From 06bf32b6a8ef7fe0ba6acfda163a358a2fc6b397 Mon Sep 17 00:00:00 2001 From: Takeshi Katano Date: Thu, 22 Oct 2020 11:48:04 +0900 Subject: [PATCH 01/18] Incorrect WMI property names SignatureFallbackOrder and SignatureDefinitionUpdateFileSharesSouce properties are for signature source order properties. --- ...atch-up-scans-microsoft-defender-antivirus.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md index f176529dde..31c00d261d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md @@ -100,8 +100,10 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties: ```WMI -SignatureFallbackOrder -SignatureDefinitionUpdateFileSharesSouce +ScanParameters +ScanScheduleDay +ScanScheduleTime +RandomizeScheduleTaskTimes ``` See the following for more information and allowed parameters: @@ -138,8 +140,7 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties: ```WMI -SignatureFallbackOrder -SignatureDefinitionUpdateFileSharesSouce +ScanOnlyIfIdleEnabled ``` See the following for more information and allowed parameters: @@ -173,8 +174,8 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties: ```WMI -SignatureFallbackOrder -SignatureDefinitionUpdateFileSharesSouce +RemediationScheduleDay +RemediationScheduleTime ``` See the following for more information and allowed parameters: @@ -210,8 +211,7 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties: ```WMI -SignatureFallbackOrder -SignatureDefinitionUpdateFileSharesSouce +ScanScheduleQuickScanTime ``` See the following for more information and allowed parameters: From 4b88769f22db002aafb019c1f111706593d0bee5 Mon Sep 17 00:00:00 2001 From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com> Date: Mon, 2 Nov 2020 14:41:50 -0800 Subject: [PATCH 02/18] localizationpriority metada was messed up --- windows/deployment/update/wufb-basics.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/wufb-basics.md b/windows/deployment/update/wufb-basics.md index 0c8f5c32db..cea6e517ca 100644 --- a/windows/deployment/update/wufb-basics.md +++ b/windows/deployment/update/wufb-basics.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage audience: itpro itproauthor: jaimeo author: jaimeo -ms.localizationprioauthor: jaimeo +ms.localizationpriority: medium ms.audience: itpro ms.reviewer: manager: laurawi From f957d02e0c4a0b3fda85e2343126f0f39f185db9 Mon Sep 17 00:00:00 2001 From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com> Date: Mon, 2 Nov 2020 14:48:53 -0800 Subject: [PATCH 03/18] Update windows-sandbox-configure-using-wsb-file.md Localization priority metadata value was blank --- .../windows-sandbox/windows-sandbox-configure-using-wsb-file.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index 2ac125c33b..16214a5f59 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -8,7 +8,7 @@ ms.author: dansimp manager: dansimp ms.collection: ms.topic: article -ms.localizationpriority: +ms.localizationpriority: medium ms.date: ms.reviewer: --- From f74a99748a53c23d89ecf368f77a5b82cb494438 Mon Sep 17 00:00:00 2001 From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com> Date: Mon, 2 Nov 2020 14:52:15 -0800 Subject: [PATCH 04/18] Update bitlocker-recovery-loop-break.md Localization priority value had unwanted "#" --- .../bitlocker/bitlocker-recovery-loop-break.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index f06b11a197..9ed6f0f984 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.localizationpriority: #medium +ms.localizationpriority: medium ms.author: v-maave author: martyav manager: dansimp From bd8796bcf91e7e437733047cf1dd27cb8d136832 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 3 Nov 2020 10:51:28 -0800 Subject: [PATCH 05/18] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 39 ++++++++++--------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 867107aeaa..a5bb42b0b3 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 10/29/2020 +ms.date: 11/03/2020 ms.reviewer: manager: dansimp ms.custom: asr @@ -22,8 +22,8 @@ Answering frequently asked questions about Microsoft Defender Application Guard ## Frequently Asked Questions -### Can I enable Application Guard on machines equipped with 4 GB RAM? -We recommend 8 GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. +### Can I enable Application Guard on machines equipped with 4-GB RAM? +We recommend 8-GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.) @@ -101,7 +101,7 @@ Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudRes Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)" For EnterpriseNetworkDomainNames, there is no mapped CSP policy. -Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). +Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). ### Why did Application Guard stop working after I turned off hyperthreading? @@ -139,23 +139,26 @@ In the Microsoft Defender Firewall user interface go through the following steps ### Why can I not launch Application Guard when Exploit Guard is enabled? -There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to Windows Security-> App and Browser control -> Exploit Protection Setting -> switch CFG to the “use default". +There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to **Windows Security** > **App and Browser control** > **Exploit Protection Setting**, and then switch CFG to **use default**. ### How can I have ICS in enabled state yet still use Application Guard? -This is a two-step process. +ICS is enabled by default in Windows, and it must be enabled in order for Application Guard to function correctly. -Step 1: +Some enterprise organizations choose to disable ICS for their own security reasons. However, this is not recommended. If ICS is disabled, Application Guard stops working. -Enable Internet Connection sharing by changing the Group Policy setting *Prohibit use of Internet Connection Sharing on your DNS domain network*, which is part of the MS Security baseline from Enabled to Disabled. - -Step 2: - -1. Disable IpNat.sys from ICS load -System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1 -2. Configure ICS (SharedAccess) to enabled -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3 -3. Disabling IPNAT (Optional) -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4 -4. Reboot. \ No newline at end of file +The following procedure describes how to edit registry keys to disable ICS in part. + +1. In the Group Policy setting called **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**. + +2. Disable IpNat.sys from ICS load as follows:
+`System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1` + +3. Configure ICS (SharedAccess) to enabled as follows:
+`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3` + +4. (This is optional) Disable IPNAT as follows:
+`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4` + +5. Reboot the device. \ No newline at end of file From 49cedcb9e1a9516377ec7dcf6ef9736d15e50f75 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 3 Nov 2020 10:57:38 -0800 Subject: [PATCH 06/18] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index a5bb42b0b3..e00216ebde 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -23,7 +23,7 @@ Answering frequently asked questions about Microsoft Defender Application Guard ## Frequently Asked Questions ### Can I enable Application Guard on machines equipped with 4-GB RAM? -We recommend 8-GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. +We recommend 8-GB RAM for optimal performance but you can use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.) @@ -33,7 +33,7 @@ We recommend 8-GB RAM for optimal performance but you may use the following regi ### Can employees download documents from the Application Guard Edge session onto host devices? -In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy. +In Windows 10 Enterprise edition 1803, users are able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy. In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. @@ -71,7 +71,7 @@ The following Input Method Editors (IME) introduced in Windows 10, version 1903 ### I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? -This feature is currently experimental only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, contact Microsoft and we’ll work with you to enable the feature. +This feature is currently experimental only and is not functional without an additional registry key provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, contact Microsoft and we’ll work with you to enable the feature. ### What is the WDAGUtilityAccount local account? @@ -79,11 +79,11 @@ This account is part of Application Guard beginning with Windows 10 version 1709 ### How do I trust a subdomain in my site list? -To trust a subdomain, you must precede your domain with two dots, for example: `..contoso.com` will ensure `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted. +To trust a subdomain, you must precede your domain with two dots, for example: `..contoso.com` ensures that `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted. ### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? -When using Windows Pro or Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard). +When using Windows Pro or Windows Enterprise, you have access to using Application Guard in Standalone Mode. However, when using Enterprise you have access to Application Guard in Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard). ### Is there a size limit to the domain lists that I need to configure? @@ -91,27 +91,27 @@ Yes, both the Enterprise Resource domains hosted in the cloud and the Domains ca ### Why does my encryption driver break Microsoft Defender Application Guard? -Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT"). +Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). ### Why do the Network Isolation policies in Group Policy and CSP look different? -There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy WDAG are different between CSP and GP. +There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy Application Guard are different between CSP and GP. -Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudResources" -Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)" +Mandatory network isolation GP policy to deploy Application Guard: "DomainSubnets or CloudResources" +Mandatory network isolation CSP policy to deploy Application Guard: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)" For EnterpriseNetworkDomainNames, there is no mapped CSP policy. -Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). +Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). ### Why did Application Guard stop working after I turned off hyperthreading? If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility Application Guard no longer meets the minimum requirements. -### Why am I getting the error message ("ERROR_VIRTUAL_DISK_LIMITATION")? +### Why am I getting the error message "ERROR_VIRTUAL_DISK_LIMITATION"? -Application Guard may not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume. +Application Guard might not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume. -### Why am I getting the error message ("ERR_NAME_NOT_RESOLVED") after not being able to reach PAC file? +### Why am I getting the error message "ERR_NAME_NOT_RESOLVED" after not being able to reach PAC file? This is a known issue. To mitigate this you need to create two firewall rules. For guidance on how to create a firewall rule by using group policy, see: @@ -129,7 +129,7 @@ This is the same as the first rule, but scoped to local port 68. In the Microsoft Defender Firewall user interface go through the following steps: 1. Right click on inbound rules, create a new rule. 2. Choose **custom rule**. -3. Program path: **%SystemRoot%\System32\svchost.exe**. +3. Program path: `%SystemRoot%\System32\svchost.exe`. 4. Protocol Type: UDP, Specific ports: 67, Remote port: any. 5. Any IP addresses. 6. Allow the connection. From 49bdd17e7bc87564d967951d54bb1762d7187909 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 3 Nov 2020 15:48:23 -0800 Subject: [PATCH 07/18] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index e4de5be2bd..5e54503d98 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -148,9 +148,9 @@ ICS is enabled by default in Windows, and it must be enabled in order for Applic Some enterprise organizations choose to disable ICS for their own security reasons. However, this is not recommended. If ICS is disabled, Application Guard stops working. -The following procedure describes how to edit registry keys to disable ICS in part. +The following procedure describes how to edit registry keys to disable ICS in part using a Group Policy. -1. In the Group Policy setting called **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**. +1. In the Group Policy setting called, *Prohibit use of Internet Connection Sharing on your DNS domain network*, set it to **Disabled**. 2. Disable IpNat.sys from ICS load as follows:
`System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1` @@ -162,3 +162,7 @@ The following procedure describes how to edit registry keys to disable ICS in pa `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4` 5. Reboot the device. + +## See also + +[Configure Microsoft Defender Application Guard policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard) \ No newline at end of file From 895817b75efe1cbb384103df79ee8347500fddd6 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 3 Nov 2020 16:04:42 -0800 Subject: [PATCH 08/18] Update scheduled-catch-up-scans-microsoft-defender-antivirus.md --- ...h-up-scans-microsoft-defender-antivirus.md | 42 ++++++++++--------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md index 31c00d261d..8f36768d8a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Schedule regular quick and full scans with Microsoft Defender AV +title: Schedule regular quick and full scans with Microsoft Defender Antivirus description: Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans keywords: quick scan, full scan, quick vs full, schedule scan, daily, weekly, time, scheduled, recurring, regular search.product: eADQiWindows 10XVcnh @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 09/30/2020 +ms.date: 11/02/2020 ms.reviewer: manager: dansimp --- @@ -23,7 +23,7 @@ manager: dansimp **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) > [!NOTE] > By default, Microsoft Defender Antivirus checks for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) to override this default. @@ -44,7 +44,9 @@ This article describes how to configure scheduled scans with Group Policy, Power 5. Expand the tree to **Windows components > Microsoft Defender Antivirus** and then the **Location** specified in the table below. -6. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings. +6. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. + +7. Click **OK**, and repeat for any other settings. Also see the [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) and [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) topics. @@ -74,12 +76,12 @@ Scheduled scans will run at the day and time you specify. You can use Group Poli ### Use Group Policy to schedule scans -Location | Setting | Description | Default setting (if not configured) ----|---|---|--- -Scan | Specify the scan type to use for a scheduled scan | Quick scan -Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never -Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am). | 2 am -Root | Randomize scheduled task times |In Microsoft Defender Antivirus: Randomize the start time of the scan to any interval from 0 to 4 hours.
In FEP/SCEP: randomize to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments. | Enabled +|Location | Setting | Description | Default setting (if not configured) | +|:---|:---|:---|:---| +|Scan | Specify the scan type to use for a scheduled scan | Quick scan | +|Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never | +|Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 a.m.). | 2 a.m. | +|Root | Randomize scheduled task times |In Microsoft Defender Antivirus: Randomize the start time of the scan to any interval from 0 to 4 hours.
In FEP/SCEP: randomize to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments. | Enabled | ### Use PowerShell cmdlets to schedule scans @@ -121,9 +123,9 @@ You can set the scheduled scan to only occur when the endpoint is turned on but ### Use Group Policy to schedule scans -Location | Setting | Description | Default setting (if not configured) ----|---|---|--- -Scan | Start the scheduled scan only when computer is on but not in use | Scheduled scans will not run, unless the computer is on but not in use | Enabled +|Location | Setting | Description | Default setting (if not configured) | +|:---|:---|:---|:---| +|Scan | Start the scheduled scan only when computer is on but not in use | Scheduled scans will not run, unless the computer is on but not in use | Enabled | ### Use PowerShell cmdlets @@ -191,10 +193,10 @@ You can enable a daily quick scan that can be run in addition to your other sche ### Use Group Policy to schedule daily scans -Location | Setting | Description | Default setting (if not configured) ----|---|---|--- -Scan | Specify the interval to run quick scans per day | Specify how many hours should elapse before the next quick scan. For example, to run every two hours, enter **2**, for once a day, enter **24**. Enter **0** to never run a daily quick scan. | Never -Scan | Specify the time for a daily quick scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am +|Location | Setting | Description | Default setting (if not configured) | +|:---|:---|:---|:---| +|Scan | Specify the interval to run quick scans per day | Specify how many hours should elapse before the next quick scan. For example, to run every two hours, enter **2**, for once a day, enter **24**. Enter **0** to never run a daily quick scan. | Never | +|Scan | Specify the time for a daily quick scan | Specify the number of minutes after midnight (for example, enter **60** for 1 a.m.) | 2 a.m. | ### Use PowerShell cmdlets to schedule daily scans @@ -224,9 +226,9 @@ You can force a scan to occur after every [protection update](manage-protection- ### Use Group Policy to schedule scans after protection updates -Location | Setting | Description | Default setting (if not