6666| Home | +Pro | +Business | +Enterprise | +Education | +Mobile | +Mobile Enterprise | +
|---|---|---|---|---|---|---|
|
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ + | + |
| Home | +Pro | +Business | +Enterprise | +Education | +Mobile | +Mobile Enterprise | +
|---|---|---|---|---|---|---|
|
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ + | + |
| Home | +Pro | +Business | +Enterprise | +Education | +Mobile | +Mobile Enterprise | +
|---|---|---|---|---|---|---|
|
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ + | + |
| Home | +Pro | +Business | +Enterprise | +Education | +Mobile | +Mobile Enterprise | +
|---|---|---|---|---|---|---|
|
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ + | + |
| Home | +Pro | +Business | +Enterprise | +Education | +Mobile | +Mobile Enterprise | +
|---|---|---|---|---|---|---|
|
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ + | + |
| Home | +Pro | +Business | +Enterprise | +Education | +Mobile | +Mobile Enterprise | +
|---|---|---|---|---|---|---|
|
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ + | + |
| Home | +Pro | +Business | +Enterprise | +Education | +Mobile | +Mobile Enterprise | +
|---|---|---|---|---|---|---|
|
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ + | + |
| Home | +Pro | +Business | +Enterprise | +Education | +Mobile | +Mobile Enterprise | +
|---|---|---|---|---|---|---|
|
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ + | + |
| Home | +Pro | +Business | +Enterprise | +Education | +Mobile | +Mobile Enterprise | +
|---|---|---|---|---|---|---|
|
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ + | + |
| Home | +Pro | +Business | +Enterprise | +Education | +Mobile | +Mobile Enterprise | +
|---|---|---|---|---|---|---|
|
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ + | + |
| Home | +Pro | +Business | +Enterprise | +Education | +Mobile | +Mobile Enterprise | +
|---|---|---|---|---|---|---|
|
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ + | + |
| Home | +Pro | +Business | +Enterprise | +Education | +Mobile | +Mobile Enterprise | +
|---|---|---|---|---|---|---|
|
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ + | + |
| Summary | Originating update | Status | Last updated |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". See details > | OS Build 10240.18094 January 08, 2019 KB4480962 | Mitigated | April 25, 2019 02:00 PM PT |
| MSXML6 may cause applications to stop responding MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). See details > | OS Build 10240.18094 January 08, 2019 KB4480962 | Resolved KB4493475 | April 09, 2019 10:00 AM PT |
| Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer. See details > | OS Build 10240.18158 March 12, 2019 KB4489872 | Resolved KB4493475 | April 09, 2019 10:00 AM PT |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. See details > | OS Build 10240.18132 February 12, 2019 KB4487018 | Resolved KB4493475 | April 09, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Custom URI schemes may not start corresponding application After installing KB4489872, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer. Affected platforms:
Resolution: This issue was resolved in KB4493475. Back to top | OS Build 10240.18158 March 12, 2019 KB4489872 | Resolved KB4493475 | Resolved: April 09, 2019 10:00 AM PT Opened: March 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. Affected platforms:
Resolution: This issue is resolved in KB4493475. Back to top | OS Build 10240.18132 February 12, 2019 KB4487018 | Resolved KB4493475 | Resolved: April 09, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Affected platforms:
Workaround: Do one of the following:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 10240.18094 January 08, 2019 KB4480962 | Mitigated | Last updated: April 25, 2019 02:00 PM PT Opened: January 08, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding After installing KB4480962, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. Affected platforms:
Resolution: This issue was resolved in KB4493475. Back to top | OS Build 10240.18094 January 08, 2019 KB4480962 | Resolved KB4493475 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| Summary | Originating update | Status | Last updated |
| Zone transfers over TCP may fail Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail. See details > | OS Build 14393.2941 April 25, 2019 KB4493473 | Investigating | April 25, 2019 02:00 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. See details > | OS Build 14393.2931 April 25, 2019 KB4492241 | Mitigated | May 10, 2019 10:35 AM PT |
| Cluster service may fail if the minimum password length is set to greater than 14 The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters. See details > | OS Build 14393.2639 November 27, 2018 KB4467684 | Mitigated | April 25, 2019 02:00 PM PT |
| Issue using PXE to start a device from WDS There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. See details > | OS Build 14393.2848 March 12, 2019 KB4489882 | Mitigated | April 25, 2019 02:00 PM PT |
| SCVMM cannot enumerate and manage logical switches deployed on the host For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host. See details > | OS Build 14393.2639 November 27, 2018 KB4467684 | Mitigated | April 25, 2019 02:00 PM PT |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". See details > | OS Build 14393.2724 January 08, 2019 KB4480961 | Mitigated | April 25, 2019 02:00 PM PT |
| Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM. See details > | OS Build 14393.2608 November 13, 2018 KB4467691 | Mitigated | February 19, 2019 10:00 AM PT |
| Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer. See details > | OS Build 14393.2848 March 12, 2019 KB4489882 | Resolved KB4493473 | April 25, 2019 02:00 PM PT |
| End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. See details > | OS Build 14393.2879 March 19, 2019 KB4489889 | Resolved KB4493470 | April 09, 2019 10:00 AM PT |
| Internet Explorer 11 authentication issue with multiple concurrent logons Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine. See details > | OS Build 14393.2724 January 08, 2019 KB4480961 | Resolved KB4493470 | April 09, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). See details > | OS Build 14393.2724 January 08, 2019 KB4480961 | Resolved KB4493470 | April 09, 2019 10:00 AM PT |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. See details > | OS Build 14393.2791 February 12, 2019 KB4487026 | Resolved KB4493470 | April 09, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update. Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May. Back to top | OS Build 14393.2931 April 25, 2019 KB4492241 | Mitigated | Last updated: May 10, 2019 10:35 AM PT Opened: May 10, 2019 10:35 AM PT |
Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No
| Details | Originating update | Status | History |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. Affected platforms:
Resolution: This issue is resolved in KB4493470. Back to top | OS Build 14393.2791 February 12, 2019 KB4487026 | Resolved KB4493470 | Resolved: April 09, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Affected platforms:
Workaround: Do one of the following:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 14393.2724 January 08, 2019 KB4480961 | Mitigated | Last updated: April 25, 2019 02:00 PM PT Opened: January 08, 2019 10:00 AM PT |
| Internet Explorer 11 authentication issue with multiple concurrent logons After installing KB4480961, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
Affected platforms:
Resolution: This issue was resolved in KB4493470. Back to top | OS Build 14393.2724 January 08, 2019 KB4480961 | Resolved KB4493470 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding After installing KB4480961, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. Affected platforms:
Resolution: This issue was resolved in KB4493470. Back to top | OS Build 14393.2724 January 08, 2019 KB4480961 | Resolved KB4493470 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| Summary | Originating update | Status | Last updated |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. See details > | OS Build 15063.1771 April 25, 2019 KB4492242 | Mitigated | May 10, 2019 10:35 AM PT |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". See details > | OS Build 15063.1563 January 08, 2019 KB4480973 | Mitigated | April 25, 2019 02:00 PM PT |
| Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer. See details > | OS Build 15063.1689 March 12, 2019 KB4489871 | Resolved KB4493436 | April 25, 2019 02:00 PM PT |
| End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. See details > | OS Build 15063.1716 March 19, 2019 KB4489888 | Resolved KB4493474 | April 09, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). See details > | OS Build 15063.1563 January 08, 2019 KB4480973 | Resolved KB4493474 | April 09, 2019 10:00 AM PT |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. See details > | OS Build 15063.1631 February 12, 2019 KB4487020 | Resolved KB4493474 | April 09, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update. Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May. Back to top | OS Build 15063.1771 April 25, 2019 KB4492242 | Mitigated | Last updated: May 10, 2019 10:35 AM PT Opened: May 10, 2019 10:35 AM PT |
