From ff8dd459d019f5468f66e16b11348a3157ac7429 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 28 Nov 2018 23:52:32 +0000 Subject: [PATCH 1/3] Merged PR 13052: Updated info on Advanced Hunting tables Added info about MachineNetworkInfo table and updated descriptions of other tables. --- ...ows-defender-advanced-threat-protection.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index a577f341aa..a3ad4f5884 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -65,15 +65,16 @@ For more information on the query language and supported operators, see [Query L The following tables are exposed as part of Advanced hunting: -- **AlertEvents** - Stores alerts related information -- **MachineInfo** - Stores machines properties -- **ProcessCreationEvents** - Stores process creation events -- **NetworkCommunicationEvents** - Stores network communication events -- **FileCreationEvents** - Stores file creation, modification, and rename events -- **RegistryEvents** - Stores registry key creation, modification, rename and deletion events -- **LogonEvents** - Stores login events -- **ImageLoadEvents** - Stores load dll events -- **MiscEvents** - Stores several types of events, process injection events, access to LSASS processes, and others. +- **AlertEvents** - Alerts on Windows Defender Security Center +- **MachineInfo** - Machine information, including OS information +- **MachineNetworkInfo** - Network properties of machines, including adapters, IP and MAC addresses, as well as connected networks and domains +- **ProcessCreationEvents** - Process creation and related events +- **NetworkCommunicationEvents** - Network connection and related events +- **FileCreationEvents** - File creation, modification, and other file system events +- **RegistryEvents** - Creation and modification of registry entries +- **LogonEvents** - Login and other authentication events +- **ImageLoadEvents** - DLL loading events +- **MiscEvents** - Multiple event types, such as process injection, creation of scheduled tasks, and LSASS access attempts These tables include data from the last 30 days. From 157db5dcd1e98a0409ef859506b5d7947f4469b2 Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Thu, 29 Nov 2018 17:50:13 +0000 Subject: [PATCH 2/3] Merged PR 13067: Updated servicing stack update article --- .../update/servicing-stack-updates.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index 365142d77b..7a74f8e858 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -7,7 +7,7 @@ ms.sitesec: library author: Jaimeo ms.localizationpriority: medium ms.author: jaimeo -ms.date: 11/13/2018 +ms.date: 11/29/2018 --- # Servicing stack updates @@ -15,38 +15,38 @@ ms.date: 11/13/2018 **Applies to** -- Windows 10 +- Windows 10, Windows 8.1, Windows 8, Windows 7 ## What is a servicing stack update? -The "servicing stack" is the code that installs other operating system updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month. +Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month. ## Why should servicing stack updates be installed and kept up to date? -Having the latest servicing stack update is a prerequisite to reliably installing the latest quality updates and feature updates. Servicing stack updates improve the reliability and performance of the update process. +Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes. ## When are they released? -Currently, the servicing stack update releases are aligned with the monthly quality update release date, though sometimes they are released on a separate date if required. +Servicing stack update are scheduled to release simultaneously with the monthly quality updates. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical." >[!NOTE] >You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001). ## What's the difference between a servicing stack update and a cumulative update? -Both Windows 10 and Windows Server use the cumulative update mechanism, in which many fixes are packaged into a single update. Each cumulative update includes the changes and fixes from all previous updates. +Both Windows 10 and Windows Server use the cumulative update mechanism, in which many fixes to improve the quality and security of Windows are packaged into a single update. Each cumulative update includes the changes and fixes from all previous updates. -However, there are some operating system fixes that aren’t included in a cumulative update but are still pre-requisites for the cumulative update. That is, the component that performs the actual updates sometimes itself requires an update. Those fixes are available in a servicing stack update. For example, the cumulative update [KB4284880](https://support.microsoft.com/help/4284880/windows-10-update-kb4284880) requires the [May 17, 2018 servicing stack update](https://support.microsoft.com/help/4132216), which includes updates to Windows Update. +Servicing stack updates must ship separately from the cumulative updates because they modify the component that installs Windows updates. The servicing stack is released separately because the servicing stack itself requires an update. For example, the cumulative update [KB4284880](https://support.microsoft.com/help/4284880/windows-10-update-kb4284880) requires the [May 17, 2018 servicing stack update](https://support.microsoft.com/help/4132216), which includes updates to Windows Update. -If a given cumulative update required a servicing stack update, you'll see that information in the release notes for the update. **If you try to install the cumulative update without installing the servicing stack update, you'll get an error.** ## Is there any special guidance? -Typically, the improvements are reliability, security, and performance improvements that do not require any specific special guidance. If there is any significant impact, it will be present in the release notes. +Microsoft recommends you install the latest servicing stack updates for your operating system before installing the latest cumulative update. + +Typically, the improvements are reliability and performance improvements that do not require any specific special guidance. If there is any significant impact, it will be present in the release notes. ## Installation notes * Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system. * Installing servicing stack update does not require restarting the device, so installation should not be disruptive. * Servicing stack update releases are specific to the operating system version (build number), much like quality updates. -* Search to install latest available [Servicing stack update for Windows 10](https://support.microsoft.com/search?query=servicing%20stack%20update%20Windows%2010). - +* Search to install latest available [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001). \ No newline at end of file From e7152b377e5f8d3715a344199b69ff11a9b455ef Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 29 Nov 2018 18:27:19 +0000 Subject: [PATCH 3/3] Merged PR 13066: fix broken links --- mdop/dart-v10/getting-started-with-dart-10.md | 11 +++++------ mdop/index.md | 2 +- .../uev-manage-administrative-backup-and-restore.md | 4 ++-- .../upgrade/upgrade-readiness-data-sharing.md | 2 +- 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/mdop/dart-v10/getting-started-with-dart-10.md b/mdop/dart-v10/getting-started-with-dart-10.md index f301a986ed..daca6358aa 100644 --- a/mdop/dart-v10/getting-started-with-dart-10.md +++ b/mdop/dart-v10/getting-started-with-dart-10.md @@ -14,13 +14,12 @@ ms.date: 08/30/2016 # Getting Started with DaRT 10 -Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [https://go.microsoft.com/fwlink/p/?LinkId=80347](https://go.microsoft.com/fwlink/?LinkId=80347). - -**Note**   -A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at (https://go.microsoft.com/fwlink/?LinkId=272493). - -Additional downloadable information about this product can also be found at . +Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. +>[!NOTE]   +>A downloadable version of this administrator’s guide is not available. However, you can click **Download PDF** at the bottom of the Table of Contents pane to get a PDF version of this guide. +> +>Additional information about this product can also be found on the [Diagnostics and Recovery Toolset documentation download page.](https://www.microsoft.com/download/details.aspx?id=27754)   ## Getting started with DaRT 10 diff --git a/mdop/index.md b/mdop/index.md index 757a88fd9a..4764ce169b 100644 --- a/mdop/index.md +++ b/mdop/index.md @@ -167,7 +167,7 @@ MDOP is a suite of products that can help streamline desktop deployment, managem MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/p/?LinkId=166331). **Purchase MDOP** -Visit the enterprise [Purchase Windows Enterprise Licensing](https://www.microsoft.com/windows/enterprise/how-to-buy.aspx) website to find out how to purchase MDOP for your business. +Visit the enterprise [Purchase Windows Enterprise Licensing](https://www.microsoft.com/licensing/how-to-buy/how-to-buy) website to find out how to purchase MDOP for your business.   diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md index 8a119cf39e..f91ada9764 100644 --- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md +++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md @@ -35,10 +35,10 @@ When replacing a user’s device, UE-V automatically restores settings if the us You can also use the Windows PowerShell cmdlet, Restore-UevBackup, to restore settings from a different device. To clone the settings packages for the new device, use the following cmdlet in Windows PowerShell: ``` syntax -Restore-UevBackup -Machine +Restore-UevBackup -ComputerName ``` -where <MachineName> is the computer name of the device. +where <ComputerName> is the computer name of the device. Templates such as the Office 2013 template that include many applications can either all be included in the roamed (default) or backed up profile. Individual apps in a template suite follow the group. Office 2013 in-box templates include both roaming and backup-only settings. Backup-only settings cannot be included in a roaming profile. diff --git a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md index 15b27923b6..529808e5c4 100644 --- a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md +++ b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md @@ -42,7 +42,7 @@ In order to set the WinHTTP proxy system-wide on your computers, you need to The WinHTTP scenario is most appropriate for customers who use a single proxy or f. If you have more advanced proxy requirements, refer to Scenario 3. -If you want to learn more about Proxy considerations on Windows, please take a look at this post in the ieinternals blog +If you want to learn more about proxy considerations on Windows, see [Understanding Web Proxy Configuration](https://blogs.msdn.microsoft.com/ieinternals/2013/10/11/understanding-web-proxy-configuration/). ### Logged-in user’s Internet connection