @@ The Classroom application is retired, but you will need to assign the Classroom ![New SDS profile setup wizard](images/sds_updated_addnewprofile.png) 6. For the new profile, in the **Before you begin...** screen: - 1. Enter a name for your profile, such as *ContosoElementarySchool*. + 1. Enter a name for your profile, such as *Contoso_Profile_1*. 2. Select a sync method for your profile. For this walkthrough, select **CSV Files**. Note that for any sync method that you choose, you can click the **View steps** link to get more information about the steps you need to take depending on the sync method of your choosing. @@ -219,11 +221,8 @@ The Classroom application is retired, but you will need to assign the Classroom 3. Click **Start**. 7. In the **Sync options** screen: - 1. Select the domain for the schools/sections. If you have more than one domain, make sure you select the domain that corresponds to the profile you're creating. - 2. In the **Select school and section properties** section, select the properties you want to sync. If you select additional properties, make sure you have these properties and values added in the CSV files. For the walkthrough, we're not changing the default values. These are: - - **School properties:** SIS ID, Name - - **Section properties:** SIS ID, School SIS ID, Section Name - 3. In the **Select new or existing users** section, select either **New users** or **Existing users** based on the scenaro that applies to you. + 1. In the **Select new or existing users** section, you can select either **New users** or **Existing users** based on the scenaro that applies to you. For this walkthrough, select **New users**. + + 2. In the **Import data** section: + 1. Click **Upload Files** to bring up the **Select data files to be uploaded** window. + 2. In the **Select data files to be uploaded** window, click **+ Add Files** and navigate to the directory where you saved the six CSV files required for data import. + 3. In the File Explorer window, you will see a folder for the sample CSV files for the UK and six sample CSV files for the US. Select the CSV files that match your region/locale, and then click **Open**. + 4. In the **Select data files to be uploaded** window, confirm that all six CSV files (School.csv, Section.csv, Student.csv, StudentEnrollment.csv, Teacher.csv, and TeacherRoster.csv) are listed and then click **Upload**. + 4. After all the files are successfully uploaded, click **OK**. + 3. Select the domain for the schools/sections. This domain will be used for the Section email addresses created during setup. If you have more than one domain, make sure you select the appropriate domain for the sync profile and subsequent sections being created. + 4. In the **Select school and section properties** section, ensure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties, or deselect any properties, make sure you have the properties and values contained within the CSV files. For the walkthrough, you don't have to change the default. + 5. In the **Sync option for Section Group Display Name**, check the box if you want to allow teachers to overwrite the section names. Otherwise, SDS will always reset the display name value for sections to the value contained within the CSV files. + 6. In the **License Options** section, check the box to allow users being created to receive an Office 365 license. + 7. Check the **Intune for Education** checkbox to allow users to receive the Intune for Education license and to create the SDS dynamic groups and security groups, which be used within Intune for Education. + 8. Click **Next**. **Figure 9** - Sync options for the new profile - ![Specify sync options for the new SDS profile](images/sds_addnewprofile_syncoptions.png) + ![Specify sync options for the new SDS profile](images/sds_profile_syncoptions.png) 8. In the **Teacher options** screen: - 1. Select the domain for the teachers. SDS uses this to match teachers from your source data to their existing accounts in Office 365/Azure Active Directory. In the walkthrough, the CSV files are our source data. - 2. In the **Select teacher properties** section, you can add optional teacher properties to sync. For this walkthrough, you don't have to change the default. + 1. Select the domain for the teachers. SDS appends the selected domain suffix to the teacher's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The teacher will log in to Office 365 with the UserPrincipalName once the account is created. + 2. In the **Select teacher properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default. 3. In the **Teacher licenses** section, choose the SKU to assign licenses for teachers. For this walkthrough, choose **STANDARDWOFFPACK_FACULTY**. 4. Click **Next**. **Figure 10** - Specify options for teacher mapping - ![Specify options for teacher mapping](images/sds_addnewprofile_teacheroptions.png) + ![Specify options for teacher mapping](images/sds_profile_teacheroptions.png) 9. In the **Student options** screen: - 1. Select the domain for the students. SDS uses this to match students from your source data to their existing accounts in Office 365/Azure Active Directory. In the walkthrough, the CSV files are our source data. - 2. In the **Select student properties** section, you can add optional student properties to sync. For this walkthrough, you don't have to change the default. + 1. Select the domain for the students. SDS appends the selected domain suffix to the student's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The student will log in to Office 365 with the UserPrincipalName once the account is created. + 2. In the **Select student properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default. 3. In the **Student licenses** section, choose the SKU to assign licenses for students. For this walkthrough, choose **STANDARDWOFFPACK_STUDENT**. 4. Click **Next**. **Figure 11** - Specify options for student mapping - ![Specify options for student mapping](images/sds_addnewprofile_studentoptions.png) + ![Specify options for student mapping](images/sds_profile_studentoptions.png) -10. In the profile **Review** page, review the summary and confirm that the values matches with the data you entered. Click **Create profile**. +10. In the profile **Review** page, review the summary and confirm that the options selected are correct. Click **Create profile**. You will see a notification that your profile is being created. @@ -268,29 +276,22 @@ The Classroom application is retired, but you will need to assign the Classroom **Figure 12** - SDS profile page - ![SDS profile page](images/sds_profilepage.png) + ![SDS profile page](images/sds_profile_profilepage.png) -12. After the profile name at the top, confirm that the status for your profile now says **Ready to sync**. +12. After the profile is created and finished **Setting up**, confirm that the status for your profile now says **Sync enabled**. - If the status still indicates that the profile is being set up, try refreshing the page until you see the status change to **Ready to sync**. + If the status still indicates that the profile is being set up, try refreshing the page until you see the status change to **Sync enabled**. - **Figure 13** - New profile is ready to sync + **Figure 13** - New profile is sync enabled - ![Confirm that the new profile is ready](images/sds_profile_readytosync.png) + ![Confirm that the new profile is sync enabled](images/sds_profile_syncenabled.png) -11. On the profile page, below the profile name and profile status, there are four options: **Upload Files**, **Start Sync**, **Edit**, and **Delete**. Click **Upload Files** and then follow these steps: - 1. In the **Select data files to be uploaded** window, click **+ Add Files** and navigate to the directory where you saved the six CSV files required for data import. - 2. In the File Explorer window, you will see a folder for the sample CSV files for the UK and six sample CSV files for the US. Select the CSV files that match your region/locale, and then click **Open**. - 3. In the **Select data files to be uploaded** window, confirm that all six CSV files (School.csv, Section.csv, Student.csv, StudentEnrollment.csv, Teacher.csv, and TeacherRoster.csv) are listed and then click **Upload**. - 4. After all the files are successfully uploaded, click **OK**. -12. On the profile page, click **Start Sync** and then follow these steps: - 1. In the **Would you like to start sync for *Profile_Name?*** window, click **Start Sync**. *Profile_Name* should match the name you entered for your profile in the **Before you begin...** screen. - 2. Confirm that sync successfully started for the file and then click **OK**. + > [!TIP] + > If you get errors during the pre-sync validation process, your profile status will change to **x Error**. To continue, review or resolve any pre-sync validation errors, and then click **Resume Sync** to start the synchronization cycle. - > [!NOTE] - > Sync times, like file download times, can vary widely depending on when you start the sync, how much data you are syncing, the complexity of your data (such as the number of users, schools, and class enrollments), overall system/network load, and other factors. Two people who start a sync at the same time may not have their syncs complete at the same time. - > - > You can refresh the page to confirm that your profile synced successfully. + Sync times, like file download times, can vary widely depending on when you start the sync, how much data you are syncing, the complexity of your data (such as the number of users, schools, and class enrollments), overall system/network load, and other factors. Two people who start a sync at the same time may not have their syncs complete at the same time. + + You can refresh the page to confirm that your profile synced successfully. That's it for importing sample school data using SDS. @@ -401,15 +402,15 @@ Intune for Education provides an **Express configuration** option so you can get **Figure 22** - Expand the settings group to get more details - ![Expand the settings group to get more info](images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped.png) + ![Expand the settings group to get more info](images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped_052217.png) 9. For this walkthrough, set the following settings: - - In the **Internet browser settings** group, change the **Send Do Not Track requests to help protect users' privacy** setting to **Block**. - - In the **App settings** group, change the **Microsoft Store for Business apps** setting to **Block**, and then set the **Private Microsoft Store for Business apps** to **Allow**. + - In the **Microsoft Edge settings** group, change the **Do-Not-Track headers** setting to **Require**. + - In the **App settings** group, change the **Microsoft Store for Business apps** setting to **Block**, and then set the **Require Microsoft Store for Business apps to be installed from private store** to **Require**. **Figure 23** - Set some additional settings - ![Set some additional settings](images/i4e_expressconfiguration_choosesettings_additionalsettingsconfigured_cropped.png) + ![Set some additional settings](images/i4e_expressconfiguration_choosesettings_additionalsettings_cropped.png) 10. Click **Next**. In the **Review** screen, you will see a summary of the apps and settings you selected to apply. @@ -606,8 +607,8 @@ When a device is owned by the school, you may need to have a single persion addi Follow the steps in this section to enable a single person to add many devices to your cloud infrastructure. 1. Sign in to the Office 365 admin center. -2. Click **Admin centers** and select **Azure AD** to go to the Azure portal. -3. Configure the device settings for the school's Active Directory. From the new Azure portal, https://portal.azure.com, select **Azure Active Directory > Users and groups > Device settings**. +2. Configure the device settings for the school's Active Directory. To do this, go to the new Azure portal, https://portal.azure.com. +3. Select **Azure Active Directory > Users and groups > Device settings**. **Figure 40** - Device settings in the new Azure portal @@ -622,8 +623,8 @@ When students move from using one device to another, they may need to have their Follow the steps in this section to ensure that settings for the each user follow them when they move from one device to another. 1. Sign in to the Office 365 admin center. -2. Click **Admin centers** and select **Azure AD** to go to the Azure portal. -3. Configure the device settings for the school's Active Directory. From the new Azure portal, https://portal.azure.com, select **Azure Active Directory > Users and groups > Device settings**. +3. Go to the new Azure portal, https://portal.azure.com. +3. Select **Azure Active Directory > Users and groups > Device settings**. 4. Find the setting **Users may sync settings and enterprise app data** and change the value to **All**. **Figure 41** - Enable settings to roam with users diff --git a/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettings_cropped.PNG b/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettings_cropped.PNG new file mode 100644 index 0000000000..96e1e0452b Binary files /dev/null and b/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettings_cropped.PNG differ diff --git a/education/get-started/images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped_052217.PNG b/education/get-started/images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped_052217.PNG new file mode 100644 index 0000000000..e223b5a94c Binary files /dev/null and b/education/get-started/images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped_052217.PNG differ diff --git a/education/get-started/images/sds_profile_profilepage.PNG b/education/get-started/images/sds_profile_profilepage.PNG new file mode 100644 index 0000000000..04e2193189 Binary files /dev/null and b/education/get-started/images/sds_profile_profilepage.PNG differ diff --git a/education/get-started/images/sds_profile_studentoptions.PNG b/education/get-started/images/sds_profile_studentoptions.PNG new file mode 100644 index 0000000000..87558a3881 Binary files /dev/null and b/education/get-started/images/sds_profile_studentoptions.PNG differ diff --git a/education/get-started/images/sds_profile_syncenabled.PNG b/education/get-started/images/sds_profile_syncenabled.PNG new file mode 100644 index 0000000000..197d2f0851 Binary files /dev/null and b/education/get-started/images/sds_profile_syncenabled.PNG differ diff --git a/education/get-started/images/sds_profile_syncoptions.PNG b/education/get-started/images/sds_profile_syncoptions.PNG new file mode 100644 index 0000000000..f7cd01262f Binary files /dev/null and b/education/get-started/images/sds_profile_syncoptions.PNG differ diff --git a/education/get-started/images/sds_profile_teacheroptions.PNG b/education/get-started/images/sds_profile_teacheroptions.PNG new file mode 100644 index 0000000000..0a01ed2f96 Binary files /dev/null and b/education/get-started/images/sds_profile_teacheroptions.PNG differ diff --git a/education/windows/images/suspc_createpackage_configurestudentpcsettings.png b/education/windows/images/suspc_createpackage_configurestudentpcsettings.png new file mode 100644 index 0000000000..99a4f8c5fd Binary files /dev/null and b/education/windows/images/suspc_createpackage_configurestudentpcsettings.png differ diff --git a/education/windows/images/suspc_createpackage_recommendedapps.png b/education/windows/images/suspc_createpackage_recommendedapps.png new file mode 100644 index 0000000000..e1e2fdaa46 Binary files /dev/null and b/education/windows/images/suspc_createpackage_recommendedapps.png differ diff --git a/education/windows/images/suspc_createpackage_signin.png b/education/windows/images/suspc_createpackage_signin.png new file mode 100644 index 0000000000..1d05636ed6 Binary files /dev/null and b/education/windows/images/suspc_createpackage_signin.png differ diff --git a/education/windows/images/suspc_createpackage_skipwifi_modaldialog.png b/education/windows/images/suspc_createpackage_skipwifi_modaldialog.png new file mode 100644 index 0000000000..294c970e85 Binary files /dev/null and b/education/windows/images/suspc_createpackage_skipwifi_modaldialog.png differ diff --git a/education/windows/images/suspc_createpackage_summary.PNG b/education/windows/images/suspc_createpackage_summary.PNG index 3740cc9aef..2699f6e222 100644 Binary files a/education/windows/images/suspc_createpackage_summary.PNG and b/education/windows/images/suspc_createpackage_summary.PNG differ diff --git a/education/windows/images/suspc_createpackage_takeatest.png b/education/windows/images/suspc_createpackage_takeatest.png new file mode 100644 index 0000000000..0be05a727d Binary files /dev/null and b/education/windows/images/suspc_createpackage_takeatest.png differ diff --git a/education/windows/images/suspc_savepackage_insertusb.PNG b/education/windows/images/suspc_savepackage_insertusb.PNG index e5f9968d7e..6c36d04e88 100644 Binary files a/education/windows/images/suspc_savepackage_insertusb.PNG and b/education/windows/images/suspc_savepackage_insertusb.PNG differ diff --git a/education/windows/images/suspc_savepackage_ppkgisready.png b/education/windows/images/suspc_savepackage_ppkgisready.png new file mode 100644 index 0000000000..7f8ca446f5 Binary files /dev/null and b/education/windows/images/suspc_savepackage_ppkgisready.png differ diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md index 597919abca..8512b79b49 100644 --- a/education/windows/use-set-up-school-pcs-app.md +++ b/education/windows/use-set-up-school-pcs-app.md @@ -132,13 +132,21 @@ The **Set up School PCs** app guides you through the configuration choices for t **Figure 2** - Verify that the account you selected shows up - ![Verify that the account you selected shows up](images/suspc_choosesettings_signin_final.png) + ![Verify that the account you selected shows up](images/suspc_createpackage_signin.png) 5. Click **Next**. 4. To allow the student PCs to automatically connect to your school's wireless network, in the **Select the school's wireless network** page: 1. Select the school's Wi-Fi network from the list of available wireless networks or manually add a wireless network. - 2. Click **Next**. + 2. Click **Next** if you added or selected a wireless network, or **Skip** to skip configuring a wireless network. + + If you click **Skip**, you will see the following dialog. + * If you select **Got it**, you will go to the next page without Wi-Fi set up. + * If you select **Add Wi-Fi**, you will go back to the Wi-Fi page to add a wireless network. + + **Figure 3** - Only skip Wi-Fi if you have a wired Ethernet connection + + ![Only skip Wi-Fi if you have a wired Ethernet connection](images/suspc_createpackage_skipwifi_modaldialog.png) 5. To assign a name to the student PCs, in the **Assign a name to these student PCs** page: 1. Add a short name that Set up School PCs will use as a prefix to identify and easily manage the group of devices, apps, and other settings through your device management client. @@ -168,9 +176,9 @@ The **Set up School PCs** app guides you through the configuration choices for t - To change the default lock screen background or to use your school's custom lock screen background, click **Browse** to select a new lock screen background. - **Figure 3** - Configure student PC settings + **Figure 4** - Configure student PC settings - ![Configure student PC settings](images/suspc_createpackage_settingspage.png) + ![Configure student PC settings](images/suspc_createpackage_configurestudentpcsettings.png) When you're doing configuring the student PC settings, click **Next**. @@ -180,50 +188,49 @@ The **Set up School PCs** app guides you through the configuration choices for t If you set up Take a Test, this adds a **Take a Test** button on the student PC's sign-in screen. Windows will also lock down the student PC so that students can't access anything else while taking the test. - **Figure 4** - Configure the Take a Test app + **Figure 5** - Configure the Take a Test app - ![Configure the Take a Test app](images/suspc_createpackage_takeatestpage.png) + ![Configure the Take a Test app](images/suspc_createpackage_takeatest.png) 3. Click **Next** or **Skip** depending on whether you want to set up Take a Test. - - -8. In the **Review package summary** page, make sure that all the settings you configured appear correctly. +9. In the **Review package summary** page, make sure that all the settings you configured appear correctly. 1. If you need to change any of the settings, you can on the sections to go back to that page and make your changes. - **Figure 5** - Review your settings and change them as needed + **Figure 7** - Review your settings and change them as needed ![Review your settings and change them as needed](images/suspc_createpackage_summary.png) 2. Click **Accept**. -9. In the **Insert a USB drive now** page: +10. In the **Insert a USB drive now** page: 1. Insert a USB drive to save your settings and create a provisioning package on the USB drive. 2. Set up School PCs will automatically detect the USB drive after it's inserted. Choose the USB drive from the list. 3. Click **Save** to save the provisioning package to the USB drive. - **Figure 6** - Select the USB drive and save the provisioning package + **Figure 8** - Select the USB drive and save the provisioning package - ![Select the USB drive and save the provisioning package](images/suspc_savepackage_insertusb_050817.png) + ![Select the USB drive and save the provisioning package](images/suspc_savepackage_insertusb.png) -10. When the provisioning package is ready, you will see the name of the file and you can remove the USB drive. Click **Next** if you're done, or click **Add a USB** to save the same provisioning package to another USB drive. +11. When the provisioning package is ready, you will see the name of the file and you can remove the USB drive. Click **Next** if you're done, or click **Add a USB** to save the same provisioning package to another USB drive. - **Figure 7** - Provisioning package is ready + **Figure 9** - Provisioning package is ready - ![Provisioning package is ready](images/suspc_ppkgisready_050817.png) + ![Provisioning package is ready](images/suspc_savepackage_ppkgisready.png) 12. Follow the instructions in the **Get the student PCs ready** page to start setting up the student PCs. - **Figure 8** - Line up the student PCs and get them ready for setup + **Figure 10** - Line up the student PCs and get them ready for setup ![Line up the student PCs and get them ready for setup](images/suspc_runpackage_getpcsready.png) @@ -232,7 +239,7 @@ The **Set up School PCs** app guides you through the configuration choices for t Select **Create new package** if you need to create a new provisioning package. Otherwise, you can remove the USB drive if you're completely done creating the package. - **Figure 9** - Install the provisioning package on the student PCs + **Figure 11** - Install the provisioning package on the student PCs ![Install the provisioning package on the student PCs](images/suspc_runpackage_installpackage.png) @@ -250,19 +257,19 @@ The provisioning package on your USB drive is named `Set up School PCs.ppkg`. A If the PC has gone past the account setup screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**. - **Figure 10** - The first screen during first-run setup in Windows 10 Creators Update (version 1703) + **Figure 12** - The first screen during first-run setup in Windows 10 Creators Update (version 1703) ![The first screen to set up a new PC in Windows 10 Creators Update](images/win10_1703_oobe_firstscreen.png) 2. Insert the USB drive. Windows will recognize the drive and automatically install the provisioning package. - **Figure 11** - Windows automatically detects the provisioning package and installs it + **Figure 13** - Windows automatically detects the provisioning package and installs it ![Windows automatically detects the provisioning package and installs it](images/suspc_studentpcsetup_installingsetupfile.png) 3. You can remove the USB drive when you see the message that you can remove the removable media. You can then use the USB drive to start provisioning another student PC. - **Figure 12** - Remove the USB drive when you see the message that the media can be removed + **Figure 14** - Remove the USB drive when you see the message that the media can be removed ![You can remove the USB drive when you see the message that the media can be removed](images/suspc_setup_removemediamessage.png) diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md index db3fb46f6a..b798212e27 100644 --- a/education/windows/windows-editions-for-education-customers.md +++ b/education/windows/windows-editions-for-education-customers.md @@ -39,7 +39,7 @@ Existing devices running Windows 10 Pro, currently activated with the original O Customers with Academic Volume Licensing agreements with rights for Windows can get Windows 10 Pro Education through the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). -Customers who deploy Windows 10 Pro are able to configure the product to have similar feature settings to Windows 10 Pro Education using policies. More detailed information on these policies and the configuration steps required is available in Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Pro read the [document](https://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment. +Customers who deploy Windows 10 Pro are able to configure the product to have similar feature settings to Windows 10 Pro Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Pro read the [document](https://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment. ## Windows 10 Education diff --git a/windows/deployment/index.md b/windows/deployment/index.md index b24224172e..95945c8749 100644 --- a/windows/deployment/index.md +++ b/windows/deployment/index.md @@ -9,15 +9,6 @@ localizationpriority: high author: greg-lindsay --- - - - - - - -
Icon showing a security alert A wide-spread ransomware attack, known as "WannaCrypt," targets Windows systems that do not yet have the latest updates. Given the severity of this threat, immediately update your Windows systems. [Learn more](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/).
- - # Deploy, Upgrade and Update Windows 10 Learn about deployment in Windows 10 for IT professionals. This includes deploying the operating system, upgrading to it from previous version and updating Windows 10. diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md index 8a67edbacb..bc18ab0d95 100644 --- a/windows/deployment/update/index.md +++ b/windows/deployment/update/index.md @@ -7,14 +7,6 @@ ms.sitesec: library author: DaniHalfin localizationpriority: high --- - - - - - - -
Icon showing a security alert A wide-spread ransomware attack, known as "WannaCrypt," targets Windows systems that do not yet have the latest updates. Given the severity of this threat, immediately update your Windows systems. [Learn more](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/).
- # Update Windows 10 in the enterprise diff --git a/windows/deployment/update/waas-manage-updates-configuration-manager.md b/windows/deployment/update/waas-manage-updates-configuration-manager.md index b4d572a34d..6d68004a30 100644 --- a/windows/deployment/update/waas-manage-updates-configuration-manager.md +++ b/windows/deployment/update/waas-manage-updates-configuration-manager.md @@ -7,14 +7,6 @@ ms.sitesec: library author: DaniHalfin localizationpriority: high --- - - - - - - -
Icon showing a security alert A wide-spread ransomware attack, known as "WannaCrypt," targets Windows systems that do not yet have the latest updates. Given the severity of this threat, immediately update your Windows systems. [Learn more](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/).
- # Deploy Windows 10 updates using System Center Configuration Manager diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index b06e61e3bf..2c9f7a83e5 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -7,14 +7,6 @@ ms.sitesec: library author: DaniHalfin localizationpriority: high --- - - - - - - -
Icon showing a security alert A wide-spread ransomware attack, known as "WannaCrypt," targets Windows systems that do not yet have the latest updates. Given the severity of this threat, immediately update your Windows systems. [Learn more](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/).
- # Deploy Windows 10 updates using Windows Server Update Services (WSUS) diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md index 8bdfad5ea7..d7207457f6 100644 --- a/windows/deployment/update/waas-manage-updates-wufb.md +++ b/windows/deployment/update/waas-manage-updates-wufb.md @@ -7,14 +7,6 @@ ms.sitesec: library author: DaniHalfin localizationpriority: high --- - - - - - - -
Icon showing a security alert A wide-spread ransomware attack, known as "WannaCrypt," targets Windows systems that do not yet have the latest updates. Given the severity of this threat, immediately update your Windows systems. [Learn more](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/).
- # Deploy updates using Windows Update for Business diff --git a/windows/threat-protection/index.md b/windows/threat-protection/index.md index 0f6aaa04b1..77a4201aad 100644 --- a/windows/threat-protection/index.md +++ b/windows/threat-protection/index.md @@ -8,15 +8,6 @@ ms.pagetype: security author: brianlic-msft --- - - - - - - -
Icon showing a security alert A wide-spread ransomware attack, known as "WannaCrypt," targets Windows systems that do not yet have the latest updates. Given the severity of this threat, immediately update your Windows systems. [Learn more](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/).