| Details | Originating update | Status | History |
| Custom URI schemes may not start corresponding application After installing KB4489871, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer. Affected platforms:
Resolution: This issue is resolved in KB4493436. Back to top | OS Build 15063.1689 March 12, 2019 KB4489871 | Resolved KB4493436 | Resolved: April 25, 2019 02:00 PM PT Opened: March 12, 2019 10:00 AM PT |
| End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions. Affected platforms:
Resolution: This issue was resolved in KB4493474. Back to top | OS Build 15063.1716 March 19, 2019 KB4489888 | Resolved KB4493474 | Resolved: April 09, 2019 10:00 AM PT Opened: March 19, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. Affected platforms:
Resolution: This issue is resolved in KB4493474. Back to top | OS Build 15063.1631 February 12, 2019 KB4487020 | Resolved KB4493474 | Resolved: April 09, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Affected platforms:
Workaround: Do one of the following:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 15063.1563 January 08, 2019 KB4480973 | Mitigated | Last updated: April 25, 2019 02:00 PM PT Opened: January 08, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding After installing KB4480973, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. Affected platforms:
Resolution: This issue was resolved in KB4493474. Back to top | OS Build 15063.1563 January 08, 2019 KB4480973 | Resolved KB4493474 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| Summary | Originating update | Status | Last updated |
| Zone transfers over TCP may fail Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail. See details > | OS Build 16299.1127 April 25, 2019 KB4493440 | Investigating | April 25, 2019 02:00 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. See details > | OS Build 16299.1111 April 25, 2019 KB4492243 | Mitigated | May 10, 2019 10:35 AM PT |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". See details > | OS Build 16299.904 January 08, 2019 KB4480978 | Mitigated | April 25, 2019 02:00 PM PT |
| Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer. See details > | OS Build 16299.1029 March 12, 2019 KB4489886 | Resolved KB4493440 | April 25, 2019 02:00 PM PT |
| End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. See details > | OS Build 16299.1059 March 19, 2019 KB4489890 | Resolved KB4493441 | April 09, 2019 10:00 AM PT |
| MSXML6 causes applications to stop responding if an exception was thrown MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). See details > | OS Build 16299.904 January 08, 2019 KB4480978 | Resolved KB4493441 | April 09, 2019 10:00 AM PT |
| Stop error when attempting to start SSH from WSL A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting. See details > | OS Build 16299.1029 March 12, 2019 KB4489886 | Resolved KB4493441 | April 09, 2019 10:00 AM PT |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. See details > | OS Build 16299.967 February 12, 2019 KB4486996 | Resolved KB4493441 | April 09, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update. Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May. Back to top | OS Build 16299.1111 April 25, 2019 KB4492243 | Mitigated | Last updated: May 10, 2019 10:35 AM PT Opened: May 10, 2019 10:35 AM PT |
| Details | Originating update | Status | History |
| Custom URI schemes may not start corresponding application After installing KB4489886, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer. Affected platforms:
Resolution: This issue is resolved in KB4493440. Back to top | OS Build 16299.1029 March 12, 2019 KB4489886 | Resolved KB4493440 | Resolved: April 25, 2019 02:00 PM PT Opened: March 12, 2019 10:00 AM PT |
| End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions. Affected platforms:
Resolution: This issue is resolved in KB4493441. Back to top | OS Build 16299.1059 March 19, 2019 KB4489890 | Resolved KB4493441 | Resolved: April 09, 2019 10:00 AM PT Opened: March 19, 2019 10:00 AM PT |
| Stop error when attempting to start SSH from WSL After applying KB4489886, a stop error occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh –A) or a configuration setting. Affected platforms:
Resolution: This issue is resolved in KB4493441. Back to top | OS Build 16299.1029 March 12, 2019 KB4489886 | Resolved KB4493441 | Resolved: April 09, 2019 10:00 AM PT Opened: March 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. Affected platforms:
Resolution: This issue is resolved in KB4493441. Back to top | OS Build 16299.967 February 12, 2019 KB4486996 | Resolved KB4493441 | Resolved: April 09, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Affected platforms:
Workaround: Do one of the following:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 16299.904 January 08, 2019 KB4480978 | Mitigated | Last updated: April 25, 2019 02:00 PM PT Opened: January 08, 2019 10:00 AM PT |
| MSXML6 causes applications to stop responding if an exception was thrown After installing KB4480978, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. Affected platforms:
Resolution: This issue is resolved in KB4493441. Back to top | OS Build 16299.904 January 08, 2019 KB4480978 | Resolved KB4493441 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| Summary | Originating update | Status | Last updated |
| Zone transfers over TCP may fail Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail. See details > | OS Build 17134.753 April 25, 2019 KB4493437 | Investigating | April 25, 2019 02:00 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. See details > | OS Build 17134.730 April 25, 2019 KB4492245 | Mitigated | May 10, 2019 10:35 AM PT |
| Issue using PXE to start a device from WDS Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely. See details > | OS Build 17134.648 March 12, 2019 KB4489868 | Mitigated | April 25, 2019 02:00 PM PT |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". See details > | OS Build 17134.523 January 08, 2019 KB4480966 | Mitigated | April 25, 2019 02:00 PM PT |
| Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer. See details > | OS Build 17134.648 March 12, 2019 KB4489868 | Resolved KB4493437 | April 25, 2019 02:00 PM PT |
| End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. See details > | OS Build 17134.677 March 19, 2019 KB4489894 | Resolved KB4493464 | April 09, 2019 10:00 AM PT |
| First character of the Japanese era name not recognized The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues. See details > | OS Build 17134.556 January 15, 2019 KB4480976 | Resolved KB4487029 | April 09, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). See details > | OS Build 17134.523 January 08, 2019 KB4480966 | Resolved KB4493464 | April 09, 2019 10:00 AM PT |
| Stop error when attempting to start SSH from WSL A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting. See details > | OS Build 17134.648 March 12, 2019 KB4489868 | Resolved KB4493464 | April 09, 2019 10:00 AM PT |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. See details > | OS Build 17134.590 February 12, 2019 KB4487017 | Resolved KB4493464 | April 09, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update. Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May. Back to top | OS Build 17134.730 April 25, 2019 KB4492245 | Mitigated | Last updated: May 10, 2019 10:35 AM PT Opened: May 10, 2019 10:35 AM PT |
Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No
| Details | Originating update | Status | History |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. Affected platforms:
Resolution: This issue is resolved in KB4493464. Back to top | OS Build 17134.590 February 12, 2019 KB4487017 | Resolved KB4493464 | Resolved: April 09, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Affected platforms:
Workaround: Do one of the following:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 17134.523 January 08, 2019 KB4480966 | Mitigated | Last updated: April 25, 2019 02:00 PM PT Opened: January 08, 2019 10:00 AM PT |
| First character of the Japanese era name not recognized After installing KB4480976, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues. Affected platforms:
Resolution: This issue is resolved in KB4487029. Back to top | OS Build 17134.556 January 15, 2019 KB4480976 | Resolved KB4487029 | Resolved: February 19, 2019 02:00 PM PT Opened: January 08, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding After installing KB4480966, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. Affected platforms:
Resolution: This issue was resolved in KB4493464. Back to top | OS Build 17134.523 January 08, 2019 KB4480966 | Resolved KB4493464 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| Summary | Originating update | Status | Last updated |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. See details > | OS Build 17763.475 May 03, 2019 KB4495667 | Mitigated | May 10, 2019 10:35 AM PT |
| Devices with some Asian language packs installed may receive an error After installing the KB4493509 devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_F See details > | OS Build 17763.437 April 09, 2019 KB4493509 | Mitigated | May 03, 2019 10:59 AM PT |
| Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007 Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive an error. See details > | OS Build 17763.379 March 12, 2019 KB4489899 | Mitigated | May 02, 2019 04:47 PM PT |
| Issue using PXE to start a device from WDS Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely. See details > | OS Build 17763.379 March 12, 2019 KB4489899 | Mitigated | April 09, 2019 10:00 AM PT |
| Latest cumulative update (KB 4495667) installs automatically Reports that the optional cumulative update (KB 4495667) installs automatically. See details > | OS Build 17763.475 May 03, 2019 KB4495667 | Resolved | May 08, 2019 03:37 PM PT |
| System may be unresponsive after restart if ArcaBit antivirus software installed After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 See details > | OS Build 17763.437 April 09, 2019 KB4493509 | Resolved | May 08, 2019 03:30 PM PT |
| Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer. See details > | OS Build 17763.379 March 12, 2019 KB4489899 | Resolved KB4495667 | May 03, 2019 12:40 PM PT |
| End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. See details > | OS Build 17763.404 April 02, 2019 KB4490481 | Resolved KB4493509 | April 09, 2019 10:00 AM PT |
| Internet Explorer 11 authentication issue with multiple concurrent logons Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine. See details > | OS Build 17763.253 January 08, 2019 KB4480116 | Resolved KB4493509 | April 09, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). See details > | OS Build 17763.253 January 08, 2019 KB4480116 | Resolved KB4493509 | April 09, 2019 10:00 AM PT |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. See details > | OS Build 17763.316 February 12, 2019 KB4487044 | Resolved KB4493509 | April 09, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update. Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May. Back to top | OS Build 17763.475 May 03, 2019 KB4495667 | Mitigated | Last updated: May 10, 2019 10:35 AM PT Opened: May 10, 2019 10:35 AM PT |
| Devices with some Asian language packs installed may receive an error After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\" Affected platforms:
Workaround:
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 17763.437 April 09, 2019 KB4493509 | Mitigated | Last updated: May 03, 2019 10:59 AM PT Opened: May 02, 2019 04:36 PM PT |
| Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007 When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\" Affected platforms:
Workaround: You can use another browser, such as Internet Explorer to print your documents. Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 17763.379 March 12, 2019 KB4489899 | Mitigated | Last updated: May 02, 2019 04:47 PM PT Opened: May 02, 2019 04:47 PM PT |
| Latest cumulative update (KB 4495667) installs automatically Due to a servicing side issue some users were offered KB4495667 (optional update) automatically and rebooted devices. This issue has been mitigated. Affected platforms:
Resolution:: This issue has been mitigated on the servicing side to prevent auto installing of this update. Customers do not need to take any action. Back to top | OS Build 17763.475 May 03, 2019 KB4495667 | Resolved | Resolved: May 08, 2019 03:37 PM PT Opened: May 05, 2019 12:01 PM PT |
| Details | Originating update | Status | History |
| System may be unresponsive after restart if ArcaBit antivirus software installed ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server). Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart. Affected platforms:
Workaround: ArcaBit has released an update to address this issue for affected platforms. For more information, see the ArcaBit support article. Resolution: This issue has been resolved. ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server). Back to top | OS Build 17763.437 April 09, 2019 KB4493509 | Resolved | Resolved: May 08, 2019 03:30 PM PT Opened: April 09, 2019 10:00 AM PT |
| End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions. Affected platforms:
Resolution: This issue was resolved in KB4493509. Back to top | OS Build 17763.404 April 02, 2019 KB4490481 | Resolved KB4493509 | Resolved: April 09, 2019 10:00 AM PT Opened: April 02, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. Affected platforms:
Resolution: This issue is resolved in KB4493509. Back to top | OS Build 17763.316 February 12, 2019 KB4487044 | Resolved KB4493509 | Resolved: April 09, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Affected platforms:
Workaround: Do one of the following:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 17763.253 January 08, 2019 KB4480116 | Mitigated | Last updated: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| Internet Explorer 11 authentication issue with multiple concurrent logons After installing KB4480116, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
Affected platforms:
Resolution: This issue was resolved in KB4493509. Back to top | OS Build 17763.253 January 08, 2019 KB4480116 | Resolved KB4493509 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding After installing KB4480116, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. Affected platforms:
Resolution: This issue was resolved in KB4493509. Back to top | OS Build 17763.253 January 08, 2019 KB4480116 | Resolved KB4493509 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| Summary | Originating update | Status | Last updated |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. See details > | April 25, 2019 KB4493453 | Mitigated | May 10, 2019 10:35 AM PT |
| System may be unresponsive after restart if ArcaBit antivirus software installed Devices with ArcaBit antivirus software installed may become unresponsive upon restart. See details > | April 09, 2019 KB4493472 | Mitigated | May 08, 2019 03:29 PM PT |
| System may be unresponsive after restart if Avira antivirus software installed Devices with Avira antivirus software installed may become unresponsive upon restart. See details > | April 09, 2019 KB4493472 | Mitigated | May 03, 2019 08:50 AM PT |
| Authentication may fail for services after the Kerberos ticket expires Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires. See details > | March 12, 2019 KB4489878 | Mitigated | April 25, 2019 02:00 PM PT |
| System unresponsive after restart if Sophos Endpoint Protection installed Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart. See details > | April 09, 2019 KB4493472 | Mitigated | April 25, 2019 02:00 PM PT |
| System may be unresponsive after restart with certain McAfee antivirus products Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup. See details > | April 09, 2019 KB4493472 | Mitigated | April 25, 2019 02:00 PM PT |
| Devices may not respond at login or Welcome screen if running certain Avast software Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart. See details > | April 09, 2019 KB4493472 | Resolved | April 25, 2019 02:00 PM PT |
| Internet Explorer 11 authentication issue with multiple concurrent logons Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine. See details > | January 08, 2019 KB4480970 | Resolved KB4493472 | April 09, 2019 10:00 AM PT |
| Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer. See details > | March 12, 2019 KB4489878 | Resolved KB4493472 | April 09, 2019 10:00 AM PT |
| NETDOM.EXE fails to run NETDOM.EXE fails to run and the error, “The command failed to complete successfully.” appears on screen. See details > | March 12, 2019 KB4489878 | Resolved KB4493472 | April 09, 2019 10:00 AM PT |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. See details > | February 12, 2019 KB4486563 | Resolved KB4493472 | April 09, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update. Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May. Back to top | April 25, 2019 KB4493453 | Mitigated | Last updated: May 10, 2019 10:35 AM PT Opened: May 10, 2019 10:35 AM PT |
| Details | Originating update | Status | History |
| Authentication may fail for services after the Kerberos ticket expires After installing KB4489878, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails. Affected platforms:
Workaround: To mitigate this issue, use one of the following options:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | March 12, 2019 KB4489878 | Mitigated | Last updated: April 25, 2019 02:00 PM PT Opened: March 12, 2019 10:00 AM PT |
| Custom URI schemes may not start corresponding application After installing KB4489878, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer. Affected platforms:
Resolution: This issue is resolved in KB4493472. Back to top | March 12, 2019 KB4489878 | Resolved KB4493472 | Resolved: April 09, 2019 10:00 AM PT Opened: March 12, 2019 10:00 AM PT |
| NETDOM.EXE fails to run After installing KB4489878, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears. Affected platforms:
Resolution: This issue is resolved in KB4493472. Back to top | March 12, 2019 KB4489878 | Resolved KB4493472 | Resolved: April 09, 2019 10:00 AM PT Opened: March 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. Affected platforms:
Resolution: This issue is resolved in KB4493472. Back to top | February 12, 2019 KB4486563 | Resolved KB4493472 | Resolved: April 09, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Internet Explorer 11 authentication issue with multiple concurrent logons After installing KB4480970, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
Affected platforms:
Resolution: This issue is resolved in KB4493472. Back to top | January 08, 2019 KB4480970 | Resolved KB4493472 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| Summary | Originating update | Status | Last updated |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. See details > | April 25, 2019 KB4493443 | Mitigated | May 10, 2019 10:35 AM PT |
| System may be unresponsive after restart if ArcaBit antivirus software installed Devices with ArcaBit antivirus software installed may become unresponsive upon restart. See details > | April 09, 2019 KB4493446 | Mitigated | May 08, 2019 03:29 PM PT |
| System may be unresponsive after restart if Avira antivirus software installed Devices with Avira antivirus software installed may become unresponsive upon restart. See details > | April 09, 2019 KB4493446 | Mitigated | May 03, 2019 08:50 AM PT |
| Issue using PXE to start a device from WDS There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. See details > | March 12, 2019 KB4489881 | Mitigated | April 25, 2019 02:00 PM PT |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. See details > | January 08, 2019 KB4480963 | Mitigated | April 25, 2019 02:00 PM PT |
| System may be unresponsive after restart with certain McAfee antivirus products Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup. See details > | April 09, 2019 KB4493446 | Mitigated | April 18, 2019 05:00 PM PT |
| Devices may not respond at login or Welcome screen if running certain Avast software Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart. See details > | April 09, 2019 KB4493446 | Resolved | April 25, 2019 02:00 PM PT |
| Internet Explorer 11 authentication issue with multiple concurrent logons Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine. See details > | January 08, 2019 KB4480963 | Resolved KB4493446 | April 09, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding. MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). See details > | January 08, 2019 KB4480963 | Resolved KB4493446 | April 09, 2019 10:00 AM PT |
| Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer. See details > | March 12, 2019 KB4489881 | Resolved KB4493446 | April 09, 2019 10:00 AM PT |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. See details > | February 12, 2019 KB4487000 | Resolved KB4493446 | April 09, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update. Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May. Back to top | April 25, 2019 KB4493443 | Mitigated | Last updated: May 10, 2019 10:35 AM PT Opened: May 10, 2019 10:35 AM PT |
| Details | Originating update | Status | History |
| Issue using PXE to start a device from WDS After installing KB4489881, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. Affected platforms:
Workaround: To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options: Option 1: Open an Administrator Command prompt and type the following: Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No Option 2: Use the Windows Deployment Services UI to make the following adjustment:
Option 3: Set the following registry value to 0: HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension Restart the WDSServer service after disabling the Variable Window Extension. Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | March 12, 2019 KB4489881 | Mitigated | Last updated: April 25, 2019 02:00 PM PT Opened: March 12, 2019 10:00 AM PT |
| Custom URI schemes may not start corresponding application After installing KB4489881, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer. Affected platforms:
Resolution: This issue is resolved in KB4493446. Back to top | March 12, 2019 KB4489881 | Resolved KB4493446 | Resolved: April 09, 2019 10:00 AM PT Opened: March 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. Affected platforms
Resolution: This issue is resolved in KB4493446. Back to top | February 12, 2019 KB4487000 | Resolved KB4493446 | Resolved: April 09, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Affected platforms:
Workaround: Do one of the following:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | January 08, 2019 KB4480963 | Mitigated | Last updated: April 25, 2019 02:00 PM PT Opened: January 08, 2019 10:00 AM PT |
| Internet Explorer 11 authentication issue with multiple concurrent logons After installing KB4480963, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
Affected platforms:
Resolution: This issue is resolved in KB4493446. Back to top | January 08, 2019 KB4480963 | Resolved KB4493446 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding. After installing KB4480963, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. Affected platforms:
Resolution: This issue is resolved in KB4493446. Back to top | January 08, 2019 KB4480963 | Resolved KB4493446 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Authentication may fail for services after the Kerberos ticket expires After installing KB4489880, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails. Affected platforms:
Workaround: To mitigate this issue, use one of the following options:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | March 12, 2019 KB4489880 | Mitigated | Last updated: April 25, 2019 02:00 PM PT Opened: March 12, 2019 10:00 AM PT |
| NETDOM.EXE fails to run After installing KB4489880, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears. Affected platforms:
Resolution: This issue is resolved in KB4493471. Back to top | March 12, 2019 KB4489880 | Resolved KB4493471 | Resolved: April 09, 2019 10:00 AM PT Opened: March 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. Affected platforms
Resolution: This issue is resolved in KB4493471. Back to top | February 12, 2019 KB4487023 | Resolved KB4493471 | Resolved: April 09, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Summary | Originating update | Status | Last updated |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. See details > | April 25, 2019 KB4493462 | Mitigated | May 10, 2019 10:35 AM PT |
| System may be unresponsive after restart if Avira antivirus software installed Devices with Avira antivirus software installed may become unresponsive upon restart. See details > | April 09, 2019 KB4493451 | Mitigated | May 03, 2019 08:51 AM PT |
| Issue using PXE to start a device from WDS There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. See details > | March 12, 2019 KB4489891 | Mitigated | April 25, 2019 02:00 PM PT |
| System unresponsive after restart if Sophos Endpoint Protection installed Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart. See details > | April 09, 2019 KB4493451 | Mitigated | April 25, 2019 02:00 PM PT |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. See details > | January 08, 2019 KB4480975 | Mitigated | April 25, 2019 02:00 PM PT |
| Internet Explorer 11 authentication issue with multiple concurrent logons Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine. See details > | January 08, 2019 KB4480975 | Resolved KB4493451 | April 09, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). See details > | January 08, 2019 KB4480975 | Resolved KB4493451 | April 09, 2019 10:00 AM PT |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. See details > | February 12, 2019 KB4487025 | Resolved KB4493451 | April 09, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update. Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May. Back to top | April 25, 2019 KB4493462 | Mitigated | Last updated: May 10, 2019 10:35 AM PT Opened: May 10, 2019 10:35 AM PT |
| Details | Originating update | Status | History |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. Affected platforms
Resolution: This issue is resolved in KB4493451. Back to top | February 12, 2019 KB4487025 | Resolved KB4493451 | Resolved: April 09, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Affected platforms:
Workaround: Do one of the following:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | January 08, 2019 KB4480975 | Mitigated | Last updated: April 25, 2019 02:00 PM PT Opened: January 08, 2019 10:00 AM PT |
| Internet Explorer 11 authentication issue with multiple concurrent logons After installing KB4480975, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
Affected platforms:
Resolution: This issue is resolved in KB4493451. Back to top | January 08, 2019 KB4480975 | Resolved KB4493451 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| MSXML6 may cause applications to stop responding After installing KB4480975, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. Affected platforms:
Resolution: This issue is resolved in KB4493451. Back to top | January 08, 2019 KB4480975 | Resolved KB4493451 | Resolved: April 09, 2019 10:00 AM PT Opened: January 08, 2019 10:00 AM PT |
| Message | Date |
| Reminder: Windows 10 update servicing cadence This month we received questions about the cadence of updates we released in April and May 2019. Here's a quick recap of our releases and servicing cadence: +
| May 10, 2019 10:00 AM PT |
| Take action: Install servicing stack update for Windows Server 2008 SP2 for SHA-2 code sign support A standalone update, KB4493730, that introduce SHA-2 code sign support for the servicing stack (SSU) was released today as a security update. | April 19, 2019 10:00 AM PT |
| The benefits of Windows 10 Dynamic Update Dynamic Update can help organizations and end users alike ensure that their Windows 10 devices have the latest feature update content (as part of an in-place upgrade)—and preserve precious features on demand (FODs) and language packs (LPs) that may have been previously installed. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md new file mode 100644 index 0000000000..5652662325 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -0,0 +1,120 @@ +--- +title: Installing Microsoft Defender ATP for Mac manually +description: Describes how to install Microsoft Defender ATP for Mac manually, from the command line. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Manual deployment + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. + +## Download installation and onboarding packages + +Download the installation and onboarding packages from Windows Defender Security Center: + +1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. +2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**. +3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. +4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. + +  + +5. From a command prompt, verify that you have the two files. + Extract the contents of the .zip files: + + ```bash + mavel-macmini:Downloads test$ ls -l + total 721152 + -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip + -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg + mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + Archive: WindowsDefenderATPOnboardingPackage.zip + inflating: WindowsDefenderATPOnboarding.py + ``` + +## Application installation + +To complete this process, you must have admin privileges on the machine. + +1. Navigate to the downloaded wdav.pkg in Finder and open it. + +  + +2. Select **Continue**, agree with the License terms, and enter the password when prompted. + +  + + > [!IMPORTANT] + > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed. + +  + +3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**: + +  + +The installation will proceed. + +> [!NOTE] +> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time. + +## Client configuration + +1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac. + + The client machine is not associated with orgId. Note that the orgid is blank. + + ```bash + mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py + uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 + orgid : + ``` + +2. Install the configuration file on a client machine: + + ```bash + mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py + Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) + ``` + +3. Verify that the machine is now associated with orgId: + + ```bash + mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py + uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 + orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8 + ``` + +After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. + +  + +## Logging installation issues + +See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. + +## Uninstallation + +See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md new file mode 100644 index 0000000000..15bfabbd53 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -0,0 +1,170 @@ +--- +title: Installing Microsoft Defender ATP for Mac with Microsoft Intune +description: Describes how to install Microsoft Defender ATP for Mac, using Microsoft Intune. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Microsoft Intune-based deployment + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. + +## Download installation and onboarding packages + +Download the installation and onboarding packages from Windows Defender Security Center: + +1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. +2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. +3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. +4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. +5. Download IntuneAppUtil from [https://docs.microsoft.com/en-us/intune/lob-apps-macos](https://docs.microsoft.com/en-us/intune/lob-apps-macos). + +  + +6. From a command prompt, verify that you have the three files. + Extract the contents of the .zip files: + + ```bash + mavel-macmini:Downloads test$ ls -l + total 721688 + -rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil + -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip + -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg + mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + Archive: WindowsDefenderATPOnboardingPackage.zip + warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators + inflating: intune/kext.xml + inflating: intune/WindowsDefenderATPOnboarding.xml + inflating: jamf/WindowsDefenderATPOnboarding.plist + mavel-macmini:Downloads test$ + ``` + +7. Make IntuneAppUtil an executable: + + ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil``` + +8. Create the wdav.pkg.intunemac package from wdav.pkg: + + ```bash + mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0" + Microsoft Intune Application Utility for Mac OS X + Version: 1.0.0.0 + Copyright 2018 Microsoft Corporation + + Creating intunemac file for /Users/test/Downloads/wdav.pkg + Composing the intunemac file output + Output written to ./wdav.pkg.intunemac. + + IntuneAppUtil successfully processed "wdav.pkg", + to deploy refer to the product documentation. + ``` + +## Client Machine Setup + +You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp). + +1. You'll be asked to confirm device management. + + + +Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**: + + + +2. Select the **Continue** button and complete the enrollment. + +You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned. + +3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine: + + + +## Create System Configuration profiles + +1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**. +2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**. +3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above. +4. Select **OK**. + +  + +5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. +6. Repeat these steps with the second profile. +7. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file. +8. Select **Manage > Assignments**. In the Include tab, select **Assign to All Users & All devices**. + +After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade: + + + +## Publish application + +1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**. +2. Select **App type=Other/Line-of-business app**. +3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload. +4. Select **Configure** and add the required information. +5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value. + +  + +6. Select **OK** and **Add**. + +  + +7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**. + +  + +8. Change **Assignment type=Required**. +9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. + +  + +10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade: + +  + +## Verify client machine state + +1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences > Profiles**. + +  +  + +2. Verify the three profiles listed there: +  + +3. The **Management Profile** should be the Intune system profile. +4. wdav-config and wdav-kext are system configuration profiles that we added in Intune. +5. You should also see the Microsoft Defender icon in the top-right corner: + +  + +## Logging installation issues + +See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. + +## Uninstallation + +See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md new file mode 100644 index 0000000000..d0ad4df2aa --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -0,0 +1,205 @@ +--- +title: Installing Microsoft Defender ATP for Mac with JAMF +description: Describes how to install Microsoft Defender ATP for Mac, using JAMF. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# JAMF-based deployment + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. + +In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow. + +## Download installation and onboarding packages + +Download the installation and onboarding packages from Windows Defender Security Center: + +1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. +2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. +3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. +4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. + +  + +5. From a command prompt, verify that you have the two files. + Extract the contents of the .zip files: + + ```bash + mavel-macmini:Downloads test$ ls -l + total 721160 + -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip + -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg + mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + Archive: WindowsDefenderATPOnboardingPackage.zip + warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators + inflating: intune/kext.xml + inflating: intune/WindowsDefenderATPOnboarding.xml + inflating: jamf/WindowsDefenderATPOnboarding.plist + mavel-macmini:Downloads test$ + ``` + +## Create JAMF Policies + +You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines. + +### Configuration Profile + +The configuration profile contains one custom settings payload that includes: + +- Microsoft Defender ATP for Mac onboarding information +- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run + +1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File. + + >[!NOTE] + > You must use exactly "com.microsoft.wdav.atp" as the Preference Domain. + +  + +### Approved Kernel Extension + +To approve the kernel extension: + +1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**. +2. Use **UBF8T346G9** for Team Id. + + + +#### Configuration Profile's Scope + +Configure the appropriate scope to specify the machines that will receive this configuration profile. + +Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers. + + + +Save the **Configuration Profile**. + +Use the **Logs** tab to monitor deployment status for each enrolled machine. + +### Package + +1. Create a package in **Settings > Computer Management > Packages**. + +  + +2. Upload wdav.pkg to the Distribution Point. +3. In the **filename** field, enter the name of the package. For example, wdav.pkg. + +### Policy + +Your policy should contain a single package for Microsoft Defender. + + + +Configure the appropriate scope to specify the computers that will receive this policy. + +After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine. + +## Client machine setup + +You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment. + +> [!NOTE] +> After a computer is enrolled, it will show up in the Computers inventory (All Computers). + +1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile. + + + + +After some time, the machine's User Approved MDM status will change to Yes. + + + +You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned. + +## Deployment + +Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected. + +### Status on server + +You can monitor the deployment status in the Logs tab: + +- **Pending** means that the deployment is scheduled but has not yet happened +- **Completed** means that the deployment succeeded and is no longer scheduled + + + +### Status on client machine + +After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile. + + + +After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. + + + +You can monitor policy installation on a machine by following the JAMF's log file: + +```bash + mavel-mojave:~ testuser$ tail -f /var/log/jamf.log + Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found. + Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"... + Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV + Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender... + Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender. + Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches... + Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found. +``` + +You can also check the onboarding status: + +```bash + mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py + uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 + orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 + orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 + orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 +``` + +- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set. + +- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed. + +## Check onboarding status + +You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded: + +```bash + sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+' +``` + +This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. + +## Logging installation issues + +See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. + +## Uninstallation + +See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md new file mode 100644 index 0000000000..7f138a6ca7 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -0,0 +1,157 @@ +--- +title: Microsoft Defender ATP for Mac Resources +description: Describes resources for Microsoft Defender ATP for Mac, including how to uninstall it, how to collect diagnostic logs, CLI commands, and known issues with the product. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Resources + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Collecting diagnostic information + +If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. + +1. Increase logging level: + +```bash + mavel-mojave:~ testuser$ mdatp log-level --verbose + Creating connection to daemon + Connection established + Operation succeeded +``` + +2. Reproduce the problem + +3. Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. + + ```bash + mavel-mojave:~ testuser$ mdatp --diagnostic + Creating connection to daemon + Connection established + "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" + ``` + +4. Restore logging level: + + ```bash + mavel-mojave:~ testuser$ mdatp log-level --info + Creating connection to daemon + Connection established + Operation succeeded + ``` + +## Logging installation issues + +If an error occurs during installation, the installer will only report a general failure. + +The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. + +## Uninstalling + +There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune. + +### Within the GUI + +- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**. + +### From the command line + +- ```sudo rm -rf '/Applications/Microsoft Defender ATP'``` + +### With a script + +Create a script in **Settings > Computer Management > Scripts**. + + + +For example, this script removes Microsoft Defender ATP from the /Applications directory: + +```bash + echo "Is WDAV installed?" + ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null + + echo "Uninstalling WDAV..." + rm -rf '/Applications/Microsoft Defender ATP.app' + + echo "Is WDAV still installed?" + ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null + + echo "Done!" +``` + +### With a JAMF policy + +If you are running JAMF, your policy should contain a single script: + + + +Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. + +## Configuring from the command line + +Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line: + +|Group |Scenario |Command | +|-------------|-------------------------------------------|-----------------------------------------------------------------------| +|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` | +|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` | +|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` | +|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` | +|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`| +|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` | +|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`| +|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` | +|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` | +|Health |Check the product's health |`mdatp --health` | +|Protection |Scan a path |`mdatp scan --path [path]` | +|Protection |Do a quick scan |`mdatp scan --quick` | +|Protection |Do a full scan |`mdatp scan --full` | +|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` | +|Protection |Request a definition update |`mdatp --signature-update` | + +## Microsoft Defender ATP portal information + +In the Microsoft Defender ATP portal, you'll see two categories of information: + +- AV alerts, including: + - Severity + - Scan type + - Device information (hostname, machine identifier, tenant identifier, app version, and OS type) + - File information (name, path, size, and hash) + - Threat information (name, type, and state) +- Device information, including: + - Machine identifier + - Tenant identifier + - App version + - Hostname + - OS type + - OS version + - Computer model + - Processor architecture + - Whether the device is a virtual machine + +## Known issues + +- Not fully optimized for performance or disk space yet. +- Full Windows Defender ATP integration is not available yet. +- Mac devices that switch networks may appear multiple times in the APT portal. +- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index cccde77573..10fffbc787 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -20,17 +20,41 @@ ms.topic: conceptual # Microsoft Defender ATP for Mac >[!IMPORTANT] ->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. -This topic describes how to install and use Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. -Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. +This topic describes how to install and use Microsoft Defender ATP for Mac. + +## What’s new in the public preview + +We've been working hard through the private preview period, and we've heard your concerns. We've reduced the delay for when new Mac devices appear in the ATP console after they've been deployed. We've improved threat handling, and enhanced the user experience. We've also made numerous bug fixes. Other updates to Microsoft Defender ATP for Mac include: + +- Full accessibility +- Improved performance +- Localization for 37 languages +- Improved anti-tampering protections +- Feedback and samples can now be submitted via the GUI. +- Product health can be queried with JAMF or the command line. +- Admins can set their cloud preference for any location, not just for those in the US. + +## Installing and configuring + +There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. +In general you'll need to take the following steps: + +- Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal +- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: + - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md) + - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md) + - [Manual deployment](microsoft-defender-atp-mac-install-manually.md) + +### Prerequisites -## Prerequisites You should have beginner-level experience in macOS and BASH scripting. You must have administrative privileges on the machine. You should also have access to Windows Defender Security Center. ### System Requirements + - macOS version: 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra) - Disk space during preview: 1GB @@ -49,462 +73,14 @@ The following table lists the services and their associated URLs that your netwo To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/api/report` and `https://wu-cdn.x.cp.wd.microsoft.com/` in a browser, or run the following command in Terminal: -``` +```bash mavel-mojave:~ testuser$ curl 'https://x.cp.wd.microsoft.com/api/report' OK ``` -We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines. +We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS. -## Installation and configuration overview -There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. -In general you'll need to take the following steps: - - Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal - - Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: - * [Microsoft Intune based deployment](#microsoft-intune-based-deployment) - * [JAMF based deployment](#jamf-based-deployment) - * [Manual deployment](#manual-deployment) +## Resources -## Microsoft Intune based deployment - -### Download installation and onboarding packages -Download the installation and onboarding packages from Windows Defender Security Center: -1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. -3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. -4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. -5. Download IntuneAppUtil from https://docs.microsoft.com/en-us/intune/lob-apps-macos. - -  - -6. From a command prompt, verify that you have the three files. - Extract the contents of the .zip files: - - ``` - mavel-macmini:Downloads test$ ls -l - total 721688 - -rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil - -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators - inflating: intune/kext.xml - inflating: intune/WindowsDefenderATPOnboarding.xml - inflating: jamf/WindowsDefenderATPOnboarding.plist - mavel-macmini:Downloads test$ - ``` -7. Make IntuneAppUtil an executable: - - ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil``` - -8. Create the wdav.pkg.intunemac package from wdav.pkg: - - ``` - mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0" - Microsoft Intune Application Utility for Mac OS X - Version: 1.0.0.0 - Copyright 2018 Microsoft Corporation - - Creating intunemac file for /Users/test/Downloads/wdav.pkg - Composing the intunemac file output - Output written to ./wdav.pkg.intunemac. - - IntuneAppUtil successfully processed "wdav.pkg", - to deploy refer to the product documentation. - ``` - -### Client Machine Setup -You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp). - -1. You'll be asked to confirm device management. - - - -Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**: - - - -2. Select the **Continue** button and complete the enrollment. - -You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned. - -3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine: - - - -### Create System Configuration profiles -1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**. -2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**. -3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above. -4. Select **OK**. - -  - -5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. -7. Repeat these steps with the second profile. -8. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file. -9. Select **Manage > Assignments**. In the Include tab, select **Assign to All Users & All devices**. - -After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade: - - - -### Publish application - -1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**. -2. Select **App type=Other/Line-of-business app**. -3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload. -4. Select **Configure** and add the required information. -5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value. - -  - -6. Select **OK** and **Add**. - -  - -7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**. - -  - -8. Change **Assignment type=Required**. -9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. - -  - -10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade: - -  - -### Verify client machine state -1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences > Profiles**. - -  -  - -2. Verify the three profiles listed there: -  - -3. The **Management Profile** should be the Intune system profile. -4. wdav-config and wdav-kext are system configuration profiles that we added in Intune. -5. You should also see the Microsoft Defender icon in the top-right corner: - -  - -## JAMF based deployment -### Prerequsites -You need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes a properly configured distribution point. JAMF has many alternative ways to complete the same task. These instructions provide you an example for most common processes. Your organization might use a different workflow. - - -### Download installation and onboarding packages -Download the installation and onboarding packages from Windows Defender Security Center: -1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. -3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. -4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. - -  - -5. From a command prompt, verify that you have the two files. - Extract the contents of the .zip files: - - ``` - mavel-macmini:Downloads test$ ls -l - total 721160 - -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators - inflating: intune/kext.xml - inflating: intune/WindowsDefenderATPOnboarding.xml - inflating: jamf/WindowsDefenderATPOnboarding.plist - mavel-macmini:Downloads test$ - ``` - -### Create JAMF Policies -You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines. - -#### Configuration Profile -The configuration profile contains one custom settings payload that includes: - -- Microsoft Defender ATP for Mac onboarding information -- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run - - -1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File. - - >[!NOTE] - > You must use exactly "com.microsoft.wdav.atp" as the Preference Domain. - -  - -#### Approved Kernel Extension - -To approve the kernel extension: -1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**. -2. Use **UBF8T346G9** for Team Id. - - - -#### Configuration Profile's Scope -Configure the appropriate scope to specify the machines that will receive this configuration profile. - -Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers. - - - -Save the **Configuration Profile**. - -Use the **Logs** tab to monitor deployment status for each enrolled machine. - -#### Package -1. Create a package in **Settings > Computer Management > Packages**. - -  - -2. Upload wdav.pkg to the Distribution Point. -3. In the **filename** field, enter the name of the package. For example, wdav.pkg. - -#### Policy -Your policy should contain a single package for Microsoft Defender. - - - -Configure the appropriate scope to specify the computers that will receive this policy. - -After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine. - -### Client machine setup -You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment. - -> [!NOTE] -> After a computer is enrolled, it will show up in the Computers inventory (All Computers). - -1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile. - - - - -After some time, the machine's User Approved MDM status will change to Yes. - - - -You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned. - -### Deployment -Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected. - -#### Status on server -You can monitor the deployment status in the Logs tab: - - **Pending** means that the deployment is scheduled but has not yet happened - - **Completed** means that the deployment succeeded and is no longer scheduled - - - - -#### Status on client machine -After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile. - - - -After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. - - - -You can monitor policy installation on a machine by following the JAMF's log file: - -``` -mavel-mojave:~ testuser$ tail -f /var/log/jamf.log -Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found. -Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"... -Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV -Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender... -Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender. -Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches... -Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found. -``` - -You can also check the onboarding status: -``` -mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py -uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 -orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -``` - -- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set. - -- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed. - -### Uninstalling Microsoft Defender ATP for Mac -#### Uninstalling with a script - -Create a script in **Settings > Computer Management > Scripts**. - - - -For example, this script removes Microsoft Defender ATP from the /Applications directory: - -``` -echo "Is WDAV installed?" -ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null - -echo "Uninstalling WDAV..." -rm -rf '/Applications/Microsoft Defender ATP.app' - -echo "Is WDAV still installed?" -ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null - -echo "Done!" -``` - -#### Uninstalling with a policy -Your policy should contain a single script: - - - -Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. - -### Check onboarding status - -You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded: - -``` -sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+' -``` - -This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. - -## Manual deployment - -### Download installation and onboarding packages -Download the installation and onboarding packages from Windows Defender Security Center: -1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**. -3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. -4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. - -  - -5. From a command prompt, verify that you have the two files. - Extract the contents of the .zip files: - - ``` - mavel-macmini:Downloads test$ ls -l - total 721152 - -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - inflating: WindowsDefenderATPOnboarding.py - ``` - -### Application installation -To complete this process, you must have admin privileges on the machine. - -1. Navigate to the downloaded wdav.pkg in Finder and open it. - -  - -2. Select **Continue**, agree with the License terms, and enter the password when prompted. - -  - - > [!IMPORTANT] - > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed. - -  - -3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**: - -  - - -The installation will proceed. - -> [!NOTE] -> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time. - -### Client configuration -1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac. - - The client machine is not associated with orgId. Note that the orgid is blank. - - ``` - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : - ``` -2. Install the configuration file on a client machine: - - ``` - mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py - Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) - ``` - -3. Verify that the machine is now associated with orgId: - - ``` - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8 - ``` -After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. - -  - -## Uninstallation -### Removing Microsoft Defender ATP from Mac devices -To remove Microsoft Defender ATP from your macOS devices: - -- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**. - -Or, from a command line: - -- ```sudo rm -rf '/Applications/Microsoft Defender ATP'``` - -## Known issues -- Microsoft Defender ATP is not yet optimized for performance or disk space. -- Centrally managed uninstall using Intune is still in development. To uninstall (as a workaround) a manual uninstall action has to be completed on each client device). -- Geo preference for telemetry traffic is not yet supported. Cloud traffic (definition updates) routed to US only. -- Full Windows Defender ATP integration is not yet available -- Not localized yet -- There might be accessibility issues - -## Collecting diagnostic information -If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. - -1) Increase logging level: -``` - mavel-mojave:~ testuser$ mdatp log-level --verbose - Creating connection to daemon - Connection established - Operation succeeded -``` - -2) Reproduce the problem - -3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. - - ``` - mavel-mojave:~ testuser$ mdatp --diagnostic - Creating connection to daemon - Connection established - "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" - ``` - -4) Restore logging level: -``` - mavel-mojave:~ testuser$ mdatp log-level --info - Creating connection to daemon - Connection established - Operation succeeded -``` - - -### Installation issues -If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. +For additional information about logging, uninstalling, or known issues, see our [Resources](microsoft-defender-atp-mac-resources.md) page. diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md new file mode 100644 index 0000000000..16fceaea85 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -0,0 +1,52 @@ +--- +title: Prevent security settings changes with Tamper Protection +description: Use tamper protection to prevent malicious apps from changing important security settings. +keywords: malware, defender, antivirus, tamper protection +search.product: eADQiWindows 10XVcnh +ms.pagetype: security +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: andreabichsel +ms.author: v-anbic +--- + +# Prevent security settings changes with tamper protection + +**Applies to:** + +- Windows 10 + +Tamper protection helps prevent malicious apps from changing important security settings. These settings include: + +- Real-time protection +- Cloud-delivered protection +- IOfficeAntivirus (IOAV) +- Behavior monitoring +- Removing security intelligence updates + +With tamper protection set to **On**, you can still change these settings in the Windows Security app. The following apps and methods can't change these settings: + +- Mobile device management (MDM) apps like Intune +- Enterprise configuration management apps like System Center Configuration Manager (SCCM) +- Command line instruction MpCmdRun.exe -removedefinitions -dynamicsignatures +- Windows System Image Manager (Windows SIM) settings DisableAntiSpyware and DisableAntiMalware (used in Windows unattended setup) +- Group Policy +- Other Windows Management Instrumentation (WMI) apps + +The tamper protection setting doesn't affect how third party antivirus apps register with the Windows Security app. + +On computers running Windows 10 Enterprise E5, users can't change the tamper protection setting. + +Tamper protection is On by default. If you set tamper protection to **Off**, you will see a yellow warning in the Windows Security app under **Virus & threat protection**. + +## Configure tamper protection + +1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. +2. Select **Virus & threat protection**, then select **Virus & threat protection settings**. +3. Set **Tamper Protection** to **On** or **Off**. + +>[!NOTE] +>If your computer is running Windows 10 Enterprise E5, you can't change the tamper protection settings from within Windows Security App. \ No newline at end of file |