mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-19 12:23:37 +00:00
Merge remote-tracking branch 'origin/master' into atp-tb-troubleshoot-onboarding-setup
This commit is contained in:
Tanya Bittenmaster
@ -7,7 +7,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: nickbrower
|
||||
ms.date: 09/19/2017
|
||||
ms.date: 10/03/2017
|
||||
---
|
||||
|
||||
# AssignedAccess CSP
|
||||
@ -19,16 +19,17 @@ The AssignedAccess configuration service provider (CSP) is used set the device t
|
||||
|
||||
For step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](http://go.microsoft.com/fwlink/p/?LinkID=722211)
|
||||
|
||||
> **Note** The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting in Windows 10, version 1709 it is also supported in Windows 10 Pro.
|
||||
> [!Note]
|
||||
> The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting in Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S.
|
||||
|
||||
The following diagram shows the AssignedAccess configuration service provider in tree format
|
||||
|
||||
|
||||
|
||||
<a href="" id="--vendor-msft-assignedaccess"></a>**./Vendor/MSFT/AssignedAccess**
|
||||
<a href="" id="--vendor-msft-assignedaccess"></a>**./Device/Vendor/MSFT/AssignedAccess**
|
||||
Root node for the CSP.
|
||||
|
||||
<a href="" id="assignedaccess-kioskmodeapp"></a>**AssignedAccess/KioskModeApp**
|
||||
<a href="" id="assignedaccess-kioskmodeapp"></a>**./Device/Vendor/MSFT/AssignedAccess/KioskModeApp**
|
||||
A JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app. For more information about how to get the AUMID, follow the information in [this Microsoft website](http://go.microsoft.com/fwlink/p/?LinkId=404220).
|
||||
|
||||
In Windows 10, version 1607, you can use a provisioned app to configure the kiosk mode. For more information about how to remotely provision an app, see [Enterprise app management](enterprise-app-management.md).
|
||||
@ -49,7 +50,7 @@ For a local account, the domain name should be the device name. When Get is exec
|
||||
|
||||
The supported operations are Add, Delete, Get and Replace. When there's no configuration, the Get and Delete methods fail. When there's already a configuration for kiosk mode app, the Add method fails. The data pattern for Add and Replace is the same.
|
||||
|
||||
<a href="" id="assignedaccess-configuration"></a>**AssignedAccess/Configuration**
|
||||
<a href="" id="assignedaccess-configuration"></a>**./Device/Vendor/MSFT/AssignedAccess/Configuration**
|
||||
Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For details about the configuration settings in the XML, see [Overview of the AssignedAccessConfiguration XML](#overview-of-the-assignedaccessconfiguration-xml). Here is the schema for the [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd).
|
||||
|
||||
Enterprises can use this to easily configure and manage the curated lockdown experience.
|
||||
|
||||
@ -2537,6 +2537,7 @@ The CSPs supported in Windows 10 S is the same as in Windows 10 Pro except that
|
||||
- [ActiveSync CSP](activesync-csp.md)
|
||||
- [APPLICATION CSP](application-csp.md)
|
||||
- [AppLocker CSP](applocker-csp.md)
|
||||
- [AssignedAccess CSP](assignedaccess-csp.md)
|
||||
- [BOOTSTRAP CSP](bootstrap-csp.md)
|
||||
- [CellularSettings CSP](cellularsettings-csp.md)
|
||||
- [CertificateStore CSP](certificatestore-csp.md)
|
||||
|
||||
@ -27,7 +27,7 @@ Here is a partial screenshot of the result:
|
||||
|
||||
|
||||
|
||||
The auto-enrollment relies of the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1611, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered.
|
||||
The auto-enrollment relies of the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered.
|
||||
|
||||
> [!Note]
|
||||
> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/en-us/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 5.7 KiB After Width: | Height: | Size: 16 KiB |
@ -40,7 +40,7 @@ These are the top Microsoft Support solutions for the most common issues experie
|
||||
- [Resolve Windows 10 upgrade errors : Technical information for IT Pros](/windows/deployment/upgrade/resolve-windows-10-upgrade-errors)
|
||||
- [Windows OOBE fails when you start a new Windows-based computer for the first time](https://support.microsoft.com/help/4020048/windows-oobe-fails-when-you-start-a-new-windows-based-computer-for-the)
|
||||
- ["0xc1800118" error when you push Windows 10 Version 1607 by using WSUS](https://support.microsoft.com/help/3194588/-0xc1800118-error-when-you-push-windows-10-version-1607-by-using-wsus)
|
||||
- [0xC1900101 error when Windows 10 upgrade fails after the second system restart'(https://support.microsoft.com/help/3208485/0xc1900101-error-when-windows-10-upgrade-fails-after-the-second-system)
|
||||
- [0xC1900101 error when Windows 10 upgrade fails after the second system restart](https://support.microsoft.com/help/3208485/0xc1900101-error-when-windows-10-upgrade-fails-after-the-second-system)
|
||||
- [Updates fix in-place upgrade to Windows 10 version 1607 problem](https://support.microsoft.com/help/4020149/updates-fix-in-place-upgrade-to-windows-10-version-1607-problem)
|
||||
- [OOBE update for Windows 10 Version 1703: May 9, 2017](https://support.microsoft.com/help/4020008)
|
||||
- [OOBE update for Windows 10 Version 1607: May 30, 2017](https://support.microsoft.com/help/4022632)
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Send feedback about Cortana at work back to Microsoft
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Set up and test Cortana with Office 365 in your organization
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Cortana integration in your business or enterprise
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Set up and test Cortana for Power BI in your organization
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Test scenario 1 - Sign-in to Azure AD and use Cortana to manage the notebook
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Test scenario 2 - Perform a quick search with Cortana at work
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Test scenario 3 - Set a reminder for a specific location using Cortana at work
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Test scenario 4 - Use Cortana at work to find your upcoming meetings
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Test scenario 5 - Use Cortana to send email to a co-worker
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Testing scenarios using Cortana in your business or organization
|
||||
|
||||
@ -6,6 +6,7 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: eross-msft
|
||||
ms.localizationpriority: high
|
||||
ms.author: lizross
|
||||
---
|
||||
|
||||
# Set up and test custom voice commands in Cortana for your organization
|
||||
|
||||
@ -22,7 +22,7 @@ This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with
|
||||
|
||||
If you are an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant:
|
||||
|
||||
1. Work with your reseller to place an order for $0 SKU. There are two SKUs available, depending on their current Windows Enterprise SA license:<BR>
|
||||
1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license:<BR>
|
||||
a. **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3<BR>
|
||||
b. **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5<BR>
|
||||
2. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
|
||||
|
||||
@ -138,6 +138,7 @@
|
||||
### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
|
||||
|
||||
### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
|
||||
#### [Use limited periodic scanning in Windows Defender AV](windows-defender-antivirus\limited-periodic-scanning-windows-defender-antivirus.md)
|
||||
|
||||
|
||||
### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
|
||||
|
||||
@ -34,7 +34,7 @@ ms.date: 08/25/2017
|
||||
- Windows Defender Security Center app
|
||||
|
||||
|
||||
Block at First Sight is a feature of Windows Defender Antivirus cloud-delivered protection that provides a way to detect and block new malware within seconds.
|
||||
Block at first sight is a feature of Windows Defender Antivirus cloud-delivered protection that provides a way to detect and block new malware within seconds.
|
||||
|
||||
It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention. You can use group policy settings to confirm the feature is enabled.
|
||||
|
||||
|
||||
@ -82,19 +82,7 @@ Hiding notifications can be useful in situations where you cannot hide the entir
|
||||
> [!NOTE]
|
||||
> Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [System Center Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection).
|
||||
|
||||
**Use Group Policy to display additional, custom text in notifications:**
|
||||
|
||||
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
|
||||
|
||||
3. In the **Group Policy Management Editor** go to **Computer configuration**.
|
||||
|
||||
4. Click **Policies** then **Administrative templates**.
|
||||
|
||||
5. Expand the tree to **Windows components > Windows Defender Antivirus > Client interface**.
|
||||
|
||||
6. Double-click the **Display additional text to clients when they need to perform an action** setting and set the option to **Enabled**.
