mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-20 17:27:23 +00:00
Merge branch 'master' into tp-fix
This commit is contained in:
Denise Vangel-MSFT
commit
4db85d69a0
@ -35,7 +35,6 @@ sections:
|
|||||||
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 10240.18334<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522009' target='_blank'>KB4522009</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
|
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 10240.18334<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522009' target='_blank'>KB4522009</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
|
||||||
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 10240.18305<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512497' target='_blank'>KB4512497</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 10240.18305<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512497' target='_blank'>KB4512497</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
||||||
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a></td><td>July 09, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -64,12 +63,3 @@ sections:
|
|||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
- title: June 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log</strong> in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a></td><td>Resolved:<br>July 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|||||||
@ -42,11 +42,6 @@ sections:
|
|||||||
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
||||||
<tr><td><div id='53msg'></div><b>SCVMM cannot enumerate and manage logical switches deployed on the host</b><br>System Center Virtual Machine Manager cannot enumerate and manage logical switches deployed on managed hosts.<br><br><a href = '#53msgdesc'>See details ></a></td><td>OS Build 14393.2639<br><br>November 27, 2018<br><a href ='https://support.microsoft.com/help/4467684' target='_blank'>KB4467684</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>July 16, 2019 <br>10:00 AM PT</td></tr>
|
<tr><td><div id='53msg'></div><b>SCVMM cannot enumerate and manage logical switches deployed on the host</b><br>System Center Virtual Machine Manager cannot enumerate and manage logical switches deployed on managed hosts.<br><br><a href = '#53msgdesc'>See details ></a></td><td>OS Build 14393.2639<br><br>November 27, 2018<br><a href ='https://support.microsoft.com/help/4467684' target='_blank'>KB4467684</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>July 16, 2019 <br>10:00 AM PT</td></tr>
|
||||||
<tr><td><div id='240msg'></div><b>Some applications may fail to run as expected on clients of AD FS 2016</b><br>Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)<br><br><a href = '#240msgdesc'>See details ></a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>July 16, 2019 <br>10:00 AM PT</td></tr>
|
<tr><td><div id='240msg'></div><b>Some applications may fail to run as expected on clients of AD FS 2016</b><br>Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)<br><br><a href = '#240msgdesc'>See details ></a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>July 16, 2019 <br>10:00 AM PT</td></tr>
|
||||||
<tr><td><div id='221msg'></div><b>Devices with Hyper-V enabled may receive BitLocker error 0xC0210000</b><br>Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.<br><br><a href = '#221msgdesc'>See details ></a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>July 09, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
<tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509475' target='_blank'>KB4509475</a></td><td>June 27, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
<tr><td><div id='48msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.<br><br><a href = '#48msgdesc'>See details ></a></td><td>OS Build 14393.2848<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489882' target='_blank'>KB4489882</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -96,27 +91,6 @@ sections:
|
|||||||
text: "
|
text: "
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='240msgdesc'></div><b>Some applications may fail to run as expected on clients of AD FS 2016</b><div>Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of <a href='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a> on the server. Applications that may exhibit this behavior use an <strong>IFRAME </strong>during non-interactive authentication requests and receive <strong>X-Frame Options </strong>set to<strong> </strong>DENY.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a>.</div><br><a href ='#240msg'>Back to top</a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>Resolved:<br>July 16, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 04, 2019 <br>05:55 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='240msgdesc'></div><b>Some applications may fail to run as expected on clients of AD FS 2016</b><div>Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of <a href='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a> on the server. Applications that may exhibit this behavior use an <strong>IFRAME </strong>during non-interactive authentication requests and receive <strong>X-Frame Options </strong>set to<strong> </strong>DENY.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a>.</div><br><a href ='#240msg'>Back to top</a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>Resolved:<br>July 16, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 04, 2019 <br>05:55 PM PT</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='247msgdesc'></div><b>Difficulty connecting to some iSCSI-based SANs</b><div>Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing <a href='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a>. You may also receive an error in the <strong>System </strong>log section of <strong>Event Viewer </strong>with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4509475' target='_blank'>KB4509475</a>.</div><br><a href ='#247msg'>Back to top</a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509475' target='_blank'>KB4509475</a></td><td>Resolved:<br>June 27, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 20, 2019 <br>04:46 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log</strong> in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|
||||||
- title: May 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='221msgdesc'></div><b>Devices with Hyper-V enabled may receive BitLocker error 0xC0210000</b><div>Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing <a href='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a> and restarting.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a>.</div><br><a href ='#221msg'>Back to top</a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>Resolved:<br>July 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 21, 2019 <br>08:50 AM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|
||||||
- title: March 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='48msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489882\" target=\"_blank\">KB4489882</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a>.</div><br><a href ='#48msg'>Back to top</a></td><td>OS Build 14393.2848<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489882' target='_blank'>KB4489882</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
|
|||||||
@ -38,9 +38,6 @@ sections:
|
|||||||
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 16299.1331<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 16299.1331<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
||||||
<tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509477' target='_blank'>KB4509477</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503281' target='_blank'>KB4503281</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -81,14 +78,3 @@ sections:
|
|||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
- title: June 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='247msgdesc'></div><b>Difficulty connecting to some iSCSI-based SANs</b><div>Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing <a href='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a>. You may also receive an error in the <strong>System </strong>log section of <strong>Event Viewer </strong>with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4509477' target='_blank'>KB4509477</a>.</div><br><a href ='#247msg'>Back to top</a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509477' target='_blank'>KB4509477</a></td><td>Resolved:<br>June 26, 2019 <br>04:00 PM PT<br><br>Opened:<br>June 20, 2019 <br>04:46 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log</strong> in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503281' target='_blank'>KB4503281</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503281' target='_blank'>KB4503281</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|||||||
@ -41,9 +41,6 @@ sections:
|
|||||||
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 17134.950<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 17134.950<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
||||||
<tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509478' target='_blank'>KB4509478</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503288' target='_blank'>KB4503288</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -93,8 +90,5 @@ sections:
|
|||||||
text: "
|
text: "
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='244msgdesc'></div><b>Startup to a black screen after installing updates</b><div>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a>.</div><br><a href ='#244msg'>Back to top</a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a></td><td>Resolved:<br>October 15, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 14, 2019 <br>04:41 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='244msgdesc'></div><b>Startup to a black screen after installing updates</b><div>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a>.</div><br><a href ='#244msg'>Back to top</a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a></td><td>Resolved:<br>October 15, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 14, 2019 <br>04:41 PM PT</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='247msgdesc'></div><b>Difficulty connecting to some iSCSI-based SANs</b><div>Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing <a href='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a>. You may also receive an error in the <strong>System </strong>log section of <strong>Event Viewer </strong>with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4509478' target='_blank'>KB4509478</a>.</div><br><a href ='#247msg'>Back to top</a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509478' target='_blank'>KB4509478</a></td><td>Resolved:<br>June 26, 2019 <br>04:00 PM PT<br><br>Opened:<br>June 20, 2019 <br>04:46 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log</strong> in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503288' target='_blank'>KB4503288</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503288' target='_blank'>KB4503288</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|||||||
@ -42,12 +42,6 @@ sections:
|
|||||||
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
||||||
<tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509479' target='_blank'>KB4509479</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='245msg'></div><b>Devices with Realtek Bluetooth radios drivers may not pair or connect as expected</b><br>Devices with some Realtek Bluetooth radios drivers may have issues pairing or connecting to devices.<br><br><a href = '#245msgdesc'>See details ></a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='210msg'></div><b>Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007</b><br>Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) apps, you may receive an error.<br><br><a href = '#210msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
<tr><td><div id='88msg'></div><b>Issue using PXE to start a device from WDS</b><br>Using PXE to start a device from a WDS server configured to use Variable Window Extension may terminate the connection.<br><br><a href = '#88msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -106,27 +100,5 @@ sections:
|
|||||||
text: "
|
text: "
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='244msgdesc'></div><b>Startup to a black screen after installing updates</b><div>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>.</div><br><a href ='#244msg'>Back to top</a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved:<br>October 15, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 14, 2019 <br>04:41 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='244msgdesc'></div><b>Startup to a black screen after installing updates</b><div>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>.</div><br><a href ='#244msg'>Back to top</a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved:<br>October 15, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 14, 2019 <br>04:41 PM PT</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='247msgdesc'></div><b>Difficulty connecting to some iSCSI-based SANs</b><div>Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing <a href='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a>. You may also receive an error in the <strong>System </strong>log section of <strong>Event Viewer </strong>with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4509479' target='_blank'>KB4509479</a>.</div><br><a href ='#247msg'>Back to top</a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509479' target='_blank'>KB4509479</a></td><td>Resolved:<br>June 26, 2019 <br>04:00 PM PT<br><br>Opened:<br>June 20, 2019 <br>04:46 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='245msgdesc'></div><b>Devices with Realtek Bluetooth radios drivers may not pair or connect as expected</b><div>In some circumstances, devices with Realtek Bluetooth radios may have issues pairing or connecting to Bluetooth devices due to a driver issue.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a>.</div><br><a href ='#245msg'>Back to top</a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 14, 2019 <br>05:45 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log</strong> in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|
||||||
- title: May 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='210msgdesc'></div><b>Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007</b><div>When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\"</div><div> </div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a>. </div><br><a href ='#210msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 02, 2019 <br>04:47 PM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|
||||||
- title: March 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='88msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489899\" target=\"_blank\">KB4489899</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. </div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a>.</div><br><a href ='#88msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|||||||
@ -38,7 +38,6 @@ sections:
|
|||||||
<tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
|
<tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
|
||||||
<tr><td><div id='228msg'></div><b>Intel Audio displays an intcdaud.sys notification</b><br>Devices with a range of Intel Display Audio device drivers may experience battery drain.<br><br><a href = '#228msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 12, 2019 <br>08:04 AM PT</td></tr>
|
<tr><td><div id='228msg'></div><b>Intel Audio displays an intcdaud.sys notification</b><br>Devices with a range of Intel Display Audio device drivers may experience battery drain.<br><br><a href = '#228msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 12, 2019 <br>08:04 AM PT</td></tr>
|
||||||
<tr><td><div id='226msg'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><br>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.<br><br><a href = '#226msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='226msg'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><br>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.<br><br><a href = '#226msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='229msg'></div><b>Cannot launch Camera app </b><br>Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.<br><br><a href = '#229msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>June 27, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
<tr><td><div id='358msg'></div><b>Unable to discover or connect to Bluetooth devices using some Qualcomm adapters</b><br>Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers.<br><br><a href = '#358msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
|
<tr><td><div id='358msg'></div><b>Unable to discover or connect to Bluetooth devices using some Qualcomm adapters</b><br>Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers.<br><br><a href = '#358msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
|
||||||
<tr><td><div id='338msg'></div><b>Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters</b><br>Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.<br><br><a href = '#338msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4522355' target='_blank'>KB4522355</a></td><td>October 24, 2019 <br>10:00 AM PT</td></tr>
|
<tr><td><div id='338msg'></div><b>Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters</b><br>Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.<br><br><a href = '#338msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4522355' target='_blank'>KB4522355</a></td><td>October 24, 2019 <br>10:00 AM PT</td></tr>
|
||||||
<tr><td><div id='248msg'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><br>Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.<br><br><a href = '#248msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>October 18, 2019 <br>04:33 PM PT</td></tr>
|
<tr><td><div id='248msg'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><br>Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.<br><br><a href = '#248msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>October 18, 2019 <br>04:33 PM PT</td></tr>
|
||||||
@ -57,10 +56,6 @@ sections:
|
|||||||
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
||||||
<tr><td><div id='227msg'></div><b>Display brightness may not respond to adjustments</b><br>Devices configured with certain Intel display drivers may experience a driver compatibility issue.<br><br><a href = '#227msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='227msg'></div><b>Display brightness may not respond to adjustments</b><br>Devices configured with certain Intel display drivers may experience a driver compatibility issue.<br><br><a href = '#227msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='249msg'></div><b>RASMAN service may stop working and result in the error “0xc0000005”</b><br>The RASMAN service may stop working with VPN profiles configured as an Always On VPN connection.<br><br><a href = '#249msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='249msg'></div><b>RASMAN service may stop working and result in the error “0xc0000005”</b><br>The RASMAN service may stop working with VPN profiles configured as an Always On VPN connection.<br><br><a href = '#249msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='235msg'></div><b>Loss of functionality in Dynabook Smartphone Link app</b><br>Users who update to Windows 10, version 1903 may experience a loss of functionality with Dynabook Smartphone Link.<br><br><a href = '#235msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>July 11, 2019 <br>01:54 PM PT</td></tr>
|
|
||||||
<tr><td><div id='222msg'></div><b>Error attempting to update with external USB device or memory card attached </b><br>PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"<br><br><a href = '#222msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>July 11, 2019 <br>01:53 PM PT</td></tr>
|
|
||||||
<tr><td><div id='230msg'></div><b>Audio not working with Dolby Atmos headphones and home theater </b><br>Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.<br><br><a href = '#230msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>July 11, 2019 <br>01:53 PM PT</td></tr>
|
|
||||||
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>June 27, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -127,7 +122,6 @@ sections:
|
|||||||
text: "
|
text: "
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='249msgdesc'></div><b>RASMAN service may stop working and result in the error “0xc0000005”</b><div>The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0. You may also receive an error in the<strong> Application section </strong>of <strong>Windows Logs</strong> <strong>in</strong> <strong>Event Viewer </strong>with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.</div><div><br></div><div>This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.</div><div><br></div><div><strong>Affected platforms</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a>.</div><br><a href ='#249msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 28, 2019 <br>05:01 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='249msgdesc'></div><b>RASMAN service may stop working and result in the error “0xc0000005”</b><div>The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0. You may also receive an error in the<strong> Application section </strong>of <strong>Windows Logs</strong> <strong>in</strong> <strong>Event Viewer </strong>with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.</div><div><br></div><div>This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.</div><div><br></div><div><strong>Affected platforms</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a>.</div><br><a href ='#249msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 28, 2019 <br>05:01 PM PT</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log</strong> in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>Resolved:<br>June 27, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -140,11 +134,7 @@ sections:
|
|||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='228msgdesc'></div><b>Intel Audio displays an intcdaud.sys notification</b><div>Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an <strong>intcdaud.sys</strong> notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).</div><div> </div><div>To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.</div><div><br></div><div><strong>Note </strong>If you are still experiencing the issue described, please contact your device manufacturer (OEM).</div><br><a href ='#228msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 12, 2019 <br>08:04 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:22 AM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='228msgdesc'></div><b>Intel Audio displays an intcdaud.sys notification</b><div>Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an <strong>intcdaud.sys</strong> notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).</div><div> </div><div>To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.</div><div><br></div><div><strong>Note </strong>If you are still experiencing the issue described, please contact your device manufacturer (OEM).</div><br><a href ='#228msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 12, 2019 <br>08:04 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:22 AM PT</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='226msgdesc'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><div>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.</div><div><br></div><div>Microsoft has identified some scenarios in which these features may have issues or stop working, for example:</div><ul><li>Connecting to (or disconnecting from) an external monitor, dock, or projector</li><li>Rotating the screen</li><li>Updating display drivers or making other display mode changes</li><li>Closing full screen applications</li><li>Applying custom color profiles</li><li>Running applications that rely on custom gamma ramps</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed.</div><br><a href ='#226msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:28 AM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='226msgdesc'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><div>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.</div><div><br></div><div>Microsoft has identified some scenarios in which these features may have issues or stop working, for example:</div><ul><li>Connecting to (or disconnecting from) an external monitor, dock, or projector</li><li>Rotating the screen</li><li>Updating display drivers or making other display mode changes</li><li>Closing full screen applications</li><li>Applying custom color profiles</li><li>Running applications that rely on custom gamma ramps</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed.</div><br><a href ='#226msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:28 AM PT</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='229msgdesc'></div><b>Cannot launch Camera app </b><div>Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating:</div><div class=\"ql-indent-1\"> \"Close other apps, error code: 0XA00F4243.”</div><div><br></div><div>To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a> and the safeguard hold has been removed.</div><br><a href ='#229msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>Resolved:<br>June 27, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:20 AM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='236msgdesc'></div><b>Windows Sandbox may fail to start with error code “0x80070002”</b><div>Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#236msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 24, 2019 <br>04:20 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='236msgdesc'></div><b>Windows Sandbox may fail to start with error code “0x80070002”</b><div>Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#236msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 24, 2019 <br>04:20 PM PT</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='227msgdesc'></div><b>Display brightness may not respond to adjustments</b><div>Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed.</div><br><a href ='#227msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:56 AM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='227msgdesc'></div><b>Display brightness may not respond to adjustments</b><div>Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed.</div><br><a href ='#227msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:56 AM PT</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='235msgdesc'></div><b>Loss of functionality in Dynabook Smartphone Link app</b><div>Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#235msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>July 11, 2019 <br>01:54 PM PT<br><br>Opened:<br>May 24, 2019 <br>03:10 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='222msgdesc'></div><b>Error attempting to update with external USB device or memory card attached </b><div>If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.</div><div><br></div><div>Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).</div><div><br></div><div><strong>Note</strong> The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.</div><div><br></div><div>To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#222msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>July 11, 2019 <br>01:53 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:38 AM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='230msgdesc'></div><b>Audio not working with Dolby Atmos headphones and home theater </b><div>After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.</div><div> </div><div>This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.</div><div> </div><div>To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#230msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>July 11, 2019 <br>01:53 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:16 AM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|||||||
@ -39,8 +39,6 @@ sections:
|
|||||||
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517297' target='_blank'>KB4517297</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517297' target='_blank'>KB4517297</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='197msg'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><br>Devices running certain McAfee Endpoint security applications may be slow or unresponsive at startup.<br><br><a href = '#197msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved External<br></td><td>August 13, 2019 <br>06:59 PM PT</td></tr>
|
<tr><td><div id='197msg'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><br>Devices running certain McAfee Endpoint security applications may be slow or unresponsive at startup.<br><br><a href = '#197msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved External<br></td><td>August 13, 2019 <br>06:59 PM PT</td></tr>
|
||||||
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
||||||
<tr><td><div id='242msg'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><br>Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.<br><br><a href = '#242msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -81,16 +79,6 @@ sections:
|
|||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
- title: June 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='242msgdesc'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><div>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1; Windows 8.1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2</li></ul><div></div><div><br></div><div><strong>Resolution:</strong> This issue was resolved in Preview Rollup <a href='https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a>. If you are using the Internet Explorer cumulative updates, this issue was resolved in <a href=\"https://support.microsoft.com/help/4508646\" target=\"_blank\">KB4508646</a>.</div><br><a href ='#242msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 07, 2019 <br>02:57 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log</strong> in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a>. If you are using Security Only updates, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\" style=\"\">KB4508640</a> for resolving KB for your platform.</div><br><a href ='#243msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|
||||||
- title: April 2019
|
- title: April 2019
|
||||||
- items:
|
- items:
|
||||||
- type: markdown
|
- type: markdown
|
||||||
|
|||||||
@ -39,9 +39,6 @@ sections:
|
|||||||
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512488' target='_blank'>KB4512488</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517298' target='_blank'>KB4517298</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512488' target='_blank'>KB4512488</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517298' target='_blank'>KB4517298</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='209msg'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><br>Devices running certain McAfee Endpoint security applications may be slow or unresponsive at startup.<br><br><a href = '#209msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved External<br></td><td>August 13, 2019 <br>06:59 PM PT</td></tr>
|
<tr><td><div id='209msg'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><br>Devices running certain McAfee Endpoint security applications may be slow or unresponsive at startup.<br><br><a href = '#209msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved External<br></td><td>August 13, 2019 <br>06:59 PM PT</td></tr>
|
||||||
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
||||||
<tr><td><div id='242msg'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><br>Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.<br><br><a href = '#242msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='155msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.<br><br><a href = '#155msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489881' target='_blank'>KB4489881</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -90,16 +87,6 @@ sections:
|
|||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
- title: June 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='242msgdesc'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><div>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1; Windows 8.1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2</li></ul><div></div><div><br></div><div><strong>Resolution:</strong> This issue was resolved in Preview Rollup <a href='https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a>. If you are using the Internet Explorer cumulative updates, this issue was resolved in <a href=\"https://support.microsoft.com/help/4508646\" target=\"_blank\">KB4508646</a>.</div><br><a href ='#242msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 07, 2019 <br>02:57 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log</strong> in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a>. If you are using Security Only updates, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\" style=\"\">KB4508640</a> for resolving KB for your platform.</div><br><a href ='#243msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|
||||||
- title: April 2019
|
- title: April 2019
|
||||||
- items:
|
- items:
|
||||||
- type: markdown
|
- type: markdown
|
||||||
@ -108,12 +95,3 @@ sections:
|
|||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='209msgdesc'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><div>Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. </div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: </div><ul><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&id=KB91465\" target=\"_blank\">McAfee Security (ENS) Threat Prevention 10.x</a> </li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&id=KB91466\" target=\"_blank\">McAfee Host Intrusion Prevention (Host IPS) 8.0</a> </li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&id=KB91467\" target=\"_blank\">McAfee VirusScan Enterprise (VSE) 8.8</a> </li></ul><br><a href ='#209msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved External<br></td><td>Last updated:<br>August 13, 2019 <br>06:59 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='209msgdesc'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><div>Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. </div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: </div><ul><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&id=KB91465\" target=\"_blank\">McAfee Security (ENS) Threat Prevention 10.x</a> </li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&id=KB91466\" target=\"_blank\">McAfee Host Intrusion Prevention (Host IPS) 8.0</a> </li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&id=KB91467\" target=\"_blank\">McAfee VirusScan Enterprise (VSE) 8.8</a> </li></ul><br><a href ='#209msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved External<br></td><td>Last updated:<br>August 13, 2019 <br>06:59 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
- title: March 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='155msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489881\" target=\"_blank\">KB4489881</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</div><div><br></div><div><strong>Affected platforms:</strong> </div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1 </li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 </li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a>.</div><br><a href ='#155msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489881' target='_blank'>KB4489881</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|||||||
@ -37,7 +37,6 @@ sections:
|
|||||||
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512476' target='_blank'>KB4512476</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517301' target='_blank'>KB4517301</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512476' target='_blank'>KB4512476</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517301' target='_blank'>KB4517301</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
||||||
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503271' target='_blank'>KB4503271</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -76,12 +75,3 @@ sections:
|
|||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
- title: June 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log</strong> in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503271' target='_blank'>KB4503271</a>. If you are using Security Only updates, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\" style=\"\">KB4508640</a> for resolving KB for your platform.</div><br><a href ='#243msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503271' target='_blank'>KB4503271</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|||||||
@ -37,10 +37,6 @@ sections:
|
|||||||
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512518' target='_blank'>KB4512518</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517302' target='_blank'>KB4517302</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512518' target='_blank'>KB4512518</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517302' target='_blank'>KB4517302</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
|
||||||
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
|
||||||
<tr><td><div id='246msg'></div><b>Some devices and generation 2 Hyper-V VMs may have issues installing updates</b><br>Some devices and generation 2 Hyper-V VMs may have issues installing some updates when Secure Boot is enabled.<br><br><a href = '#246msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>June 21, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='242msg'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><br>Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.<br><br><a href = '#242msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>June 21, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
<tr><td><div id='184msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.<br><br><a href = '#184msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489891' target='_blank'>KB4489891</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -87,23 +83,3 @@ sections:
|
|||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
- title: June 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='246msgdesc'></div><b>Some devices and generation 2 Hyper-V VMs may have issues installing updates</b><div>Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing <a href='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a> or later updates when Secure Boot is enabled.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a>. If your device is using Security Only updates, this issue was resolved in <a href=\"https://support.microsoft.com/help/4508776\" target=\"_blank\" style=\"\">KB4508776</a>.</div><br><a href ='#246msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>Resolved:<br>June 21, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 19, 2019 <br>04:57 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='242msgdesc'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><div>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1; Windows 8.1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2</li></ul><div></div><div><br></div><div><strong>Resolution:</strong> This issue was resolved in Preview Rollup <a href='https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a>. If you are using the Internet Explorer cumulative updates, this issue was resolved in <a href=\"https://support.microsoft.com/help/4508646\" target=\"_blank\">KB4508646</a>.</div><br><a href ='#242msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>Resolved:<br>June 21, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 07, 2019 <br>02:57 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log</strong> in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a>. If you are using Security Only updates, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\" style=\"\">KB4508640</a> for resolving KB for your platform.</div><br><a href ='#243msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|
||||||
- title: March 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='184msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489891\" target=\"_blank\">KB4489891</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</div><div><br></div><div><strong>Affected platforms:</strong> </div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1 </li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 </li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a>.</div><br><a href ='#184msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489891' target='_blank'>KB4489891</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|||||||
@ -64,7 +64,6 @@ sections:
|
|||||||
- type: markdown
|
- type: markdown
|
||||||
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
|
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
|
||||||
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
|
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
|
||||||
<tr><td><div id='360msg'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><br>The Microsoft Defender ATP service might stop running and might fail to send reporting data.<br><br><a href = '#360msgdesc'>See details ></a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
|
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
|
||||||
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 17763.805<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
|
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 17763.805<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
|
||||||
<tr><td><div id='211msg'></div><b>Devices with some Asian language packs installed may receive an error</b><br>Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"<br><br><a href = '#211msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>10:59 AM PT</td></tr>
|
<tr><td><div id='211msg'></div><b>Devices with some Asian language packs installed may receive an error</b><br>Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"<br><br><a href = '#211msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>10:59 AM PT</td></tr>
|
||||||
@ -93,7 +92,6 @@ sections:
|
|||||||
- type: markdown
|
- type: markdown
|
||||||
text: "
|
text: "
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='360msgdesc'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><div>After installing the optional non-security update (<a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in <strong>Event Viewer</strong> on MsSense.exe.</div><div><br></div><div><strong>Note</strong> Microsoft Windows Defender Antivirus is not affected by this issue.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a>.</div><br><a href ='#360msg'>Back to top</a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a></td><td>Resolved:<br>November 12, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 17, 2019 <br>05:14 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Workaround: </strong>To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using <a href=\"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725595(v=ws.11)\" rel=\"noopener noreferrer\" target=\"_blank\">these instructions</a>. If you prefer to create a new local user, see <a href=\"https://support.microsoft.com/help/4026923\" rel=\"noopener noreferrer\" target=\"_blank\">KB4026923</a>.</div><div><br></div><div><strong>Next steps: </strong>We are working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>November 12, 2019 <br>08:05 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Workaround: </strong>To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using <a href=\"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725595(v=ws.11)\" rel=\"noopener noreferrer\" target=\"_blank\">these instructions</a>. If you prefer to create a new local user, see <a href=\"https://support.microsoft.com/help/4026923\" rel=\"noopener noreferrer\" target=\"_blank\">KB4026923</a>.</div><div><br></div><div><strong>Next steps: </strong>We are working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>November 12, 2019 <br>08:05 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|||||||
@ -64,14 +64,8 @@ sections:
|
|||||||
- type: markdown
|
- type: markdown
|
||||||
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
|
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
|
||||||
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
|
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
|
||||||
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>December 10, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
<tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
|
<tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
|
||||||
<tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
|
|
||||||
<tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
|
|
||||||
<tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
|
|
||||||
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
|
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
|
||||||
<tr><td><div id='228msg'></div><b>Intel Audio displays an intcdaud.sys notification</b><br>Devices with a range of Intel Display Audio device drivers may experience battery drain.<br><br><a href = '#228msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 12, 2019 <br>08:04 AM PT</td></tr>
|
|
||||||
<tr><td><div id='226msg'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><br>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.<br><br><a href = '#226msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -91,33 +85,3 @@ sections:
|
|||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
- title: October 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>Resolved:<br>December 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|
||||||
- title: August 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='317msgdesc'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><div>Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the <strong>Windows Update</strong> dialog or within U<strong>pdate history</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue has been resolved for most users. If you are still having issues, please see <a href=\"https://support.microsoft.com/help/4528159\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528159</a>.</div><br><a href ='#317msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>November 12, 2019 <br>08:11 AM PT<br><br>Opened:<br>August 16, 2019 <br>01:41 PM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|
||||||
- title: May 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='228msgdesc'></div><b>Intel Audio displays an intcdaud.sys notification</b><div>Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an <strong>intcdaud.sys</strong> notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).</div><div> </div><div>To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.</div><div><br></div><div><strong>Note </strong>If you are still experiencing the issue described, please contact your device manufacturer (OEM).</div><br><a href ='#228msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 12, 2019 <br>08:04 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:22 AM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='226msgdesc'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><div>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.</div><div><br></div><div>Microsoft has identified some scenarios in which these features may have issues or stop working, for example:</div><ul><li>Connecting to (or disconnecting from) an external monitor, dock, or projector</li><li>Rotating the screen</li><li>Updating display drivers or making other display mode changes</li><li>Closing full screen applications</li><li>Applying custom color profiles</li><li>Running applications that rely on custom gamma ramps</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed.</div><br><a href ='#226msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:28 AM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|||||||
@ -64,10 +64,7 @@ sections:
|
|||||||
- type: markdown
|
- type: markdown
|
||||||
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
|
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
|
||||||
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
|
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
|
||||||
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>December 10, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
<tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
|
<tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
|
||||||
<tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
|
|
||||||
<tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
@ -86,22 +83,3 @@ sections:
|
|||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='322msgdesc'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><div>Microsoft and Avast has identified compatibility issues with some older versions of Avast Antivirus and AVG Antivirus that might still be installed by a small number of users. Any application from Avast or AVG that contains Antivirus version 19.5.4444.567 or earlier is affected.</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Avast and AVG Antivirus from being offered or installing Windows 10, version 1903 or Windows 10, version 1909, until the application is updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows Server, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Workaround: </strong>Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated version of your Avast or AVG application. Guidance for Avast and AVG customers can be found in the following support articles:</div><ul><li><a href=\"https://support.avast.com/en-ww/article/253?p_pro=131&p_ves=1&p_lng=en&p_lid=en-us&p_vbd=2022&cid=9632b01a-b7ec-4366-95d6-996c79ff9420\" rel=\"noopener noreferrer\" target=\"_blank\">Avast support KB article</a></li><li><a href=\"https://support.avg.com/SupportArticleView?supportType=home&urlName=AVG-Antivirus-Windows-10-update&cid=9632b01a-b7ec-4366-95d6-996c79ff9420&l=en\" rel=\"noopener noreferrer\" target=\"_blank\">AVG support KB article</a></li></ul><div></div><div><strong>Note</strong> We recommend that you do not attempt to manually update using the <strong>Update now</strong> button or the Media Creation Tool until a new version of your Avast or AVG application has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you.</div><br><a href ='#322msg'>Back to top</a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>Last updated:<br>November 25, 2019 <br>05:25 PM PT<br><br>Opened:<br>November 22, 2019 <br>04:10 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='322msgdesc'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><div>Microsoft and Avast has identified compatibility issues with some older versions of Avast Antivirus and AVG Antivirus that might still be installed by a small number of users. Any application from Avast or AVG that contains Antivirus version 19.5.4444.567 or earlier is affected.</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Avast and AVG Antivirus from being offered or installing Windows 10, version 1903 or Windows 10, version 1909, until the application is updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows Server, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Workaround: </strong>Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated version of your Avast or AVG application. Guidance for Avast and AVG customers can be found in the following support articles:</div><ul><li><a href=\"https://support.avast.com/en-ww/article/253?p_pro=131&p_ves=1&p_lng=en&p_lid=en-us&p_vbd=2022&cid=9632b01a-b7ec-4366-95d6-996c79ff9420\" rel=\"noopener noreferrer\" target=\"_blank\">Avast support KB article</a></li><li><a href=\"https://support.avg.com/SupportArticleView?supportType=home&urlName=AVG-Antivirus-Windows-10-update&cid=9632b01a-b7ec-4366-95d6-996c79ff9420&l=en\" rel=\"noopener noreferrer\" target=\"_blank\">AVG support KB article</a></li></ul><div></div><div><strong>Note</strong> We recommend that you do not attempt to manually update using the <strong>Update now</strong> button or the Media Creation Tool until a new version of your Avast or AVG application has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you.</div><br><a href ='#322msg'>Back to top</a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>Last updated:<br>November 25, 2019 <br>05:25 PM PT<br><br>Opened:<br>November 22, 2019 <br>04:10 PM PT</td></tr>
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|
||||||
- title: October 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>Resolved:<br>December 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|
||||||
- title: May 2019
|
|
||||||
- items:
|
|
||||||
- type: markdown
|
|
||||||
text: "
|
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
|
|
||||||
</table>
|
|
||||||
"
|
|
||||||
|
|||||||
@ -60,7 +60,6 @@ sections:
|
|||||||
- type: markdown
|
- type: markdown
|
||||||
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
|
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
|
||||||
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
|
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
|
||||||
<tr><td><div id='375msg'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><br>When attempting to print, you may receive an error or the application may stop responding or close.<br><br><a href = '#375msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
|
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
|
||||||
<tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
|
<tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
|
||||||
<tr><td><div id='161msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#161msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='161msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#161msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
|
||||||
@ -79,7 +78,6 @@ sections:
|
|||||||
- type: markdown
|
- type: markdown
|
||||||
text: "
|
text: "
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='375msgdesc'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><div>When attempting to print from a 32-bit app on a 64-bit operating system (OS), you may receive an error, or the application may stop responding or close. <strong>Note</strong> This issue only affects the 64-bit Security Only updates listed and does not affect any Monthly Rollup.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href='https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a>. However, the issue occurs when you install only <a href='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a> (released on August 13, 2019) without installing <a href=\"https://support.microsoft.com/en-us/help/4507457\" rel=\"noopener noreferrer\" target=\"_blank\">KB4507457</a>, the previous Security Only update (released July 9, 2019). <strong>Reminder</strong> When using the Security Only updates, you must install the latest and all previous Security Only updates to ensure that the device contains all resolved security vulnerabilities.</div><br><a href ='#375msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a></td><td>Resolved:<br>November 12, 2019 <br>10:00 AM PT<br><br>Opened:<br>November 27, 2019 <br>04:02 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|||||||
@ -60,7 +60,6 @@ sections:
|
|||||||
- type: markdown
|
- type: markdown
|
||||||
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
|
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
|
||||||
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
|
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
|
||||||
<tr><td><div id='375msg'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><br>When attempting to print, you may receive an error or the application may stop responding or close.<br><br><a href = '#375msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
|
|
||||||
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
|
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
|
||||||
<tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
|
<tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
|
||||||
<tr><td><div id='187msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#187msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
|
<tr><td><div id='187msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#187msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
|
||||||
@ -79,7 +78,6 @@ sections:
|
|||||||
- type: markdown
|
- type: markdown
|
||||||
text: "
|
text: "
|
||||||
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='375msgdesc'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><div>When attempting to print from a 32-bit app on a 64-bit operating system (OS), you may receive an error, or the application may stop responding or close. <strong>Note</strong> This issue only affects the 64-bit Security Only updates listed and does not affect any Monthly Rollup.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href='https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a>. However, the issue occurs when you install only <a href='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a> (released on August 13, 2019) without installing <a href=\"https://support.microsoft.com/help/4507447\" rel=\"noopener noreferrer\" target=\"_blank\">KB4507447</a>, the previous Security Only update (released July 9, 2019). <strong>Reminder</strong> When using the Security Only updates, you must install the latest and all previous Security Only updates to ensure that the device contains all resolved security vulnerabilities.</div><br><a href ='#375msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a></td><td>Resolved:<br>November 12, 2019 <br>10:00 AM PT<br><br>Opened:<br>November 27, 2019 <br>04:02 PM PT</td></tr>
|
|
||||||
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
|
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
|
||||||
</table>
|
</table>
|
||||||
"
|
"
|
||||||
|
|||||||
@ -50,6 +50,8 @@ sections:
|
|||||||
text: "
|
text: "
|
||||||
<table border ='0'><tr><td width='80%'>Message</td><td width='20%'>Date</td></tr>
|
<table border ='0'><tr><td width='80%'>Message</td><td width='20%'>Date</td></tr>
|
||||||
|
|
||||||
|
<tr><td id='379'><a href = 'https://support.microsoft.com/help/4528760' target='_blank'><b>Take action: January 2020 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='379' href='#379'></a><br><div>The January 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter <a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>January 14, 2020 <br>08:00 AM PT</td></tr>
|
||||||
|
<tr><td id='380'><a href = 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601' target='_blank'><b>Advisory: Windows CryptoAPI certificate validation vulnerability</b></a><a class='docon docon-link heading-anchor' aria-labelledby='380' href='#380'></a><br><div>On January 14, 2020, Microsoft released security updates to address an<a href=\" elliptic-curve cryptography (\" target=\"_blank\" rel=\"noopener noreferrer\"> elliptic-curve cryptography<u> (</u></a>ECC) certificate validation issue in the Windows CryptoAPI. This vulnerability applies to all versions of the Windows 10 operating system, client and server. While we have not observed an attack exploiting this vulnerability, we recommend that you apply this update to all of your Windows 10 devices with priority. Here is what you need to know:</div><ul><li>If you are running a supported version of Windows 10 and have automatic updates enabled, you are automatically protected and do not need to take any further action.</li><li>If you are managing updates on behalf of your organization, you should download the latest updates from the <a href=\"https://portal.msrc.microsoft.com/en-us/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Security Update Guide </a>and apply those updates to your Windows 10 devices and servers as soon as possible.</li></ul><div></div><div>If you are running an <a href=\"https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet\" target=\"_blank\" rel=\"noopener noreferrer\">unsupported version of Windows 10</a>, we recommend that you upgrade to the current version of Windows 10 to benefit from the latest security protections. For more information about this vulnerability, see the <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Security Guidance for CVE-2020-0601</a> and the Microsoft Security Response Center blog, <a href=\"https://msrc-blog.microsoft.com/2020/01/14/january-2020-security-updates-cve-2020-0601/\" target=\"_blank\" rel=\"noopener noreferrer\">January 2020 Security Updates: CVE-2020-0601</a>.</div></td><td>January 14, 2020 <br>08:00 AM PT</td></tr>
|
||||||
<tr><td id='376'><a href = 'https://support.microsoft.com/help/4530684' target='_blank'><b>Take action: December 2019 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='376' href='#376'></a><br><div>The December 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter <a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>December 10, 2019 <br>08:00 AM PT</td></tr>
|
<tr><td id='376'><a href = 'https://support.microsoft.com/help/4530684' target='_blank'><b>Take action: December 2019 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='376' href='#376'></a><br><div>The December 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter <a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>December 10, 2019 <br>08:00 AM PT</td></tr>
|
||||||
<tr><td id='378'><b>Timing of Windows 10 optional update releases (December 2019)</b><a class='docon docon-link heading-anchor' aria-labelledby='378' href='#378'></a><br><div>For the balance of this calendar year, there will be no optional non-security “C” and “D” releases for Windows 10. The \"C\" releases normally target the third week of the month, with \"D\" releases targeting the fourth week. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>.</div></td><td>December 10, 2019 <br>08:00 AM PT</td></tr>
|
<tr><td id='378'><b>Timing of Windows 10 optional update releases (December 2019)</b><a class='docon docon-link heading-anchor' aria-labelledby='378' href='#378'></a><br><div>For the balance of this calendar year, there will be no optional non-security “C” and “D” releases for Windows 10. The \"C\" releases normally target the third week of the month, with \"D\" releases targeting the fourth week. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>.</div></td><td>December 10, 2019 <br>08:00 AM PT</td></tr>
|
||||||
<tr><td id='369'><a href = 'https://aka.ms/how-to-get-1909' target='_blank'><b>Windows 10, version 1909 now available</b></a><a class='docon docon-link heading-anchor' aria-labelledby='369' href='#369'></a><br><div>Learn how to get Windows 10, version 1909 (the November 2019 Update), and explore how we’ve worked to make this a great experience for all devices, including a new, streamlined (and fast) update experience for devices updating directly from the May 2019 Update.</div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
|
<tr><td id='369'><a href = 'https://aka.ms/how-to-get-1909' target='_blank'><b>Windows 10, version 1909 now available</b></a><a class='docon docon-link heading-anchor' aria-labelledby='369' href='#369'></a><br><div>Learn how to get Windows 10, version 1909 (the November 2019 Update), and explore how we’ve worked to make this a great experience for all devices, including a new, streamlined (and fast) update experience for devices updating directly from the May 2019 Update.</div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
|
||||||
|
|||||||
@ -406,7 +406,12 @@
|
|||||||
####### [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
|
####### [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
|
||||||
####### [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
|
####### [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
|
||||||
####### [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
|
####### [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
|
||||||
####### [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md)
|
|
||||||
|
###### [Automated Investigation]()
|
||||||
|
####### [Investigation methods and properties](microsoft-defender-atp/investigation.md)
|
||||||
|
####### [List Investigation](microsoft-defender-atp/get-investigation-collection.md)
|
||||||
|
####### [Get Investigation](microsoft-defender-atp/get-investigation-object.md)
|
||||||
|
####### [Start Investigation](microsoft-defender-atp/initiate-autoir-investigation.md)
|
||||||
|
|
||||||
###### [Indicators]()
|
###### [Indicators]()
|
||||||
####### [Indicators methods and properties](microsoft-defender-atp/ti-indicator.md)
|
####### [Indicators methods and properties](microsoft-defender-atp/ti-indicator.md)
|
||||||
|
|||||||
@ -18,10 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Add or Remove Machine Tags API
|
# Add or Remove Machine Tags API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Adds or remove tag to a specific [Machine](machine.md).
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can post on machines last seen in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
This API adds or remove tag to a specific machine.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -77,34 +86,4 @@ Content-type: application/json
|
|||||||
"Action": "Add"
|
"Action": "Add"
|
||||||
}
|
}
|
||||||
|
|
||||||
```
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 200 Ok
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine/$entity",
|
|
||||||
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
|
||||||
"computerDnsName": "mymachine1.contoso.com",
|
|
||||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
|
||||||
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
|
||||||
"osPlatform": "Windows10",
|
|
||||||
"osVersion": "10.0.0.0",
|
|
||||||
"lastIpAddress": "172.17.230.209",
|
|
||||||
"lastExternalIpAddress": "167.220.196.71",
|
|
||||||
"agentVersion": "10.5830.18209.1001",
|
|
||||||
"osBuild": 18209,
|
|
||||||
"healthStatus": "Active",
|
|
||||||
"rbacGroupId": 140,
|
|
||||||
"rbacGroupName": "The-A-Team",
|
|
||||||
"riskScore": "Low",
|
|
||||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
|
||||||
"machineTags": [ "test tag 1", "test tag 2" ]
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
- To remove machine tag, set the Action to 'Remove' instead of 'Add' in the request body.
|
- To remove machine tag, set the Action to 'Remove' instead of 'Add' in the request body.
|
||||||
@ -27,6 +27,7 @@ Method |Return Type |Description
|
|||||||
:---|:---|:---
|
:---|:---|:---
|
||||||
[Get alert](get-alert-info-by-id.md) | [Alert](alerts.md) | Get a single [alert](alerts.md) object.
|
[Get alert](get-alert-info-by-id.md) | [Alert](alerts.md) | Get a single [alert](alerts.md) object.
|
||||||
[List alerts](get-alerts.md) | [Alert](alerts.md) collection | List [alert](alerts.md) collection.
|
[List alerts](get-alerts.md) | [Alert](alerts.md) collection | List [alert](alerts.md) collection.
|
||||||
|
[Update alert](get-alerts.md) | [Alert](update-alert.md) | Update specific [alert](alerts.md).
|
||||||
[Create alert](create-alert-by-reference.md)|[Alert](alerts.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md).
|
[Create alert](create-alert-by-reference.md)|[Alert](alerts.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md).
|
||||||
[List related domains](get-alert-related-domain-info.md)|Domain collection| List URLs associated with the alert.
|
[List related domains](get-alert-related-domain-info.md)|Domain collection| List URLs associated with the alert.
|
||||||
[List related files](get-alert-related-files-info.md) | [File](files.md) collection | List the [file](files.md) entities that are associated with the [alert](alerts.md).
|
[List related files](get-alert-related-files-info.md) | [File](files.md) collection | List the [file](files.md) entities that are associated with the [alert](alerts.md).
|
||||||
@ -59,19 +60,8 @@ detectionSource | String | Detection source.
|
|||||||
threatFamilyName | String | Threat family.
|
threatFamilyName | String | Threat family.
|
||||||
machineId | String | ID of a [machine](machine.md) entity that is associated with the alert.
|
machineId | String | ID of a [machine](machine.md) entity that is associated with the alert.
|
||||||
comments | List of Alert comments | Alert Comment is an object that contains: comment string, createdBy string and createTime date time.
|
comments | List of Alert comments | Alert Comment is an object that contains: comment string, createdBy string and createTime date time.
|
||||||
alertFiles | List of Alert Files | **This list will be populated on $expand option, see example below** Alert File is an object that contains: sha1, sha256, filePath and fileName.
|
|
||||||
alertIPs | List of Alert IPs | **This list will be populated on $expand option, see example below** Alert IP is an object that contains: ipAddress string field.
|
|
||||||
alertDomains | List of Alert Domains | **This list will be populated on $expand option, see example below** Alert Domain is an object that contains: host string field.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## JSON representation:
|
|
||||||
|
|
||||||
- When querying for alert list the regular way (without expand option, e.g. /api/alerts) the expandable properties will not get populated (empty lists)
|
|
||||||
- To expand expandable properties use $expand option (e.g. to expand all send /api/alerts?$expand=files,ips,domains).
|
|
||||||
- When querying single alert all expandable properties will be expanded.
|
|
||||||
- Check out [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) for more OData examples.
|
|
||||||
|
|
||||||
### Response example for getting single alert:
|
### Response example for getting single alert:
|
||||||
|
|
||||||
```
|
```
|
||||||
@ -83,12 +73,12 @@ GET https://api.securitycenter.windows.com/api/alerts/da637084217856368682_-2929
|
|||||||
"id": "da637084217856368682_-292920499",
|
"id": "da637084217856368682_-292920499",
|
||||||
"incidentId": 66860,
|
"incidentId": 66860,
|
||||||
"investigationId": 4416234,
|
"investigationId": 4416234,
|
||||||
|
"investigationState": "Running",
|
||||||
"assignedTo": "secop@contoso.com",
|
"assignedTo": "secop@contoso.com",
|
||||||
"severity": "Low",
|
"severity": "Low",
|
||||||
"status": "New",
|
"status": "New",
|
||||||
"classification": "TruePositive",
|
"classification": "TruePositive",
|
||||||
"determination": null,
|
"determination": null,
|
||||||
"investigationState": "Running",
|
|
||||||
"detectionSource": "WindowsDefenderAtp",
|
"detectionSource": "WindowsDefenderAtp",
|
||||||
"category": "CommandAndControl",
|
"category": "CommandAndControl",
|
||||||
"threatFamilyName": null,
|
"threatFamilyName": null,
|
||||||
@ -106,24 +96,6 @@ GET https://api.securitycenter.windows.com/api/alerts/da637084217856368682_-2929
|
|||||||
"createdBy": "secop@contoso.com",
|
"createdBy": "secop@contoso.com",
|
||||||
"createdTime": "2019-11-05T14:08:37.8404534Z"
|
"createdTime": "2019-11-05T14:08:37.8404534Z"
|
||||||
}
|
}
|
||||||
],
|
|
||||||
"alertFiles": [
|
|
||||||
{
|
|
||||||
"sha1": "77e862797dd525fd3e9c3058153247945d0d4cfd",
|
|
||||||
"sha256": "c05823562aee5e6d000b0e041197d5b8303f5aa4eecb49820879b705c926e16e",
|
|
||||||
"filePath": "C:\\Users\\test1212\\AppData\\Local\\Temp\\nsf61D3.tmp.exe",
|
|
||||||
"fileName": "nsf61D3.tmp.exe"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"alertDomains": [
|
|
||||||
{
|
|
||||||
"host": "login.bullguard.com"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"alertIps": [
|
|
||||||
{
|
|
||||||
"ipAddress": "91.231.212.53"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|||||||
@ -18,11 +18,19 @@ ms.topic: article
|
|||||||
---
|
---
|
||||||
|
|
||||||
# Collect investigation package API
|
# Collect investigation package API
|
||||||
**Applies to:**
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
|
||||||
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
## API description
|
||||||
Collect investigation package from a machine.
|
Collect investigation package from a machine.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|
||||||
@ -74,25 +82,3 @@ Content-type: application/json
|
|||||||
"Comment": "Collect forensics due to alert 1234"
|
"Comment": "Collect forensics due to alert 1234"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 201 Created
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
|
|
||||||
"id": "c9042f9b-8483-4526-87b5-35e4c2532223",
|
|
||||||
"type": "CollectInvestigationPackage",
|
|
||||||
"requestor": "Analyst@contoso.com",
|
|
||||||
"requestorComment": " Collect forensics due to alert 1234",
|
|
||||||
"status": "InProgress",
|
|
||||||
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
|
||||||
"creationDateTimeUtc": "2018-12-04T12:09:24.1785079Z",
|
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:09:24.1785079Z",
|
|
||||||
"relatedFileInfo": null
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|||||||
@ -16,13 +16,24 @@ ms.collection: M365-security-compliance
|
|||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
|
|
||||||
# Create alert from event API
|
# Create alert API
|
||||||
|
|
||||||
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
Create alert using event data, as obtained from [Advanced Hunting](run-advanced-query-api.md) for creating a new alert.
|
|
||||||
|
## API description
|
||||||
|
Creates new [Alert](alerts.md).
|
||||||
|
<br>Microsoft Defender ATP Event is a required parameter for the alert creation.
|
||||||
|
<br>You can use an event found in Advanced Hunting API or Portal.
|
||||||
|
<br>If there existing an open alert on the same Machine with the same Title, the new created alert will be merged with it.
|
||||||
|
<br>An automatic investigation starts automatically on alerts created via the API.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 15 calls per minute.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
|
|
||||||
|
|||||||
@ -18,15 +18,18 @@ ms.topic: article
|
|||||||
|
|
||||||
# Delete Indicator API
|
# Delete Indicator API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
>[!Note]
|
## API description
|
||||||
> Currently this API is only supported for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
|
Deletes an [Indicator](ti-indicator.md) entity by ID.
|
||||||
|
|
||||||
|
|
||||||
- Deletes an Indicator entity by ID.
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
|
||||||
@ -66,15 +69,5 @@ If Indicator with the specified id was not found - 404 Not Found.
|
|||||||
Here is an example of the request.
|
Here is an example of the request.
|
||||||
|
|
||||||
```
|
```
|
||||||
DELETE https://api.securitycenter.windows.com/api/indicators/220e7d15b0b3d7fac48f2bd61114db1022197f7f
|
DELETE https://api.securitycenter.windows.com/api/indicators/995
|
||||||
```
|
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 204 NO CONTENT
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|||||||
@ -51,25 +51,25 @@ Content-type: application/json
|
|||||||
"value": [
|
"value": [
|
||||||
{
|
{
|
||||||
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
||||||
"computerDnsName": "mymachine1.contoso.com",
|
"computerDnsName": "mymachine1.contoso.com",
|
||||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"osPlatform": "Windows10",
|
"osPlatform": "Windows10",
|
||||||
"osVersion": "10.0.0.0",
|
"version": "1709",
|
||||||
"lastIpAddress": "172.17.230.209",
|
"osProcessor": "x64",
|
||||||
"lastExternalIpAddress": "167.220.196.71",
|
"lastIpAddress": "172.17.230.209",
|
||||||
"agentVersion": "10.5830.18209.1001",
|
"lastExternalIpAddress": "167.220.196.71",
|
||||||
"osBuild": 18209,
|
"osBuild": 18209,
|
||||||
"healthStatus": "Active",
|
"healthStatus": "Active",
|
||||||
"rbacGroupId": 140,
|
"rbacGroupId": 140,
|
||||||
"rbacGroupName": "The-A-Team",
|
"rbacGroupName": "The-A-Team",
|
||||||
"riskScore": "High",
|
"riskScore": "Low",
|
||||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
"exposureLevel": "Medium",
|
||||||
"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
|
"isAadJoined": true,
|
||||||
|
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
||||||
|
"machineTags": [ "test tag 1", "ExampleTag" ]
|
||||||
},
|
},
|
||||||
.
|
...
|
||||||
.
|
|
||||||
.
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@ -79,7 +79,7 @@ Content-type: application/json
|
|||||||
- Get all the alerts that created after 2018-10-20 00:00:00
|
- Get all the alerts that created after 2018-10-20 00:00:00
|
||||||
|
|
||||||
```
|
```
|
||||||
HTTP GET https://api.securitycenter.windows.com/api/alerts?$filter=alertCreationTime gt 2018-11-22T00:00:00Z
|
HTTP GET https://api.securitycenter.windows.com/api/alerts?$filter=alertCreationTime+gt+2018-11-22T00:00:00Z
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response:**
|
**Response:**
|
||||||
@ -91,28 +91,35 @@ Content-type: application/json
|
|||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
|
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
|
||||||
"value": [
|
"value": [
|
||||||
{
|
{
|
||||||
"id": "121688558380765161_2136280442",
|
"id": "da637084217856368682_-292920499",
|
||||||
"incidentId": 7696,
|
"incidentId": 66860,
|
||||||
"assignedTo": "secop@contoso.com",
|
"investigationId": 4416234,
|
||||||
"severity": "High",
|
"investigationState": "Running",
|
||||||
"status": "New",
|
"assignedTo": "secop@contoso.com",
|
||||||
"classification": "TruePositive",
|
"severity": "Low",
|
||||||
"determination": "Malware",
|
"status": "New",
|
||||||
"investigationState": "Running",
|
"classification": "TruePositive",
|
||||||
"category": "MalwareDownload",
|
"determination": null,
|
||||||
"detectionSource": "WindowsDefenderAv",
|
"detectionSource": "WindowsDefenderAtp",
|
||||||
"threatFamilyName": "Mikatz",
|
"category": "CommandAndControl",
|
||||||
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
|
"threatFamilyName": null,
|
||||||
"description": "Some description",
|
"title": "Network connection to a risky host",
|
||||||
"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
|
"description": "A network connection was made to a risky host which has exhibited malicious activity.",
|
||||||
"firstEventTime": "2018-11-26T16:17:50.0948658Z",
|
"alertCreationTime": "2019-11-03T23:49:45.3823185Z",
|
||||||
"lastEventTime": "2018-11-26T16:18:01.809871Z",
|
"firstEventTime": "2019-11-03T23:47:16.2288822Z",
|
||||||
"resolvedTime": null,
|
"lastEventTime": "2019-11-03T23:47:51.2966758Z",
|
||||||
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
|
"lastUpdateTime": "2019-11-03T23:55:52.6Z",
|
||||||
|
"resolvedTime": null,
|
||||||
|
"machineId": "986e5df8b73dacd43c8917d17e523e76b13c75cd",
|
||||||
|
"comments": [
|
||||||
|
{
|
||||||
|
"comment": "test comment for docs",
|
||||||
|
"createdBy": "secop@contoso.com",
|
||||||
|
"createdTime": "2019-11-05T14:08:37.8404534Z"
|
||||||
|
}
|
||||||
|
]
|
||||||
},
|
},
|
||||||
.
|
...
|
||||||
.
|
|
||||||
.
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@ -122,7 +129,7 @@ Content-type: application/json
|
|||||||
- Get all the machines with 'High' 'RiskScore'
|
- Get all the machines with 'High' 'RiskScore'
|
||||||
|
|
||||||
```
|
```
|
||||||
HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore eq 'High'
|
HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore+eq+'High'
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response:**
|
**Response:**
|
||||||
@ -135,25 +142,25 @@ Content-type: application/json
|
|||||||
"value": [
|
"value": [
|
||||||
{
|
{
|
||||||
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
||||||
"computerDnsName": "mymachine1.contoso.com",
|
"computerDnsName": "mymachine1.contoso.com",
|
||||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"osPlatform": "Windows10",
|
"osPlatform": "Windows10",
|
||||||
"osVersion": "10.0.0.0",
|
"version": "1709",
|
||||||
"lastIpAddress": "172.17.230.209",
|
"osProcessor": "x64",
|
||||||
"lastExternalIpAddress": "167.220.196.71",
|
"lastIpAddress": "172.17.230.209",
|
||||||
"agentVersion": "10.5830.18209.1001",
|
"lastExternalIpAddress": "167.220.196.71",
|
||||||
"osBuild": 18209,
|
"osBuild": 18209,
|
||||||
"healthStatus": "Active",
|
"healthStatus": "Active",
|
||||||
"rbacGroupId": 140,
|
"rbacGroupId": 140,
|
||||||
"rbacGroupName": "The-A-Team",
|
"rbacGroupName": "The-A-Team",
|
||||||
"riskScore": "High",
|
"riskScore": "High",
|
||||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
"exposureLevel": "Medium",
|
||||||
"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
|
"isAadJoined": true,
|
||||||
|
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
||||||
|
"machineTags": [ "test tag 1", "ExampleTag" ]
|
||||||
},
|
},
|
||||||
.
|
...
|
||||||
.
|
|
||||||
.
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@ -163,7 +170,7 @@ Content-type: application/json
|
|||||||
- Get top 100 machines with 'HealthStatus' not equals to 'Active'
|
- Get top 100 machines with 'HealthStatus' not equals to 'Active'
|
||||||
|
|
||||||
```
|
```
|
||||||
HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStatus ne 'Active'&$top=100
|
HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response:**
|
**Response:**
|
||||||
@ -176,25 +183,25 @@ Content-type: application/json
|
|||||||
"value": [
|
"value": [
|
||||||
{
|
{
|
||||||
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
||||||
"computerDnsName": "mymachine1.contoso.com",
|
"computerDnsName": "mymachine1.contoso.com",
|
||||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"osPlatform": "Windows10",
|
"osPlatform": "Windows10",
|
||||||
"osVersion": "10.0.0.0",
|
"version": "1709",
|
||||||
"lastIpAddress": "172.17.230.209",
|
"osProcessor": "x64",
|
||||||
"lastExternalIpAddress": "167.220.196.71",
|
"lastIpAddress": "172.17.230.209",
|
||||||
"agentVersion": "10.5830.18209.1001",
|
"lastExternalIpAddress": "167.220.196.71",
|
||||||
"osBuild": 18209,
|
"osBuild": 18209,
|
||||||
"healthStatus": "Active",
|
"healthStatus": "ImpairedCommunication",
|
||||||
"rbacGroupId": 140,
|
"rbacGroupId": 140,
|
||||||
"rbacGroupName": "The-A-Team",
|
"rbacGroupName": "The-A-Team",
|
||||||
"riskScore": "High",
|
"riskScore": "Low",
|
||||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
"exposureLevel": "Medium",
|
||||||
"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
|
"isAadJoined": true,
|
||||||
|
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
||||||
|
"machineTags": [ "test tag 1", "ExampleTag" ]
|
||||||
},
|
},
|
||||||
.
|
...
|
||||||
.
|
|
||||||
.
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@ -217,25 +224,25 @@ Content-type: application/json
|
|||||||
"value": [
|
"value": [
|
||||||
{
|
{
|
||||||
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
||||||
"computerDnsName": "mymachine1.contoso.com",
|
"computerDnsName": "mymachine1.contoso.com",
|
||||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"osPlatform": "Windows10",
|
"osPlatform": "Windows10",
|
||||||
"osVersion": "10.0.0.0",
|
"version": "1709",
|
||||||
"lastIpAddress": "172.17.230.209",
|
"osProcessor": "x64",
|
||||||
"lastExternalIpAddress": "167.220.196.71",
|
"lastIpAddress": "172.17.230.209",
|
||||||
"agentVersion": "10.5830.18209.1001",
|
"lastExternalIpAddress": "167.220.196.71",
|
||||||
"osBuild": 18209,
|
"osBuild": 18209,
|
||||||
"healthStatus": "Active",
|
"healthStatus": "ImpairedCommunication",
|
||||||
"rbacGroupId": 140,
|
"rbacGroupId": 140,
|
||||||
"rbacGroupName": "The-A-Team",
|
"rbacGroupName": "The-A-Team",
|
||||||
"riskScore": "High",
|
"riskScore": "Low",
|
||||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
"exposureLevel": "Medium",
|
||||||
"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
|
"isAadJoined": true,
|
||||||
|
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
||||||
|
"machineTags": [ "test tag 1", "ExampleTag" ]
|
||||||
},
|
},
|
||||||
.
|
...
|
||||||
.
|
|
||||||
.
