From d7f6d7a4ea5a87d31f1815b441d9d796f6e17304 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 19 Sep 2020 22:03:15 +0500 Subject: [PATCH 01/21] Minor Changes As suggested by the user, I made a few changes to reflect the document more clear and easy to understand. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/7965 --- .../client-management/connect-to-remote-aadj-pc.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 9478b21555..c52da5bf32 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -22,13 +22,10 @@ ms.topic: article - Windows 10 -From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). +From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics) ![Remote Desktop Connection client](images/rdp.png) -> [!TIP] -> Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics) - ## Set up - Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported. @@ -42,7 +39,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu ![Allow remote connections to this computer](images/allow-rdp.png) - 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**. + 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Click **Select Users -> Add** and enter the name of the user or group. > [!NOTE] > You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet: @@ -55,12 +52,13 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu > Otherwise this command throws the below error. For example: > - for cloud only user: "There is no such global user or group : *name*" > - for synced user: "There is no such global user or group : *name*"
- > + + > [!NOTE] > In Windows 10, version 1709, the user does not have to sign in to the remote device first. > > In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices. - - 4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC. + + 4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC. > [!TIP] > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant. From cbda416a4b9ecbaea84e38c832775c9ad5529102 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 20 Sep 2020 14:06:02 +0500 Subject: [PATCH 02/21] Update windows/client-management/connect-to-remote-aadj-pc.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/connect-to-remote-aadj-pc.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index c52da5bf32..841c9b406a 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -22,7 +22,7 @@ ms.topic: article - Windows 10 -From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics) +From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics). ![Remote Desktop Connection client](images/rdp.png) @@ -97,4 +97,3 @@ In organizations using only Azure AD, you can connect from an Azure AD-joined PC ## Related topics [How to use Remote Desktop](https://support.microsoft.com/instantanswers/ff521c86-2803-4bc0-a5da-7df445788eb9/how-to-use-remote-desktop) - From 7da8a4741a778ed2f1379b15584e349929eb8366 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 21 Sep 2020 12:41:18 +0300 Subject: [PATCH 03/21] update description for 0xC000006E https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8219 --- windows/security/threat-protection/auditing/event-4625.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index 84cf52d450..db30fb97c9 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -166,7 +166,7 @@ This event generates on domain controllers, member servers, and workstations. | 0xC0000064 | User logon with misspelled or bad user account | | 0xC000006A | User logon with misspelled or bad password | | 0XC000006D | This is either due to a bad username or authentication information | - | 0XC000006E | Unknown user name or bad password. | + | 0XC000006E | Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions). | | 0xC000006F | User logon outside authorized hours | | 0xC0000070 | User logon from unauthorized workstation | | 0xC0000071 | User logon with expired password | From d8dc90cb6442a7a21576ff517a783900e9b0048c Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Fri, 25 Sep 2020 10:02:27 +0300 Subject: [PATCH 04/21] reduced whitespace at the end of the sentence as advised by illfated --- windows/security/threat-protection/auditing/event-4625.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index db30fb97c9..3135c231da 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -166,7 +166,7 @@ This event generates on domain controllers, member servers, and workstations. | 0xC0000064 | User logon with misspelled or bad user account | | 0xC000006A | User logon with misspelled or bad password | | 0XC000006D | This is either due to a bad username or authentication information | - | 0XC000006E | Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions). | + | 0XC000006E | Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions). | | 0xC000006F | User logon outside authorized hours | | 0xC0000070 | User logon from unauthorized workstation | | 0xC0000071 | User logon with expired password | From 0906102c42bac25ccf7b825e0c4d6fec55b37956 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Fri, 25 Sep 2020 10:27:27 +0300 Subject: [PATCH 05/21] update apps for 2004 https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8017 --- .../apps-in-windows-10.md | 90 +++++++++---------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 9d150d9583..4ccb193f06 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -39,53 +39,53 @@ You can list all provisioned Windows apps with this PowerShell command: Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName ``` -Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, and 1909. +Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909 and 2004. -| Package name | App name | 1803 | 1809 | 1903 | 1909 | Uninstall through UI? | +| Package name | App name | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? | |----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| -| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | Yes | -| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App | -| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.MicrosoftOfficeHub | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Office.OneNote | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.OneConnect | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | | -| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No | -| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.VP9VideoExtensions | | | x | x | x | No | -| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No | -| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Xbox.TCUI | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxApp | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxGameOverlay | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxGamingOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No | -| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | | Yes | +| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | x | Yes | +| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | x | Via Settings App | +| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.MicrosoftOfficeHub | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | x | Yes | +| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | x | Yes | +| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Office.OneNote | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | x | Yes | +| Microsoft.OneConnect | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | x | | +| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | x | No | +| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.VP9VideoExtensions | | | x | x | x | x | No | +| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | x | No | +| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Xbox.TCUI | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxApp | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxGameOverlay | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxGamingOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | x | No | +| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | x | No | >[!NOTE] >The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it. From 4b68c4b2823c88cf302c4afdf8a715f59e20c6e1 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 30 Sep 2020 10:11:13 +0300 Subject: [PATCH 06/21] Update windows/application-management/apps-in-windows-10.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/application-management/apps-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 4ccb193f06..6e4851acca 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -39,7 +39,7 @@ You can list all provisioned Windows apps with this PowerShell command: Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName ``` -Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909 and 2004. +Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909, and 2004. | Package name | App name | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? | |----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| From 49b181d3e058467b9abc8302cab991da4f3510e8 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 30 Sep 2020 12:39:36 -0700 Subject: [PATCH 07/21] add new example, add to table --- .../api-portal-mapping.md | 2 + .../pull-alerts-using-rest-api.md | 87 ++++++++++++------- 2 files changed, 56 insertions(+), 33 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md index 19a2f46e0c..b8454c4935 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md @@ -72,6 +72,8 @@ Field numbers match the numbers in the images below. > | | LogOnUsers | sourceUserId | contoso\liz-bean; contoso\jay-hardee | The domain and user of the interactive logon user/s at the time of the event. Note: For devices on Windows 10 version 1607, the domain information will not be available. | > | | InternalIPv4List | No mapping | 192.168.1.7, 10.1.14.1 | List of IPV4 internal IPs for active network interfaces. | > | | InternalIPv6List | No mapping | fd30:0000:0000:0001:ff4e:003e:0009:000e, FE80:CD00:0000:0CDE:1257:0000:211E:729C | List of IPV6 internal IPs for active network interfaces. | +| | LinkToMTP | flexString1 | `https://security.microsoft.com/alert/da637370718981685665_16349121` | Value available for every Detection. +| | IncidentLinkToMTP | flexString1 | `"https://security.microsoft.com/incidents/byalert?alertId=da637370718981685665_16349121&source=SIEM` | Value available for every Detection. > | Internal field | LastProcessedTimeUtc | No mapping | 2017-05-07T01:56:58.9936648Z | Time when event arrived at the backend. This field can be used when setting the request parameter for the range of time that detections are retrieved. | > | | Not part of the schema | deviceVendor | | Static value in the ArcSight mapping - 'Microsoft'. | > | | Not part of the schema | deviceProduct | | Static value in the ArcSight mapping - 'Microsoft Defender ATP'. | diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md index 38400901cd..0eedcf9bad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md @@ -142,39 +142,60 @@ The return value is an array of alert objects in JSON format. Here is an example return value: ```json -{"AlertTime":"2017-01-23T07:32:54.1861171Z", -"ComputerDnsName":"desktop-bvccckk", -"AlertTitle":"Suspicious PowerShell commandline", -"Category":"SuspiciousActivity", -"Severity":"Medium", -"AlertId":"636207535742330111_-1114309685", -"Actor":null, -"LinkToWDATP":"https://securitycenter.windows.com/alert/636207535742330111_-1114309685", -"IocName":null, -"IocValue":null, -"CreatorIocName":null, -"CreatorIocValue":null, -"Sha1":"69484ca722b4285a234896a2e31707cbedc59ef9", -"FileName":"powershell.exe", -"FilePath":"C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", -"IpAddress":null, -"Url":null, -"IoaDefinitiondId":"7f1c3609-a3ff-40e2-995b-c01770161d68", -"UserName":null, -"AlertPart":0, -"FullId":"636207535742330111_-1114309685:9DE735BA9FF87725E392C6DFBEB2AF279035CDE229FCC00D28C0F3242C5A50AF", -"LastProcessedTimeUtc":"2017-01-23T11:33:45.0760449Z", -"ThreatCategory":null, -"ThreatFamily":null, -"ThreatName":null, -"RemediationAction":null, -"RemediationIsSuccess":null, -"Source":"Microsoft Defender ATP", -"Md5":null, -"Sha256":null, -"WasExecutingWhileDetected":null, -"FileHash":"69484ca722b4285a234896a2e31707cbedc59ef9", -"IocUniqueId":"9DE735BA9FF87725E392C6DFBEB2AF279035CDE229FCC00D28C0F3242C5A50AF"} +[ +{ + "AlertTime": "2020-09-30T14:09:20.35743Z", + "ComputerDnsName": "mymachine1.domain.com", + "AlertTitle": "Suspicious File Activity", + "Category": "Malware", + "Severity": "High", + "AlertId": "da637370718981685665_16349121", + "Actor": "", + "LinkToWDATP": "https://securitycenter.windows.com/alert/da637370718981685665_16349121", + "IocName": "", + "IocValue": "", + "CreatorIocName": "", + "CreatorIocValue": "", + "Sha1": "aabbccddee1122334455aabbccddee1122334455", + "FileName": "cmdParent.exe", + "FilePath": "C:\\WINDOWS\\SysWOW64\\boo3\\qwerty", + "IpAddress": "", + "Url": "", + "IoaDefinitionId": "b20af1d2-5990-4672-87f1-acc2a8ff7725", + "UserName": "", + "AlertPart": 0, + "FullId": "da637370718981685665_16349121:R4xEdgAvDb2LQl3BgHoA3NYqKmRSiIAG7dpxAJCYZhY=", + "LastProcessedTimeUtc": "2020-09-30T14:11:44.0779765Z", + "ThreatCategory": "", + "ThreatFamily": "", + "ThreatName": "", + "RemediationAction": "", + "RemediationIsSuccess": null, + "Source": "EDR", + "Md5": "854b85cbff2752fcb88606bca76f83c6", + "Sha256": "", + "WasExecutingWhileDetected": null, + "UserDomain": "", + "LogOnUsers": "", + "MachineDomain": "domain.com", + "MachineName": "mymachine1", + "InternalIPv4List": "", + "InternalIPv6List": "", + "FileHash": "aabbccddee1122334455aabbccddee1122334455", + "DeviceID": "deadbeef000040830ee54503926f556dcaf82bb0", + "MachineGroup": "", + "Description": "Test Alert", + "DeviceCreatedMachineTags": "", + "CloudCreatedMachineTags": "", + "CommandLine": "", + "IncidentLinkToWDATP": "https://securitycenter.windows.com/incidents/byalert?alertId=da637370718981685665_16349121&source=SIEM", + "ReportID": 1053729833, + "LinkToMTP": "https://security.microsoft.com/alert/da637370718981685665_16349121", + "IncidentLinkToMTP": "https://security.microsoft.com/incidents/byalert?alertId=da637370718981685665_16349121&source=SIEM", + "ExternalId": "31DD0A845DDA4059FDEDE031014645350AECABD3", + "IocUniqueId": "R4xEdgAvDb2LQl3BgHoA3NYqKmRSiIAG7dpxAJCYZhY=" +} +] ``` ## Code examples From 7bdffd4aa7ad7b173f1d1054e3485a4edd5d6571 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 1 Oct 2020 10:25:43 +0300 Subject: [PATCH 08/21] Update windows/application-management/apps-in-windows-10.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/application-management/apps-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 6e4851acca..31da1afc51 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -42,7 +42,7 @@ Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909, and 2004. | Package name | App name | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? | -|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| +|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:----:|:---------------------:| | Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | | Yes | | Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | x | Yes | | Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | x | Via Settings App | From acf5a8c0f98dcc7b5547d3b828150aa918546a04 Mon Sep 17 00:00:00 2001 From: Jan Bakker <38911727+BakkerJan@users.noreply.github.com> Date: Sat, 3 Oct 2020 07:33:34 +0200 Subject: [PATCH 09/21] Obsolete info Curly braces are not needed when adding the template ID to the policy. --- .../create-wip-policy-using-intune-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index d27fae3822..ce622e48fd 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -593,7 +593,7 @@ After you've decided where your protected apps can access enterprise data on you **Use Azure RMS for WIP.** Determines whether WIP uses [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) to apply EFS encryption to files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. In other words, WIP uses Azure Rights Management "machinery" to apply EFS encryption to files when they are copied to removable drives. You must already have Azure Rights Management set up. The EFS file encryption key is protected by the RMS template’s license. Only users with permission to that template will be able to read it from the removable drive. WIP can also integrate with Azure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp). -- **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. Curly braces {} are required around the RMS Template ID, but they are removed after you save the policy. +- **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. If you don’t specify an [RMS template](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates), it’s a regular EFS file using a default RMS template that all users can access. From dc0aa7b9d167b84a02613643a9b5b249dd22cb29 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Tue, 6 Oct 2020 12:05:51 +0300 Subject: [PATCH 10/21] add info about Microsoft To Do https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6376 --- .../enlightened-microsoft-apps-and-wip.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index a099742145..ebe3c59220 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -73,6 +73,8 @@ Microsoft has made a concerted effort to enlighten several of our more popular a - Microsoft Remote Desktop +- Microsoft To Do + > [!NOTE] > Microsoft Visio, Microsoft Office Access, Microsoft Project, and Microsoft Publisher are not enlightened apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioning. @@ -113,6 +115,7 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li | Microsoft Paint | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mspaint.exe
**App Type:** Desktop app | | Microsoft Remote Desktop | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mstsc.exe
**App Type:** Desktop app | | Microsoft MAPI Repair Tool | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** fixmapi.exe
**App Type:** Desktop app | +| Microsoft To Do | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Todos
**App Type:** Store app | >[!NOTE] >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). From 204ce4bfbe2db976d945fb5fff86e4239bf5856e Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 6 Oct 2020 12:42:49 -0700 Subject: [PATCH 11/21] Added windows sandbox policies --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 26 + .../mdm/policy-csp-windowssandbox.md | 648 ++++++++++++++++++ 3 files changed, 675 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-windowssandbox.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index a7fbff363b..049ebf2e13 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -293,6 +293,7 @@ #### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md) #### [WindowsLogon](policy-csp-windowslogon.md) #### [WindowsPowerShell](policy-csp-windowspowershell.md) +#### [WindowsSandbox](policy-csp-windowssandbox.md) #### [WirelessDisplay](policy-csp-wirelessdisplay.md) ### [PolicyManager CSP](policymanager-csp.md) ### [Provisioning CSP](provisioning-csp.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 0349f6cde6..42563db492 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4872,6 +4872,32 @@ The following diagram shows the Policy configuration service provider in tree fo +### WindowsSandbox policies + +
+
+ WindowsSandbox/AllowAudioInput +
+
+ WindowsSandbox/AllowClipboardRedirection +
+
+ WindowsSandbox/AllowNetworking +
+
+ WindowsSandbox/AllowPrinterRedirection +
+
+ WindowsSandbox/AllowProtectedClient +
+
+ WindowsSandbox/AllowVGPU +
+
+ WindowsSandbox/AllowVideoInput +
+
+ ### WirelessDisplay policies
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md new file mode 100644 index 0000000000..9f7ce0bd59 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -0,0 +1,648 @@ +--- +title: Policy CSP - WindowsSandbox +description: Policy CSP - WindowsSandbox +ms.author: dansimp +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.localizationpriority: medium +ms.date: 10/06/2020 +--- + +# Policy CSP - WindowsSandbox + +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + + +
+ + +## WindowsSandbox policies + +
+
+ WindowsSandbox/AllowAudioInput +
+
+ WindowsSandbox/AllowClipboardRedirection +
+
+ WindowsSandbox/AllowNetworking +
+
+ WindowsSandbox/AllowPrinterRedirection +
+
+ WindowsSandbox/AllowProtectedClient +
+
+ WindowsSandbox/AllowVGPU +
+
+ WindowsSandbox/AllowVideoInput +
+
+ + +
+ + +**WindowsSandbox/AllowAudioInput** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark9
Businesscross mark
Enterprisecheck mark9
Educationcheck mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows the IT admin to enable or disable audio input to the Sandbox. + +> [!NOTE] +> There may be security implications of exposing host audio input to the container. + +If this policy is not configured, end-users get the default behavior (audio input enabled). + +If audio input is disabled, a user will not be able to enable audio input from their own configuration file. + +If audio input is enabled, a user will be able to disable audio input from their own configuration file to make the device more secure. + +> [!NOTE] +> You must restart Windows Sandbox for any changes to this policy setting to take effect. + + + +ADMX Info: + +- GP English Name: *Allow audio input in Windows Sandbox* +- GP name: *AllowAudioInput* +- GP path: *Windows Components/Windows Sandbox* +- GP ADMX file name: *WindowsSandbox.admx* + + + +The following are the supported values: + +- 0 - Disabled +- 1 (default) - Enabled + + + + + + + + + + +
+ + + +**WindowsSandbox/AllowClipboardRedirection** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark9
Businesscross mark
Enterprisecheck mark9
Educationcheck mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows the IT admin to enable or disable sharing of the host clipboard with the sandbox. + +If this policy is not configured, end-users get the default behavior (clipboard redirection enabled. + +If clipboard sharing is disabled, a user will not be able to enable clipboard sharing from their own configuration file. + +If clipboard sharing is enabled, a user will be able to disable clipboard sharing from their own configuration file to make the device more secure. + +> [!NOTE] +> You must restart Windows Sandbox for any changes to this policy setting to take effect. + + + +ADMX Info: + +- GP English Name: *Allow clipboard sharing with Windows Sandbox* +- GP name: *AllowClipboardRedirection* +- GP path: *Windows Components/Windows Sandbox* +- GP ADMX file name: *WindowsSandbox.admx* + + + +The following are the supported values: + +- 0 - Disabled +- 1 (default) - Enabled + + + + + + + + + + + +
+ + +**WindowsSandbox/AllowNetworking** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark9
Businesscross mark
Enterprisecheck mark9
Educationcheck mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows the IT admin to enable or disable networking in Windows Sandbox. Disabling network access can decrease the attack surface exposed by the Sandbox. Enabling networking can expose untrusted applications to the internal network. + +If this policy is not configured, end-users get the default behavior (networking enabled). + +If networking is disabled, a user will not be able to enable networking from their own configuration file. + +If networking is enabled, a user will be able to disable networking from their own configuration file to make the device more secure. + +> [!NOTE] +> You must restart Windows Sandbox for any changes to this policy setting to take effect. + + + +ADMX Info: + +- GP English Name: *Allow networking in Windows Sandbox* +- GP name: *AllowNetworking* +- GP path: *Windows Components/Windows Sandbox* +- GP ADMX file name: *WindowsSandbox.admx* + + + +The following are the supported values: +- 0 - Disabled +- 1 (default) - Enabled + + + + + + + + + + +
+ + +**WindowsSandbox/AllowPrinterRedirection** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark9
Businesscross mark
Enterprisecheck mark9
Educationcheck mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox. + +If this policy is not configured, end-users get the default behavior (printer sharing disabled). + +If printer sharing is disabled, a user will not be able to enable printer sharing from their own configuration file. + +If printer sharing is enabled, a user will be able to disable printer sharing from their own configuration file to make the device more secure. + +> [!NOTE] +> You must restart Windows Sandbox for any changes to this policy setting to take effect. + + + +ADMX Info: + +- GP English Name: *Allow printer sharing with Windows Sandbox* +- GP name: *AllowPrinterRedirection* +- GP path: *Windows Components/Windows Sandbox* +- GP ADMX file name: *WindowsSandbox.admx* + + + +The following are the supported values: + +- 0 - Disabled +- 1 (default) - Enabled + + + + + + + + + + +
+ + +**WindowsSandbox/AllowProtectedClient** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark9
Businesscross mark
Enterprisecheck mark9
Educationcheck mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows the IT admin to enabled increased-security settings on the Sandbox RDP session. These settings decrease the attack surface of the sandbox. + +> [!NOTE] +> Enabling this setting may restrict user's ability to copy and paste files in and out of Windows Sandbox. + +If this policy is not configured, end-users get the default behavior (Sandbox does not run in protected client mode). + +If protected client mode is enabled, a user will not be able to disable protected client mode from their own configuration file. + +If protected client mode is disabled, a user will be able to enable protected client mode from their own configuration file to make the device more secure. + +> [!NOTE] +> You must restart Windows Sandbox for any changes to this policy setting to take effect. + + + +ADMX Info: +- GP English Name: *Run Windows Sandbox in Protected Client Mode* +- GP name: *AllowProtectedClient* +- GP path: *Windows Components/Windows Sandbox* +- GP ADMX file name: *WindowsSandbox.admx* + + + +The following are the supported values: + +- 0 (default) - Disabled +- 1 - Enabled + + + + + + + + + + +
+ + +**WindowsSandbox/AllowVGPU** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark9
Businesscross mark
Enterprisecheck mark9
Educationcheck mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows the IT admin to enable or disable virtualized GPU for Windows Sandbox. + +> [!NOTE] +> Enabling virtualized GPU can potentially increase the attack surface of Windows Sandbox. + +If this policy is not configured, end-users get the default behavior (vGPU is disabled). + +If vGPU is disabled, a user will not be able to enable vGPU support from their own configuration file. + +If vGPU is enabled, a user will be able to disable vGPU support from their own configuration file to make the device more secure. + +> [!NOTE] +> You must restart Windows Sandbox for any changes to this policy setting to take effect. + + + +ADMX Info: + +- GP English Name: *Allow vGPU sharing for Windows Sandbox* +- GP name: *AllowVGPU* +- GP path: *Windows Components/Windows Sandbox* +- GP ADMX file name: *WindowsSandbox.admx* + + + +The following are the supported values: + +- 0 (default) - Disabled +- 1 - Enabled + + + + + + + + + + +