|
||||
|
||||
7. Enter the additional text you want to be shown to users. Click **OK**.
|
||||
See the [Customize the Windows Defender Security Center app for your organization](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center-antivirus.md) topic for instructions to add cusomt contact information to the notifications that users see on their machines.
|
||||
|
||||
**Use Group Policy to hide notifications:**
|
||||
|
||||
|
||||
@ -0,0 +1,7 @@
|
||||
<svg width="1rem" height="1rem" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'>
|
||||
<title>Check mark no</title>
|
||||
<polygon
|
||||
fill='#d83b01'
|
||||
points='95.2 12.2 83 0 47.6 35.4 12.2 0 0 12.2 35.4 47.6 0 83 12.2 95.2 47.6 59.9 83 95.2 95.2 83 59.9 47.6 95.2 12.2'
|
||||
/>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 302 B |
@ -0,0 +1,7 @@
|
||||
<svg width="1rem" height="1rem" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'>
|
||||
<title>Check mark yes</title>
|
||||
<path
|
||||
fill='#0E8915'
|
||||
d='M129 20L55 94 21 60 10 71l45 45 85-85z'
|
||||
/>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 222 B |
Binary file not shown.
|
After Width: | Height: | Size: 128 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 62 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 39 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 40 KiB |
@ -0,0 +1,72 @@
|
||||
---
|
||||
title: Enable the limited periodic scanning feature in Windows Defender AV
|
||||
description: Limited periodic scanning lets you use Windows Defender AV in addition to your other installed AV providers
|
||||
keywords: lps, limited, periodic, scan, scanning, compatibility, 3rd party, other av, disable
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: iaanw
|
||||
ms.author: iawilt
|
||||
ms.date: 10/02/2017
|
||||
---
|
||||
|
||||
|
||||
|
||||
# Use limited periodic scanning in Windows Defender AV
|
||||
|
||||
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10, version 1609
|
||||
|
||||
|
||||
**Audience**
|
||||
|
||||
- Enterprise security administrators
|
||||
|
||||
|
||||
**Manageability available with**
|
||||
|
||||
- Windows Defender Security Center app
|
||||
|
||||
|
||||
Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 device.
|
||||
|
||||
It can only be enabled in certain situations. See the [Windows Defender Antivirus compatibility](windows-defender-antivirus-compatibility.md) topic for more information on when limited periodic scanning can be enabled, and how Windows Defender Antivirus works with other AV products.
|
||||
|
||||
|
||||
## How to enable limited periodic scanning
|
||||
|
||||
By default, Windows Defender AV will enable itself on a Windows 10 device if there is no other antivirus product installed, or if the other AV product is out-of-date, expired, or not working correctly.
|
||||
|
||||
If Windows Defender AV is enabled, the usual options will appear to configure Windows Defender AV on that device:
|
||||
|
||||
|
||||
|
||||
|
||||
If another AV product is installed and working correctly, Windows Defender AV will disable itself. The Windows Defender Security Center app will change the **Virus & threat protection** section to show status about the AV product, and provide a link to the product's configuration options:
|
||||
|
||||
|
||||
|
||||
Underneath any 3rd party AV products, a new link will appear as **Windows Defender Antivirus options**. Clicking this link will expand to show the toggle that enables limited periodic scanning.
|
||||
|
||||
|
||||
|
||||
|
||||
Sliding the swtich to **On** will show the standard Windows Defender AV options underneath the 3rd party AV product. The limited periodic scanning option will appear at the bottom of the page.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md)
|
||||
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
|
||||
@ -15,7 +15,7 @@ ms.date: 09/07/2017
|
||||
---
|
||||
|
||||
|
||||
# Windows Defender Antivirus and third party protection products
|
||||
# Windows Defender Antivirus compatibility
|
||||
|
||||
|
||||
**Applies to:**
|
||||
@ -30,13 +30,11 @@ ms.date: 09/07/2017
|
||||
|
||||
Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10.
|
||||
|
||||
However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender AV will automatically disable itself.
|
||||
However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender AV will automatically disable itself. You can then choose to enable an optional, limited protection feature, called [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md).
|
||||
|
||||
If you are also using Windows Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode.
|
||||
|
||||
On Windows Server 2016, Windows Defender AV will not enter passive or disabled mode if you have also installed a third-party antivirus product. See [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) topic for key differences and management options for Windows Server installations.
|
||||
|
||||
The following matrix illustrates how Windows Defender AV operates when third-party antivirus products or Windows Defender ATP are also used.
|
||||
The following matrix illustrates the states that Windows Defender AV will enter when third-party antivirus products or Windows Defender ATP are also used.
|
||||
|
||||
Windows version | Antimalware protection offered by | Organization enrolled in Windows Defender ATP | Windows Defender AV state
|
||||
-|-|-|-
|
||||
@ -44,12 +42,19 @@ Windows 10 | A third-party product that is not offered or developed by Microsoft
|
||||
Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode
|
||||
Windows 10 | Windows Defender AV | Yes | Active mode
|
||||
Windows 10 | Windows Defender AV | No | Active mode
|
||||
Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode
|
||||
Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Active mode
|
||||
Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode<sup>[[1](#fn1)]</sup>
|
||||
Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Active mode<sup>[[1](#fn1)]<sup>
|
||||
Windows Server 2016 | Windows Defender AV | Yes | Active mode
|
||||
Windows Server 2016 | Windows Defender AV | No | Active mode
|
||||
|
||||
|
||||
(<a id="fn1">1</a>) On Windows Server 2016, Windows Defender AV will not enter passive or disabled mode if you have also installed a third-party antivirus product. If you install a third-party antivirus product, you should [uninstall Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) to prevent problems caused by having multiple antivirus products installed on a machine.
|
||||
|
||||
See the [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md#install-or-uninstall-windows-defender-av-on-windows-server-2016) topic for key differences and management options for Windows Server installations.
|
||||
|
||||
|
||||
|
||||
|
||||
>[!IMPORTANT]
|
||||
>Windows Defender AV is only available on endpoints running Windows 10 or Windows Server 2016.
|
||||
>
|
||||
@ -58,25 +63,28 @@ Windows Server 2016 | Windows Defender AV | No | Active mode
|
||||
>Windows Defender is also offered for [consumer devices on Windows 8.1 and Windows Server 2012](https://technet.microsoft.com/en-us/library/dn344918#BKMK_WindowsDefender), although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations).
|
||||
|
||||
|
||||
This table indicates the functionality and features that are available in each state:
|
||||
|
||||
State | Description | [Real-time protection](configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) | [Limited periodic scanning availability](limited-periodic-scanning-windows-defender-antivirus.md) | [File scanning and detection information](customize-run-review-remediate-scans-windows-defender-antivirus.md) | [Threat remediation](configure-remediation-windows-defender-antivirus.md) | [Threat definition updates](manage-updates-baselines-windows-defender-antivirus.md)
|
||||
:-|:-|:-:|:-:|:-:|:-:|:-:
|
||||
Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service. | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
||||
Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark no](images/svg/check-no.md)]
|
||||
Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
|
||||
|
||||
In the passive and automatic disabled modes, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware.
|
||||
Passive mode is enabled if you are enrolled in Windows Defender ATP because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
|
||||
|
||||
The reasons for this are twofold:
|
||||
|
||||
1. If you are enrolled in Windows Defender ATP, [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
|
||||
2. If the protection offered by a third-party antivirus product goes out of date, is not updated, or stops providing real-time protection from viruses, malware, and other threats, then Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint.
|
||||
Automatic disabled mode is enabled so that if the protection offered by a third-party antivirus product goes out of date, is not updated, or stops providing real-time protection from viruses, malware, and other threats, Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender AV engine to periodically check for threats in addition to your main antivirus app.
|
||||
|
||||
Therefore, the Windows Defender AV service needs to update itself to ensure it has up-to-date protection coverage in case it needs to automatically enable itself.
|
||||
In passive and automatic disabled mode, you can still [manage updates for Windows Defender AV](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
|
||||
|
||||
You can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
|
||||
|
||||
If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode.
|
||||
If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode.
|
||||
|
||||
>[!WARNING]
|
||||
>You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender AV, Windows Defender ATP, or the Windows Defender Security Center app.
|
||||
>
|
||||
>This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks.
|
||||
>
|
||||
>It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Defender Security Center app](windows-defender-security-center-antivirus.md).
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
@ -87,6 +87,8 @@ Uninstall-WindowsFeature -Name Windows-Defender-GUI
|
||||
|
||||
You can also uninstall Windows Defender AV completely with the **Remove Roles and Features Wizard** by deselecting the **Windows Defender Features** option at the **Features** step in the wizard.
|
||||
|
||||
This is useful if you have a third-party antivirus product installed on the machine already. Multiple AV products can cause problems when installed and actively running on the same machine. See the question "Should I run Microsoft security software at the same time as other security products?" on the [Windows Defender Security Intelligence Antivirus and antimalware software FAQ](https://www.microsoft.com/en-us/wdsi/help/antimalware-faq).
|
||||
|
||||
>[!NOTE]
|
||||
>Deselecting **Windows Defender** on its own under the **Windows Defender Features** section will automatically prompt you to remove the interface option **GUI for Windows Defender**.
|
||||
|
||||
@ -144,8 +146,6 @@ By default, Windows Update does not download and install updates automatically o
|
||||
|
||||
To ensure that protection from malware is maintained, we recommend that you enable the following services:
|
||||
|
||||
- Windows Defender Network Inspection service
|
||||
|
||||
- Windows Error Reporting service
|
||||
|
||||
- Windows Update service
|
||||
@ -155,9 +155,8 @@ The following table lists the services for Windows Defender and the dependent se
|
||||
|Service Name|File Location|Description|
|
||||
|--------|---------|--------|
|
||||
|Windows Defender Service (Windefend)|C:\Program Files\Windows Defender\MsMpEng.exe|This is the main Windows Defender Antivirus service that needs to be running at all times.|
|
||||
|Windows Defender Network Inspection Service (Wdnissvc)|C:\Program Files\Windows Defender\NisSrv.exe|This service is invoked when Windows Defender Antivirus encounters a trigger to load it.|
|
||||
|Windows Error Reporting Service (Wersvc)|C:\WINDOWS\System32\svchost.exe -k WerSvcGroup|This service sends error reports back to Microsoft.|
|
||||
|Windows Firewall (MpsSvc)|C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork|We recommend leaving the Windows Firewall service enabled.|
|
||||
|Windows Defender Firewall (MpsSvc)|C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork|We recommend leaving the Windows Defender Firewall service enabled.|
|
||||
|Windows Update (Wuauserv)|C:\WINDOWS\system32\svchost.exe -k netsvcs|Windows Update is needed to get definition updates and antimalware engine updates|
|
||||
|
||||
|
||||
|
||||
@ -38,7 +38,7 @@ In Windows 10, version 1703 (also known as the Creators Update), the Windows Def
|
||||
Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
|
||||
> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
|
||||
|
||||
> [!WARNING]
|
||||
> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
|
||||
@ -121,7 +121,7 @@ This section describes how to perform some of the most common tasks when reviewi
|
||||
|
||||
>[!NOTE]
|
||||
>If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats.
|
||||
>If you install another antivirus product, Windows Defender AV will automatically disable itself and will indicate this in the Windows Defender Security Center app. A setting will appear that will allow you to enable limited periodic scanning.
|
||||
>If you install another antivirus product, Windows Defender AV will automatically disable itself and will indicate this in the Windows Defender Security Center app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md).
|
||||
|
||||
|
||||
<a id="exclusions"></a>
|
||||
|
||||
@ -52,6 +52,8 @@ This feature is only available if you have an active Office 365 E5 or the Threat
|
||||
|
||||
When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
|
||||
|
||||
To receive contextual machine integration in Office 365 Threat Intelligence, you'll need to enable the Windows Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).
|
||||
|
||||
## Enable advanced features
|
||||
1. In the navigation pane, select **Preferences setup** > **Advanced features**.
|
||||
2. Select the advanced feature you want to configure and toggle the setting between **On** and **Off**.
|
||||
|
||||
@ -11,7 +11,7 @@ ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: iaanw
|
||||
ms.author: iawilt
|
||||
ms.date: 08/25/2017
|
||||
ms.date: 10/04/2017
|
||||
---
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user