Merged PR 14891: BILBAO preview

windows/security/threat-protection/security-policy-settings/create-global-objects.md

@@ -89,16 +89,6 @@ By default, members of the **Administrators** group, the System account, and ser
 
 When non-administrators need to access a server using Remote Desktop, add the users to the **Remote Desktop Users** group rather than assining them this user right.
 
-### Vulnerability
-
->**Caution:**  A user account that is given this user right has complete control over the system, and it can lead to the system being compromised. We highly recommend that you do not assign this right to any user accounts.
- 
-Windows examines a user's access token to determine the level of the user's privileges. Access tokens are built when users log on to the local device or connect to a remote device over a network. When you revoke a privilege, the change is immediately recorded, but the change is not reflected in the user's access token until the next time the user logs on or connects. Users with the ability to create or modify tokens can change the level of access for any currently logged on account. They could escalate their privileges or create a denial-of-service (DoS) condition.
-
-### Countermeasure
-
-Do not assign the **Create a token object** user right to any users. Processes that require this user right should use the Local System account, which already includes it, instead of a separate user account with this user right assigned.
-
 ### Potential impact
 
 None. Not Defined is the default domain policy configuration.

windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md

@@ -33,6 +33,8 @@ Custom exclusions take precedence over automatic exclusions.
 > [!TIP]
 > Custom and duplicate exclusions do not conflict with automatic exclusions.
 
+
+
 Windows Defender Antivirus uses the Deployment Image Servicing and Management (DISM) tools to determine which roles are installed on your computer.
 
 ## Opt out of automatic exclusions
@@ -45,6 +47,9 @@ In Windows Server 2016, the predefined exclusions delivered by Security intellig
 > [!NOTE]
 > This setting is only supported on Windows Server 2016. While this setting exists in Windows 10, it doesn't have an effect on exclusions.
 
+> [!TIP]
+> Since the predefined exclusions only exclude **default paths**, if you move NTDS and SYSVOL to another drive or path *different than the original one*, you would have to manually add the exclusions using the information [here](configure-extension-file-exclusions-windows-defender-antivirus.md#configure-the-list-of-exclusions-based-on-folder-name-or-file-extension) .
+
 You can disable the automatic exclusion lists with Group Policy, PowerShell cmdlets, and WMI.
 
 **Use Group Policy to disable the auto-exclusions list on Windows Server 2016:**
@@ -382,4 +387,4 @@ This section lists the folder exclusions that are delivered automatically when y
 - [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md)
 - [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md)
 - [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
-- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
+- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)

windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md

@@ -41,7 +41,7 @@ System Center Configuration Manager ([1](#fn1))|Use the [Endpoint Protection poi
 Group Policy and Active Directory (domain-joined)|Use a Group Policy Object to deploy configuration changes and ensure Windows Defender Antivirus is enabled.|Use Group Policy Objects (GPOs) to [Configure update options for Windows Defender Antivirus][] and [Configure Windows Defender features][]|Endpoint reporting is not available with Group Policy. You can generate a list of [Group Policies to determine if any settings or policies are not applied][]
 PowerShell|Deploy with Group Policy, System Center Configuration Manager, or manually on individual endpoints.|Use the [Set-MpPreference][] and [Update-MpSignature] [] cmdlets available in the Defender module|Use the appropriate [Get- cmdlets available in the Defender module][]
 Windows Management Instrumentation|Deploy with Group Policy, System Center Configuration Manager, or manually on individual endpoints.|Use the [Set method of the MSFT_MpPreference class][] and the [Update method of the MSFT_MpSignature class][]|Use the [MSFT_MpComputerStatus][] class and the get method of associated classes in the [Windows Defender WMIv2 Provider][]
-Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection)|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/powershell/servicemanagement/azure.antimalware/v3.4.0/azure.antimalware) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe)|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/powershell/servicemanagement/azure.antimalware/v3.4.0/azure.antimalware) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the [Possibly infected devices][] report and configure an SIEM tool to report on [Windows Defender Antivirus events][] and add that tool as an app in AAD.
+Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection)|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe)|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the [Possibly infected devices][] report and configure an SIEM tool to report on [Windows Defender Antivirus events][] and add that tool as an app in AAD.
 
 1. <span id="fn1" />The availability of some functions and features, especially related to cloud-delivered protection, differ between System Center Configuration Manager (Current Branch) and System Center Configuration Manager 2012. In this library, we've focused on Windows 10, Windows Server 2016, and System Center Configuration Manager (Current Branch). See [Use Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for a table that describes the major differences. [(Return to table)](#ref2)
   

windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md

@@ -76,6 +76,11 @@ Application Guard functionality is turned off by default. However, you can quick
    Application Guard and its underlying dependencies are all installed.
 
 **To install by using PowerShell**
+
+>[!NOTE]
+>Ensure your devices have met all system requirements prior to this step. PowerShell will install the feature without checking system requirements. If your devices don't meet the system requirements, Application Guard may not work. This step is recommended for enterprise managed scenarios only.
+
+
 1. Click the **Search** or **Cortana** icon in the Windows 10 taskbar and type **PowerShell**.
    
 2. Right-click **Windows PowerShell**, and then click **Run as administrator**.

windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md

@@ -14,14 +14,13 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 12/08/2017
 ---
 
 # Indicator resource type
 
 **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-[!include[Prerelease<EFBFBD>information](prerelease.md)]
+[!include[Prerelease information](prerelease.md)]
 
 Method|Return Type |Description
 :---|:---|:---

windows/security/threat-protection/windows-platform-common-criteria.md

@@ -9,7 +9,7 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 10/8/2018
+ms.date: 3/20/2019
 ---
 
 # Common Criteria Certifications
@@ -22,6 +22,7 @@ Microsoft is committed to optimizing the security of its products and services.
 
 The Security Target describes security functionality and assurance measures used to evaluate Windows.
 
+  - [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/0/7/6/0764E933-DD0B-45A7-9144-1DD9F454DCEF/Windows%2010%201803%20GP%20OS%20Security%20Target.pdf)
   - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf)
   - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf)
   - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf)
@@ -58,6 +59,7 @@ These documents describe how to configure Windows to replicate the configuration
 **Windows 10, Windows 10 Mobile, Windows Server 2016, Windows Server 2012 R2**
 
   
+  - [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/6/C/1/6C13FBFF-9CB0-455F-A1C8-3E3CB0ACBD7B/Windows%2010%201803%20GP%20OS%20Administrative%20Guide.pdf)
   - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf)
   - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf)
   - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf)
@@ -134,6 +136,7 @@ These documents describe how to configure Windows to replicate the configuration
 
 An Evaluation Technical Report (ETR) is a report submitted to the Common Criteria certification authority for how Windows complies with the claims made in the Security Target. A Certification / Validation Report provides the results of the evaluation by the validation team.
 
+  - [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/6/7/1/67167BF2-885D-4646-A61E-96A0024B52BB/Windows%2010%201803%20GP%20OS%20Certification%20Report.pdf)
   - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf) 
   - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf)
   - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf)