From f7333dd3316bc52e6e33d7601a0583d6a6b16963 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Thu, 7 Jun 2018 17:36:37 +0000 Subject: [PATCH 1/3] Merged PR 8879: Fixed footnote in two policies --- .../policy-configuration-service-provider.md | 10 +- .../mdm/policy-csp-system.md | 142 +++++++++++++++++- 2 files changed, 150 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 4b7797c7be..3f01008ea8 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 05/14/2018 +ms.date: 06/05/2018 --- # Policy CSP @@ -2974,6 +2974,12 @@ The following diagram shows the Policy configuration service provider in tree fo
System/BootStartDriverInitialization
+
+ System/ConfigureTelemetryOptInChangeNotification +
+
+ System/ConfigureTelemetryOptInSettingsUx +
System/DisableEnterpriseAuthProxy
@@ -4587,6 +4593,8 @@ The following diagram shows the Policy configuration service provider in tree fo - [System/AllowLocation](./policy-csp-system.md#system-allowlocation) - [System/AllowTelemetry](./policy-csp-system.md#system-allowtelemetry) - [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization) +- [System/ConfigureTelemetryOptInChangeNotification](./policy-csp-system.md#system-configuretelemetryoptinchangenotification) +- [System/ConfigureTelemetryOptInSettingsUx](./policy-csp-system.md#system-configuretelemetryoptinsettingsux) - [System/DisableEnterpriseAuthProxy](./policy-csp-system.md#system-disableenterpriseauthproxy) - [System/DisableOneDriveFileSync](./policy-csp-system.md#system-disableonedrivefilesync) - [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 343d589daa..8f4da31f35 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -6,11 +6,13 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 05/14/2018 +ms.date: 06/05/2018 --- # Policy CSP - System +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@@ -46,6 +48,12 @@ ms.date: 05/14/2018
System/BootStartDriverInitialization
+
+ System/ConfigureTelemetryOptInChangeNotification +
+
+ System/ConfigureTelemetryOptInSettingsUx +
System/DisableEnterpriseAuthProxy
@@ -683,6 +691,137 @@ ADMX Info:
+ +**System/ConfigureTelemetryOptInChangeNotification** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark4check mark4check mark4check mark4
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting determines whether a device shows notifications about telemetry levels to people on first logon or when changes occur in Settings.  +If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing. +If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first logon and when changes occur in Settings. + + + +ADMX Info: +- GP English name: *Configure telemetry opt-in change notifications.* +- GP name: *ConfigureTelemetryOptInChangeNotification* +- GP element: *ConfigureTelemetryOptInChangeNotification* +- GP path: *Data Collection and Preview Builds* +- GP ADMX file name: *DataCollection.admx* + + + + + + + + + + + + + +
+ + +**System/ConfigureTelemetryOptInSettingsUx** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark4check mark4check mark4check mark4
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting determines whether people can change their own telemetry levels in Settings. This setting should be used in conjunction with the Allow Telemetry settings. + +If you set this policy setting to "Disable Telemetry opt-in Settings", telemetry levels are disabled in Settings, preventing people from changing them. + +If you set this policy setting to "Enable Telemetry opt-in Setings" or don't configure this policy setting, people can change their own telemetry levels in Settings. + +Note: +Set the Allow Telemetry policy setting to prevent people from sending diagnostic data to Microsoft beyond your organization's limit. + + + +ADMX Info: +- GP English name: *Configure telemetry opt-in setting user interface.* +- GP name: *ConfigureTelemetryOptInSettingsUx* +- GP element: *ConfigureTelemetryOptInSettingsUx* +- GP path: *Data Collection and Preview Builds* +- GP ADMX file name: *DataCollection.admx* + + + + + + + + + + + + + +
+ **System/DisableEnterpriseAuthProxy** @@ -1051,6 +1190,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. +- 5 - Added in the next major release of Windows 10. From 3e1db15848ecb5c982d671b32303027822fbb41a Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 7 Jun 2018 18:17:31 +0000 Subject: [PATCH 2/3] Merged PR 8883: Clarification The itsy bitsy spider went up the water spout --- .../upgrade/windows-10-downgrade-paths.md | 30 ++++--------------- 1 file changed, 5 insertions(+), 25 deletions(-) diff --git a/windows/deployment/upgrade/windows-10-downgrade-paths.md b/windows/deployment/upgrade/windows-10-downgrade-paths.md index d095a3d449..4422179d21 100644 --- a/windows/deployment/upgrade/windows-10-downgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-downgrade-paths.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.localizationpriority: high ms.pagetype: mobile author: greg-lindsay -ms.date: 02/15/2018 +ms.date: 06/07/2018 --- # Windows 10 downgrade paths @@ -17,13 +17,11 @@ ms.date: 02/15/2018 ## Downgrading Windows 10 -This topic provides a summary of supported Windows 10 downgrade paths. You might need to downgrade the edition of Windows 10, for example, if an Enterprise license is expired. +This topic provides a summary of supported Windows 10 downgrade paths. You might need to downgrade the edition of Windows 10, for example, if an Enterprise license is expired. To perform a downgrade, you can use the same methods as when performing an [edition upgrade](windows-10-edition-upgrades.md). For example, you might downgrade an Enterprise edition by manually entering a valid Pro license key. If a downgrade is supported, then your apps and settings can be migrated from the current edition to the downgraded edition. If a path is not supported, then a clean install is required. -To perform a downgrade, you can use the same methods as when performing an [edition upgrade](windows-10-edition-upgrades.md). - -Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not supported, unless you are performing a rollback of a previous upgrade. You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. +Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key is not supported. The only downgrade method available for this the rollback of a previous upgrade. You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. >**Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions. @@ -32,7 +30,8 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor ### Supported Windows 10 downgrade paths >[!NOTE] ->Edition changes that are considered upgrades (Ex: Pro to Enterprise) are not shown here. Switching between different editions of Pro is supported. This is not strictly considered an edition downgrade, but is included here for clarity. +>Edition changes that are considered upgrades (Ex: Pro to Enterprise) are not shown here.
+>Switching between different editions of Pro is also not strictly considered an edition downgrade, but is included here for clarity. ✔ = Supported downgrade path
@@ -48,7 +47,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor Pro Pro for Workstations Pro Education - S Education Enterprise LTSC Enterprise @@ -65,7 +63,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor - Pro @@ -73,7 +70,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor ✔ ✔ - ✔ @@ -84,7 +80,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor ✔ ✔ - ✔ @@ -95,18 +90,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor ✔ ✔ - ✔ - - - - - - S - - ✔ - ✔ - ✔ - @@ -117,7 +100,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor ✔ ✔ ✔ - ✔ @@ -129,7 +111,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor - @@ -140,7 +121,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor ✔ ✔ ✔ - ✔ From d18ea151813980dd69ca192a03a83b0e97ad076f Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Thu, 7 Jun 2018 18:28:13 +0000 Subject: [PATCH 3/3] Merged PR 8881: Updated Updated advanced-hunting-reference-windows-defender-advanced-threat-protection.md --- ...ce-windows-defender-advanced-threat-protection.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md index 5919dad684..50820acbc3 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md @@ -28,10 +28,8 @@ ms.date: 06/01/2018 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -## Advanced hunting table reference -When you run a query using Advanced hunting, a table with columns is returned as a result. - -Use the following table to understand what the columns represent, its data type, and their description. +## Advanced hunting column reference +To effectively build queries that span multiple tables, you need to understand the columns in the Advanced hunting schema. The following table lists all the available columns, along with their data types and descriptions. This information is also available in the schema representation in the Advanced hunting screen. | Column name | Data type | Description :---|:--- |:--- @@ -70,7 +68,7 @@ Use the following table to understand what the columns represent, its data type, | LocalIP | string | IP address assigned to the local machine used during communication | | LocalPort | int | TCP port on the local machine used during communication | | LoggedOnUsers | string | List of all users that are logged on the machine at the time of the event in JSON array format | -| LogonType | string | Type of logon session, specifically:

- **Interactive** - User physically interacts with the machine using the local keyboard and screen.

- **Remote interactive (RDP) logons** - User interacts with the machine remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients.

- **Network** - Session initiated when the machine is accessed using PsExec or when shared resources on the machine, such as printers and shared folders, are accessed.

- **Batch** - Session initiated by scheduled tasks.

- **Service** - Session initiated by services as they start.
+| LogonType | string | Type of logon session, specifically:

- **Interactive** - User physically interacts with the machine using the local keyboard and screen

- **Remote interactive (RDP) logons** - User interacts with the machine remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients

- **Network** - Session initiated when the machine is accessed using PsExec or when shared resources on the machine, such as printers and shared folders, are accessed

- **Batch** - Session initiated by scheduled tasks

- **Service** - Session initiated by services as they start
| MachineGroup | string | Machine group of the machine. This group is used by role-based access control to determine access to the machine. | | MachineId | string | Unique identifier for the machine in the service | | MD5 | string | MD5 hash of the file that the recorded action was applied to | @@ -88,16 +86,16 @@ Use the following table to understand what the columns represent, its data type, | ProcessIntegrityLevel | string | Integrity level of the newly created process. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet downloaded. These integrity levels influence permissions to resources. | | ProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the newly created process | | ProviderId | string | Unique identifier for the Event Tracing for Windows (ETW) provider that collected the event log | -| RemoteComputerName | string | Name of the machine that performed a remote operation on the affected machine. Depending on the event being reported, this name could be a fully-qualified domain name (FQDN), a NetBIOS name, or a host name without domain information. | | | RegistryKey | string | Registry key that the recorded action was applied to | | RegistryValueData | string | Data of the registry value that the recorded action was applied to | | RegistryValueName | string | Name of the registry value that the recorded action was applied to | | RegistryValueType | string | Data type, such as binary or string, of the registry value that the recorded action was applied to | +| RemoteComputerName | string | Name of the machine that performed a remote operation on the affected machine. Depending on the event being reported, this name could be a fully-qualified domain name (FQDN), a NetBIOS name, or a host name without domain information. | | RemoteIP | string | IP address that was being connected to | | RemotePort | int | TCP port on the remote device that was being connected to | | RemoteUrl | string | URL or fully qualified domain name (FQDN) that was being connected to | -| SHA1 | string | SHA-1 of the file that the recorded action was applied to | | ReportId | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the ComputerName and EventTime columns. | +| SHA1 | string | SHA-1 of the file that the recorded action was applied to | | SHA256 | string | SHA-256 of the file that the recorded action was applied to. This field is usually not populated—use the SHA1 column when available. | >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink)