deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'v-gmoor-restore-ios-configure-features' of https://github.com/MicrosoftDocs/windows-docs-pr into v-gmoor-restore-ios-configure-features

Browse Source
This commit is contained in:
Gary Moore 2021-03-10 17:20:41 -08:00
commit 59ad8b39ca
21 changed files with 170 additions and 230 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.openpublishing.redirection.json
View File

@ -13992,12 +13992,12 @@
},
{
"source_path": "windows/manage/sign-up-windows-store-for-business.md",
"redirect_url": "https://docs.microsoft.com/microsoft-store/sign-up-windows-store-for-business",
"redirect_url": "https://docs.microsoft.com/microsoft-store/index.md",
"redirect_document_id": true
},
{
"source_path": "store-for-business/sign-up-windows-store-for-business.md",
"redirect_url": "https://docs.microsoft.com/microsoft-store/sign-up-microsoft-store-for-business",
"redirect_url": "https://docs.microsoft.com/microsoft-store/index.md",
"redirect_document_id": false
},
{

1
store-for-business/TOC.md
View File

@ -3,7 +3,6 @@
## [Sign up and get started](sign-up-microsoft-store-for-business-overview.md)
### [Microsoft Store for Business and Microsoft Store for Education overview](microsoft-store-for-business-overview.md)
### [Prerequisites for Microsoft Store for Business and Education](prerequisites-microsoft-store-for-business.md)
### [Sign up for Microsoft Store for Business or Microsoft Store for Education](sign-up-microsoft-store-for-business.md)
### [Roles and permissions in the Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md)
### [Settings reference: Microsoft Store for Business and Education](settings-reference-microsoft-store-for-business.md)
## [Find and acquire apps](find-and-acquire-apps-overview.md)

12
store-for-business/acquire-apps-microsoft-store-for-business.md
View File

@ -5,16 +5,20 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.date: 10/23/2018
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.reviewer:
manager: dansimp
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 03/10/2021
---
# Acquire apps in Microsoft Store for Business and Education
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
As an admin, you can acquire apps from the Microsoft Store for Business and Education for your employees. Some apps are free, and some have a price. For info on app types that are supported, see [Apps in the Microsoft Store for Business](apps-in-microsoft-store-for-business.md). The following sections explain some of the settings for shopping.
## App licensing model

10
store-for-business/add-unsigned-app-to-code-integrity-policy.md
View File

@ -3,16 +3,16 @@ title: Add unsigned app to code integrity policy (Windows 10)
description: When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device.
ms.assetid: 580E18B1-2FFD-4EE4-8CC5-6F375BE224EA
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store, security
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 10/17/2017
ms.date: 03/10/2021
---
# Add unsigned app to code integrity policy
@ -99,7 +99,7 @@ After you're done, the files are saved to your desktop. You still need to sign t
## <a href="" id="catalog-signing-device-guard-portal"></a>Catalog signing with Device Guard signing portal
To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business. For more information, see [Sign up for the Microsoft Store for Business](sign-up-microsoft-store-for-business.md).
To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business.
Catalog signing is a vital step to adding your unsigned apps to your code integrity policy.

14
store-for-business/index.md
View File

@ -2,21 +2,20 @@
title: Microsoft Store for Business and Education (Windows 10)
description: Welcome to the Microsoft Store for Business and Education. You can use Microsoft Store, to find, acquire, distribute, and manage apps for your organization or school.
ms.assetid: 527E611E-4D47-44F0-9422-DCC2D1ACBAB8
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: high
ms.date: 05/14/2020
ms.date: 03/10/2021
---
# Microsoft Store for Business and Education
**Applies to**
- Windows 10
@ -24,6 +23,11 @@ ms.date: 05/14/2020
Welcome to the Microsoft Store for Business and Education! You can use Microsoft Store to find, acquire, distribute, and manage apps for your organization or school.
> [!IMPORTANT]
> Starting April 14, 2021, all apps that charge a base price above free will no longer be available to buy in the Microsoft Store for Business and Education. If youve already bought a paid app, you can still use it, but no new purchases will be possible from businessstore.microsoft.com or educationstore.microsoft.com. Also, you wont be able to buy additional licenses for apps you already bought. You can still assign and reassign licenses for apps that you already own and use the private store. Apps with a base price of “free” will still be available. This change doesnt impact apps in the Microsoft Store on Windows 10.
>
> Also starting April 14, 2021, you must sign in with your Azure Active Directory (Azure AD) account before you browse Microsoft Store for Business and Education.
## In this section
| Topic | Description |

13
store-for-business/microsoft-store-for-business-overview.md
View File

@ -3,16 +3,16 @@ title: Microsoft Store for Business and Microsoft Store for Education overview (
description: With Microsoft Store for Business and Microsoft Store for Education, organizations and schools can make volume purchases of Windows apps.
ms.assetid: 9DA71F6B-654D-4121-9A40-D473CC654A1C
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.pagetype: store, mobile
ms.mktglfcycl: manage
ms.sitesec: library
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date:
ms.date: 03/10/2021
---
# Microsoft Store for Business and Microsoft Store for Education overview
@ -22,6 +22,9 @@ ms.date:
- Windows 10
- Windows 10 Mobile
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
Designed for organizations, Microsoft Store for Business and Microsoft Store for Education give IT decision makers and administrators in businesses or schools a flexible way to find, acquire, manage, and distribute free and paid apps in select markets to Windows 10 devices in volume. IT administrators can manage Microsoft Store apps and private line-of-business apps in one inventory, plus assign and re-use licenses as needed. You can choose the best distribution method for your organization: directly assign apps to individuals and teams, publish apps to private pages in Microsoft Store, or connect with management solutions for more options.
> [!IMPORTANT]
@ -80,8 +83,6 @@ While not required, you can use a management tool to distribute and manage apps.
The first step for getting your organization started with Store for Business and Education is signing up. Sign up using an existing account (the same one you use for Office 365, Dynamics 365, Intune, Azure, etc.) or well quickly create an account for you. You must be a Global Administrator for your organization.
For more information, see [Sign up for Store for Business and Education](sign-up-microsoft-store-for-business.md).
## Set up
After your admin signs up for the Store for Business and Education, they can assign roles to other employees in your company or school. The admin needs Azure AD User Admin permissions to assign Microsoft Store for Business and Education roles. These are the roles and their permissions.

11
store-for-business/prerequisites-microsoft-store-for-business.md
View File

@ -3,16 +3,16 @@ title: Prerequisites for Microsoft Store for Business and Education (Windows 10)
description: There are a few prerequisites for using Microsoft Store for Business or Microsoft Store for Education.
ms.assetid: CEBC6870-FFDD-48AD-8650-8B0DC6B2651D
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date:
ms.date: 03/10/2021
---
# Prerequisites for Microsoft Store for Business and Education
@ -22,6 +22,9 @@ ms.date:
- Windows 10
- Windows 10 Mobile
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
> [!IMPORTANT]
> Customers who are in the Office 365 GCC environment or are eligible to buy with government pricing cannot use Microsoft Store for Business.

12
store-for-business/roles-and-permissions-microsoft-store-for-business.md
View File

@ -4,19 +4,23 @@ description: The first person to sign in to Microsoft Store for Business or Micr
keywords: roles, permissions
ms.assetid: CB6281E1-37B1-4B8B-991D-BC5ED361F1EE
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 03/01/2019
ms.date: 03/10/2021
---
# Roles and permissions in Microsoft Store for Business and Education
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
The first person to sign in to Microsoft Store for Business or Microsoft Store for Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees.
Microsoft Store for Business and Education has a set of roles that help admins and employees manage access to apps and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access the Store. Global Administrators and global user accounts that are used with other Microsoft services, such as Azure, or Office 365 can sign in to Microsoft Store. Global user accounts have some permissions in Microsoft Store, and Microsoft Store has a set of roles that help IT admins and employees manage access to apps and tasks for Microsoft Store.

12
store-for-business/sign-up-microsoft-store-for-business-overview.md
View File

@ -3,16 +3,16 @@ title: Sign up and get started (Windows 10)
description: IT admins can sign up for the Microsoft Store for Business or Microsoft Store for Education and get started working with apps.
ms.assetid: 87C6FA60-3AB9-4152-A85C-6A1588A20C7B
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 10/03/2019
ms.date: 03/10/2021
---
# Sign up and get started
@ -24,13 +24,15 @@ ms.date: 10/03/2019
IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps.
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
## In this section
| Topic | Description |
| ----- | ----------- |
| [Microsoft Store for Business and Education overview](windows-store-for-business-overview.md) | Learn about Microsoft Store for Business. |
| [Prerequisites for Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) | There are a few prerequisites for using Microsoft Store for Business and Education.](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) |
| [Sign up for Microsoft Store for Business or Microsoft Store for Education](https://docs.microsoft.com/microsoft-store/sign-up-microsoft-store-for-business) | Before you sign up for Store for Business and Education, at a minimum, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Store for Business. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process. |
| [Roles and permissions in Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/roles-and-permissions-microsoft-store-for-business)| The first person to sign in to Microsoft Store for Business and Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. |
| [Settings reference: Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/settings-reference-microsoft-store-for-business) | Microsoft Store for Business and Education has a group of settings that admins use to manage the store. |