- - # Threat Protection Learn more about how to help protect against threats in Windows 10 and Windows 10 Mobile. diff --git a/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md index b720246c1e..5ae7bf350c 100644 --- a/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md @@ -35,19 +35,23 @@ To see a list of alerts, click any of the queues under the **Alerts queue** opti > [!NOTE] > By default, alerts in the queues are sorted from newest to oldest. -## Sort and filter the alerts +![Image of alerts queue](images/atp-alertsq2.png) + +## Sort, filter, and group the alerts list You can sort and filter the alerts using the available filters or clicking on a column's header that will sort the view in ascending or descending order. -![Alerts queue with numbers](images/alerts-queue-numbered.png) +**Time period**
+- 1 day +- 3 days +- 7 days +- 30 days +- 6 months -Highlighted area|Area name|Description -:---|:---|:--- -1 | Alert filters | Filter the list of alerts by severity, detection source, time period, or change the view from flat to grouped. -2 | Alert selected | Select an alert to bring up the **Alert management** pane to manage and see details about the alert. -3 | Alert management pane | View and manage alerts without leaving the alerts queue view. - -### Sort, filter, and group the alerts list -You can use the following filters to limit the list of alerts displayed during an investigation: +**OS Platform**
+ - Windows 10 + - Windows Server 2012 R2 + - Windows Server 2016 + - Other **Severity**
@@ -67,22 +71,17 @@ Reviewing the various alerts and their severity can help you decide on the appro >[!NOTE] >The Windows Defender Antivirus filter will only appear if your endpoints are using Windows Defender as the default real-time protection antimalware product. -**Time period**
-- 1 day -- 3 days -- 7 days -- 30 days -- 6 months - **View**
- **Flat view** - Lists alerts individually with alerts having the latest activity displayed at the top. - **Grouped view** - Groups alerts by alert ID, file hash, malware family, or other attribute to enable more efficient alert triage and management. Alert grouping reduces the number of rows in the queue by aggregating similar alerts together. -The grouped view allows efficient alert triage and management. +The grouped view allows for efficient alert triage and management. ### Use the Alert management pane Selecting an alert brings up the **Alert management** pane where you can manage and see details about the alert. +![Image of an alert selected](images/atp-alerts-selected.png) + You can take immediate action on an alert and see details about an alert in the **Alert management** pane: - Change the status of an alert from new, to in progress, or resolved. @@ -101,6 +100,11 @@ You can take immediate action on an alert and see details about an alert in the >[!NOTE] >You can also access the **Alert management** pane from the machine details view by selecting an alert in the **Alerts related to this machine** section. +### Use the User details pane +Selecting a user brings up the **User details** pane where you can see information such as machine details, related alerts, last IP address, when the machine was first and last seen reporting to the service, and information on the logged on users. + +![Alerts queue with numbers](images/atp-alerts-queue-user.png) + ### Bulk edit alerts Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together, which allows resolving multiple similar alerts in one action. diff --git a/windows/threat-protection/windows-defender-atp/images/alerts-q-bulk.png b/windows/threat-protection/windows-defender-atp/images/alerts-q-bulk.png index 9aad1b64aa..22be821960 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/alerts-q-bulk.png and b/windows/threat-protection/windows-defender-atp/images/alerts-q-bulk.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alerts-queue.png b/windows/threat-protection/windows-defender-atp/images/atp-alerts-queue.png new file mode 100644 index 0000000000..5bf942065e Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-alerts-queue.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alertsq1.png b/windows/threat-protection/windows-defender-atp/images/atp-alertsq1.png new file mode 100644 index 0000000000..22a72d1306 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-alertsq1.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png new file mode 100644 index 0000000000..a1e3309e81 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png new file mode 100644 index 0000000000..51e693533e Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machines-timeline.png b/windows/threat-protection/windows-defender-atp/images/atp-machines-timeline.png new file mode 100644 index 0000000000..b58b0f29b0 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machines-timeline.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-portal-sensor.png b/windows/threat-protection/windows-defender-atp/images/atp-portal-sensor.png index 06ab5d849d..aca33bafc4 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-portal-sensor.png and b/windows/threat-protection/windows-defender-atp/images/atp-portal-sensor.png differ diff --git a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 0c4eaeb6e2..1fc73cb046 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -34,53 +34,83 @@ You can click on affected machines whenever you see them in the portal to open a - Any IP address or domain details view When you investigate a specific machine, you'll see: -- Machine details, Logged on user, and Machine Reporting +- Machine details, Logged on users, and Machine Reporting - Alerts related to this machine - Machine timeline ![Image of machine details page](images/atp-machine-details-view.png) -The machine details, total logged on users and machine reporting sections display various attributes about the machine. You’ll see details such as machine name, health state, actions you can take on the machine. For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md). +The machine details, total logged on users and machine reporting sections display various attributes about the machine. You’ll see details such as machine name, health state, actions you can take on the machine, and others. For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md). -You'll also see other information such as domain, operating system (OS), total logged on users and who frequently and less frequently logged on, IP address, and how long it's been reporting sensor data to the Windows Defender ATP service. +You'll also see other information such as domain, operating system (OS) and build, total logged on users and who frequently and less frequently logged on, IP address, and how long it's been reporting sensor data to the Windows Defender ATP service. -Clicking on the number of total logged on users in the Logged on user tile opens the Users Details pane that displays the following information for logged on users in the past 30 days: +Clicking on the number of total logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days: - Interactive and remote interactive logins - Network, batch, and system logins ![Image of user details pane](images/atp-user-details-pane.png) -You'll also see details such as logon types for each user account, the user group, and when the account was logged in. +You'll also see details such as logon types for each user account, the user group, and when the account logon occurred. For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md). -The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. This list is a simplified version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the last activity was detected, a short description of the alert, the user associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert. +The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert. -You can also choose to highlight an alert from the **Alerts related to this machine** or from the **Machine timeline** section to see the correlation between the alert and other events that occurred on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights alerts and related events and helps distinguish from other alerts and events appearing in the timeline. Highlighted events are displayed in all filtering modes whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**. +You can also choose to highlight an alert from the **Alerts related to this machine** or from the **Machine timeline** section to see the correlation between the alert and its related events on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights the alert and its related events and helps distinguish them from other alerts and events appearing in the timeline. Highlighted events are displayed in all information levels whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**. The **Machine timeline** section provides a chronological view of the events and associated alerts that have been observed on the machine. -This feature also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a specified time period. +This feature also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. -![Image of machine timeline with events](images/atp-machine-timeline.png) +![Image of machine timeline with events](images/atp-machines-timeline.png) -Windows Defender ATP monitors and captures questionable behavior on Windows 10 machines and displays the process tree flow in the **Machine timeline**. This gives you better context of the behavior which can contribute to understanding the correlation between events, files, and IP addresses in relation to the machine. +Windows Defender ATP monitors and captures suspicious or anomalous behavior on Windows 10 machines and displays the process tree flow in the **Machine timeline**. This gives you better context of the behavior which can contribute to understanding the correlation between events, files, and IP addresses in relation to the machine. -### Search for specific alerts -Use the search bar to look for specific alerts or files associated with the machine: -- **Value** – Type in any search keyword to filter the timeline with the attribute you’re searching for. +### Search for specific events +Use the search bar to look for specific timeline events. Harness the power of using the following defined search queries based on type:value pairs and event filter types to sift through the search results: + +- **Value** - Type in any search keyword to filter the timeline with the attribute you’re searching for. This search supports defined search queries based on type:value pairs.
+ You can use any of the following values:
+ - Hash: Sha1 or MD5 + - File name + - File extension + - Path + - Command line + - User + - IP + - URL - **Informational level** – Click the drop-down button to filter by the following levels: - - **Detections mode**: displays Windows ATP Alerts and detections - - **Behaviors mode**: displays "detections" and selected events of interest - - **Verbose mode**: displays "behaviors" (including "detections"), and all reported events -- **User** – Click the drop-down button to filter the machine timeline by the following user associated events: + - Detections mode: displays Windows ATP Alerts and detections + - Behaviors mode: displays "detections" and selected events of interest + - Verbose mode: displays all raw events without aggregation or filtering + +- **Event type** - Click the drop-down button to filter by the following levels: + - Windows Defender ATP alerts + - Windows Defender AV alerts + - Response actions + - AppGuard related events + - Windows Defender Device Guard events + - Process events + - Network events + - File events + - Registry events + - Load DLL events + - Other events

+ Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed. + +- **User account** – Click the drop-down button to filter the machine timeline by the following user associated events: - Logon users - System - Network - Local service +The following example illustrates the use of type:value pair. The events were filtered by searching for the user jonathan.wolcott and network events as the event type: + +![Image of events filtered by user and event type](images/atp-machine-timeline-filter.png) + +The results in the timeline only show network communication events run in the defined user context. ### Filter events from a specific date Use the time-based slider to filter events from a specific date. By default, the machine timeline is set to display the events of the current day. @@ -92,7 +122,7 @@ The slider is helpful when you're investigating a particular alert on a machine. ### Export machine timeline events You can also export detailed event data from the machine timeline to conduct offline analysis. You can choose to export the machine timeline for the current date or specify a date range. You can export up to seven days of data and specify the specific time between the two dates. -![Image of export machine timeline events](images/atp-export-machine-timeline-events.png) +![Image of export machine timeline events](images/atp-machine-timeline-export.png) ### Navigate between pages Use the events per page drop-down to choose the number of alerts you’d like to see on the page. You can choose to display 20, 50, or 100 events per page. You can also move between pages by clicking **Older** or **Newer**. @@ -106,9 +136,9 @@ From the list of events that are displayed in the timeline, you can examine the You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline) feature to see the correlation between alerts and events on a specific machine. -Expand an event to view associated processes related to the event. Click on the circle next to any process or IP address in the process tree to investigating further into the identified processes. This action brings up the **Details pane** which includes execution context of processes, network communications and a summary of metadata on the file or IP address. +Expand an event to view associated processes related to the event. Click on the circle next to any process or IP address in the process tree to investigate additional details of the identified processes. This action brings up the **Details pane** which includes execution context of processes, network communications and a summary of metadata on the file or IP address. -This enhances the ‘in-context’ information across investigation and exploration activities, reducing the need to switch between contexts. It lets you focus on the task of tracing associations between attributes without leaving the current context. +The details pane enriches the ‘in-context’ information across investigation and exploration activities, reducing the need to switch between contexts. It lets you focus on the task of tracing associations between attributes without leaving the current context. ## Related topics - [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md index 44a32cf414..ddcf2f5185 100644 --- a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -23,21 +23,21 @@ localizationpriority: high The **Machines list** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network. -Use the Machines view in these main scenarios: +Use the Machines list in these main scenarios: - **During onboarding**
During the onboarding process, the **Machines list** is gradually populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis. - **Day-to-day work** The **Machines list** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them. -## Sort, filter, and download the list of machines from the Machines view +## Sort, filter, and download the list of machines from the Machines list You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order. -Filter the **Machines list** by time period, **Active malware categories**, or **Sensor health state** to focus on certain sets of machines, according to the desired criteria. +Filter the **Machines list** by time period, **OS Platform**, **Health**, or **Malware category alerts** to focus on certain sets of machines, according to the desired criteria. You can also download the entire list in CSV format using the **Export to CSV** feature. -![Image of machines list with list of machines](images/atp-machines-view-list.png) +![Image of machines list with list of machines](images/atp-machines-list-view.png) You can use the following filters to limit the list of machines displayed during an investigation: @@ -48,35 +48,50 @@ You can use the following filters to limit the list of machines displayed during - 30 days - 6 months +**OS Platform**
+- Windows 10 +- Windows Server 2012 R2 +- Windows Server 2016 +- Other + +**Sensor health state**
+Filter the list to view specific machines grouped together by the following machine health states: + +- **Active** – Machines that are actively reporting sensor data to the service. +- **Misconfigured** – Machines that have impaired communication with service or are unable to send sensor data. Misconfigured machines can further be classified to: + - Impaired communication + - No sensor data + + For more information on how to address issues on misconfigured machines see, [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md). +- **Inactive** – Machines that have completely stopped sending signals for more than 7 days. + + **Malware category**
Filter the list to view specific machines grouped together by the following malware categories: - **Ransomware** – Ransomware use common methods to encrypt files using keys that are known only to attackers. As a result, victims are unable to access the contents of the encrypted files. Most ransomware display or drop a ransom note—an image or an HTML file that contains information about how to obtain the attacker-supplied decryption tool for a fee. - **Credential theft** – Spying tools, whether commercially available or solely used for unauthorized purposes, include general purpose spyware, monitoring software, hacking programs, and password stealers. These tools collect credentials and other information from browser records, key presses, email and instant messages, voice and video conversations, and screenshots. They are used in cyberattacks to establish control and steal information. - **Exploit** – Exploits take advantage of unsecure code in operating system components and applications. Exploits allow attackers to run arbitrary code, elevate privileges, and perform other actions that increase their ability to compromise a targeted machine. Exploits are found in both commodity malware and malware used in targeted attacks. + - **Backdoor** - Backdoors are malicious remote access tools that allow attackers to access and control infected machines. Backdoors can also be used to exfiltrate data. - **General malware** – Malware are malicious programs that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft. Some malware can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyberattacks. - - **Unwanted software** – Unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software. + - **PUA** – Unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software. -**Sensor health state**
-Filter the list to view specific machines grouped together by the following machine health states: - -- **Active** – Machines that are actively reporting sensor data to the service. -- **Misconfigured** – Machines that have impaired communication with service or are unable to send sensor data. For more information on how to address issues on misconfigured machines see, [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md). -- **Inactive** – Machines that have completely stopped sending signals for more than 7 days. ## Export machine list to CSV -You can download a full list of all the machines in your organization, in CSV format. Click the **Manage** menu icon ![The menu icon looks like three periods stacked on top of each other](images/menu-icon.png) to download the entire list as a CSV file. +You can download a full list of all the machines in your organization, in CSV format. Click the **Export to CSV** button to download the entire list as a CSV file. **Note**: Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is. Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself. -## Sort the Machines view +## Sort the Machines list You can sort the **Machines list** by the following columns: - **Machine name** - Name or GUID of the machine +- **Domain** - Domain where the machine is joined in +- **OS Platform** - Indicates the OS of the machine +- **Health State** – Indicates if the machine is misconfigured or is not sending sensor data - **Last seen** - Date and time when the machine last reported sensor data - **Internal IP** - Local internal Internet Protocol (IP) address of the machine -- **Health State** – Indicates if the machine is misconfigured or is not sending sensor data - **Active Alerts** - Number of alerts reported by the machine by severity - **Active malware detections** - Number of active malware detections reported by the machine @@ -91,7 +106,7 @@ You can sort the **Machines list** by the following columns: - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md) -- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) +- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md) - [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md) - [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index 311ebea501..8fb19c7e1a 100644 --- a/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -32,3 +32,6 @@ Turn on the preview experience setting to be among the first to try upcoming fea 1. In the navigation pane, select **Preferences setup** > **Preview experience**. 2. Toggle the setting between **On** and **Off** and select **Save preferences**. + +## Preview features +There are currently no preview only features. diff --git a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 7d4f31f76b..8f73a17944 100644 --- a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -95,7 +95,6 @@ Topic | Description [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) | Learn about pulling alerts from the Windows Defender ATP portal using supported security information and events management (SIEM) tools. [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) | Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization. [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service. -[Windows Defender Advanced Threat Protection settings](settings-windows-defender-advanced-threat-protection.md) | Learn about setting the time zone and configuring the suppression rules to configure the service to your requirements. [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature. [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings, suppression rules, and view license information. [Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md) | Verify that the service health is running properly or if there are current issues.