mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-16 15:27:22 +00:00
Merge remote-tracking branch 'origin/master' into atp-tb-troubleshoot-onboarding-setup
This commit is contained in:
Tanya Bittenmaster
commit
52e2df718e
@ -21,7 +21,7 @@ Microsoft Edge works with Group Policy and Microsoft Intune to help you manage y
|
||||
By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
|
||||
|
||||
> [!NOTE]
|
||||
> For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
|
||||
> For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
|
||||
|
||||
## Group Policy settings
|
||||
Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations:
|
||||
@ -1027,5 +1027,4 @@ These are additional Windows 10-specific MDM policy settings that work with Mic
|
||||
- **1 (default).** Employees can sync between PCs.
|
||||
|
||||
## Related topics
|
||||
* [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514)
|
||||
* [Mobile Device Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
|
||||
@ -2,6 +2,6 @@
|
||||
tocHref: /
|
||||
topicHref: /
|
||||
items:
|
||||
- name: Windows Store for Business
|
||||
- name: Microsoft Store for Business
|
||||
tocHref: /microsoft-store
|
||||
topicHref: /microsoft-store/index
|
||||
@ -7,7 +7,7 @@ ms.sitesec: library
|
||||
ms.pagetype: mobile
|
||||
ms.author: elizapo
|
||||
author: lizap
|
||||
ms.date: 08/14/2017
|
||||
ms.date: 09/13/2017
|
||||
---
|
||||
|
||||
# Per-user services in Windows 10 and Windows Server
|
||||
@ -19,17 +19,17 @@ Per-user services are services that are created when a user signs into Windows o
|
||||
> [!NOTE]
|
||||
> Per-user services are only in available in Windows Server if you have installed the Desktop Experience. If you are running a Server Core or Nano Server installation, you won't see these services.
|
||||
|
||||
You can't prevent per-user services from being created, but you can configure the template service to create them in a stopped and disabled state. You do this by setting the template service's **Startup Type** to **Disabled**.
|
||||
You can configure the template service to create per-user services in a stopped and disabled state by setting the template service's **Startup Type** to **Disabled**.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> If you change the template service's Startup Type, make sure you carefully test that change prior to rolling it out in your production environment.
|
||||
> Carefully test any changes to the template service's Startup Type before deploying in production.
|
||||
|
||||
Use the following information to understand per-user services, change the template service Startup Type, and manage per-user services through Group Policy and security templates.
|
||||
For more information about disabling system services for Windows Server, see [Guidance on disabling system services on Windows Server with Desktop Experience](https://docs.microsoft.com/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server).
|
||||
|
||||
## Per-user services
|
||||
|
||||
Windows 10 and Windows Server 2016 (with the Desktop Experience) have the following per-user services. The template services are located in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
|
||||
Windows 10 and Windows Server (with the Desktop Experience) have the following per-user services. The template services are located in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
|
||||
|
||||
Before you disable any of these services, review the **Description** column in this table to understand the implications, including dependent apps that will no longer work correctly.
|
||||
|
||||
|
||||
@ -992,6 +992,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
|
||||
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
|
||||
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
|
||||
<ul>
|
||||
<li>Authentication/AllowAadPasswordReset</li>
|
||||
<li>Browser/LockdownFavorites</li>
|
||||
<li>Browser/ProvisionFavorites</li>
|
||||
<li>CredentialProviders/DisableAutomaticReDeploymentCredentials</li>
|
||||
@ -1355,6 +1356,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
||||
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
|
||||
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
|
||||
<ul>
|
||||
<li>Authentication/AllowAadPasswordReset</li>
|
||||
<li>Search/AllowCloudSearch</li>
|
||||
<li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li>
|
||||
</ul>
|
||||
|
||||
@ -307,6 +307,9 @@ The following diagram shows the Policy configuration service provider in tree fo
|
||||
### Authentication policies
|
||||
|
||||
<dl>
|
||||
<dd>
|
||||
<a href="./policy-csp-authentication.md#authentication-allowaadpasswordreset" id="authentication-allowaadpasswordreset">Authentication/AllowAadPasswordReset</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-authentication.md#authentication-alloweapcertsso" id="authentication-alloweapcertsso">Authentication/AllowEAPCertSSO</a>
|
||||
</dd>
|
||||
|
||||
@ -6,7 +6,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: nickbrower
|
||||
ms.date: 08/30/2017
|
||||
ms.date: 09/06/2017
|
||||
---
|
||||
|
||||
# Policy CSP - Authentication
|
||||
@ -19,6 +19,42 @@ ms.date: 08/30/2017
|
||||
|
||||
## Authentication policies
|
||||
|
||||
<!--StartPolicy-->
|
||||
<a href="" id="authentication-allowaadpasswordreset"></a>**Authentication/AllowAadPasswordReset**
|
||||
|
||||
<!--StartSKU-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
<th>Mobile Enterprise</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<!--EndSKU-->
|
||||
<!--StartDescription-->
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
|
||||
- 0 (default) – Not allowed.
|
||||
- 1 – Allowed.
|
||||
|
||||
<!--EndDescription-->
|
||||
<!--EndPolicy-->
|
||||
<!--StartPolicy-->
|
||||
<a href="" id="authentication-alloweapcertsso"></a>**Authentication/AllowEAPCertSSO**
|
||||
|
||||
@ -46,10 +82,6 @@ ms.date: 08/30/2017
|
||||
|
||||
<!--EndSKU-->
|
||||
<!--StartDescription-->
|
||||
> [!NOTE]
|
||||
> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
|
||||
|
||||
|
||||
<p style="margin-left: 20px">Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources.