105
store-for-business/sign-up-microsoft-store-for-business.md
View File

@ -1,105 +0,0 @@
---
title: Sign up for Microsoft Store for Business or Microsoft Store for Education (Windows 10)
description: Before you sign up for Microsoft Store for Business or Microsoft Store for Education, at a minimum, you'll need an Azure Active Directory (AD) account for your organization, and you'll need to be the global administrator for your organization.
ms.assetid: 296AAC02-5C79-4999-B221-4F5F8CEA1F12
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 10/17/2017
---
# Sign up for Microsoft Store for Business or Microsoft Store for Education
**Applies to**
- Windows 10
- Windows 10 Mobile
Before you sign up for Microsoft Store for Business or Microsoft Store for Education, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Microsoft Store for Business or Microsoft Store for Education. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process.
## Sign up for Microsoft Store
Before signing up for Microsoft Store, make sure you're the global administrator for your organization.
**To sign up for Microsoft Store**
1. Go to [https://www.microsoft.com/business-store](https://www.microsoft.com/business-store), or [https://www.microsoft.com/education-store](https://www.microsoft.com/education-store) and click **Sign up**.
- If you start Microsoft Store sign-up process, and don't have an Azure AD directory for your organization, we'll help you create one. For more info, see [Sign up for Azure AD accounts](#o365-welcome).
<!-- -->
- If you already have an Azure AD directory, you'll [sign in to Store for Business](#sign-in), and then accept Store for Business terms.
![Image showing Microsoft Store for Business page with invitation to sign up, or sign in.](images/wsfb-landing.png)
**To sign up for Azure AD accounts through Office 365 for Business**
- <a href="" id="o365-welcome"></a>Signing up for Microsoft Store will create an Azure AD directory and global administrator account for you. There are just a few steps.
Step 1: About you.
Type the required info and click **Next.**
![Image showing Welcome page for sign up process.](images/wsfb-onboard-1.png)
- Step 2: Create an ID.
We'll use info you provided on the previous page to build your user ID. Check the info and click **Next**.
![Image showing Create your user ID page for sign up process.](images/wsfb-onboard-2.png)
- Step 3: You're in.
Let us know how you'd like to receive a verification code, and click either **Text me**, or **Call me**. We'll send you a verification code
![Image showing confirmation page as part of sign up process.](images/wsfb-onboard-3.png)
- Verification.
Type your verification code and click **Create my account**.
![Image showing verification code step.](images/wsfb-onboard-4.png)
- Save this info.
Be sure to save the portal sign-in page and your user ID info. Click **You're ready to go**.
![Image showing sign-in page and user ID for Microsoft Store for Business.](images/wsfb-onboard-5.png)
- At this point, you'll have an Azure AD directory created with one user account. That user account is the global administrator. You can use that account to sign in to Store for Business.
2. <a href="" id="sign-in"></a>Sign in with your Azure AD account.
![Image showing sign-in page for Microsoft Store for Business.](images/wsfb-onboard-7.png)
3. <a href="" id="accept-terms"></a>Read through and accept Microsoft Store for Business and Education terms.
4. Welcome to the Store for Business. Click **Next** to continue.
![Image showing welcome message for Microsoft Store for business.](images/wsfb-firstrun.png)
## Next steps
After signing up for Microsoft Store for Business or Microsoft Store for Education, you can:
- **Add users to your Azure AD directory**. If you created your Azure AD directory during sign up, additional user accounts are required for employees to install apps you assign to them, or to browse the private store in Store app. For more information, see [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-microsoft-store-for-business.md).
- **Assign roles to employees**. For more information, see [Roles and permissions in Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md).
 
 

4
windows/deployment/update/update-compliance-get-started.md
View File

@ -64,10 +64,10 @@ To find your CommercialID within Azure:
## Enroll devices in Update Compliance
Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are two ways to configure devices to use Update Compliance.
Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are two ways to configure devices to use Update Compliance. After you configure devices, it can take up to 72 hours before devices are visible in the solution. Until then, Update Compliance will indicate it is still assessing devices.
> [!NOTE]
> After configuring devices via one of the two methods below, it can take up to 72 hours before devices are visible in the solution. Until then, Update Compliance will indicate it is still assessing devices.
> If you use or plan to use [Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview), follow the steps in [Enroll devices in Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/enroll-devices) to also enroll devices in Update Compliance. You should be aware that the Commercial ID and Log Analytics workspace must be the same for both Desktop Analytics and Update Compliance.
### Configure devices using the Update Compliance Configuration Script

22
windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
View File

@ -41,16 +41,16 @@ See the blog post [Important changes to Microsoft Active Protection Services end
## Allow connections to the Microsoft Defender Antivirus cloud service
The Microsoft Defender Antivirus cloud service provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides important protection against malware on your endpoints and across your network.
The Microsoft Defender Antivirus cloud service provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it's highly recommended because it provides important protection against malware on your endpoints and across your network.
>[!NOTE]
>The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.
>The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it's called a cloud service, it's not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.
See [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) for details on enabling the service with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or on individual clients in the Windows Security app.
After you've enabled the service, you may need to configure your network or firewall to allow connections between it and your endpoints.
Because your protection is a cloud service, computers must have access to the internet and reach the Microsoft Defender for Office 365 machine learning services. Do not exclude the URL `*.blob.core.windows.net` from any kind of network inspection.
Because your protection is a cloud service, computers must have access to the internet and reach the Microsoft Defender for Office 365 machine learning services. Don't exclude the URL `*.blob.core.windows.net` from any kind of network inspection.
The table below lists the services and their associated URLs. Make sure that there are no firewall or network filtering rules denying access to these URLs, or you may need to create an allow rule specifically for them (excluding the URL `*.blob.core.windows.net`). Below mention URLs are using port 443 for communication.
@ -60,14 +60,14 @@ The table below lists the services and their associated URLs. Make sure that the
| Microsoft Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)|Used by Microsoft Defender Antivirus to provide cloud-delivered protection|`*.wdcp.microsoft.com` <br/> `*.wdcpalt.microsoft.com` <br/> `*.wd.microsoft.com`|
| Microsoft Update Service (MU) <br/> Windows Update Service (WU)| Security intelligence and product updates |`*.update.microsoft.com` <br/> `*.delivery.mp.microsoft.com`<br/> `*.windowsupdate.com` <br/><br/> For details see [Connection endpoints for Windows Update](https://docs.microsoft.com/windows/privacy/manage-windows-1709-endpoints#windows-update)|
|Security intelligence updates Alternate Download Location (ADL)| Alternate location for Microsoft Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)| `*.download.microsoft.com` </br> `*.download.windowsupdate.com`</br> `https://fe3cr.delivery.mp.microsoft.com/ClientWebService/client.asmx`|
| Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | `ussus1eastprod.blob.core.windows.net` <br/> `ussus1westprod.blob.core.windows.net` <br/> `usseu1northprod.blob.core.windows.net` <br/> `usseu1westprod.blob.core.windows.net` <br/> `ussuk1southprod.blob.core.windows.net` <br/> `ussuk1westprod.blob.core.windows.net` <br/> `ussas1eastprod.blob.core.windows.net` <br/> `ussas1southeastprod.blob.core.windows.net` <br/> `ussau1eastprod.blob.core.windows.net` <br/> `ussau1southeastprod.blob.core.windows.net` |
| Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | `ussus1eastprod.blob.core.windows.net` <br/> `ussus2eastprod.blob.core.windows.net` <br/> `ussus3eastprod.blob.core.windows.net` <br/> `ussus4eastprod.blob.core.windows.net` <br/> `wsus1eastprod.blob.core.windows.net` <br/> `wsus2eastprod.blob.core.windows.net` <br/> `ussus1westprod.blob.core.windows.net` <br/> `ussus2westprod.blob.core.windows.net` <br/> `ussus3westprod.blob.core.windows.net` <br/> `ussus4westprod.blob.core.windows.net` <br/> `wsus1westprod.blob.core.windows.net` <br/> `wsus2westprod.blob.core.windows.net` <br/> `usseu1northprod.blob.core.windows.net` <br/> `wseu1northprod.blob.core.windows.net` <br/> `usseu1westprod.blob.core.windows.net` <br/> `wseu1westprod.blob.core.windows.net` <br/> `ussuk1southprod.blob.core.windows.net` <br/> `wsuk1southprod.blob.core.windows.net` <br/> `ussuk1westprod.blob.core.windows.net` <br/> `wsuk1westprod.blob.core.windows.net` |
| Certificate Revocation List (CRL)|Used by Windows when creating the SSL connection to MAPS for updating the CRL | `http://www.microsoft.com/pkiops/crl/` <br/> `http://www.microsoft.com/pkiops/certs` <br/> `http://crl.microsoft.com/pki/crl/products` <br/> `http://www.microsoft.com/pki/certs` |
| Symbol Store|Used by Microsoft Defender Antivirus to restore certain critical files during remediation flows | `https://msdl.microsoft.com/download/symbols` |
| Universal Telemetry Client| Used by Windows to send client diagnostic data; Microsoft Defender Antivirus uses telemetry for product quality monitoring purposes | The update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: `vortex-win.data.microsoft.com` <br/> `settings-win.data.microsoft.com`|
## Validate connections between your network and the cloud
After allowing the URLs listed above, you can test if you are connected to the Microsoft Defender Antivirus cloud service and are correctly reporting and receiving information to ensure you are fully protected.
After allowing the URLs listed above, you can test if you're connected to the Microsoft Defender Antivirus cloud service and are correctly reporting and receiving information to ensure you're fully protected.
**Use the cmdline tool to validate cloud-delivered protection:**
@ -84,24 +84,24 @@ For more information, see [Manage Microsoft Defender Antivirus with the mpcmdrun
**Attempt to download a fake malware file from Microsoft:**
You can download a sample file that Microsoft Defender Antivirus will detect and block if you are properly connected to the cloud.
You can download a sample file that Microsoft Defender Antivirus will detect and block if you're properly connected to the cloud.
Download the file by visiting [https://aka.ms/ioavtest](https://aka.ms/ioavtest).
>[!NOTE]
>This file is not an actual piece of malware. It is a fake file that is designed to test if you are properly connected to the cloud.
>This file is not an actual piece of malware. It's a fake file that is designed to test if you're properly connected to the cloud.
If you are properly connected, you will see a warning Microsoft Defender Antivirus notification.
If you're properly connected, you'll see a warning Microsoft Defender Antivirus notification.
If you are using Microsoft Edge, you'll also see a notification message:
If you're using Microsoft Edge, you'll also see a notification message:
![Microsoft Edge informing the user that malware was found](images/defender/wdav-bafs-edge.png)
A similar message occurs if you are using Internet Explorer:
A similar message occurs if you're using Internet Explorer:
![Microsoft Defender Antivirus notification informing the user that malware was found](images/defender/wdav-bafs-ie.png)
You will also see a detection under **Quarantined threats** in the **Scan history** section in the Windows Security app:
You'll also see a detection under **Quarantined threats** in the **Scan history** section in the Windows Security app:
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.

24
windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
View File

@ -6,12 +6,12 @@ search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.mktglfcycl: detect
ms.sitesec: library
ms.localizationpriority: medium
ms.localizationpriority: high
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
audience: ITPro
ms.date: 02/03/2021
ms.date: 03/10/2021
ms.reviewer:
manager: dansimp
ms.technology: mde
@ -41,9 +41,7 @@ Here are some examples:
> [!TIP]
> For more examples and a discussion of the criteria we use to label applications for special attention from security features, see [How Microsoft identifies malware and potentially unwanted applications](../intelligence/criteria.md).
Potentially unwanted applications can increase the risk of your network being infected with actual malware, make malware infections harder to identify, or waste IT resources in cleaning them up.
PUA protection is supported on Windows 10, Windows Server 2019, and Windows Server 2016.
Potentially unwanted applications can increase the risk of your network being infected with actual malware, make malware infections harder to identify, or waste IT resources in cleaning them up. PUA protection is supported on Windows 10, Windows Server 2019, and Windows Server 2016.
## Microsoft Edge
@ -64,9 +62,7 @@ Although potentially unwanted application protection in Microsoft Edge (Chromium
In Chromium-based Edge with PUA protection turned on, Microsoft Defender SmartScreen protects you from PUA-associated URLs.
Admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsoft-edge) how Microsoft Edge and Microsoft Defender SmartScreen work together to protect groups of users from PUA-associated URLs. There are several [group policy settings](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreen-settings) explicitly for Microsoft
Defender SmartScreen available, including [one for blocking PUA](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can
[configure Microsoft Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Microsoft Defender SmartScreen on or off.
Security admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsoft-edge) how Microsoft Edge and Microsoft Defender SmartScreen work together to protect groups of users from PUA-associated URLs. There are several [group policy settings](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreen-settings) explicitly for Microsoft Defender SmartScreen available, including [one for blocking PUA](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can [configure Microsoft Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Microsoft Defender SmartScreen on or off.
Although Microsoft Defender for Endpoint has its own block list based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md) in the Microsoft Defender for Endpoint portal, Microsoft Defender SmartScreen respects the new settings.
@ -77,9 +73,7 @@ The potentially unwanted application (PUA) protection feature in Microsoft Defen
> [!NOTE]
> This feature is available in Windows 10, Windows Server 2019, and Windows Server 2016.
Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine.
When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification is prefaced with `PUA:` to indicate its content.
Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantine. When a PUA file is detected on an endpoint, Microsoft Defender Antivirus sends a notification to the user ([unless notifications have been disabled](configure-notifications-microsoft-defender-antivirus.md)) in the same format as other threat detections. The notification is prefaced with `PUA:` to indicate its content.
The notification appears in the usual [quarantine list within the Windows Security app](microsoft-defender-security-center-antivirus.md#detection-history).
@ -112,13 +106,21 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
#### Use Group Policy to configure PUA protection
1. Download and install [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157)
2. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)).
3. Select the Group Policy Object you want to configure, and then choose **Edit**.
4. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
5. Expand the tree to **Windows Components** > **Microsoft Defender Antivirus**.
6. Double-click **Configure detection for potentially unwanted applications**.
7. Select **Enabled** to enable PUA protection.
8. In **Options**, select **Block** to block potentially unwanted applications, or select **Audit Mode** to test how the setting works in your environment. Select **OK**.
9. Deploy your Group Policy object as you usually do.
#### Use PowerShell cmdlets to configure PUA protection

37
windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
View File

@ -13,7 +13,7 @@ ms.author: deniseb
ms.custom: nextgen
ms.reviewer: pahuijbr
manager: dansimp
ms.date: 03/09/2021
ms.date: 03/10/2021
ms.technology: mde
---
@ -78,6 +78,23 @@ All our updates contain
<br/><br/>
<details>
<summary> February-2021 (Platform: 4.18.2102.3 | Engine: 1.1.17900.7)</summary>
&ensp;Security intelligence update version: **1.333.7.0**
&ensp;Released: **March 9, 2021**
&ensp;Platform: **4.19.2102.3**
&ensp;Engine: **1.1.17900.7**
&ensp;Support phase: **Security and Critical Updates**
### What's new
- Improved service recovery through [tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md)
- Extend tamper protection scope
### Known Issues
No known issues
<br/>
</details><details>
<summary> January-2021 (Platform: 4.18.2101.9 | Engine: 1.1.17800.5)</summary>
&ensp;Security intelligence update version: **1.327.1854.0**
@ -114,7 +131,13 @@ No known issues
### Known Issues
No known issues
<br/>
</details><details>
</details>
### Previous version updates: Technical upgrade support only
After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only.
<br/><br/>
<details>
<summary> October-2020 (Platform: 4.18.2010.7 | Engine: 1.1.17600.5)</summary>
&ensp;Security intelligence update version: **1.327.7.0**
@ -134,13 +157,7 @@ No known issues
No known issues
<br/>
</details>
### Previous version updates: Technical upgrade support only
After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only.
<br/><br/>
<details>
</details><details>
<summary> September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)</summary>
&ensp;Security intelligence update version: **1.325.10.0**
@ -334,7 +351,7 @@ Engine: **1.1.16700.2**
- Fixed BSOD on WS2016 with Exchange
- Support platform updates when TMP is redirected to network path
- Platform and engine versions are added to [WDSI](https://www.microsoft.com/wdsi/defenderupdates)
- Platform and engine versions are added to [WDSI](https://www.microsoft.com/en-us/wdsi/defenderupdates) <!-- The preceding URL must include "/en-us" -->
- extend Emergency signature update to [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility)
- Fix 4.18.1911.3 hang

5
windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
View File

@ -12,7 +12,7 @@ author: denisebmsft
ms.author: deniseb
ms.reviewer: jcedola, dbodorin, vladiso, nixanm, anvascon
manager: dansimp
ms.date: 01/06/2021
ms.date: 03/10/2021
ms.technology: mde
---
@ -130,6 +130,7 @@ An allowed application or service only has write access to a controlled folder a
### Use PowerShell to allow specific apps
1. Type **PowerShell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**
2. Enter the following cmdlet:
```PowerShell
@ -158,7 +159,7 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications]
Microsoft Defender for Endpoint certificate and file indicators can allow signed executable files to access protected folders. For implementation details, see [Create indicators based on certificates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates).
> [!Note]
> This does no apply to scripting engines, including Powershell
> This does not apply to scripting engines, including PowerShell.
## Customize the notification

20
windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md
View File

@ -7,11 +7,11 @@ ms.prod: m365-security
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
ms.localizationpriority: high
audience: ITPro
author: denisebmsft
ms.author: deniseb
ms.date: 10/21/2020
ms.date: 03/10/2021
ms.reviewer:
manager: dansimp
ms.custom: asr
@ -27,20 +27,16 @@ ms.technology: mde
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink)
Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink)
Exploit protection automatically applies a number of exploit mitigation techniques to operating system processes and apps. Exploit protection is supported beginning with Windows 10, version 1709 and Windows Server, version 1803.
> [!TIP]
> You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
Exploit protection works best with [Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
Exploit protection works best with [Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). You can [enable exploit protection](enable-exploit-protection.md) on an individual device, and then use [Group Policy](import-export-exploit-protection-emet-xml.md) to distribute the XML file to multiple devices at once.
You can [enable exploit protection](enable-exploit-protection.md) on an individual device, and then use [Group Policy](import-export-exploit-protection-emet-xml.md) to distribute the XML file to multiple devices at once.
When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
You can also use [audit mode](evaluate-exploit-protection.md) to evaluate how exploit protection would impact your organization if it were enabled.
When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. You can also use [audit mode](evaluate-exploit-protection.md) to evaluate how exploit protection would impact your organization if it were enabled.
Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) are included in exploit protection. In fact, you can convert and import existing your EMET configuration profiles into exploit protection. To learn more, see [Import, export, and deploy exploit protection configurations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml).
@ -52,9 +48,7 @@ Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](http
## Review exploit protection events in the Microsoft Security Center
Defender for Endpoint provides detailed reporting into events and blocks as part of its alert investigation scenarios.
You can query Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how exploit protection settings could affect your environment.
Defender for Endpoint provides detailed reporting into events and blocks as part of its alert investigation scenarios. You can query Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how exploit protection settings could affect your environment.
Here is an example query:
@ -100,7 +94,7 @@ You can review the Windows event log to see events that are created when exploit
The mitigations available in EMET are included natively in Windows 10 (starting with version 1709) and Windows Server (starting with version 1803), under [Exploit protection](exploit-protection.md).
The table in this section indicates the availability and support of native mitigations between EMET and exploit protection.
The following table indicates the availability and support of native mitigations between EMET and exploit protection.
|Mitigation | Available under exploit protection | Available in EMET |
|:---|:---|:---|

32
windows/security/threat-protection/microsoft-defender-atp/gov.md
View File

@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Microsoft Defender for Endpoint for US Government customers, built in the US Azure Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial.
Microsoft Defender for Endpoint for US Government customers, built in the Azure US Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial.
This offering is available to GCC, GCC High, and DoD customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some differences in the availability of capabilities for this offering.
@ -37,8 +37,8 @@ Microsoft Defender for Endpoint for US Government customers requires one of the
GCC | GCC High | DoD
:---|:---|:---
Windows 10 Enterprise E5 GCC | Windows 10 Enterprise E5 for GCC High | Windows 10 Enterprise E5 for DOD
| | Microsoft 365 E5 for GCC High |
| | Microsoft 365 G5 Security for GCC High |
| | Microsoft 365 E5 for GCC High | Microsoft 365 G5 for DOD
| | Microsoft 365 G5 Security for GCC High | Microsoft 365 G5 Security for DOD
Microsoft Defender for Endpoint - GCC | Microsoft Defender for Endpoint for GCC High | Microsoft Defender for Endpoint for DOD
### Server licensing
@ -86,8 +86,8 @@ Windows 8.1 Enterprise | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/
Windows 8 Pro | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
Windows 7 SP1 Enterprise | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
Windows 7 SP1 Pro | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
Linux | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development
macOS | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development
Linux | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out
macOS | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out
Android | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog
iOS | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog
@ -124,6 +124,20 @@ For more information, see [Configure device proxy and Internet connectivity sett
>
> When filtering, look for the records labeled as "US Gov" and your specific cloud under the geography column.
### Service backend IP ranges
If your network devices don't support DNS-based rules, use IP ranges instead.
Defender for Endpoint for US Government customers is built in the Azure US Government environment, deployed in the following regions:
- AzureCloud.usgovtexas
- AzureCloud.usgovvirginia
You can find the Azure IP ranges in [Azure IP Ranges and Service Tags US Government Cloud](https://www.microsoft.com/download/details.aspx?id=57063).
> [!NOTE]
> As a cloud-based solution, the IP address ranges can change. It's recommended you move to DNS-based rules.
<br>
## API
@ -138,18 +152,18 @@ SIEM | `https://wdatp-alertexporter-us.gcc.securitycenter.windows.us` | `https:/
<br>
## Feature parity with commercial
Defender for Endpoint doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight.
Defender for Endpoint for US Government customers doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight.
These are the known gaps as of February 2021:
These are the known gaps as of March 2021:
Feature name | GCC | GCC High | DoD (PREVIEW)
:---|:---|:---|:---
Automated investigation and remediation: Live response | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
Automated investigation and remediation: Response to Office 365 alerts | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog
Email notifications | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out
Email notifications | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
Evaluation lab | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
Management and APIs: Device health and compliance report | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
Management and APIs: Integration with third-party products | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development
Management and APIs: Integration with third-party products | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out
Management and APIs: Streaming API | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development
Management and APIs: Threat protection report | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
Threat & vulnerability management | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)

3
windows/security/threat-protection/microsoft-defender-atp/network-protection.md
View File

@ -43,6 +43,9 @@ When network protection blocks a connection, a notification is displayed from th
You can also use [audit mode](audit-windows-defender.md) to evaluate how network protection would impact your organization if it were enabled.
> [!NOTE]
> If network protection is enabled and platform updates are managed, it could cause some systems to lose network connectivity if their systems aren't updated. As a result, some devices might lose network connectivity. In a managed environment, make sure that Configuration Manager auto deployment rule is updating the platform. Make sure this is fully deployed to all clients before turning on network protection.
## Requirements
Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender Antivirus real-time protection.

49
windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
View File

@ -1,6 +1,6 @@
---
title: Set up Microsoft Defender ATP deployment
description: Learn how to setup the deployment for Microsoft Defender ATP
title: Set up Microsoft Defender for Endpoint deployment
description: Learn how to set up the deployment for Microsoft Defender for Endpoint
keywords: deploy, setup, licensing validation, tenant configuration, network configuration
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -47,7 +47,7 @@ In this deployment scenario, you'll be guided through the steps on:
>[!NOTE]
>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md).
>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but won't cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md).
## Check license state
@ -59,7 +59,7 @@ Checking for the license state and whether it got properly provisioned, can be d
1. Alternately, in the admin center, navigate to **Billing** > **Subscriptions**.
On the screen, you will see all the provisioned licenses and their current **Status**.
On the screen, you'll see all the provisioned licenses and their current **Status**.
![Image of billing licenses](images/atp-billing-subscriptions.png)
@ -93,7 +93,7 @@ When accessing Microsoft Defender Security Center for the first time, a wizard t
4. Set up preferences.
**Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU, or UK. You cannot change the location after this set up and Microsoft will not transfer the data from the specified geolocation.
**Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU, or UK. You can't change the location after this set up and Microsoft won't transfer the data from the specified geolocation.
**Data retention** - The default is six months.
@ -109,7 +109,7 @@ When accessing Microsoft Defender Security Center for the first time, a wizard t
## Network configuration
If the organization does not require the endpoints to use a Proxy to access the
If the organization doesn't require the endpoints to use a Proxy to access the
Internet, skip this section.
The Microsoft Defender for Endpoint sensor requires Microsoft Windows HTTP (WinHTTP) to
@ -127,15 +127,11 @@ the following discovery methods:
- Web Proxy Autodiscovery Protocol (WPAD)
If a Transparent proxy or WPAD has been implemented in the network topology,
If a Transparent proxy or WPAD has been implemented in the network topology,
there is no need for special configuration settings. For more information on
Microsoft Defender for Endpoint URL exclusions in the proxy, see the
Appendix section in this document for the URLs allow list or on
[Microsoft
Docs](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server).
> [!NOTE]
> For a detailed list of URLs that need to be allowed, please see [this article](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus).
[Proxy Service URLs](production-deployment.md#proxy-service-urls) section in this document for the URLs allow list or on
[Configure device proxy and Internet connectivity settings](configure-proxy-internet.md#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server).
**Manual static proxy configuration:**
@ -229,24 +225,27 @@ The following downloadable spreadsheet lists the services and their associated U
|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)<br/> | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>[Download the spreadsheet here.](https://download.microsoft.com/download/8/a/5/8a51eee5-cd02-431c-9d78-a58b7f77c070/mde-urls.xlsx)
### Microsoft Defender for Endpoint service backend IP range
### Microsoft Defender for Endpoint service backend IP ranges
If you network devices don't support the URLs listed in the prior section, you can use the following information.
If your network devices don't support DNS-based rules, use IP ranges instead.
Defender for Endpoint is built on Azure cloud, deployed in the following regions:
Defender for Endpoint is built in Azure cloud, deployed in the following regions:
- \+\<Region Name="uswestcentral">
- \+\<Region Name="useast2">
- \+\<Region Name="useast">
- \+\<Region Name="europenorth">
- \+\<Region Name="europewest">
- \+\<Region Name="uksouth">
- \+\<Region Name="ukwest">
- AzureCloud.eastus
- AzureCloud.eastus2
- AzureCloud.westcentralus
- AzureCloud.northeurope
- AzureCloud.westeurope
- AzureCloud.uksouth
- AzureCloud.ukwest
You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https://www.microsoft.com/en-us/download/details.aspx?id=41653).
You can find the Azure IP ranges in [Azure IP Ranges and Service Tags Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519).
> [!NOTE]
> As a cloud-based solution, the IP address range can change. It's recommended you move to DNS resolving setting.
> As a cloud-based solution, the IP address ranges can change. It's recommended you move to DNS-based rules.
> [!NOTE]
> If you are a US Government customer, please see the corresponding section in the [Defender for Endpoint for US Government](gov.md#service-backend-ip-ranges) page.
## Next step

8
windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md
View File

@ -23,20 +23,18 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
You can gain more insight in an investigation by analyzing the events that happened on a specific device. First, select the device of interest from the [Devices list](machines-view-overview.md). On the device page, you can select the **Timeline** tab to view all the events that occurred on the device.
## Understand techniques in the timeline
>[!IMPORTANT]
>Some information relates to a prereleased product feature in public preview which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
In Microsoft Defender for Endpoint, **Techniques** are an additional data type in the event timeline. Techniques provide more insight on activities associated with [MITRE ATT&CK](https://attack.mitre.org/) techniques or sub-techniques.
**Techniques** are an additional data type in the event timeline. Techniques provide more insight on activities associated with [MITRE ATT&CK](https://attack.mitre.org/) techniques or sub-techniques.
This feature simplifies the investigation experience by helping analysts understand the activities that were observed on a device. Analysts can then decide to investigate further.
For public preview, Techniques are available by default and shown together with events when a device's timeline is viewed.
Techniques are available by default and shown together with events when a device's timeline is viewed.
![Techniques in device timeline screenshot](images/device-timeline-2.png)

2
windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
View File

@ -65,7 +65,7 @@ To create an inbound firewall rule for a program or service
To set a SID type on a service, run the following command:
**sc** **sidtype** *&lt;Type&gt; &lt;ServiceName&gt;*
**sc** **sidtype** *&lt;ServiceName&gt; &lt;Type&gt;*
In the preceding command, the value of *&lt;Type&gt;* can be **UNRESTRICTED** or **RESTRICTED**. Although the command also permits the value of **NONE**, that setting means the service cannot be used in a firewall rule as described here. By default, most services in Windows are configured as **UNRESTRICTED**. If you change the SID type to **RESTRICTED**, the service might fail to start. We recommend that you change the SID type only on services that you want to use in firewall rules, and that you change the SID type to **UNRESTRICTED**.