From 50d6f31d180f4ed34dbe69901b238354c0824f58 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 17 Aug 2020 15:45:54 +0500
Subject: [PATCH 1/5] Update run-detection-test.md
---
.../microsoft-defender-atp/run-detection-test.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
index 0d98b91181..d87232b04b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
@@ -50,3 +50,4 @@ The Command Prompt window will close automatically. If successful, the detection
## Related topics
- [Onboard Windows 10 devices](configure-endpoints.md)
- [Onboard servers](configure-server-endpoints.md)
+- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)
From d5d43293dd51916276e88898cc24aa5b89a1282b Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Tue, 18 Aug 2020 12:55:27 +0500
Subject: [PATCH 2/5] Comma missing in example
As mentioned in the document that if we are adding a URL without proxy we need to add "," just before the "|". Added this in the documents example section.
Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/7134
---
.../create-wip-policy-using-intune-azure.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index c1f81c4974..07ac0b55e1 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -456,7 +456,7 @@ contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,conto
Value format without proxy:
```code
-contoso.sharepoint.com|contoso.visualstudio.com
+contoso.sharepoint.com,|contoso.visualstudio.com,|contoso.onedrive.com
```
### Protected domains
From d307463371e3cea5a25254cbd8779bb6208f0bd8 Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Tue, 18 Aug 2020 16:58:16 -0700
Subject: [PATCH 3/5] Update windowsdefenderapplicationguard-csp.md
Updated CSP policy for Edge and Office
---
.../mdm/windowsdefenderapplicationguard-csp.md | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 63373c2a34..1732644d9b 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -31,8 +31,11 @@ Turn on Microsoft Defender Application Guard in Enterprise Mode.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
The following list shows the supported values:
-- 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment.
-- 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container.
+Options:
+- 0 - Disable Microsoft Defender Application Guard
+- 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY
+- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY
+- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments
**Settings/ClipboardFileType**
Determines the type of content that can be copied from the host to Application Guard environment and vice versa.
@@ -297,4 +300,4 @@ ADMX Info:
- GP name: *AuditApplicationGuard*
- GP path: *Windows Components/Microsoft Defender Application Guard*
- GP ADMX file name: *AppHVSI.admx*
-
\ No newline at end of file
+
From 7830b9e9916ca1482eceef9bb3a585d29a201f32 Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Thu, 20 Aug 2020 04:46:13 -0700
Subject: [PATCH 4/5] Update windowsdefenderapplicationguard-csp.md
---
.../mdm/windowsdefenderapplicationguard-csp.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 1732644d9b..59f3f7c19e 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -30,8 +30,7 @@ Turn on Microsoft Defender Application Guard in Enterprise Mode.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
-The following list shows the supported values:
-Options:
+The following list shows the supported values:
- 0 - Disable Microsoft Defender Application Guard
- 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY
- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY
From f05e7f6e490af712a10fecd40df0c1ab84d03de0 Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Tue, 25 Aug 2020 14:37:29 -0700
Subject: [PATCH 5/5] Spacing, indentation, valid code block types
The complete list of valid types for code blocks is here: https://docsmetadatatool.azurewebsites.net/allowlists/#
---
.../create-wip-policy-using-intune-azure.md | 64 ++++++++++---------
1 file changed, 33 insertions(+), 31 deletions(-)
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 07ac0b55e1..73946540c5 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -129,7 +129,8 @@ If you don't know the Store app publisher or product name, you can find them by
If you need to add Windows 10 mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
->**Note**
Your PC and phone must be on the same wireless network.
+> [!NOTE]
+> Your PC and phone must be on the same wireless network.
1. On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
@@ -194,19 +195,19 @@ To add another Desktop app, click the ellipsis **…**. After you’ve entered t
If you’re unsure about what to include for the publisher, you can run this PowerShell command:
-```ps1
+```powershell
Get-AppLockerFileInformation -Path ""
```
Where `""` goes to the location of the app on the device. For example:
-```ps1
+```powershell
Get-AppLockerFileInformation -Path "C:\Program Files\Windows NT\Accessories\wordpad.exe"
```
In this example, you'd get the following info:
-```
+```console
Path Publisher
---- ---------
%PROGRAMFILES%\WINDOWS NT\ACCESSORIES\WORDPAD.EXE O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
@@ -279,22 +280,22 @@ For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com
This is the XML file that AppLocker creates for Microsoft Dynamics 365.
```xml
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
```
12. After you’ve created your XML file, you need to import it by using Microsoft Intune.
@@ -335,6 +336,7 @@ The executable rule helps to create an AppLocker rule to sign any unsigned apps.
12. After you’ve created your XML file, you need to import it by using Microsoft Intune.
+
**To import a list of protected apps using Microsoft Intune**
1. In **Protected apps**, click **Import apps**.
@@ -428,7 +430,7 @@ Separate multiple resources with the "|" delimiter.
If you don’t use proxy servers, you must also include the "," delimiter just before the "|".
For example:
-```code
+```console
URL <,proxy>|URL <,proxy>
```
@@ -441,7 +443,7 @@ In this case, Windows blocks the connection by default.
To stop Windows from automatically blocking these connections, you can add the `/*AppCompat*/` string to the setting.
For example:
-```code
+```console
URL <,proxy>|URL <,proxy>/*AppCompat*/
```
@@ -449,13 +451,13 @@ When you use this string, we recommend that you also turn on [Azure Active Direc
Value format with proxy:
-```code
+```console
contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,contoso.internalproxy2.com
```
Value format without proxy:
-```code
+```console
contoso.sharepoint.com,|contoso.visualstudio.com,|contoso.onedrive.com
```
@@ -465,7 +467,7 @@ Specify the domains used for identities in your environment.
All traffic to the fully-qualified domains appearing in this list will be protected.
Separate multiple domains with the "|" delimiter.
-```code
+```console
exchange.contoso.com|contoso.com|region.contoso.com
```
@@ -475,7 +477,7 @@ Specify the DNS suffixes used in your environment.
All traffic to the fully-qualified domains appearing in this list will be protected.
Separate multiple resources with the "," delimiter.
-```code
+```console
corp.contoso.com,region.contoso.com
```
@@ -488,7 +490,7 @@ This list shouldn’t include any servers listed in your Internal proxy servers
Internal proxy servers must be used only for WIP-protected (enterprise) traffic.
Separate multiple resources with the ";" delimiter.
-```code
+```console
proxy.contoso.com:80;proxy2.contoso.com:443
```
@@ -500,7 +502,7 @@ This list shouldn’t include any servers listed in your Proxy servers list.
Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.
Separate multiple resources with the ";" delimiter.
-```code
+```console
contoso.internalproxy1.com;contoso.internalproxy2.com
```
@@ -539,7 +541,7 @@ Specify your authentication redirection endpoints for your company.
These locations are considered enterprise or personal, based on the context of the connection before the redirection.
Separate multiple resources with the "," delimiter.
-```code
+```console
sts.contoso.com,sts.contoso2.com
```
@@ -597,8 +599,8 @@ After you've decided where your protected apps can access enterprise data on you
- **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive.
->[!NOTE]
->Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders.
+ > [!NOTE]
+ > Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders.
**Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.