+ + +**WindowsSandbox/AllowVideoInput** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procheck mark9
Businesscross mark
Enterprisecheck mark9
Educationcheck mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows the IT admin to enable or disable video input to the Sandbox. + +> [!NOTE] +> There may be security implications of exposing host video input to the container. + +If this policy is not configured, users get the default behavior (video input disabled). + +If video input is disabled, users will not be able to enable video input from their own configuration file. + +If video input is enabled, users will be able to disable video input from their own configuration file to make the device more secure. + +> [!NOTE] +> You must restart Windows Sandbox for any changes to this policy setting to take effect. + + + +ADMX Info: +- GP English Name: *Allow video input in Windows Sandbox* +- GP name: *AllowVideoInput* +- GP path: *Windows Components/Windows Sandbox* +- GP ADMX file name: *WindowsSandbox.admx* + + + +The following are the supported values: + +- 0 (default) - Disabled +- 1 - Enabled + + + + + + + + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. +- 9 - Available in Windows 10, version 2010. + + \ No newline at end of file From 47105415335759d6733c35c5fb7ccf59d02adf72 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 12 Oct 2020 17:24:35 +0500 Subject: [PATCH 12/21] Update advanced-security-audit-policy-settings.md --- .../auditing/advanced-security-audit-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index 1ce7884399..e98cdad388 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -42,7 +42,7 @@ Configuring policy settings in this category can help you document attempts to a - [Audit Credential Validation](audit-credential-validation.md) - [Audit Kerberos Authentication Service](audit-kerberos-authentication-service.md) - [Audit Kerberos Service Ticket Operations](audit-kerberos-service-ticket-operations.md) -- [Audit Other Logon/Logoff Events](audit-other-logonlogoff-events.md) +- [Audit Other Account Logon Events](audit-other-account-logon-events.md) ## Account Management From 23a6f2c5552bc9d2b2cbd2a28de939fec39ea67e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 14 Oct 2020 08:52:09 -0700 Subject: [PATCH 13/21] fix chars --- .../threat-protection/microsoft-defender-atp/ios-privacy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md index 4a18d89818..1bef25da5f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md @@ -52,7 +52,7 @@ Required data consists of data that is necessary to make Microsoft Defender ATP - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory. - Azure tenant ID - GUID that identifies your organization within Azure Active Directory - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted - - User Principal Name Email ID of the user + - User Principal Name - Email ID of the user ### Product and service usage data @@ -72,7 +72,7 @@ Optional diagnostic data includes: **Feedback Data** is collected through in-app feedback provided by the user. -- The users email address, if they choose to provide it +- The user's email address, if they choose to provide it - Feedback type (smile, frown, idea) and any feedback comments submitted by the user [More on Privacy](https://aka.ms/mdatpiosprivacystatement) \ No newline at end of file From 31c5cb638c9845ff6509953719ad0b7e7450dcdc Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 14 Oct 2020 10:35:49 -0700 Subject: [PATCH 14/21] delete old file --- .../ios-privacy-statement.md | 60 ------------------- 1 file changed, 60 deletions(-) delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md deleted file mode 100644 index 04c810e52c..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Microsoft Defender ATP for iOS note on Privacy -ms.reviewer: -description: Describes the Microsoft Defender ATP for iOS Privacy -keywords: microsoft, defender, atp, iOS, license, terms, application, use, installation, service, feedback, scope, -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: sunasing -author: sunasing -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: -- m365-security-compliance -- m365initiative-defender-endpoint -ms.topic: conceptual -hideEdit: true ---- - -# Microsoft Defender ATP for iOS note on Privacy - -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - -## What information can my organization see when I use Microsoft Defender ATP on iOS - -Your organization cannot see your personal information when you use Microsoft Defender ATP. Microsoft Defender ATP sends certain pieces of information from your device to the ATP portal, such as device threat level, device model, and serial number. Your organization uses this information to help protect you from web-based attacks. - -**What your organization can never see:** - -- Calling and web browsing history -- Email and text messages -- Contacts -- Calendar -- Passwords -- Pictures, including what's in the photos app or camera roll -- Files - -**What your organization can see:** - -- Malicious Connections that were blocked by Microsoft Defender ATP -- Device model, like iPhone 11 -- Operating system and version, like iOS 12.0.1 -- Device name -- Device serial number - -## VPN Usage - -Microsoft Defender ATP for iOS uses VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. - -## More on Privacy - -[More information about Privacy](https://aka.ms/mdatpiosmainprivacystatement) - - - From e3a4b714075c5dad5f8f20e24180788aedbc15ac Mon Sep 17 00:00:00 2001 From: Brandon Smith Date: Wed, 14 Oct 2020 12:47:15 -0700 Subject: [PATCH 15/21] Update policy-csp-windowssandbox.md AllowProtectedClient will not be supported any time in the near future, and is not supported anywhere at the moment. This is residual from one of our interns adding it here in the doc, so it needs to be removed. --- .../mdm/policy-csp-windowssandbox.md | 89 +------------------ 1 file changed, 1 insertion(+), 88 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index 9f7ce0bd59..addc71db3c 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -34,9 +34,6 @@ ms.date: 10/06/2020
WindowsSandbox/AllowPrinterRedirection
-
- WindowsSandbox/AllowProtectedClient -
WindowsSandbox/AllowVGPU
@@ -380,90 +377,6 @@ The following are the supported values:
- -**WindowsSandbox/AllowProtectedClient** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark9
Businesscross mark
Enterprisecheck mark9
Educationcheck mark9
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -This policy setting allows the IT admin to enabled increased-security settings on the Sandbox RDP session. These settings decrease the attack surface of the sandbox. - -> [!NOTE] -> Enabling this setting may restrict user's ability to copy and paste files in and out of Windows Sandbox. - -If this policy is not configured, end-users get the default behavior (Sandbox does not run in protected client mode). - -If protected client mode is enabled, a user will not be able to disable protected client mode from their own configuration file. - -If protected client mode is disabled, a user will be able to enable protected client mode from their own configuration file to make the device more secure. - -> [!NOTE] -> You must restart Windows Sandbox for any changes to this policy setting to take effect. - - - -ADMX Info: -- GP English Name: *Run Windows Sandbox in Protected Client Mode* -- GP name: *AllowProtectedClient* -- GP path: *Windows Components/Windows Sandbox* -- GP ADMX file name: *WindowsSandbox.admx* - - - -The following are the supported values: - -- 0 (default) - Disabled -- 1 - Enabled - - - - - - - - - - -
- **WindowsSandbox/AllowVGPU** @@ -645,4 +558,4 @@ Footnotes: - 8 - Available in Windows 10, version 2004. - 9 - Available in Windows 10, version 2010. - \ No newline at end of file + From d2b286b588c823552b07a72e0badcc59c6a7068c Mon Sep 17 00:00:00 2001 From: Brandon Smith Date: Wed, 14 Oct 2020 12:57:10 -0700 Subject: [PATCH 16/21] Update policy-configuration-service-provider.md #4005 - Removed bookmark referring to invalid Sandbox policy --- .../mdm/policy-configuration-service-provider.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 42563db492..71c53fe75d 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4887,9 +4887,6 @@ The following diagram shows the Policy configuration service provider in tree fo
WindowsSandbox/AllowPrinterRedirection
-
- WindowsSandbox/AllowProtectedClient -
WindowsSandbox/AllowVGPU
From 7aec224cf8cec960283c1f4d7b0a998a6dc6c243 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 14 Oct 2020 14:12:03 -0700 Subject: [PATCH 17/21] minor update to trigger build --- windows/client-management/mdm/policy-csp-windowssandbox.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index addc71db3c..a00be7e6d7 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 10/06/2020 +ms.date: 10/14/2020 --- # Policy CSP - WindowsSandbox From 588c91b6f130cd8b03529a487bda21ff8ba17f6f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 14 Oct 2020 14:29:28 -0700 Subject: [PATCH 18/21] Applied `> [!NOTE]` style --- .../auditing/advanced-security-audit-policy-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index e98cdad388..2893cf7ece 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -150,8 +150,8 @@ Auditors will be able to prove that every resource in the system is protected by Resource SACLs are also useful for diagnostic scenarios. For example, setting the Global Object Access Auditing policy to log all the activity for a specific user and enabling the policy to track "Access denied" events for the file system or registry can help administrators quickly identify which object in a system is denying a user access. -> **Note:**  If a file or folder SACL and a Global Object Access Auditing policy setting (or a single registry setting SACL and a Global Object Access Auditing policy setting) are configured on a computer, the effective SACL is derived from combining the file or folder SACL and the Global Object -Access Auditing policy. This means that an audit event is generated if an activity matches the file or folder SACL or the Global Object Access Auditing policy. +> [!NOTE] +> If a file or folder SACL and a Global Object Access Auditing policy setting (or a single registry setting SACL and a Global Object Access Auditing policy setting) are configured on a computer, the effective SACL is derived from combining the file or folder SACL and the Global Object Access Auditing policy. This means that an audit event is generated if an activity matches the file or folder SACL or the Global Object Access Auditing policy. This category includes the following subcategories: - [File System (Global Object Access Auditing)](file-system-global-object-access-auditing.md) From 4e01073df96705926830e446a7d3396094aa1dd2 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 14 Oct 2020 14:36:06 -0700 Subject: [PATCH 19/21] Corrected indentation --- .../connect-to-remote-aadj-pc.md | 42 ++++++++++--------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 57910e9730..f25c37dce5 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -34,37 +34,39 @@ From its release, Windows 10 has supported remote connections to PCs joined to A Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you are using to connect to the remote PC. - On the PC you want to connect to: + 1. Open system properties for the remote PC. + 2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**. - ![Allow remote connections to this computer](images/allow-rdp.png) + ![Allow remote connections to this computer](images/allow-rdp.png) 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Click **Select Users -> Add** and enter the name of the user or group. - > [!NOTE] - > You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet: - > ```PowerShell - > net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user" - > ``` - > where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD. - > - > This command only works for AADJ device users already added to any of the local groups (administrators). - > Otherwise this command throws the below error. For example: - > - for cloud only user: "There is no such global user or group : *name*" - > - for synced user: "There is no such global user or group : *name*"
+ > [!NOTE] + > You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet: + > ```powershell + > net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user" + > ``` + > where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD. + > + > This command only works for AADJ device users already added to any of the local groups (administrators). + > Otherwise this command throws the below error. For example: + > - for cloud only user: "There is no such global user or group : *name*" + > - for synced user: "There is no such global user or group : *name*"
- > [!NOTE] - > In Windows 10, version 1709, the user does not have to sign in to the remote device first. - > - > In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices. + > [!NOTE] + > In Windows 10, version 1709, the user does not have to sign in to the remote device first. + > + > In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices. 4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC. - > [!TIP] - > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant. + > [!TIP] + > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant. -> [!Note] -> If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e). + > [!Note] + > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e). ## Supported configurations From 2fda913e66fc8e68a0b76fa7694f35f0bc847c6e Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 14 Oct 2020 14:39:48 -0700 Subject: [PATCH 20/21] Removed unnecessary bold Table headings are bold by default. Adding bold ( or **) results in fonts with non-standard weights. --- windows/security/threat-protection/auditing/event-4625.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index 3135c231da..220876b84a 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -284,7 +284,7 @@ For 4625(F): An account failed to log on. - Monitor for all events with the fields and values in the following table: - | **Field** | Value to monitor for | + | Field | Value to monitor for | |----------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0XC000005E – “There are currently no logon servers available to service the logon request.”
This is typically not a security issue but it can be an infrastructure or availability issue. | | **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC0000064 – “User logon with misspelled or bad user account”.
Especially if you get a number of these in a row, it can be a sign of user enumeration attack. | From 5a1b98311cf63c8fa031ab08b8356b2565db3a7c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 14 Oct 2020 16:30:58 -0700 Subject: [PATCH 21/21] Applied valid types to code blocks Valid content types are listed here: https://docsmetadatatool.azurewebsites.net/allowlists/devlang# --- .../microsoft-defender-atp/pull-alerts-using-rest-api.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md index 0eedcf9bad..078b9f44ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md @@ -71,7 +71,7 @@ You'll use the access token to access the protected resource, which are detectio To get an access token, you'll need to do a POST request to the token issuing endpoint. Here is a sample request: -```syntax +```http POST /72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/token HTTP/1.1 Host: login.microsoftonline.com @@ -124,14 +124,14 @@ CloudCreatedMachineTags | string | Device tags that were created in Microsoft De ### Request example The following example demonstrates how to retrieve all the detections in your organization. -```syntax +```http GET https://wdatp-alertexporter-eu.windows.com/api/alerts Authorization: Bearer ``` The following example demonstrates a request to get the last 20 detections since 2016-09-12 00:00:00. -```syntax +```http GET https://wdatp-alertexporter-eu.windows.com/api/alerts?limit=20&sinceTimeUtc=2016-09-12T00:00:00.000 Authorization: Bearer ```