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@ -245,7 +252,7 @@ Content-type: application/json
|
|||||||
- Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender ATP
|
- Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender ATP
|
||||||
|
|
||||||
```
|
```
|
||||||
HTTP GET https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@WcdTestPrd.onmicrosoft.com' and type eq 'RunAntiVirusScan'
|
HTTP GET https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan'
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response:**
|
**Response:**
|
||||||
@ -257,19 +264,19 @@ Content-type: application/json
|
|||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions",
|
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions",
|
||||||
"value": [
|
"value": [
|
||||||
{
|
{
|
||||||
"id": "5c3e3322-d993-1234-1111-dfb136ebc8c5",
|
"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
|
||||||
"type": "RunAntiVirusScan",
|
"type": "RunAntiVirusScan",
|
||||||
"requestor": "Analyst@examples.onmicrosoft.com",
|
"scope": "Full",
|
||||||
"requestorComment": "1533",
|
"requestor": "Analyst@contoso.com",
|
||||||
|
"requestorComment": "Check machine for viruses due to alert 3212",
|
||||||
"status": "Succeeded",
|
"status": "Succeeded",
|
||||||
"machineId": "123321c10e44a82877af76b1d0161a17843f688a",
|
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
||||||
"creationDateTimeUtc": "2018-11-12T13:33:24.5755657Z",
|
"computerDnsName": "desktop-39g9tgl",
|
||||||
"lastUpdateDateTimeUtc": "2018-11-12T13:34:32.0319826Z",
|
"creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
|
||||||
"relatedFileInfo": null
|
"lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
|
||||||
|
"relatedFileInfo": null
|
||||||
},
|
},
|
||||||
.
|
...
|
||||||
.
|
|
||||||
.
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|||||||
@ -17,9 +17,10 @@ ms.topic: article
|
|||||||
---
|
---
|
||||||
|
|
||||||
# File resource type
|
# File resource type
|
||||||
**Applies to:**
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
|
||||||
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
Represent a file entity in Microsoft Defender ATP.
|
Represent a file entity in Microsoft Defender ATP.
|
||||||
|
|
||||||
@ -37,11 +38,10 @@ Property | Type | Description
|
|||||||
:---|:---|:---
|
:---|:---|:---
|
||||||
sha1 | String | Sha1 hash of the file content
|
sha1 | String | Sha1 hash of the file content
|
||||||
sha256 | String | Sha256 hash of the file content
|
sha256 | String | Sha256 hash of the file content
|
||||||
md5 | String | md5 hash of the file content
|
globalPrevalence | Nullable long | File prevalence across organization
|
||||||
globalPrevalence | Integer | File prevalence across organization
|
|
||||||
globalFirstObserved | DateTimeOffset | First time the file was observed.
|
globalFirstObserved | DateTimeOffset | First time the file was observed.
|
||||||
globalLastObserved | DateTimeOffset | Last time the file was observed.
|
globalLastObserved | DateTimeOffset | Last time the file was observed.
|
||||||
size | Integer | Size of the file.
|
size | Nullable long | Size of the file.
|
||||||
fileType | String | Type of the file.
|
fileType | String | Type of the file.
|
||||||
isPeFile | Boolean | true if the file is portable executable (e.g. "DLL", "EXE", etc.)
|
isPeFile | Boolean | true if the file is portable executable (e.g. "DLL", "EXE", etc.)
|
||||||
filePublisher | String | File publisher.
|
filePublisher | String | File publisher.
|
||||||
@ -50,3 +50,29 @@ signer | String | File signer.
|
|||||||
issuer | String | File issuer.
|
issuer | String | File issuer.
|
||||||
signerHash | String | Hash of the signing certificate.
|
signerHash | String | Hash of the signing certificate.
|
||||||
isValidCertificate | Boolean | Was signing certificate successfully verified by Microsoft Defender ATP agent.
|
isValidCertificate | Boolean | Was signing certificate successfully verified by Microsoft Defender ATP agent.
|
||||||
|
determinationType | String | The determination type of the file.
|
||||||
|
determinationValue | String | Determination value.
|
||||||
|
|
||||||
|
|
||||||
|
## Json representation
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",
|
||||||
|
"sha256": "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462",
|
||||||
|
"globalPrevalence": 180022,
|
||||||
|
"globalFirstObserved": "2017-09-19T03:51:27.6785431Z",
|
||||||
|
"globalLastObserved": "2020-01-06T03:59:21.3229314Z",
|
||||||
|
"size": 22139496,
|
||||||
|
"fileType": "APP",
|
||||||
|
"isPeFile": true,
|
||||||
|
"filePublisher": "CHENGDU YIWO Tech Development Co., Ltd.",
|
||||||
|
"fileProductName": "EaseUS MobiSaver for Android",
|
||||||
|
"signer": "CHENGDU YIWO Tech Development Co., Ltd.",
|
||||||
|
"issuer": "VeriSign Class 3 Code Signing 2010 CA",
|
||||||
|
"signerHash": "6c3245d4a9bc0244d99dff27af259cbbae2e2d16",
|
||||||
|
"isValidCertificate": false,
|
||||||
|
"determinationType": "Pua",
|
||||||
|
"determinationValue": "PUA:Win32/FusionCore"
|
||||||
|
}
|
||||||
|
```
|
||||||
@ -18,13 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Find machines by internal IP API
|
# Find machines by internal IP API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp.
|
|
||||||
|
|
||||||
The given timestamp must be in the past 30 days.
|
## API description
|
||||||
|
Find [Machines](machine.md) seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. The given timestamp must be in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -70,37 +76,5 @@ Here is an example of the request.
|
|||||||
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
||||||
|
|
||||||
```
|
```
|
||||||
GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2018-09-22T08:44:05Z)
|
GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z)
|
||||||
```
|
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 200 OK
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
|
|
||||||
"value": [
|
|
||||||
{
|
|
||||||
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
|
||||||
"computerDnsName": "mymachine1.contoso.com",
|
|
||||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
|
||||||
"lastSeen": "2018-09-22T08:55:03.7791856Z",
|
|
||||||
"osPlatform": "Windows10",
|
|
||||||
"osVersion": "10.0.0.0",
|
|
||||||
"lastIpAddress": "10.248.240.38",
|
|
||||||
"lastExternalIpAddress": "167.220.196.71",
|
|
||||||
"agentVersion": "10.5830.18209.1001",
|
|
||||||
"osBuild": 18209,
|
|
||||||
"healthStatus": "Active",
|
|
||||||
"rbacGroupId": 140,
|
|
||||||
"rbacGroupName": "The-A-Team",
|
|
||||||
"riskScore": "Low",
|
|
||||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
|
||||||
"machineTags": [ "test tag 1", "test tag 2" ]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
```
|
||||||
|
|||||||
@ -18,11 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get alert information by ID API
|
# Get alert information by ID API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves specific [Alert](alerts.md) by its ID.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can get alerts last updated in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
Retrieves an alert by its ID.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -56,46 +64,3 @@ Empty
|
|||||||
|
|
||||||
## Response
|
## Response
|
||||||
If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body. If alert with the specified id was not found - 404 Not Found.
|
If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body. If alert with the specified id was not found - 404 Not Found.
|
||||||
|
|
||||||
|
|
||||||
## Example
|
|
||||||
|
|
||||||
**Request**
|
|
||||||
|
|
||||||
Here is an example of the request.
|
|
||||||
|
|
||||||
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
|
||||||
|
|
||||||
```
|
|
||||||
GET https://api.securitycenter.windows.com/api/alerts/441688558380765161_2136280442
|
|
||||||
```
|
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
|
|
||||||
"id": "441688558380765161_2136280442",
|
|
||||||
"incidentId": 8633,
|
|
||||||
"assignedTo": "secop@contoso.com",
|
|
||||||
"severity": "Low",
|
|
||||||
"status": "InProgress",
|
|
||||||
"classification": "TruePositive",
|
|
||||||
"determination": "Malware",
|
|
||||||
"investigationState": "Running",
|
|
||||||
"category": "MalwareDownload",
|
|
||||||
"detectionSource": "WindowsDefenderAv",
|
|
||||||
"threatFamilyName": "Mikatz",
|
|
||||||
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
|
|
||||||
"description": "Some description",
|
|
||||||
"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
|
|
||||||
"firstEventTime": "2018-11-25T16:17:50.0948658Z",
|
|
||||||
"lastEventTime": "2018-11-25T16:18:01.809871Z",
|
|
||||||
"resolvedTime": null,
|
|
||||||
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|||||||
@ -18,12 +18,20 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get alert related domain information API
|
# Get alert related domain information API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Retrieves all domains related to a specific alert.
|
Retrieves all domains related to a specific alert.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can query on alerts last updated in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|
||||||
@ -79,7 +87,11 @@ Content-type: application/json
|
|||||||
"value": [
|
"value": [
|
||||||
{
|
{
|
||||||
"host": "www.example.com"
|
"host": "www.example.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"host": "www.example2.com"
|
||||||
}
|
}
|
||||||
|
...
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -18,12 +18,20 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get alert related files information API
|
# Get alert related files information API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Retrieves all files related to a specific alert.
|
Retrieves all files related to a specific alert.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can query on alerts last updated in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|
||||||
@ -79,23 +87,25 @@ Content-type: application/json
|
|||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files",
|
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files",
|
||||||
"value": [
|
"value": [
|
||||||
{
|
{
|
||||||
"sha1": "654f19c41d9662cf86be21bf0af5a88c38c56a9d",
|
"sha1": "f2a00fd2f2de1be0214b8529f1e9f67096c1aa70",
|
||||||
"sha256": "2f905feec2798cee6f63da2c26758d86bfeaab954c01e20ac7085bf55fedde87",
|
"sha256": "dcd71ef5fff4362a9f64cf3f96f14f2b11d6f428f3badbedcb9ff3361e7079aa",
|
||||||
"md5": "82849dc81d94056224445ea73dc6153a",
|
"md5": "8d5b7cc9a832e21d22503057e1fec8e9",
|
||||||
"globalPrevalence": 33,
|
"globalPrevalence": 29,
|
||||||
"globalFirstObserved": "2018-07-17T18:17:27.5909748Z",
|
"globalFirstObserved": "2019-03-23T23:54:06.0135204Z",
|
||||||
"globalLastObserved": "2018-08-06T16:07:12.9414137Z",
|
"globalLastObserved": "2019-04-23T00:43:20.0489831Z",
|
||||||
"windowsDefenderAVThreatName": null,
|
"size": 113984,
|
||||||
"size": 801112,
|
"fileType": null,
|
||||||
"fileType": "PortableExecutable",
|
|
||||||
"isPeFile": true,
|
"isPeFile": true,
|
||||||
"filePublisher": null,
|
"filePublisher": "Microsoft Corporation",
|
||||||
"fileProductName": null,
|
"fileProductName": "Microsoft® Windows® Operating System",
|
||||||
"signer": "Microsoft Windows",
|
"signer": "Microsoft Corporation",
|
||||||
"issuer": "Microsoft Development PCA 2014",
|
"issuer": "Microsoft Code Signing PCA",
|
||||||
"signerHash": "9e284231a4d1c53fc8d4492b09f65116bf97447f",
|
"signerHash": "9dc17888b5cfad98b3cb35c1994e96227f061675",
|
||||||
"isValidCertificate": true
|
"isValidCertificate": true,
|
||||||
|
"determinationType": "Unknown",
|
||||||
|
"determinationValue": null
|
||||||
}
|
}
|
||||||
|
...
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|||||||
@ -16,14 +16,22 @@ ms.collection: M365-security-compliance
|
|||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get alert related IP information API
|
# Get alert related IPs information API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Retrieves all IPs related to a specific alert.
|
Retrieves all IPs related to a specific alert.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can query on alerts last updated in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|
||||||
@ -85,6 +93,7 @@ Content-type: application/json
|
|||||||
{
|
{
|
||||||
"id": "23.203.232.228
|
"id": "23.203.232.228
|
||||||
}
|
}
|
||||||
|
...
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -18,11 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get alert related machine information API
|
# Get alert related machine information API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves [Machine](machine.md) related to a specific alert.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can query on alerts last updated in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
Retrieves machine that is related to a specific alert.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -85,15 +93,16 @@ Content-type: application/json
|
|||||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"osPlatform": "Windows10",
|
"osPlatform": "Windows10",
|
||||||
"osVersion": "10.0.0.0",
|
"version": "1709",
|
||||||
|
"osProcessor": "x64",
|
||||||
"lastIpAddress": "172.17.230.209",
|
"lastIpAddress": "172.17.230.209",
|
||||||
"lastExternalIpAddress": "167.220.196.71",
|
"lastExternalIpAddress": "167.220.196.71",
|
||||||
"agentVersion": "10.5830.18209.1001",
|
|
||||||
"osBuild": 18209,
|
"osBuild": 18209,
|
||||||
"healthStatus": "Active",
|
"healthStatus": "Active",
|
||||||
"rbacGroupId": 140,
|
"rbacGroupId": 140,
|
||||||
"rbacGroupName": "The-A-Team",
|
"rbacGroupName": "The-A-Team",
|
||||||
"riskScore": "Low",
|
"riskScore": "Low",
|
||||||
|
"exposureLevel": "Medium",
|
||||||
"isAadJoined": true,
|
"isAadJoined": true,
|
||||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
||||||
"machineTags": [ "test tag 1", "test tag 2" ]
|
"machineTags": [ "test tag 1", "test tag 2" ]
|
||||||
|
|||||||
@ -18,11 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get alert related user information API
|
# Get alert related user information API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves the User related to a specific alert.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can query on alerts last updated in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
Retrieves the user associated to a specific alert.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -80,13 +88,16 @@ Content-type: application/json
|
|||||||
{
|
{
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity",
|
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity",
|
||||||
"id": "contoso\\user1",
|
"id": "contoso\\user1",
|
||||||
"firstSeen": "2018-08-02T00:00:00Z",
|
"accountName": "user1",
|
||||||
"lastSeen": "2018-08-04T00:00:00Z",
|
"accountDomain": "contoso",
|
||||||
"mostPrevalentMachineId": null,
|
"accountSid": "S-1-5-21-72051607-1745760036-109187956-93922",
|
||||||
"leastPrevalentMachineId": null,
|
"firstSeen": "2019-12-08T06:33:39Z",
|
||||||
|
"lastSeen": "2020-01-05T06:58:34Z",
|
||||||
|
"mostPrevalentMachineId": "0111b647235c26159bec3e5eb6c8c3a0cc3ab766",
|
||||||
|
"leastPrevalentMachineId": "0111b647235c26159bec3e5eb6c8c3a0cc3ab766",
|
||||||
"logonTypes": "Network",
|
"logonTypes": "Network",
|
||||||
"logOnMachinesCount": 3,
|
"logOnMachinesCount": 1,
|
||||||
"isDomainAdmin": false,
|
"isDomainAdmin": false,
|
||||||
"isOnlyNetworkUser": null
|
"isOnlyNetworkUser": false
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|||||||
@ -22,13 +22,19 @@ ms.topic: article
|
|||||||
|
|
||||||
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Retrieves a collection of Alerts.
|
Retrieves a collection of Alerts.
|
||||||
|
<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
|
||||||
|
<br>The OData's ```$filter``` query is supported on: ```alertCreationTime```, ```incidentId```, ```InvestigationId```, ```status```, ```severity``` and ```category``` properties.
|
||||||
|
<br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
|
||||||
|
|
||||||
Supports [OData V4 queries](https://www.odata.org/documentation/).
|
|
||||||
|
|
||||||
The OData's Filter query is supported on: "alertCreationTime", "incidentId", "InvestigationId", "status", "severity" and "category".
|
## Limitations
|
||||||
|
1. You can get alerts last updated in the past 30 days.
|
||||||
|
2. Maximum page size is 10,000.
|
||||||
|
3. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -50,10 +56,6 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
|
|||||||
GET /api/alerts
|
GET /api/alerts
|
||||||
```
|
```
|
||||||
|
|
||||||
## Optional query parameters
|
|
||||||
Method supports $top, $select, $filter, $expand and $skip query parameters.
|
|
||||||
<br>$expand is available on Files, IPs and Domains. e.g. $expand=files,domains
|
|
||||||
|
|
||||||
## Request headers
|
## Request headers
|
||||||
|
|
||||||
Name | Type | Description
|
Name | Type | Description
|
||||||
@ -120,11 +122,9 @@ Here is an example of the response.
|
|||||||
"createdBy": "secop@contoso.com",
|
"createdBy": "secop@contoso.com",
|
||||||
"createdTime": "2019-11-05T14:08:37.8404534Z"
|
"createdTime": "2019-11-05T14:08:37.8404534Z"
|
||||||
}
|
}
|
||||||
],
|
]
|
||||||
"alertFiles": [],
|
|
||||||
"alertDomains": [],
|
|
||||||
"alertIps": []
|
|
||||||
}
|
}
|
||||||
|
...
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|||||||
@ -15,6 +15,7 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
ROBOTS: NOINDEX
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get CVE-KB map API
|
# Get CVE-KB map API
|
||||||
|
|||||||
@ -18,11 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get domain related alerts API
|
# Get domain related alerts API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves a collection of [Alerts](alerts.md) related to a given domain address.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can query on alerts last updated in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
Retrieves a collection of alerts related to a given domain address.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -68,58 +76,3 @@ Here is an example of the request.
|
|||||||
```
|
```
|
||||||
GET https://api.securitycenter.windows.com/api/domains/client.wns.windows.com/alerts
|
GET https://api.securitycenter.windows.com/api/domains/client.wns.windows.com/alerts
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 200 OK
|
|
||||||
Content-type: application/json
|
|
||||||
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
|
|
||||||
"value": [
|
|
||||||
{
|
|
||||||
"id": "441688558380765161_2136280442",
|
|
||||||
"incidentId": 8633,
|
|
||||||
"assignedTo": "secop@contoso.com",
|
|
||||||
"severity": "Low",
|
|
||||||
"status": "InProgress",
|
|
||||||
"classification": "TruePositive",
|
|
||||||
"determination": "Malware",
|
|
||||||
"investigationState": "Running",
|
|
||||||
"category": "MalwareDownload",
|
|
||||||
"detectionSource": "WindowsDefenderAv",
|
|
||||||
"threatFamilyName": "Mikatz",
|
|
||||||
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
|
|
||||||
"description": "Some description",
|
|
||||||
"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
|
|
||||||
"firstEventTime": "2018-11-25T16:17:50.0948658Z",
|
|
||||||
"lastEventTime": "2018-11-25T16:18:01.809871Z",
|
|
||||||
"resolvedTime": null,
|
|
||||||
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id": "121688558380765161_2136280442",
|
|
||||||
"incidentId": 4123,
|
|
||||||
"assignedTo": "secop@contoso.com",
|
|
||||||
"severity": "Low",
|
|
||||||
"status": "InProgress",
|
|
||||||
"classification": "TruePositive",
|
|
||||||
"determination": "Malware",
|
|
||||||
"investigationState": "Running",
|
|
||||||
"category": "MalwareDownload",
|
|
||||||
"detectionSource": "WindowsDefenderAv",
|
|
||||||
"threatFamilyName": "Mikatz",
|
|
||||||
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
|
|
||||||
"description": "Some description",
|
|
||||||
"alertCreationTime": "2018-11-24T16:19:21.8409809Z",
|
|
||||||
"firstEventTime": "2018-11-24T16:17:50.0948658Z",
|
|
||||||
"lastEventTime": "2018-11-24T16:18:01.809871Z",
|
|
||||||
"resolvedTime": null,
|
|
||||||
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|||||||
@ -17,10 +17,20 @@ ms.topic: article
|
|||||||
---
|
---
|
||||||
|
|
||||||
# Get domain related machines API
|
# Get domain related machines API
|
||||||
**Applies to:**
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
|
||||||
Retrieves a collection of machines that have communicated to or from a given domain address.
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves a collection of [Machines](machine.md) that have communicated to or from a given domain address.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can query on machines last seen in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -68,54 +78,3 @@ Here is an example of the request.
|
|||||||
```
|
```
|
||||||
GET https://api.securitycenter.windows.com/api/domains/api.securitycenter.windows.com/machines
|
GET https://api.securitycenter.windows.com/api/domains/api.securitycenter.windows.com/machines
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 200 OK
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
|
|
||||||
"value": [
|
|
||||||
{
|
|
||||||
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
|
||||||
"computerDnsName": "mymachine1.contoso.com",
|
|
||||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
|
||||||
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
|
||||||
"osPlatform": "Windows10",
|
|
||||||
"osVersion": "10.0.0.0",
|
|
||||||
"lastIpAddress": "172.17.230.209",
|
|
||||||
"lastExternalIpAddress": "167.220.196.71",
|
|
||||||
"agentVersion": "10.5830.18209.1001",
|
|
||||||
"osBuild": 18209,
|
|
||||||
"healthStatus": "Active",
|
|
||||||
"rbacGroupId": 140,
|
|
||||||
"rbacGroupName": "The-A-Team",
|
|
||||||
"riskScore": "Low",
|
|
||||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
|
||||||
"machineTags": [ "test tag 1", "test tag 2" ]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
|
|
||||||
"computerDnsName": "mymachine2.contoso.com",
|
|
||||||
"firstSeen": "2018-07-09T13:22:45.1250071Z",
|
|
||||||
"lastSeen": "2018-07-09T13:22:45.1250071Z",
|
|
||||||
"osPlatform": "Windows10",
|
|
||||||
"osVersion": "10.0.0.0",
|
|
||||||
"lastIpAddress": "192.168.12.225",
|
|
||||||
"lastExternalIpAddress": "79.183.65.82",
|
|
||||||
"agentVersion": "10.5820.17724.1000",
|
|
||||||
"osBuild": 17724,
|
|
||||||
"healthStatus": "Inactive",
|
|
||||||
"rbacGroupId": 140,
|
|
||||||
"rbacGroupName": "The-A-Team",
|
|
||||||
"riskScore": "Low",
|
|
||||||
"aadDeviceId": null,
|
|
||||||
"machineTags": [ "test tag 1" ]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|||||||
@ -18,10 +18,18 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get domain statistics API
|
# Get domain statistics API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves the statistics on the given domain.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
Retrieves the prevalence for the given domain.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|||||||
@ -17,10 +17,19 @@ ms.topic: article
|
|||||||
---
|
---
|
||||||
|
|
||||||
# Get file information API
|
# Get file information API
|
||||||
**Applies to:**
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
|
||||||
Retrieves a file by identifier Sha1, Sha256, or MD5.
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves a [File](files.md) by identifier Sha1, or Sha256
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -62,7 +71,7 @@ Here is an example of the request.
|
|||||||
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
||||||
|
|
||||||
```
|
```
|
||||||
GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1
|
GET https://api.securitycenter.windows.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
**Response**
|
||||||
@ -74,22 +83,22 @@ Here is an example of the response.
|
|||||||
HTTP/1.1 200 OK
|
HTTP/1.1 200 OK
|
||||||
Content-type: application/json
|
Content-type: application/json
|
||||||
{
|
{
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files/$entity",
|
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files/$entity",
|
||||||
"sha1": "6532ec91d513acc05f43ee0aa3002599729fd3e1",
|
"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",
|
||||||
"sha256": "d4447dffdbb2889b4b4e746b0bc882df1b854101614b0aa83953ef3cb66904cf",
|
"sha256": "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462",
|
||||||
"md5": "7f05a371d2beffb3784fd2199f81d730",
|
"globalPrevalence": 180022,
|
||||||
"globalPrevalence": 7329,
|
"globalFirstObserved": "2017-09-19T03:51:27.6785431Z",
|
||||||
"globalFirstObserved": "2018-04-08T05:50:29.4459725Z",
|
"globalLastObserved": "2020-01-06T03:59:21.3229314Z",
|
||||||
"globalLastObserved": "2018-08-07T23:35:11.1361328Z",
|
"size": 22139496,
|
||||||
"windowsDefenderAVThreatName": null,
|
"fileType": "APP",
|
||||||
"size": 391680,
|
"isPeFile": true,
|
||||||
"fileType": "PortableExecutable",
|
"filePublisher": "CHENGDU YIWO Tech Development Co., Ltd.",
|
||||||
"isPeFile": true,
|
"fileProductName": "EaseUS MobiSaver for Android",
|
||||||
"filePublisher": null,
|
"signer": "CHENGDU YIWO Tech Development Co., Ltd.",
|
||||||
"fileProductName": null,
|
"issuer": "VeriSign Class 3 Code Signing 2010 CA",
|
||||||
"signer": null,
|
"signerHash": "6c3245d4a9bc0244d99dff27af259cbbae2e2d16",
|
||||||
"issuer": null,
|
"isValidCertificate": false,
|
||||||
"signerHash": null,
|
"determinationType": "Pua",
|
||||||
"isValidCertificate": null
|
"determinationValue": "PUA:Win32/FusionCore"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|||||||
@ -18,12 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get file related alerts API
|
# Get file related alerts API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Retrieves a collection of alerts related to a given file hash.
|
Retrieves a collection of alerts related to a given file hash.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|
||||||
@ -69,38 +76,3 @@ Here is an example of the request.
|
|||||||
```
|
```
|
||||||
GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts
|
GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 200 OK
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
|
|
||||||
"value": [
|
|
||||||
{
|
|
||||||
"id": "121688558380765161_2136280442",
|
|
||||||
"incidentId": 7696,
|
|
||||||
"assignedTo": "secop@contoso.com",
|
|
||||||
"severity": "High",
|
|
||||||
"status": "New",
|
|
||||||
"classification": "TruePositive",
|
|
||||||
"determination": "Malware",
|
|
||||||
"investigationState": "Running",
|
|
||||||
"category": "MalwareDownload",
|
|
||||||
"detectionSource": "WindowsDefenderAv",
|
|
||||||
"threatFamilyName": "Mikatz",
|
|
||||||
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
|
|
||||||
"description": "Some description",
|
|
||||||
"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
|
|
||||||
"firstEventTime": "2018-11-26T16:17:50.0948658Z",
|
|
||||||
"lastEventTime": "2018-11-26T16:18:01.809871Z",
|
|
||||||
"resolvedTime": null,
|
|
||||||
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|||||||
@ -18,11 +18,18 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get file related machines API
|
# Get file related machines API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves a collection of [Machines](machine.md) related to a given file hash.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
- Retrieves a collection of machines related to a given file hash.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -69,52 +76,3 @@ Here is an example of the request.
|
|||||||
```
|
```
|
||||||
GET https://api.securitycenter.windows.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines
|
GET https://api.securitycenter.windows.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 200 OK
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
|
|
||||||
"value": [
|
|
||||||
{
|
|
||||||
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
|
||||||
"computerDnsName": "mymachine1.contoso.com",
|
|
||||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
|
||||||
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
|
||||||
"osPlatform": "Windows10",
|
|
||||||
"osVersion": "10.0.0.0",
|
|
||||||
"lastIpAddress": "172.17.230.209",
|
|
||||||
"lastExternalIpAddress": "167.220.196.71",
|
|
||||||
"agentVersion": "10.5830.18209.1001",
|
|
||||||
"osBuild": 18209,
|
|
||||||
"healthStatus": "Active",
|
|
||||||
"rbacGroupId": 140,
|
|
||||||
"riskScore": "Low",
|
|
||||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
|
||||||
"machineTags": [ "test tag 1", "test tag 2" ]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
|
|
||||||
"computerDnsName": "mymachine2.contoso.com",
|
|
||||||
"firstSeen": "2018-07-09T13:22:45.1250071Z",
|
|
||||||
"lastSeen": "2018-07-09T13:22:45.1250071Z",
|
|
||||||
"osPlatform": "Windows10",
|
|
||||||
"osVersion": "10.0.0.0",
|
|
||||||
"lastIpAddress": "192.168.12.225",
|
|
||||||
"lastExternalIpAddress": "79.183.65.82",
|
|
||||||
"agentVersion": "10.5820.17724.1000",
|
|
||||||
"osBuild": 17724,
|
|
||||||
"healthStatus": "Inactive",
|
|
||||||
"rbacGroupId": 140,
|
|
||||||
"riskScore": "Low",
|
|
||||||
"aadDeviceId": null,
|
|
||||||
"machineTags": [ "test tag 1" ]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|||||||
@ -18,11 +18,18 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get file statistics API
|
# Get file statistics API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves the statistics for the given file.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
Retrieves the prevalence for the given file.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -64,7 +71,7 @@ Here is an example of the request.
|
|||||||
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
||||||
|
|
||||||
```
|
```
|
||||||
GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/stats
|
GET https://api.securitycenter.windows.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
**Response**
|
||||||
@ -77,13 +84,15 @@ HTTP/1.1 200 OK
|
|||||||
Content-type: application/json
|
Content-type: application/json
|
||||||
{
|
{
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats",
|
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats",
|
||||||
"sha1": "6532ec91d513acc05f43ee0aa3002599729fd3e1",
|
"sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f",
|
||||||
"orgPrevalence": "3",
|
"orgPrevalence": "14850",
|
||||||
"orgFirstSeen": "2018-07-15T06:13:59Z",
|
"orgFirstSeen": "2019-12-07T13:44:16Z",
|
||||||
"orgLastSeen": "2018-08-03T16:45:21Z",
|
"orgLastSeen": "2020-01-06T13:39:36Z",
|
||||||
|
"globalPrevalence": "705012",
|
||||||
|
"globalFirstObserved": "2015-03-19T12:20:07.3432441Z",
|
||||||
|
"globalLastObserved": "2020-01-06T13:39:36Z",
|
||||||
"topFileNames": [
|
"topFileNames": [
|
||||||
"chrome_1.exe",
|
"MREC.exe"
|
||||||
"chrome_2.exe"
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -0,0 +1,110 @@
|
|||||||
|
---
|
||||||
|
title: List Investigations API
|
||||||
|
description: Use this API to create calls related to get Investigations collection
|
||||||
|
keywords: apis, graph api, supported apis, Investigations collection
|
||||||
|
search.product: eADQiWindows 10XVcnh
|
||||||
|
ms.prod: w10
|
||||||
|
ms.mktglfcycl: deploy
|
||||||
|
ms.sitesec: library
|
||||||
|
ms.pagetype: security
|
||||||
|
ms.author: macapara
|
||||||
|
author: mjcaparas
|
||||||
|
ms.localizationpriority: medium
|
||||||
|
manager: dansimp
|
||||||
|
audience: ITPro
|
||||||
|
ms.collection: M365-security-compliance
|
||||||
|
ms.topic: article
|
||||||
|
---
|
||||||
|
|
||||||
|
# List Investigations API
|
||||||
|
|
||||||
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves a collection of [Investigations](investigation.md).
|
||||||
|
<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
|
||||||
|
<br>The OData's ```$filter``` query is supported on: ```startTime```, ```state```, ```machineId``` and ```triggeringAlertId``` properties.
|
||||||
|
<br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Maximum page size is 10,000.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
|
## Permissions
|
||||||
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|
||||||
|
Permission type | Permission | Permission display name
|
||||||
|
:---|:---|:---
|
||||||
|
Application | Alert.Read.All | 'Read all alerts'
|
||||||
|
Application | Alert.ReadWrite.All | 'Read and write all alerts'
|
||||||
|
Delegated (work or school account) | Alert.Read | 'Read alerts'
|
||||||
|
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
|
||||||
|
|
||||||
|
>[!Note]
|
||||||
|
> When obtaining a token using user credentials:
|
||||||
|
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
|
||||||
|
|
||||||
|
## HTTP request
|
||||||
|
```
|
||||||
|
GET https://api.securitycenter.windows.com/api/investigations
|
||||||
|
```
|
||||||
|
|
||||||
|
## Request headers
|
||||||
|
|
||||||
|
Name | Type | Description
|
||||||
|
:---|:---|:---
|
||||||
|
Authorization | String | Bearer {token}. **Required**.
|
||||||
|
|
||||||
|
|
||||||
|
## Request body
|
||||||
|
Empty
|
||||||
|
|
||||||
|
## Response
|
||||||
|
If successful, this method returns 200, Ok response code with a collection of [Investigations](investigation.md) entities.
|
||||||
|
|
||||||
|
|
||||||
|
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
||||||
|
|
||||||
|
|
||||||
|
## Example
|
||||||
|
|
||||||
|
**Request**
|
||||||
|
|
||||||
|
Here is an example of a request to get all investigations:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
GET https://api.securitycenter.windows.com/api/investigations
|
||||||
|
```
|
||||||
|
|
||||||
|
**Response**
|
||||||
|
|
||||||
|
Here is an example of the response:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
HTTP/1.1 200 Ok
|
||||||
|
Content-type: application/json
|
||||||
|
{
|
||||||
|
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Investigations",
|
||||||
|
"value": [
|
||||||
|
{
|
||||||
|
"id": "63017",
|
||||||
|
"startTime": "2020-01-06T14:11:34Z",
|
||||||
|
"endTime": null,
|
||||||
|
"state": "Running",
|
||||||
|
"cancelledBy": null,
|
||||||
|
"statusDetails": null,
|
||||||
|
"machineId": "a69a22debe5f274d8765ea3c368d00762e057b30",
|
||||||
|
"computerDnsName": "desktop-gtrcon0",
|
||||||
|
"triggeringAlertId": "da637139166940871892_-598649278"
|
||||||
|
}
|
||||||
|
...
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
@ -0,0 +1,66 @@
|
|||||||
|
---
|
||||||
|
title: Get Investigation object API
|
||||||
|
description: Use this API to create calls related to get Investigation object
|
||||||
|
keywords: apis, graph api, supported apis, Investigation object
|
||||||
|
search.product: eADQiWindows 10XVcnh
|
||||||
|
ms.prod: w10
|
||||||
|
ms.mktglfcycl: deploy
|
||||||
|
ms.sitesec: library
|
||||||
|
ms.pagetype: security
|
||||||
|
ms.author: macapara
|
||||||
|
author: mjcaparas
|
||||||
|
ms.localizationpriority: medium
|
||||||
|
manager: dansimp
|
||||||
|
audience: ITPro
|
||||||
|
ms.collection: M365-security-compliance
|
||||||
|
ms.topic: article
|
||||||
|
---
|
||||||
|
|
||||||
|
# Get Investigation API
|
||||||
|
|
||||||
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves specific [Investigation](investigation.md) by its ID.
|
||||||
|
<br> ID can be the investigation ID or the investigation triggering alert ID.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
|
## Permissions
|
||||||
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|
||||||
|
Permission type | Permission | Permission display name
|
||||||
|
:---|:---|:---
|
||||||
|
Application | Alert.Read.All | 'Read all alerts'
|
||||||
|
Application | Alert.ReadWrite.All | 'Read and write all alerts'
|
||||||
|
Delegated (work or school account) | Alert.Read | 'Read alerts'
|
||||||
|
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
|
||||||
|
|
||||||
|
>[!Note]
|
||||||
|
> When obtaining a token using user credentials:
|
||||||
|
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
|
||||||
|
|
||||||
|
## HTTP request
|
||||||
|
```
|
||||||
|
GET https://api.securitycenter.windows.com/api/investigations/{id}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Request headers
|
||||||
|
|
||||||
|
Name | Type | Description
|
||||||
|
:---|:---|:---
|
||||||
|
Authorization | String | Bearer {token}. **Required**.
|
||||||
|
|
||||||
|
|
||||||
|
## Request body
|
||||||
|
Empty
|
||||||
|
|
||||||
|
## Response
|
||||||
|
If successful, this method returns 200, Ok response code with a [Investigations](investigation.md) entity.
|
||||||
|
|
||||||
@ -18,12 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get IP related alerts API
|
# Get IP related alerts API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Retrieves a collection of alerts related to a given IP address.
|
Retrieves a collection of alerts related to a given IP address.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|
||||||
@ -69,39 +76,4 @@ Here is an example of the request.
|
|||||||
|
|
||||||
```
|
```
|
||||||
GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/alerts
|
GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/alerts
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 200 OK
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
|
|
||||||
"value": [
|
|
||||||
{
|
|
||||||
"id": "441688558380765161_2136280442",
|
|
||||||
"incidentId": 8633,
|
|
||||||
"assignedTo": "secop@contoso.com",
|
|
||||||
"severity": "Low",
|
|
||||||
"status": "InProgress",
|
|
||||||
"classification": "TruePositive",
|
|
||||||
"determination": "Malware",
|
|
||||||
"investigationState": "Running",
|
|
||||||
"category": "MalwareDownload",
|
|
||||||
"detectionSource": "WindowsDefenderAv",
|
|
||||||
"threatFamilyName": "Mikatz",
|
|
||||||
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
|
|
||||||
"description": "Some description",
|
|
||||||
"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
|
|
||||||
"firstEventTime": "2018-11-25T16:17:50.0948658Z",
|
|
||||||
"lastEventTime": "2018-11-25T16:18:01.809871Z",
|
|
||||||
"resolvedTime": null,
|
|
||||||
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
@ -18,11 +18,18 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get IP statistics API
|
# Get IP statistics API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves the statistics for the given IP.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
Retrieves the prevalence for the given IP.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|||||||
@ -15,7 +15,7 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 10/07/2018
|
ROBOTS: NOINDEX
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get KB collection API
|
# Get KB collection API
|
||||||
|
|||||||
@ -18,11 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get machine by ID API
|
# Get machine by ID API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves specific [Machine](machine.md) by its machine ID or computer name.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can get machines last seen in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
Retrieves a machine entity by ID.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -83,20 +91,22 @@ Content-type: application/json
|
|||||||
{
|
{
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine",
|
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine",
|
||||||
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
||||||
"computerDnsName": "mymachine1.contoso.com",
|
"computerDnsName": "mymachine1.contoso.com",
|
||||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"osPlatform": "Windows10",
|
"osPlatform": "Windows10",
|
||||||
"osVersion": "10.0.0.0",
|
"version": "1709",
|
||||||
"lastIpAddress": "172.17.230.209",
|
"osProcessor": "x64",
|
||||||
"lastExternalIpAddress": "167.220.196.71",
|
"lastIpAddress": "172.17.230.209",
|
||||||
"agentVersion": "10.5830.18209.1001",
|
"lastExternalIpAddress": "167.220.196.71",
|
||||||
"osBuild": 18209,
|
"osBuild": 18209,
|
||||||
"healthStatus": "Active",
|
"healthStatus": "Active",
|
||||||
"rbacGroupId": 140,
|
"rbacGroupId": 140,
|
||||||
"rbacGroupName": "The-A-Team",
|
"rbacGroupName": "The-A-Team",
|
||||||
"riskScore": "Low",
|
"riskScore": "Low",
|
||||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
"exposureLevel": "Medium",
|
||||||
|
"isAadJoined": true,
|
||||||
|
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
||||||
"machineTags": [ "test tag 1", "test tag 2" ]
|
"machineTags": [ "test tag 1", "test tag 2" ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -18,11 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get machine log on users API
|
# Get machine log on users API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves a collection of logged on users on a specific machine.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can query on machines last seen in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
Retrieves a collection of logged on users.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -81,26 +89,19 @@ Content-type: application/json
|
|||||||
"value": [
|
"value": [
|
||||||
{
|
{
|
||||||
"id": "contoso\\user1",
|
"id": "contoso\\user1",
|
||||||
"firstSeen": "2018-08-02T00:00:00Z",
|
"accountName": "user1",
|
||||||
"lastSeen": "2018-08-04T00:00:00Z",
|
"accountDomain": "contoso",
|
||||||
"mostPrevalentMachineId": null,
|
"accountSid": "S-1-5-21-72051607-1745760036-109187956-93922",
|
||||||
"leastPrevalentMachineId": null,
|
"firstSeen": "2019-12-18T08:02:54Z",
|
||||||
"logonTypes": "Network",
|
"lastSeen": "2020-01-06T08:01:48Z",
|
||||||
"logOnMachinesCount": 3,
|
"mostPrevalentMachineId": "111153d0c675eaa415b8e5f383c6388bff446c62",
|
||||||
"isDomainAdmin": false,
|
"leastPrevalentMachineId": "111153d0c675eaa415b8e5f383c6388bff446c62",
|
||||||
"isOnlyNetworkUser": null
|
"logonTypes": "Interactive",
|
||||||
|
"logOnMachinesCount": 8,
|
||||||
|
"isDomainAdmin": true,
|
||||||
|
"isOnlyNetworkUser": false
|
||||||
},
|
},
|
||||||
{
|
...
|
||||||
"id": "contoso\\user2",
|
|
||||||
"firstSeen": "2018-08-02T00:00:00Z",
|
|
||||||
"lastSeen": "2018-08-05T00:00:00Z",
|
|
||||||
"mostPrevalentMachineId": null,
|
|
||||||
"leastPrevalentMachineId": null,
|
|
||||||
"logonTypes": "Network",
|
|
||||||
"logOnMachinesCount": 3,
|
|
||||||
"isDomainAdmin": false,
|
|
||||||
"isOnlyNetworkUser": null
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|||||||
@ -17,13 +17,20 @@ ms.topic: article
|
|||||||
---
|
---
|
||||||
|
|
||||||
# Get machine related alerts API
|
# Get machine related alerts API
|
||||||
**Applies to:**
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
|
||||||
Retrieves a collection of alerts related to a given machine ID.