|
||||
|
||||
> [!IMPORTANT]
|
||||
|
||||
@ -29,6 +29,11 @@ You can use mobile device management (MDM) solutions to configure endpoints. Win
|
||||
|
||||
For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
|
||||
|
||||
## Before you begin
|
||||
If you're using Microsoft Intune, you must have the device MDM Enrolled. Otherwise, settings will not be applied successfully.
|
||||
|
||||
For more information on enabling MDM with Microsoft Intune, see [Setup Windows Device Management](https://docs.microsoft.com/intune-classic/deploy-use/set-up-windows-device-management-with-microsoft-intune).
|
||||
|
||||
## Configure endpoints using Microsoft Intune
|
||||
|
||||
For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 62 KiB |
@ -30,7 +30,7 @@ Enterprise security teams can use the Windows Defender ATP portal to monitor and
|
||||
You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to:
|
||||
- View, sort, and triage alerts from your endpoints
|
||||
- Search for more information on observed indicators such as files and IP Addresses
|
||||
- Change Windows Defender ATP settings, including time zone and alert suppression rules
|
||||
- Change Windows Defender ATP settings, including time zone and licensing information.
|
||||
|
||||
## Windows Defender ATP portal
|
||||
When you open the portal, you’ll see the main areas of the application:
|
||||
@ -48,10 +48,10 @@ You can navigate through the portal using the menu options available in all sect
|
||||
|
||||
Area | Description
|
||||
:---|:---
|
||||
(1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text. </br> **Feedback** -Access the feedback button to provide comments about the portal. </br> **Settings** - Gives you access to the configuration settings where you can set time zones, alert suppression rules, and license information. </br> **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
|
||||
(1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text. </br> **Feedback** -Access the feedback button to provide comments about the portal. </br> **Settings** - Gives you access to the configuration settings where you can set time zones and view license information. </br> **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
|
||||
(2) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**.
|
||||
**Dashboards** | Enables you to view the Security operations or the Security analytics dashboard.
|
||||
**Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts.
|
||||
**Alerts queue** | Enables you to view separate queues of new, in progress, resolved alerts, alerts assigned to you, and suppression rules.
|
||||
**Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
|
||||
**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
|
||||
**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features.
|
||||
|
||||
@ -34,6 +34,9 @@ You'll have access to upcoming features which you can provide feedback on to hel
|
||||
Turn on the preview experience setting to be among the first to try upcoming features.
|
||||
|
||||
1. In the navigation pane, select **Preferences setup** > **Preview experience**.
|
||||
|
||||
|
||||
|
||||
2. Toggle the setting between **On** and **Off** and select **Save preferences**.
|
||||
|
||||
## Preview features
|
||||
|
||||
@ -93,11 +93,15 @@ You can roll back and remove a file from quarantine if you’ve determined that
|
||||
> Windows Defender ATP will remove all files that were quarantined on this machine in the last 30 days.
|
||||
|
||||
## Block files in your network
|
||||
You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
|
||||
You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
|
||||
|
||||
>[!NOTE]
|
||||
>This feature is only available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br>
|
||||
This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. The coverage will be extended over time. The action takes effect on machines with the latest Windows 10 Insider Preview build.
|
||||
This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. This response action is available for machines on Windows 10, version 1703 or later.
|
||||
|
||||
>[!IMPORTANT]
|
||||
> The PE file needs to be in the machine timeline for you to be able to take this action.
|
||||
|
||||
|
||||
### Enable the block file feature
|
||||
1. In the navigation pane, select **Preference Setup** > **Advanced features** > **Block file**.
|
||||
@ -109,9 +113,7 @@ This feature is designed to prevent suspected malware (or potentially malicious
|
||||
|
||||
3. Type a comment and select **Yes, block file** to take action on the file.
|
||||
|
||||
|
||||
The Action center shows the submission information:
|
||||
|
||||
|
||||
|
||||
- **Submission time** - Shows when the action was submitted. <br>
|
||||
|
||||
@ -129,7 +129,7 @@ The following requirements must be met before Attack Surface Reduction will work
|
||||
|
||||
Windows 10 version | Windows Defender Antivirus
|
||||
- | -
|
||||
Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
|
||||
Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled
|
||||
|
||||
|
||||
|
||||
|
||||
@ -62,7 +62,7 @@ The following requirements must be met before Controlled Folder Access will work
|
||||
|
||||
Windows 10 version | Windows Defender Antivirus
|
||||
-|-
|
||||
Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
|
||||
Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled
|
||||
|
||||
|
||||
## Review Controlled Folder Access events in Windows Event Viewer
|
||||
|
||||
@ -79,8 +79,7 @@ See the [Attack Surface Reduction](attack-surface-reduction-exploit-guard.md) to
|
||||
- Disabled = 0
|
||||
- Audit mode = 2
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -91,13 +90,13 @@ See the [Attack Surface Reduction](attack-surface-reduction-exploit-guard.md) to
|
||||
2. Enter the following cmdlet:
|
||||
|
||||
```PowerShell
|
||||
Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID>
|
||||
Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Enabled
|
||||
```
|
||||
|
||||
You can enable the feature in audit mode using the following cmdlet:
|
||||
|
||||
```PowerShell
|
||||
Set-MpPreference -AttackSurfaceReductionRules_Actions AuditMode
|
||||
Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions AuditMode
|
||||
```
|
||||
|
||||
Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user