From daa558466b13dadc804219e65beb261c41730c33 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 26 Sep 2020 23:39:27 +0500
Subject: [PATCH 1/4] Update mac-preferences.md
---
.../threat-protection/microsoft-defender-atp/mac-preferences.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
index 186304dde5..1a029b39a8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
@@ -31,7 +31,7 @@ ms.topic: conceptual
## Summary
-In enterprise organizations, Microsoft Defender ATP for Mac can be managed through a configuration profile that is deployed by using one of several management tools. Preferences that are managed by your security operations team take precedence over preferences that are set locally on the device. Users in your organization are not able to change preferences that are set through the configuration profile.
+In enterprise organizations, Microsoft Defender ATP for Mac can be managed through a configuration profile that is deployed by using one of several management tools. Preferences that are managed by your security operations team take precedence over preferences that are set locally on the device. Changing of the preferences that are set through the configuration profile would require escalated privileges and would not be available for users wihtout administrative permissions.
This article describes the structure of the configuration profile, includes a recommended profile that you can use to get started, and provides instructions on how to deploy the profile.
From 532bfd31d0675ed521d0c24c37f4e2170cc179a5 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Sun, 27 Sep 2020 22:29:49 +0300
Subject: [PATCH 2/4] add newer windows versions (client and server)
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6872
---
.../windows-firewall-with-advanced-security-design-guide.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index d6b2ed3cde..98fe19379f 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -86,7 +86,7 @@ The following table identifies and defines terms used throughout this guide.
| Certificate-based isolation | A way to add devices that cannot use Kerberos V5 authentication to an isolated domain, by using an alternate authentication technique. Every device in the isolated domain and the devices that cannot use Kerberos V5 are provided with a device certificate that can be used to authenticate with each other. Certificate-based isolation requires a way to create and distribute an appropriate certificate (if you choose not to purchase one from a commercial certificate provider).|
| Domain isolation | A technique for helping protect the devices in an organization by requiring that the devices authenticate each other's identity before exchanging information, and refusing connection requests from devices that cannot authenticate. Domain isolation takes advantage of Active Directory domain membership and the Kerberos V5 authentication protocol available to all members of the domain. Also see "Isolated domain" in this table.|
| Encryption zone | A subset of the devices in an isolated domain that process sensitive data. Devices that are part of the encryption zone have all network traffic encrypted to prevent viewing by non-authorized users. Devices that are part of the encryption zone also typically are subject to the access control restrictions of server isolation.|
-| Firewall rule | A rule in Windows Defender Firewall that contains a set of conditions used to determine whether a network packet is allowed to pass through the firewall.
By default, the firewall rules in Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista block unsolicited inbound network traffic. Likewise, by default, all outbound network traffic is allowed. The firewall included in previous versions of Windows only filtered inbound network traffic. |
+| Firewall rule | A rule in Windows Defender Firewall that contains a set of conditions used to determine whether a network packet is allowed to pass through the firewall.
By default, the firewall rules in Windows Server 2016. Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8, Windows 7, and Windows Vista block unsolicited inbound network traffic. Likewise, by default, all outbound network traffic is allowed. The firewall included in previous versions of Windows only filtered inbound network traffic. |
| Internet Protocol security (IPsec) | A set of industry-standard, cryptography-based protection services and protocols. IPsec protects all protocols in the TCP/IP protocol suite except Address Resolution Protocol (ARP).|
| IPsec policy | A collection of connection security rules that provide the required protection to network traffic entering and leaving the device. The protection includes authentication of both the sending and receiving device, integrity protection of the network traffic exchanged between them, and can include encryption.|
| Isolated domain | An Active Directory domain (or an Active Directory forest, or set of domains with two-way trust relationships) that has Group Policy settings applied to help protect its member devices by using IPsec connection security rules. Members of the isolated domain require authentication on all unsolicited inbound connections (with exceptions handled by the other zones).
In this guide, the term *isolated domain* refers to the IPsec concept of a group of devices that can share authentication. The term *Active Directory domain* refers to the group of devices that share a security database by using Active Directory.|
From 0155a346b7c5a3faa8e1e27b9d8303579e28cfee Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 28 Sep 2020 15:59:52 +0500
Subject: [PATCH 3/4] Update
windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
.../threat-protection/microsoft-defender-atp/mac-preferences.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
index 1a029b39a8..a85c712b92 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
@@ -31,7 +31,7 @@ ms.topic: conceptual
## Summary
-In enterprise organizations, Microsoft Defender ATP for Mac can be managed through a configuration profile that is deployed by using one of several management tools. Preferences that are managed by your security operations team take precedence over preferences that are set locally on the device. Changing of the preferences that are set through the configuration profile would require escalated privileges and would not be available for users wihtout administrative permissions.
+In enterprise organizations, Microsoft Defender ATP for Mac can be managed through a configuration profile that is deployed by using one of several management tools. Preferences that are managed by your security operations team take precedence over preferences that are set locally on the device. Changing the preferences that are set through the configuration profile requires escalated privileges and is not available for users without administrative permissions.
This article describes the structure of the configuration profile, includes a recommended profile that you can use to get started, and provides instructions on how to deploy the profile.
From bd03b539738e3f6b4ed7ca4edc53c253ac35acb8 Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Wed, 30 Sep 2020 12:03:57 +0200
Subject: [PATCH 4/4] Update web-content-filtering.md
We changed how uncategorized is defined... any site which is not categorized will be tagged as Uncategorized. This leads to the below note:
>[!IMPORTANT]
>Blocking the "Uncategorized" category may lead to unexpected and undesired results.
---
.../microsoft-defender-atp/web-content-filtering.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
index 21348865a8..692170a5cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
@@ -84,6 +84,9 @@ Tip: You can deploy a policy without selecting any category on a device group. T
>[!NOTE]
>If you are removing a policy or changing device groups at the same time, this might cause a delay in policy deployment.
+>[!IMPORTANT]
+>Blocking the "Uncategorized" category may lead to unexpected and undesired results.
+
### Allow specific websites
It is possible to override the blocked category in web content filtering to allow a single site by creating a custom indicator policy. The custom indicator policy will supersede the web content filtering policy when it is applied to the device group in question.