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves all [Alerts](alerts.md) related to a specific machine.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can query on machines last seen in the past 30 days.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
## Permissions
|
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
|
||||||
|
|
||||||
Permission type | Permission | Permission display name
|
Permission type | Permission | Permission display name
|
||||||
:---|:---|:---
|
:---|:---|:---
|
||||||
@ -54,52 +61,3 @@ Empty
|
|||||||
|
|
||||||
## Response
|
## Response
|
||||||
If successful and machine exists - 200 OK with list of [alert](alerts.md) entities in the body. If machine was not found - 404 Not Found.
|
If successful and machine exists - 200 OK with list of [alert](alerts.md) entities in the body. If machine was not found - 404 Not Found.
|
||||||
|
|
||||||
|
|
||||||
## Example
|
|
||||||
|
|
||||||
**Request**
|
|
||||||
|
|
||||||
Here is an example of the request.
|
|
||||||
|
|
||||||
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/alerts
|
|
||||||
```
|
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 200 OK
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
|
|
||||||
"value": [
|
|
||||||
{
|
|
||||||
"id": "441688558380765161_2136280442",
|
|
||||||
"incidentId": 8633,
|
|
||||||
"assignedTo": "secop@contoso.com",
|
|
||||||
"severity": "Low",
|
|
||||||
"status": "InProgress",
|
|
||||||
"classification": "TruePositive",
|
|
||||||
"determination": "Malware",
|
|
||||||
"investigationState": "Running",
|
|
||||||
"category": "MalwareDownload",
|
|
||||||
"detectionSource": "WindowsDefenderAv",
|
|
||||||
"threatFamilyName": "Mikatz",
|
|
||||||
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
|
|
||||||
"description": "Some description",
|
|
||||||
"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
|
|
||||||
"firstEventTime": "2018-11-25T16:17:50.0948658Z",
|
|
||||||
"lastEventTime": "2018-11-25T16:18:01.809871Z",
|
|
||||||
"resolvedTime": null,
|
|
||||||
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|||||||
@ -18,10 +18,18 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get machineAction API
|
# Get machineAction API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Retrieves specific [Machine Action](machineaction.md) by its ID.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
Get action performed on a machine.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -77,15 +85,17 @@ HTTP/1.1 200 Ok
|
|||||||
Content-type: application/json
|
Content-type: application/json
|
||||||
{
|
{
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
|
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
|
||||||
"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
|
"id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
|
||||||
"type": "RunAntiVirusScan",
|
"type": "Isolate",
|
||||||
"requestor": "Analyst@contoso.com",
|
"scope": "Selective",
|
||||||
"requestorComment": "Check machine for viruses due to alert 3212",
|
"requestor": "Analyst@TestPrd.onmicrosoft.com",
|
||||||
|
"requestorComment": "test for docs",
|
||||||
"status": "Succeeded",
|
"status": "Succeeded",
|
||||||
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
"machineId": "7b1f4967d9728e5aa3c06a9e617a22a4a5a17378",
|
||||||
"creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
|
"computerDnsName": "desktop-test",
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
|
"creationDateTimeUtc": "2019-01-02T14:39:38.2262283Z",
|
||||||
"relatedFileInfo": null
|
"lastUpdateDateTimeUtc": "2019-01-02T14:40:44.6596267Z",
|
||||||
|
"relatedFileInfo": null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -18,17 +18,22 @@ ms.topic: article
|
|||||||
|
|
||||||
# List MachineActions API
|
# List MachineActions API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
Gets collection of actions done on machines.
|
|
||||||
|
|
||||||
Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
|
## API description
|
||||||
|
Retrieves a collection of [Machine Actions](machineaction.md).
|
||||||
|
<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
|
||||||
|
<br>The OData's ```$filter``` query is supported on: ```status```, ```machineId```, ```type```, ```requestor``` and ```creationDateTimeUtc``` properties.
|
||||||
|
<br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
|
||||||
|
|
||||||
The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type", "Requestor" and "CreationDateTimeUtc".
|
|
||||||
|
|
||||||
See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
|
## Limitations
|
||||||
|
1. Maximum page size is 10,000.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -89,10 +94,12 @@ Content-type: application/json
|
|||||||
{
|
{
|
||||||
"id": "69dc3630-1ccc-4342-acf3-35286eec741d",
|
"id": "69dc3630-1ccc-4342-acf3-35286eec741d",
|
||||||
"type": "CollectInvestigationPackage",
|
"type": "CollectInvestigationPackage",
|
||||||
|
"scope": null,
|
||||||
"requestor": "Analyst@contoso.com",
|
"requestor": "Analyst@contoso.com",
|
||||||
"requestorComment": "test",
|
"requestorComment": "test",
|
||||||
"status": "Succeeded",
|
"status": "Succeeded",
|
||||||
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
||||||
|
"computerDnsName": "desktop-39g9tgl",
|
||||||
"creationDateTimeUtc": "2018-12-04T12:43:57.2011911Z",
|
"creationDateTimeUtc": "2018-12-04T12:43:57.2011911Z",
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:45:25.4049122Z",
|
"lastUpdateTimeUtc": "2018-12-04T12:45:25.4049122Z",
|
||||||
"relatedFileInfo": null
|
"relatedFileInfo": null
|
||||||
@ -100,10 +107,12 @@ Content-type: application/json
|
|||||||
{
|
{
|
||||||
"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
|
"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
|
||||||
"type": "RunAntiVirusScan",
|
"type": "RunAntiVirusScan",
|
||||||
|
"scope": "Full",
|
||||||
"requestor": "Analyst@contoso.com",
|
"requestor": "Analyst@contoso.com",
|
||||||
"requestorComment": "Check machine for viruses due to alert 3212",
|
"requestorComment": "Check machine for viruses due to alert 3212",
|
||||||
"status": "Succeeded",
|
"status": "Succeeded",
|
||||||
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
||||||
|
"computerDnsName": "desktop-39g9tgl",
|
||||||
"creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
|
"creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
|
"lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
|
||||||
"relatedFileInfo": null
|
"relatedFileInfo": null
|
||||||
@ -111,10 +120,12 @@ Content-type: application/json
|
|||||||
{
|
{
|
||||||
"id": "44cffc15-0e3d-4cbf-96aa-bf76f9b27f5e",
|
"id": "44cffc15-0e3d-4cbf-96aa-bf76f9b27f5e",
|
||||||
"type": "StopAndQuarantineFile",
|
"type": "StopAndQuarantineFile",
|
||||||
|
"scope": null,
|
||||||
"requestor": "Analyst@contoso.com",
|
"requestor": "Analyst@contoso.com",
|
||||||
"requestorComment": "test",
|
"requestorComment": "test",
|
||||||
"status": "Succeeded",
|
"status": "Succeeded",
|
||||||
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
||||||
|
"computerDnsName": "desktop-39g9tgl",
|
||||||
"creationDateTimeUtc": "2018-12-04T12:15:40.6052029Z",
|
"creationDateTimeUtc": "2018-12-04T12:15:40.6052029Z",
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:16:14.2899973Z",
|
"lastUpdateTimeUtc": "2018-12-04T12:16:14.2899973Z",
|
||||||
"relatedFileInfo": {
|
"relatedFileInfo": {
|
||||||
@ -151,10 +162,12 @@ Content-type: application/json
|
|||||||
{
|
{
|
||||||
"id": "69dc3630-1ccc-4342-acf3-35286eec741d",
|
"id": "69dc3630-1ccc-4342-acf3-35286eec741d",
|
||||||
"type": "CollectInvestigationPackage",
|
"type": "CollectInvestigationPackage",
|
||||||
|
"scope": null,
|
||||||
"requestor": "Analyst@contoso.com",
|
"requestor": "Analyst@contoso.com",
|
||||||
"requestorComment": "test",
|
"requestorComment": "test",
|
||||||
"status": "Succeeded",
|
"status": "Succeeded",
|
||||||
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
||||||
|
"computerDnsName": "desktop-39g9tgl",
|
||||||
"creationDateTimeUtc": "2018-12-04T12:43:57.2011911Z",
|
"creationDateTimeUtc": "2018-12-04T12:43:57.2011911Z",
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:45:25.4049122Z",
|
"lastUpdateTimeUtc": "2018-12-04T12:45:25.4049122Z",
|
||||||
"relatedFileInfo": null
|
"relatedFileInfo": null
|
||||||
@ -162,10 +175,12 @@ Content-type: application/json
|
|||||||
{
|
{
|
||||||
"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
|
"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
|
||||||
"type": "RunAntiVirusScan",
|
"type": "RunAntiVirusScan",
|
||||||
|
"scope": "Full",
|
||||||
"requestor": "Analyst@contoso.com",
|
"requestor": "Analyst@contoso.com",
|
||||||
"requestorComment": "Check machine for viruses due to alert 3212",
|
"requestorComment": "Check machine for viruses due to alert 3212",
|
||||||
"status": "Succeeded",
|
"status": "Succeeded",
|
||||||
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
|
||||||
|
"computerDnsName": "desktop-39g9tgl",
|
||||||
"creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
|
"creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
|
"lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
|
||||||
"relatedFileInfo": null
|
"relatedFileInfo": null
|
||||||
|
|||||||
@ -18,17 +18,23 @@ ms.topic: article
|
|||||||
|
|
||||||
# List machines API
|
# List machines API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
This API can do the following actions:
|
|
||||||
|
|
||||||
- Retrieves a collection of machines that have communicated with Microsoft Defender ATP cloud on the last 30 days.
|
## API description
|
||||||
- Get Machines collection API supports [OData V4 queries](https://www.odata.org/documentation/).
|
Retrieves a collection of [Machines](machine.md) that have communicated with Microsoft Defender ATP cloud on the last 30 days.
|
||||||
- The OData's Filter query is supported on: "Id", "ComputerDnsName", "LastSeen", "LastIpAddress", "HealthStatus", "OsPlatform", "RiskScore", "MachineTags" and "RbacGroupId".
|
<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
|
||||||
|
<br>The OData's ```$filter``` query is supported on: ```computerDnsName```, ```lastSeen```, ```lastIpAddress```, ```healthStatus```, ```osPlatform```, ```riskScore```, ```rbacGroupId``` and ```machineTags``` properties.
|
||||||
|
<br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can get machines last seen in the past 30 days.
|
||||||
|
2. Maximum page size is 10,000.
|
||||||
|
3. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
|
|
||||||
@ -88,42 +94,25 @@ Content-type: application/json
|
|||||||
"value": [
|
"value": [
|
||||||
{
|
{
|
||||||
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
||||||
"computerDnsName": "mymachine1.contoso.com",
|
"computerDnsName": "mymachine1.contoso.com",
|
||||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
"osPlatform": "Windows10",
|
"osPlatform": "Windows10",
|
||||||
"osVersion": "10.0.0.0",
|
"version": "1709",
|
||||||
"lastIpAddress": "172.17.230.209",
|
"osProcessor": "x64",
|
||||||
"lastExternalIpAddress": "167.220.196.71",
|
"lastIpAddress": "172.17.230.209",
|
||||||
"agentVersion": "10.5830.18209.1001",
|
"lastExternalIpAddress": "167.220.196.71",
|
||||||
"osBuild": 18209,
|
"osBuild": 18209,
|
||||||
"healthStatus": "Active",
|
"healthStatus": "Active",
|
||||||
"rbacGroupId": 140,
|
|
||||||
"rbacGroupName": "The-A-Team",
|
|
||||||
"riskScore": "Low",
|
|
||||||
"isAadJoined": true,
|
|
||||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
|
||||||
"machineTags": [ "test tag 1", "test tag 2" ]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
|
|
||||||
"computerDnsName": "mymachine2.contoso.com",
|
|
||||||
"firstSeen": "2018-07-09T13:22:45.1250071Z",
|
|
||||||
"lastSeen": "2018-07-09T13:22:45.1250071Z",
|
|
||||||
"osPlatform": "Windows10",
|
|
||||||
"osVersion": "10.0.0.0",
|
|
||||||
"lastIpAddress": "192.168.12.225",
|
|
||||||
"lastExternalIpAddress": "79.183.65.82",
|
|
||||||
"agentVersion": "10.5820.17724.1000",
|
|
||||||
"osBuild": 17724,
|
|
||||||
"healthStatus": "Inactive",
|
|
||||||
"rbacGroupId": 140,
|
"rbacGroupId": 140,
|
||||||
"rbacGroupName": "The-A-Team",
|
"rbacGroupName": "The-A-Team",
|
||||||
"riskScore": "Low",
|
"riskScore": "Low",
|
||||||
"isAadJoined": false,
|
"exposureLevel": "Medium",
|
||||||
"aadDeviceId": null,
|
"isAadJoined": true,
|
||||||
"machineTags": [ "test tag 1" ]
|
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
||||||
|
"machineTags": [ "test tag 1", "test tag 2" ]
|
||||||
}
|
}
|
||||||
|
...
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|||||||
@ -18,11 +18,14 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get package SAS URI API
|
# Get package SAS URI API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Get a URI that allows downloading of an [Investigation package](collect-investigation-package.md).
|
||||||
|
|
||||||
Get a URI that allows downloading of an [investigation package](collect-investigation-package.md).
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|||||||
@ -18,16 +18,21 @@ ms.topic: article
|
|||||||
|
|
||||||
# List Indicators API
|
# List Indicators API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
>[!NOTE]
|
## API description
|
||||||
> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
|
Retrieves a collection of all active [Indicators](ti-indicator.md).
|
||||||
|
<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
|
||||||
|
<br>The OData's ```$filter``` query is supported on: ```indicatorValue```, ```indicatorType```, ```creationTimeDateTimeUtc```, ```createdBy```, ```action``` and ```severity``` properties.
|
||||||
|
<br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
|
||||||
|
|
||||||
|
|
||||||
- Gets collection of TI Indicators.
|
## Limitations
|
||||||
- Get TI Indicators collection API supports [OData V4 queries](https://www.odata.org/documentation/).
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
|
||||||
@ -36,7 +41,7 @@ Permission type | Permission | Permission display name
|
|||||||
:---|:---|:---
|
:---|:---|:---
|
||||||
Application | Ti.ReadWrite | 'Read and write Indicators'
|
Application | Ti.ReadWrite | 'Read and write Indicators'
|
||||||
Application | Ti.ReadWrite.All | 'Read and write All Indicators'
|
Application | Ti.ReadWrite.All | 'Read and write All Indicators'
|
||||||
|
Delegated (work or school account) | Ti.ReadWrite | 'Read and write Indicators'
|
||||||
|
|
||||||
## HTTP request
|
## HTTP request
|
||||||
```
|
```
|
||||||
@ -82,26 +87,38 @@ Content-type: application/json
|
|||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators",
|
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators",
|
||||||
"value": [
|
"value": [
|
||||||
{
|
{
|
||||||
|
"id": "995",
|
||||||
"indicatorValue": "12.13.14.15",
|
"indicatorValue": "12.13.14.15",
|
||||||
"indicatorType": "IpAddress",
|
"indicatorType": "IpAddress",
|
||||||
|
"action": "Alert",
|
||||||
|
"application": "demo-test",
|
||||||
|
"source": "TestPrdApp",
|
||||||
|
"sourceType": "AadApp",
|
||||||
"title": "test",
|
"title": "test",
|
||||||
"creationTimeDateTimeUtc": "2018-10-24T11:15:35.3688259Z",
|
"creationTimeDateTimeUtc": "2018-10-24T11:15:35.3688259Z",
|
||||||
"createdBy": "45097602-1234-5678-1234-9f453233e62c",
|
"createdBy": "45097602-1234-5678-1234-9f453233e62c",
|
||||||
"expirationTime": "2020-12-12T00:00:00Z",
|
"expirationTime": "2020-12-12T00:00:00Z",
|
||||||
"action": "Alert",
|
"lastUpdateTime": "2019-10-24T10:54:23.2009016Z",
|
||||||
|
"lastUpdatedBy": TestPrdApp,
|
||||||
"severity": "Informational",
|
"severity": "Informational",
|
||||||
"description": "test",
|
"description": "test",
|
||||||
"recommendedActions": "test",
|
"recommendedActions": "test",
|
||||||
"rbacGroupNames": []
|
"rbacGroupNames": []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
"id": "996",
|
||||||
"indicatorValue": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
|
"indicatorValue": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
|
||||||
"indicatorType": "FileSha1",
|
"indicatorType": "FileSha1",
|
||||||
|
"action": "AlertAndBlock",
|
||||||
|
"application": null,
|
||||||
|
"source": "TestPrdApp",
|
||||||
|
"sourceType": "AadApp",
|
||||||
"title": "test",
|
"title": "test",
|
||||||
"creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
|
"creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
|
||||||
"createdBy": "45097602-1234-5678-1234-9f453233e62c",
|
"createdBy": "45097602-1234-5678-1234-9f453233e62c",
|
||||||
"expirationTime": "2020-12-12T00:00:00Z",
|
"expirationTime": "2020-12-12T00:00:00Z",
|
||||||
"action": "AlertAndBlock",
|
"lastUpdateTime": "2019-10-24T10:54:23.2009016Z",
|
||||||
|
"lastUpdatedBy": TestPrdApp,
|
||||||
"severity": "Informational",
|
"severity": "Informational",
|
||||||
"description": "test",
|
"description": "test",
|
||||||
"recommendedActions": "TEST",
|
"recommendedActions": "TEST",
|
||||||
@ -119,7 +136,7 @@ Content-type: application/json
|
|||||||
Here is an example of a request that gets all Indicators with 'AlertAndBlock' action
|
Here is an example of a request that gets all Indicators with 'AlertAndBlock' action
|
||||||
|
|
||||||
```
|
```
|
||||||
GET https://api.securitycenter.windows.com/api/indicators?$filter=action eq 'AlertAndBlock'
|
GET https://api.securitycenter.windows.com/api/indicators?$filter=action+eq+'AlertAndBlock'
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
**Response**
|
||||||
@ -133,13 +150,19 @@ Content-type: application/json
|
|||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators",
|
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators",
|
||||||
"value": [
|
"value": [
|
||||||
{
|
{
|
||||||
"indicatorValue": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
|
"id": "997",
|
||||||
|
"indicatorValue": "111e7d15b0b3d7fac48f2bd61114db1022197f7f",
|
||||||
"indicatorType": "FileSha1",
|
"indicatorType": "FileSha1",
|
||||||
|
"action": "AlertAndBlock",
|
||||||
|
"application": null,
|
||||||
|
"source": "TestPrdApp",
|
||||||
|
"sourceType": "AadApp",
|
||||||
"title": "test",
|
"title": "test",
|
||||||
"creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
|
"creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
|
||||||
"createdBy": "45097602-1234-5678-1234-9f453233e62c",
|
"createdBy": "45097602-1234-5678-1234-9f453233e62c",
|
||||||
"expirationTime": "2020-12-12T00:00:00Z",
|
"expirationTime": "2020-12-12T00:00:00Z",
|
||||||
"action": "AlertAndBlock",
|
"lastUpdateTime": "2019-10-24T10:54:23.2009016Z",
|
||||||
|
"lastUpdatedBy": TestPrdApp,
|
||||||
"severity": "Informational",
|
"severity": "Informational",
|
||||||
"description": "test",
|
"description": "test",
|
||||||
"recommendedActions": "TEST",
|
"recommendedActions": "TEST",
|
||||||
|
|||||||
@ -18,12 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get user related alerts API
|
# Get user related alerts API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Retrieves a collection of alerts related to a given user ID.
|
Retrieves a collection of alerts related to a given user ID.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|
||||||
@ -70,59 +77,4 @@ Here is an example of the request.
|
|||||||
|
|
||||||
```
|
```
|
||||||
GET https://api.securitycenter.windows.com/api/users/user1/alerts
|
GET https://api.securitycenter.windows.com/api/users/user1/alerts
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 200 OK
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
|
|
||||||
"value": [
|
|
||||||
{
|
|
||||||
"id": "441688558380765161_2136280442",
|
|
||||||
"incidentId": 8633,
|
|
||||||
"assignedTo": "secop@contoso.com",
|
|
||||||
"severity": "Low",
|
|
||||||
"status": "InProgress",
|
|
||||||
"classification": "TruePositive",
|
|
||||||
"determination": "Malware",
|
|
||||||
"investigationState": "Running",
|
|
||||||
"category": "MalwareDownload",
|
|
||||||
"detectionSource": "WindowsDefenderAv",
|
|
||||||
"threatFamilyName": "Mikatz",
|
|
||||||
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
|
|
||||||
"description": "Some description",
|
|
||||||
"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
|
|
||||||
"firstEventTime": "2018-11-25T16:17:50.0948658Z",
|
|
||||||
"lastEventTime": "2018-11-25T16:18:01.809871Z",
|
|
||||||
"resolvedTime": null,
|
|
||||||
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id": "121688558380765161_2136280442",
|
|
||||||
"incidentId": 4123,
|
|
||||||
"assignedTo": "secop@contoso.com",
|
|
||||||
"severity": "Low",
|
|
||||||
"status": "InProgress",
|
|
||||||
"classification": "TruePositive",
|
|
||||||
"determination": "Malware",
|
|
||||||
"investigationState": "Running",
|
|
||||||
"category": "MalwareDownload",
|
|
||||||
"detectionSource": "WindowsDefenderAv",
|
|
||||||
"threatFamilyName": "Mikatz",
|
|
||||||
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
|
|
||||||
"description": "Some description",
|
|
||||||
"alertCreationTime": "2018-11-24T16:19:21.8409809Z",
|
|
||||||
"firstEventTime": "2018-11-24T16:17:50.0948658Z",
|
|
||||||
"lastEventTime": "2018-11-24T16:18:01.809871Z",
|
|
||||||
"resolvedTime": null,
|
|
||||||
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
@ -18,12 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Get user related machines API
|
# Get user related machines API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Retrieves a collection of machines related to a given user ID.
|
Retrieves a collection of machines related to a given user ID.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|
||||||
@ -72,54 +79,3 @@ Here is an example of the request.
|
|||||||
```
|
```
|
||||||
GET https://api.securitycenter.windows.com/api/users/user1/machines
|
GET https://api.securitycenter.windows.com/api/users/user1/machines
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 200 OK
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
|
|
||||||
"value": [
|
|
||||||
{
|
|
||||||
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
|
||||||
"computerDnsName": "mymachine1.contoso.com",
|
|
||||||
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
|
||||||
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
|
||||||
"osPlatform": "Windows10",
|
|
||||||
"osVersion": "10.0.0.0",
|
|
||||||
"lastIpAddress": "172.17.230.209",
|
|
||||||
"lastExternalIpAddress": "167.220.196.71",
|
|
||||||
"agentVersion": "10.5830.18209.1001",
|
|
||||||
"osBuild": 18209,
|
|
||||||
"healthStatus": "Active",
|
|
||||||
"rbacGroupId": 140,
|
|
||||||
"rbacGroupName": "The-A-Team",
|
|
||||||
"riskScore": "Low",
|
|
||||||
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
|
||||||
"machineTags": [ "test tag 1", "test tag 2" ]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
|
|
||||||
"computerDnsName": "mymachine2.contoso.com",
|
|
||||||
"firstSeen": "2018-07-09T13:22:45.1250071Z",
|
|
||||||
"lastSeen": "2018-07-09T13:22:45.1250071Z",
|
|
||||||
"osPlatform": "Windows10",
|
|
||||||
"osVersion": "10.0.0.0",
|
|
||||||
"lastIpAddress": "192.168.12.225",
|
|
||||||
"lastExternalIpAddress": "79.183.65.82",
|
|
||||||
"agentVersion": "10.5820.17724.1000",
|
|
||||||
"osBuild": 17724,
|
|
||||||
"healthStatus": "Inactive",
|
|
||||||
"rbacGroupId": 140,
|
|
||||||
"rbacGroupName": "The-A-Team",
|
|
||||||
"riskScore": "Low",
|
|
||||||
"aadDeviceId": null,
|
|
||||||
"machineTags": [ "test tag 1" ]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Initiate machine investigation API
|
title: Start Investigation API
|
||||||
description: Use this API to create calls related to initiating an investigation on a machine.
|
description: Use this API to start investigation on a machine.
|
||||||
keywords: apis, graph api, supported apis, initiate AutoIR investigation
|
keywords: apis, graph api, supported apis, investigation
|
||||||
search.product: eADQiWindows 10XVcnh
|
search.product: eADQiWindows 10XVcnh
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
@ -16,38 +16,39 @@ ms.collection: M365-security-compliance
|
|||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
|
|
||||||
# Initiate machine investigation API (Preview)
|
# Start Investigation API
|
||||||
**Applies to:**
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
|
||||||
> [!IMPORTANT]
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
|
|
||||||
|
|
||||||
Initiate AutoIR investigation on a machine.
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Start automated investigation on a machine.
|
||||||
|
<br>See [Overview of automated investigations](automated-investigations.md) for more information.
|
||||||
|
|
||||||
>[!Note]
|
|
||||||
> This page focuses on performing an automated investigation on a machine. See [automated investigation](automated-investigations.md) for more information.
|
|
||||||
|
|
||||||
## Limitations
|
## Limitations
|
||||||
1. The number of executions is limited (up to 5 calls per hour).
|
1. Rate limitations for this API are 50 calls per hour.
|
||||||
2. For Automated Investigation limitations, see [Automated Investigation](automated-investigations.md).
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
|
|
||||||
Permission type | Permission | Permission display name
|
Permission type | Permission | Permission display name
|
||||||
:---|:---|:---
|
:---|:---|:---
|
||||||
Application | Alert.ReadWrite.All | 'Read and write all alerts'
|
Application | Alert.ReadWrite.All | 'Read and write all alerts'
|
||||||
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
|
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
|
||||||
|
|
||||||
>[!Note]
|
>[!Note]
|
||||||
> When obtaining a token using user credentials:
|
> When obtaining a token using user credentials:
|
||||||
>- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles.md) for more information)
|
>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information)
|
||||||
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
|
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
|
||||||
|
|
||||||
|
|
||||||
## HTTP request
|
## HTTP request
|
||||||
```
|
```
|
||||||
POST https://api.securitycenter.windows.com/api/machines/{id}/InitiateInvestigation
|
POST https://api.securitycenter.microsoft.com/api/machines/{id}/startInvestigation
|
||||||
```
|
```
|
||||||
|
|
||||||
## Request headers
|
## Request headers
|
||||||
@ -64,8 +65,10 @@ Parameter | Type | Description
|
|||||||
:---|:---|:---
|
:---|:---|:---
|
||||||
Comment | String | Comment to associate with the action. **Required**.
|
Comment | String | Comment to associate with the action. **Required**.
|
||||||
|
|
||||||
|
|
||||||
## Response
|
## Response
|
||||||
If successful, this method returns 200 OK response code with object that holds the investigation ID in the "value" parameter. If machine was not found - 404 Not Found.
|
If successful, this method returns 201 - Created response code and [Investigation](investigation.md) in the response body.
|
||||||
|
|
||||||
|
|
||||||
## Example
|
## Example
|
||||||
|
|
||||||
@ -76,23 +79,8 @@ Here is an example of the request.
|
|||||||
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
||||||
|
|
||||||
```
|
```
|
||||||
POST https://api.securitycenter.windows.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/InitiateInvestigation
|
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation
|
||||||
Content-type: application/json
|
Content-type: application/json
|
||||||
{
|
{
|
||||||
"Comment": "Initiate an investigation on machine fb9ab6be3965095a09c057be7c90f0a2"
|
"Comment": "Test investigation",
|
||||||
}
|
}
|
||||||
```
|
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 200 Created
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Edm.Int64",
|
|
||||||
"value": 5146
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|||||||
@ -0,0 +1,64 @@
|
|||||||
|
---
|
||||||
|
title: Investigation resource type
|
||||||
|
description: Microsoft Defender ATP Investigation entity.
|
||||||
|
keywords: apis, graph api, supported apis, get, alerts, investigations
|
||||||
|
search.product: eADQiWindows 10XVcnh
|
||||||
|
ms.prod: w10
|
||||||
|
ms.mktglfcycl: deploy
|
||||||
|
ms.sitesec: library
|
||||||
|
ms.pagetype: security
|
||||||
|
ms.author: macapara
|
||||||
|
author: mjcaparas
|
||||||
|
ms.localizationpriority: medium
|
||||||
|
manager: dansimp
|
||||||
|
audience: ITPro
|
||||||
|
ms.collection: M365-security-compliance
|
||||||
|
ms.topic: article
|
||||||
|
---
|
||||||
|
|
||||||
|
# Investigation resource type
|
||||||
|
|
||||||
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
Represent an Automated Investigation entity in Microsoft Defender ATP.
|
||||||
|
<br> See [Overview of automated investigations](automated-investigations.md) for more information.
|
||||||
|
|
||||||
|
## Methods
|
||||||
|
Method|Return Type |Description
|
||||||
|
:---|:---|:---
|
||||||
|
[List Investigations](get-investigation-collection.md) | Investigation collection | Get collection of Investigation
|
||||||
|
[Get single Investigation](get-investigation-collection.md) | Investigation entity | Gets single Investigation entity.
|
||||||
|
[Start Investigation](initiate-autoir-investigation.md) | Investigation entity | Starts Investigation on a machine.
|
||||||
|
|
||||||
|
|
||||||
|
## Properties
|
||||||
|
Property | Type | Description
|
||||||
|
:---|:---|:---
|
||||||
|
id | String | Identity of the investigation entity.
|
||||||
|
startTime | DateTime Nullable | The date and time when the investigation was created.
|
||||||
|
endTime | DateTime Nullable | The date and time when the investigation was completed.
|
||||||
|
cancelledBy | String | The ID of the user/application that cancelled that investigation.
|
||||||
|
investigationState | Enum | The current state of the investigation. Possible values are: 'Unknown', 'Terminated', 'SuccessfullyRemediated', 'Benign', 'Failed', 'PartiallyRemediated', 'Running', 'PendingApproval', 'PendingResource', 'PartiallyInvestigated', 'TerminatedByUser', 'TerminatedBySystem', 'Queued', 'InnerFailure', 'PreexistingAlert', 'UnsupportedOs', 'UnsupportedAlertType', 'SuppressedAlert'.
|
||||||
|
statusDetails | String | Additional information about the state of the investigation.
|
||||||
|
machineId | String | The ID of the machine on which the investigation is executed.
|
||||||
|
computerDnsName | String | The name of the machine on which the investigation is executed.
|
||||||
|
triggeringAlertId | String | The ID of the alert that triggered the investigation.
|
||||||
|
|
||||||
|
|
||||||
|
## Json representation
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"id": "63004",
|
||||||
|
"startTime": "2020-01-06T13:05:15Z",
|
||||||
|
"endTime": null,
|
||||||
|
"state": "Running",
|
||||||
|
"cancelledBy": null,
|
||||||
|
"statusDetails": null,
|
||||||
|
"machineId": "e828a0624ed33f919db541065190d2f75e50a071",
|
||||||
|
"computerDnsName": "desktop-test123",
|
||||||
|
"triggeringAlertId": "da637139127150012465_1011995739"
|
||||||
|
}
|
||||||
|
```
|
||||||
@ -18,12 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Isolate machine API
|
# Isolate machine API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Isolates a machine from accessing external network.
|
Isolates a machine from accessing external network.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
@ -85,27 +92,5 @@ Content-type: application/json
|
|||||||
“IsolationType”: “Full”
|
“IsolationType”: “Full”
|
||||||
}
|
}
|
||||||
|
|
||||||
```
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
- To unisolate a machine, see [Release machine from isolation](unisolate-machine.md).
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 201 Created
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
|
|
||||||
"id": "b89eb834-4578-496c-8be0-03f004061435",
|
|
||||||
"type": "Isolate",
|
|
||||||
"requestor": "Analyst@contoso.com ",
|
|
||||||
"requestorComment": "Isolate machine due to alert 1234",
|
|
||||||
"status": "InProgress",
|
|
||||||
"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
|
||||||
"creationDateTimeUtc": "2017-12-04T12:12:18.9725659Z",
|
|
||||||
"lastUpdateTimeUtc": "2017-12-04T12:12:18.9725659Z",
|
|
||||||
"relatedFileInfo": null
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
To unisolate a machine, see [Release machine from isolation](unisolate-machine.md).
|
|
||||||
|
|||||||
@ -19,6 +19,10 @@ ms.topic: conceptual
|
|||||||
|
|
||||||
# What's new in Microsoft Defender Advanced Threat Protection for Mac
|
# What's new in Microsoft Defender Advanced Threat Protection for Mac
|
||||||
|
|
||||||
|
## 100.82.60
|
||||||
|
|
||||||
|
- Addressed an issue where the product fails to start following a definition update.
|
||||||
|
|
||||||
## 100.80.42
|
## 100.80.42
|
||||||
|
|
||||||
- Bug fixes
|
- Bug fixes
|
||||||
|
|||||||
@ -17,8 +17,10 @@ ms.topic: article
|
|||||||
---
|
---
|
||||||
|
|
||||||
# Machine resource type
|
# Machine resource type
|
||||||
**Applies to:**
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
## Methods
|
## Methods
|
||||||
@ -38,15 +40,41 @@ id | String | [machine](machine.md) identity.
|
|||||||
computerDnsName | String | [machine](machine.md) fully qualified name.
|
computerDnsName | String | [machine](machine.md) fully qualified name.
|
||||||
firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Microsoft Defender ATP.
|
firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Microsoft Defender ATP.
|
||||||
lastSeen | DateTimeOffset | Last date and time where the [machine](machine.md) was observed by Microsoft Defender ATP.
|
lastSeen | DateTimeOffset | Last date and time where the [machine](machine.md) was observed by Microsoft Defender ATP.
|
||||||
osPlatform | String | OS platform.
|
osPlatform | String | Operating system platform.
|
||||||
osVersion | String | OS Version.
|
version | String | Operating system Version.
|
||||||
|
osBuild | Nullable long | Operating system build number.
|
||||||
lastIpAddress | String | Last IP on local NIC on the [machine](machine.md).
|
lastIpAddress | String | Last IP on local NIC on the [machine](machine.md).
|
||||||
lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet.
|
lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet.
|
||||||
agentVersion | String | Version of Microsoft Defender ATP agent.
|
|
||||||
osBuild | Nullable long | OS build number.
|
|
||||||
healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
|
healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
|
||||||
rbacGroupId | Int | RBAC Group ID.
|
rbacGroupName | String | Machine group Name.
|
||||||
rbacGroupName | String | RBAC Group Name.
|
rbacGroupId | Int | Machine group unique ID.
|
||||||
riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
|
riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
|
||||||
aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine.md) is Aad Joined).
|
exposureScore | Nullable Enum | [Exposure score](tvm-exposure-score.md) as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
|
||||||
|
aadDeviceId | Nullable representation Guid | AAD Device ID (when [machine](machine.md) is Aad Joined).
|
||||||
machineTags | String collection | Set of [machine](machine.md) tags.
|
machineTags | String collection | Set of [machine](machine.md) tags.
|
||||||
|
|
||||||
|
|
||||||
|
## Json representation
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
||||||
|
"computerDnsName": "mymachine1.contoso.com",
|
||||||
|
"firstSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
|
"lastSeen": "2018-08-02T14:55:03.7791856Z",
|
||||||
|
"osPlatform": "Windows10",
|
||||||
|
"version": "1709",
|
||||||
|
"osProcessor": "x64",
|
||||||
|
"lastIpAddress": "172.17.230.209",
|
||||||
|
"lastExternalIpAddress": "167.220.196.71",
|
||||||
|
"osBuild": 18209,
|
||||||
|
"healthStatus": "Active",
|
||||||
|
"rbacGroupId": 140,
|
||||||
|
"rbacGroupName": "The-A-Team",
|
||||||
|
"riskScore": "Low",
|
||||||
|
"exposureLevel": "Medium",
|
||||||
|
"isAadJoined": true,
|
||||||
|
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
|
||||||
|
"machineTags": [ "test tag 1", "test tag 2" ]
|
||||||
|
}
|
||||||
|
```
|
||||||
@ -18,8 +18,11 @@ ms.topic: article
|
|||||||
|
|
||||||
# MachineAction resource type
|
# MachineAction resource type
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
- See [Response Actions](respond-machine-alerts.md) for more information
|
||||||
|
|
||||||
| Method | Return Type | Description |
|
| Method | Return Type | Description |
|
||||||
|:------------------------------------------------------------------|:-----------------------------------|:------------------------------------------------------------|
|
|:------------------------------------------------------------------|:-----------------------------------|:------------------------------------------------------------|
|
||||||
@ -33,6 +36,7 @@ ms.topic: article
|
|||||||
| [Remove app restriction](unrestrict-code-execution.md) | [Machine Action](machineaction.md) | Remove application execution restriction. |
|
| [Remove app restriction](unrestrict-code-execution.md) | [Machine Action](machineaction.md) | Remove application execution restriction. |
|
||||||
| [Run antivirus scan](run-av-scan.md) | [Machine Action](machineaction.md) | Run an AV scan using Windows Defender (when applicable). |
|
| [Run antivirus scan](run-av-scan.md) | [Machine Action](machineaction.md) | Run an AV scan using Windows Defender (when applicable). |
|
||||||
| [Offboard machine](offboard-machine-api.md) | [Machine Action](machineaction.md) | Offboard [machine](machine.md) from Microsoft Defender ATP. |
|
| [Offboard machine](offboard-machine-api.md) | [Machine Action](machineaction.md) | Offboard [machine](machine.md) from Microsoft Defender ATP. |
|
||||||
|
| [Stop and quarantine file](stop-and-quarantine-file.md) | [Machine Action](machineaction.md) | Stop execution of a file on a machine and delete it. |
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
@ -42,11 +46,31 @@ ms.topic: article
|
|||||||
|:--------------------|:---------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
|:--------------------|:---------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||||
| id | Guid | Identity of the [Machine Action](machineaction.md) entity. |
|
| id | Guid | Identity of the [Machine Action](machineaction.md) entity. |
|
||||||
| type | Enum | Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution" |
|
| type | Enum | Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution" |
|
||||||
|
| scope | string | Scope of the action. "Full" or "Selective" in case of Isolation, "Quick" or "Full" in case of Anti-Virus scan. |
|
||||||
| requestor | String | Identity of the person that executed the action. |
|
| requestor | String | Identity of the person that executed the action. |
|
||||||
| requestorComment | String | Comment that was written when issuing the action. |
|
| requestorComment | String | Comment that was written when issuing the action. |
|
||||||
| status | Enum | Current status of the command. Possible values are: "Pending", "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled". |
|
| status | Enum | Current status of the command. Possible values are: "Pending", "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled". |
|
||||||
| machineId | String | Id of the machine on which the action was executed. |
|
| machineId | String | Id of the [machine](machine.md) on which the action was executed. |
|
||||||
|
| machineId | String | Name of the [machine](machine.md) on which the action was executed. |
|
||||||
| creationDateTimeUtc | DateTimeOffset | The date and time when the action was created. |
|
| creationDateTimeUtc | DateTimeOffset | The date and time when the action was created. |
|
||||||
| lastUpdateTimeUtc | DateTimeOffset | The last date and time when the action status was updated. |
|
| lastUpdateTimeUtc | DateTimeOffset | The last date and time when the action status was updated. |
|
||||||
| relatedFileInfo | Class | Contains two Properties. 1) string 'fileIdentifier' 2) Enum 'fileIdentifierType' with the possible values: "Sha1" ,"Sha256" and "Md5". |
|
| relatedFileInfo | Class | Contains two Properties. string ```fileIdentifier```, Enum ```fileIdentifierType``` with the possible values: "Sha1" ,"Sha256" and "Md5". |
|
||||||
|
|
||||||
|
|
||||||
|
## Json representation
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
|
||||||
|
"type": "Isolate",
|
||||||
|
"scope": "Selective",
|
||||||
|
"requestor": "Analyst@TestPrd.onmicrosoft.com",
|
||||||
|
"requestorComment": "test for docs",
|
||||||
|
"status": "Succeeded",
|
||||||
|
"machineId": "7b1f4967d9728e5aa3c06a9e617a22a4a5a17378",
|
||||||
|
"computerDnsName": "desktop-test",
|
||||||
|
"creationDateTimeUtc": "2019-01-02T14:39:38.2262283Z",
|
||||||
|
"lastUpdateDateTimeUtc": "2019-01-02T14:40:44.6596267Z",
|
||||||
|
"relatedFileInfo": null
|
||||||
|
}
|
||||||
|
```
|
||||||
@ -18,12 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Offboard machine API
|
# Offboard machine API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Offboard machine from Microsoft Defender ATP.
|
Offboard machine from Microsoft Defender ATP.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
@ -76,26 +83,4 @@ Content-type: application/json
|
|||||||
{
|
{
|
||||||
"Comment": "Offboard machine by automation"
|
"Comment": "Offboard machine by automation"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 201 Created
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
|
|
||||||
"id": "c9042f9b-8483-4526-87b5-35e4c2532223",
|
|
||||||
"type": "OffboardMachine",
|
|
||||||
"requestor": "Analyst@contoso.com",
|
|
||||||
"requestorComment": "offboard machine by automation",
|
|
||||||
"status": "InProgress",
|
|
||||||
"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
|
||||||
"creationDateTimeUtc": "2018-12-04T12:09:24.1785079Z",
|
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:09:24.1785079Z",
|
|
||||||
"relatedFileInfo": null
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
@ -381,7 +381,12 @@
|
|||||||
####### [Run antivirus scan](run-av-scan.md)
|
####### [Run antivirus scan](run-av-scan.md)
|
||||||
####### [Offboard machine](offboard-machine-api.md)
|
####### [Offboard machine](offboard-machine-api.md)
|
||||||
####### [Stop and quarantine file](stop-and-quarantine-file.md)
|
####### [Stop and quarantine file](stop-and-quarantine-file.md)
|
||||||
####### [Initiate investigation (preview)](initiate-autoir-investigation.md)
|
|
||||||
|
###### [Automated Investigation]()
|
||||||
|
####### [Investigation methods and properties](microsoft-defender-atp/investigation.md)
|
||||||
|
####### [List Investigation](microsoft-defender-atp/get-investigation-collection.md)
|
||||||
|
####### [Get Investigation](microsoft-defender-atp/get-investigation-object.md)
|
||||||
|
####### [Start Investigation](microsoft-defender-atp/initiate-autoir-investigation.md)
|
||||||
|
|
||||||
###### [Indicators]()
|
###### [Indicators]()
|
||||||
####### [Methods and properties](ti-indicator.md)
|
####### [Methods and properties](ti-indicator.md)
|
||||||
|
|||||||
@ -18,18 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Submit or Update Indicator API
|
# Submit or Update Indicator API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
>[!NOTE]
|
## API description
|
||||||
> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
|
Submits or Updates new [Indicator](ti-indicator.md) entity.
|
||||||
|
<br>CIDR notation for IPs is supported.
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
2. There is a limit of 5,000 active indicators per tenant.
|
||||||
|
|
||||||
- Submits or Updates new [Indicator](ti-indicator.md) entity.
|
|
||||||
|
|
||||||
>[!NOTE]
|
|
||||||
>There is a limit of 5000 indicators per tenant.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
|
||||||
@ -38,6 +39,7 @@ Permission type | Permission | Permission display name
|
|||||||
:---|:---|:---
|
:---|:---|:---
|
||||||
Application | Ti.ReadWrite | 'Read and write Indicators'
|
Application | Ti.ReadWrite | 'Read and write Indicators'
|
||||||
Application | Ti.ReadWrite.All | 'Read and write All Indicators'
|
Application | Ti.ReadWrite.All | 'Read and write All Indicators'
|
||||||
|
Delegated (work or school account) | Ti.ReadWrite | 'Read and write Indicators'
|
||||||
|
|
||||||
|
|
||||||
## HTTP request
|
## HTTP request
|
||||||
@ -63,16 +65,17 @@ Parameter | Type | Description
|
|||||||
indicatorValue | String | Identity of the [Indicator](ti-indicator.md) entity. **Required**
|
indicatorValue | String | Identity of the [Indicator](ti-indicator.md) entity. **Required**
|
||||||
indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url". **Required**
|
indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url". **Required**
|
||||||
action | Enum | The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed". **Required**
|
action | Enum | The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed". **Required**
|
||||||
title | String | Indicator alert title. **Optional**
|
application | String | The application associated with the indicator. **Optional**
|
||||||
|
title | String | Indicator alert title. **Required**
|
||||||
|
description | String | Description of the indicator. **Required**
|
||||||
expirationTime | DateTimeOffset | The expiration time of the indicator. **Optional**
|
expirationTime | DateTimeOffset | The expiration time of the indicator. **Optional**
|
||||||
severity | Enum | The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High". **Optional**
|
severity | Enum | The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High". **Optional**
|
||||||
description | String | Description of the indicator. **Optional**
|
|
||||||
recommendedActions | String | TI indicator alert recommended actions. **Optional**
|
recommendedActions | String | TI indicator alert recommended actions. **Optional**
|
||||||
|
|
||||||
|
|
||||||
## Response
|
## Response
|
||||||
- If successful, this method returns 200 - OK response code and the created / updated [Indicator](ti-indicator.md) entity in the response body.
|
- If successful, this method returns 200 - OK response code and the created / updated [Indicator](ti-indicator.md) entity in the response body.
|
||||||
- If not successful: this method return 400 - Bad Request / 409 - Conflict with the failure reason. Bad request usually indicates incorrect body and Conflict can happen if you try to submit an Indicator that conflicts with an existing Indicator type or Action.
|
- If not successful: this method return 400 - Bad Request. Bad request usually indicates incorrect body.
|
||||||
|
|
||||||
## Example
|
## Example
|
||||||
|
|
||||||
@ -84,40 +87,16 @@ Here is an example of the request.
|
|||||||
POST https://api.securitycenter.windows.com/api/indicators
|
POST https://api.securitycenter.windows.com/api/indicators
|
||||||
Content-type: application/json
|
Content-type: application/json
|
||||||
{
|
{
|
||||||
"indicatorValue": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
|
"indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f",
|
||||||
"indicatorType": "FileSha1",
|
"indicatorType": "FileSha1",
|
||||||
"title": "test",
|
"title": "test",
|
||||||
|
"application": "demo-test",
|
||||||
"expirationTime": "2020-12-12T00:00:00Z",
|
"expirationTime": "2020-12-12T00:00:00Z",
|
||||||
"action": "AlertAndBlock",
|
"action": "AlertAndBlock",
|
||||||
"severity": "Informational",
|
"severity": "Informational",
|
||||||
"description": "test",
|
"description": "test",
|
||||||
"recommendedActions": "TEST"
|
"recommendedActions": "nothing"
|
||||||
}
|
}
|
||||||
|
|
||||||
```
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 200 OK
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators/$entity",
|
|
||||||
"indicatorValue": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
|
|
||||||
"indicatorType": "FileSha1",
|
|
||||||
"title": "test",
|
|
||||||
"creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
|
|
||||||
"createdBy": "45097602-1234-5678-1234-9f453233e62c",
|
|
||||||
"expirationTime": "2020-12-12T00:00:00Z",
|
|
||||||
"action": "AlertAndBlock",
|
|
||||||
"severity": "Informational",
|
|
||||||
"description": "test",
|
|
||||||
"recommendedActions": "TEST",
|
|
||||||
"rbacGroupNames": []
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
## Related topic
|
## Related topic
|
||||||
- [Manage indicators](manage-indicators.md)
|
- [Manage indicators](manage-indicators.md)
|
||||||
@ -18,11 +18,18 @@ ms.topic: article
|
|||||||
|
|
||||||
# Restrict app execution API
|
# Restrict app execution API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Restrict execution of all applications on the machine except a predefined set.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
Restrict execution of all applications on the machine except a predefined set (see [Response machine alerts](respond-machine-alerts.md) for more information)
|
|
||||||
|
|
||||||
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
||||||
|
|
||||||
@ -76,29 +83,6 @@ Content-type: application/json
|
|||||||
}
|
}
|
||||||
|
|
||||||
```
|
```
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
- To remove code execution restriction from a machine, see [Remove app restriction](unrestrict-code-execution.md).
|
||||||
|
|
||||||
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 201 Created
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
|
|
||||||
"id": "78d408d1-384c-4c19-8b57-ba39e378011a",
|
|
||||||
"type": "RestrictCodeExecution",
|
|
||||||
"requestor": "Analyst@contoso.com ",
|
|
||||||
"requestorComment": "Restrict code execution due to alert 1234",
|
|
||||||
"status": "InProgress",
|
|
||||||
"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
|
||||||
"creationDateTimeUtc": "2018-12-04T12:15:04.3825985Z",
|
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:15:04.3825985Z",
|
|
||||||
"relatedFileInfo": null
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
To remove code execution restriction from a machine, see [Remove app restriction](unrestrict-code-execution.md).
|
|
||||||
|
|
||||||
|
|||||||
@ -18,12 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Run antivirus scan API
|
# Run antivirus scan API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Initiate Windows Defender Antivirus scan on a machine.
|
Initiate Windows Defender Antivirus scan on a machine.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
@ -85,26 +92,3 @@ Content-type: application/json
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 201 Created
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
|
|
||||||
"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
|
|
||||||
"type": "RunAntiVirusScan",
|
|
||||||
"requestor": "Analyst@contoso.com",
|
|
||||||
"requestorComment": "Check machine for viruses due to alert 3212",
|
|
||||||
"status": "InProgress",
|
|
||||||
"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
|
||||||
"creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
|
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:18:27.1293487Z",
|
|
||||||
"relatedFileInfo": null
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|||||||
@ -18,12 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Stop and quarantine file API
|
# Stop and quarantine file API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Stop execution of a file on a machine and delete it.
|
Stop execution of a file on a machine and delete it.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
@ -78,30 +85,3 @@ Content-type: application/json
|
|||||||
}
|
}
|
||||||
|
|
||||||
```
|
```
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 201 Created
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
|
|
||||||
"id": "141408d1-384c-4c19-8b57-ba39e378011a",
|
|
||||||
"type": "StopAndQuarantineFile",
|
|
||||||
"requestor": "Analyst@contoso.com ",
|
|
||||||
"requestorComment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442",
|
|
||||||
"status": "InProgress",
|
|
||||||
"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
|
||||||
"creationDateTimeUtc": "2018-12-04T12:15:04.3825985Z",
|
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:15:04.3825985Z",
|
|
||||||
"relatedFileInfo": {
|
|
||||||
"fileIdentifier": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9",
|
|
||||||
"fileIdentifierType": "Sha1"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|||||||
@ -18,9 +18,11 @@ ms.topic: article
|
|||||||
|
|
||||||
# Indicator resource type
|
# Indicator resource type
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
- See the corresponding [Indicators page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal.
|
||||||
|
|
||||||
Method|Return Type |Description
|
Method|Return Type |Description
|
||||||
:---|:---|:---
|
:---|:---|:---
|
||||||
@ -28,23 +30,49 @@ Method|Return Type |Description
|
|||||||
[Submit Indicator](post-ti-indicator.md) | [Indicator](ti-indicator.md) | Submits [Indicator](ti-indicator.md) entity.
|
[Submit Indicator](post-ti-indicator.md) | [Indicator](ti-indicator.md) | Submits [Indicator](ti-indicator.md) entity.
|
||||||
[Delete Indicator](delete-ti-indicator-by-id.md) | No Content | Deletes [Indicator](ti-indicator.md) entity.
|
[Delete Indicator](delete-ti-indicator-by-id.md) | No Content | Deletes [Indicator](ti-indicator.md) entity.
|
||||||
|
|
||||||
- See the corresponding [page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal.
|
|
||||||
|
|
||||||
For more information on creating indicators, see [Manage indicators](manage-indicators.md).
|
|
||||||
|
|
||||||
## Properties
|
## Properties
|
||||||
Property | Type | Description
|
Property | Type | Description
|
||||||
:---|:---|:---
|
:---|:---|:---
|
||||||
indicatorValue | String | Identity of the [Indicator](ti-indicator.md) entity.
|
id | String | Identity of the [Indicator](ti-indicator.md) entity.
|
||||||
indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url"
|
indicatorValue | String | The value of the [Indicator](ti-indicator.md).
|
||||||
title | String | Indicator alert title.
|
indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url".
|
||||||
|
application | String | The application associated with the indicator.
|
||||||
|
action | Enum | The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed".
|
||||||
|
sourceType | Enum | "User" in case the Indicator created by a user (e.g. from the portal), "AadApp" in case it submitted using automated application via the API.
|
||||||
|
source | string | The name of the user/application that submitted the indicator.
|
||||||
|
createdBy | String | Unique identity of the user/application that submitted the indicator.
|
||||||
|
lastUpdatedBy | String | Identity of the user/application that last updated the indicator.
|
||||||
creationTimeDateTimeUtc | DateTimeOffset | The date and time when the indicator was created.
|
creationTimeDateTimeUtc | DateTimeOffset | The date and time when the indicator was created.
|
||||||
createdBy | String | Identity of the user/application that submitted the indicator.
|
expirationTime | DateTimeOffset | The expiration time of the indicator.
|
||||||
expirationTime | DateTimeOffset | The expiration time of the indicator
|
lastUpdateTime | DateTimeOffset | The last time the indicator was updated.
|
||||||
action | Enum | The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed"
|
severity | Enum | The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High".
|
||||||
severity | Enum | The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High"
|
title | String | Indicator title.
|
||||||
description | String | Description of the indicator.
|
description | String | Description of the indicator.
|
||||||
recommendedActions | String | Indicator alert recommended actions.
|
recommendedActions | String | Recommended actions for the indicator.
|
||||||
rbacGroupNames | List of strings | RBAC group names where the indicator is exposed. Empty list in case it exposed to all groups.
|
rbacGroupNames | List of strings | RBAC machine group names where the indicator is exposed and active. Empty list in case it exposed to all machines.
|
||||||
|
|
||||||
|
|
||||||
|
## Json representation
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"id": "994",
|
||||||
|
"indicatorValue": "881c0f10c75e64ec39d257a131fcd531f47dd2cff2070ae94baa347d375126fd",
|
||||||
|
"indicatorType": "FileSha256",
|
||||||
|
"action": "AlertAndBlock",
|
||||||
|
"application": null,
|
||||||
|
"source": "user@contoso.onmicrosoft.com",
|
||||||
|
"sourceType": "User",
|
||||||
|
"createdBy": "user@contoso.onmicrosoft.com",
|
||||||
|
"severity": "Informational",
|
||||||
|
"title": "Michael test",
|
||||||
|
"description": "test",
|
||||||
|
"recommendedActions": "nothing",
|
||||||
|
"creationTimeDateTimeUtc": "2019-12-19T09:09:46.9139216Z",
|
||||||
|
"expirationTime": null,
|
||||||
|
"lastUpdateTime": "2019-12-19T09:09:47.3358111Z",
|
||||||
|
"lastUpdatedBy": null,
|
||||||
|
"rbacGroupNames": ["team1"]
|
||||||
|
}
|
||||||
|
```
|
||||||
@ -19,12 +19,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Release machine from isolation API
|
# Release machine from isolation API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Undo isolation of a machine.
|
Undo isolation of a machine.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
@ -80,30 +87,7 @@ Content-type: application/json
|
|||||||
}
|
}
|
||||||
|
|
||||||
```
|
```
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
>[!NOTE]
|
- To isolate a machine, see [Isolate machine](isolate-machine.md).
|
||||||
>The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 201 Created
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
|
|
||||||
"id": "09a0f91e-a2eb-409d-af33-5577fe9bd558",
|
|
||||||
"type": "Unisolate",
|
|
||||||
"requestor": "Analyst@contoso.com ",
|
|
||||||
"requestorComment": "Unisolate machine since it was clean and validated ",
|
|
||||||
"status": "InProgress",
|
|
||||||
"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
|
||||||
"creationDateTimeUtc": "2018-12-04T12:13:15.0104931Z",
|
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:13:15.0104931Z",
|
|
||||||
"relatedFileInfo": null
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
To isolate a machine, see [Isolate machine](isolate-machine.md).
|
|
||||||
|
|
||||||
|
|||||||
@ -18,12 +18,19 @@ ms.topic: article
|
|||||||
|
|
||||||
# Remove app restriction API
|
# Remove app restriction API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
Enable execution of any application on the machine.
|
Enable execution of any application on the machine.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
|
|
||||||
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
[!include[Machine actions note](../../includes/machineactionsnote.md)]
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
@ -78,26 +85,5 @@ Content-type: application/json
|
|||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
```
|
|
||||||
HTTP/1.1 201 Created
|
|
||||||
Content-type: application/json
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
|
|
||||||
"id": "44cffc15-0e3d-4cbf-96aa-bf76f9b27f5e",
|
|
||||||
"type": "UnrestrictCodeExecution",
|
|
||||||
"requestor": "Analyst@contoso.com",
|
|
||||||
"requestorComment": "Unrestrict code execution since machine was cleaned and validated ",
|
|
||||||
"status": "InProgress",
|
|
||||||
"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
|
||||||
"creationDateTimeUtc": "2018-12-04T12:15:40.6052029Z",
|
|
||||||
"lastUpdateTimeUtc": "2018-12-04T12:15:40.6052029Z",
|
|
||||||
"relatedFileInfo": null
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
To restrict code execution on a machine, see [Restrict app execution](restrict-code-execution.md).
|
To restrict code execution on a machine, see [Restrict app execution](restrict-code-execution.md).
|
||||||
|
|||||||
@ -18,11 +18,21 @@ ms.topic: article
|
|||||||
|
|
||||||
# Update alert
|
# Update alert
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
|
|
||||||
|
## API description
|
||||||
|
Updates properties of existing [Alert](alerts.md).
|
||||||
|
<br>Submission of **comment** is available with or without updating properties.
|
||||||
|
<br>Updatable properties are: ```status```, ```determination```, ```classification``` and ```assignedTo```.
|
||||||
|
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
1. You can update alerts that available in the API. See [List Alerts](get-alerts.md) for more information.
|
||||||
|
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
|
||||||
|
|
||||||
Update the properties of an alert entity.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||||
@ -51,7 +61,9 @@ Content-Type | String | application/json. **Required**.
|
|||||||
|
|
||||||
|
|
||||||
## Request body
|
## Request body
|
||||||
In the request body, supply the values for the relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't change.
|
In the request body, supply the values for the relevant fields that should be updated.
|
||||||
|
<br>Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values.
|
||||||
|
<br>For best performance you shouldn't include existing values that haven't change.
|
||||||
|
|
||||||
Property | Type | Description
|
Property | Type | Description
|
||||||
:---|:---|:---
|
:---|:---|:---
|
||||||
@ -59,6 +71,7 @@ status | String | Specifies the current status of the alert. The property values
|
|||||||
assignedTo | String | Owner of the alert
|
assignedTo | String | Owner of the alert
|
||||||
classification | String | Specifies the specification of the alert. The property values are: 'Unknown', 'FalsePositive', 'TruePositive'.
|
classification | String | Specifies the specification of the alert. The property values are: 'Unknown', 'FalsePositive', 'TruePositive'.
|
||||||
determination | String | Specifies the determination of the alert. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other'
|
determination | String | Specifies the determination of the alert. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other'
|
||||||
|
comment | String | Comment to be added to the alert.
|
||||||
|
|
||||||
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
||||||
|
|
||||||
@ -75,35 +88,12 @@ Here is an example of the request.
|
|||||||
```
|
```
|
||||||
PATCH https://api.securitycenter.windows.com/api/alerts/121688558380765161_2136280442
|
PATCH https://api.securitycenter.windows.com/api/alerts/121688558380765161_2136280442
|
||||||
Content-Type: application/json
|
Content-Type: application/json
|
||||||
|
|
||||||
{
|
{
|
||||||
"assignedTo": "secop2@contoso.com"
|
"status": "Resolved",
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
**Response**
|
|
||||||
|
|
||||||
Here is an example of the response.
|
|
||||||
|
|
||||||
```
|
|
||||||
{
|
|
||||||
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts/$entity",
|
|
||||||
"id": "121688558380765161_2136280442",
|
|
||||||
"incidentId": 7696,
|
|
||||||
"assignedTo": "secop2@contoso.com",
|
"assignedTo": "secop2@contoso.com",
|
||||||
"severity": "High",
|
"classification": "FalsePositive",
|
||||||
"status": "New",
|
"determination": "Malware",
|
||||||
"classification": "TruePositive",
|
"comment": "Resolve my alert and assign to secop2"
|
||||||
"determination": "Malware",
|
|
||||||
"investigationState": "Running",
|
|
||||||
"category": "MalwareDownload",
|
|
||||||
"detectionSource": "WindowsDefenderAv",
|
|
||||||
"threatFamilyName": "Mikatz",
|
|
||||||
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
|
|
||||||
"description": "Some description",
|
|
||||||
"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
|
|
||||||
"firstEventTime": "2018-11-26T16:17:50.0948658Z",
|
|
||||||
"lastEventTime": "2018-11-26T16:18:01.809871Z",
|
|
||||||
"resolvedTime": null,
|
|
||||||
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|||||||
@ -18,8 +18,9 @@ ms.topic: article
|
|||||||
|
|
||||||
# User resource type
|
# User resource type
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
||||||
|
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
Method|Return Type |Description
|
Method|Return Type |Description
|
||||||
:---|:---|:---
|
:---|:---|:---
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user