configured) ----|---|---|--- -Signature updates | Turn on scan after Security intelligence update | A scan will occur immediately after a new protection update is downloaded | Enabled +|Location | Setting | Description | Default setting (if not configured)| +|:---|:---|:---|:---| +|Signature updates | Turn on scan after Security intelligence update | A scan will occur immediately after a new protection update is downloaded | Enabled | ## See also - [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) From 56d62160901ef8aa6764f825d5919a80b8dad92b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 3 Nov 2020 16:20:39 -0800 Subject: [PATCH 09/18] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 5e54503d98..007fa751d5 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -144,11 +144,7 @@ There is a known issue such that if you change the Exploit Protection settings f ### How can I have ICS in enabled state yet still use Application Guard? -ICS is enabled by default in Windows, and it must be enabled in order for Application Guard to function correctly. - -Some enterprise organizations choose to disable ICS for their own security reasons. However, this is not recommended. If ICS is disabled, Application Guard stops working. - -The following procedure describes how to edit registry keys to disable ICS in part using a Group Policy. +ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys. 1. In the Group Policy setting called, *Prohibit use of Internet Connection Sharing on your DNS domain network*, set it to **Disabled**. From c07930f9de9efb522cddf88ccf71fdd18946be78 Mon Sep 17 00:00:00 2001 From: MONI RAMESH SUBRAMONI <44937843+mosubram@users.noreply.github.com> Date: Wed, 4 Nov 2020 12:14:23 +0530 Subject: [PATCH 10/18] Update index.yml Spelling mistake on the word Accessibility --- windows/hub/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/hub/index.yml b/windows/hub/index.yml index 289a9ff9e7..75355791f6 100644 --- a/windows/hub/index.yml +++ b/windows/hub/index.yml @@ -42,7 +42,7 @@ landingContent: links: - text: Configure Windows 10 url: /windows/configuration/index - - text: Accesasibility information for IT Pros + - text: Accessibility information for IT Pros url: /windows/configuration/windows-10-accessibility-for-itpros - text: Configure access to Microsoft Store url: /windows/configuration/stop-employees-from-using-microsoft-store From 98cef83cb8ed3f4bd4916cd75af215e2c1229370 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 4 Nov 2020 12:22:07 +0500 Subject: [PATCH 11/18] minor modification Made a correction in the statement. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8568 --- .../threat-protection/microsoft-defender-atp/apis-intro.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md index 34f925b4d8..ebf717e331 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md +++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md @@ -57,7 +57,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User - **User Context:**
Used to perform actions in the API on behalf of a user. - Steps that needs to be taken to access Microsoft Defender ATP API with application context: + Steps that needs to be taken to access Microsoft Defender ATP API with user context: 1. Create AAD Native-Application. 2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 3. Get token using the application with user credentials. From bb838bcd8bac05f0af3d0fc2a41b26ee9080ddd1 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 4 Nov 2020 14:52:27 +0500 Subject: [PATCH 12/18] Update password-policy.md --- .../security-policy-settings/password-policy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md index daf285e8a4..f4b1f58262 100644 --- a/windows/security/threat-protection/security-policy-settings/password-policy.md +++ b/windows/security/threat-protection/security-policy-settings/password-policy.md @@ -26,7 +26,7 @@ An overview of password policies for Windows and links to information for each p In many operating systems, the most common method to authenticate a user's identity is to use a secret passphrase or password. A secure network environment requires all users to use strong passwords, which have at least eight characters and include a combination of letters, numbers, and symbols. These passwords help prevent the compromise of user accounts and administrative accounts by unauthorized users who use manual methods or automated tools to guess weak passwords. Strong passwords that are changed regularly reduce the likelihood of a successful password attack. -Introduced in Windows Server 2008 R2 and Windows Server 2008, Windows supports fine-grained password policies. This feature provides organizations with a way to define different password and account lockout policies for different sets of users in a domain. Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups. +Introduced in Windows Server 2008 R2 and Windows Server 2008, Windows supports fine-grained password policies. This feature provides organizations with a way to define different password and account lockout policies for different sets of users in a domain. Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups. For more details, see [AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770842(v=ws.10)). To apply a fine-grained password policy to users of an OU, you can use a shadow group. A shadow group is a global security group that is logically mapped to an OU to enforce a fine-grained password policy. You add users of the OU as members of the newly created shadow group and then apply the fine-grained password policy to this shadow group. You can create additional shadow groups for other OUs as needed. If you move a user from one OU to another, you must update the membership of the corresponding shadow groups. @@ -38,7 +38,7 @@ You can configure the password policy settings in the following location by usin **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy** -If individual groups require distinct password policies, these groups should be separated into another domain or forest, based on additional requirements. +This group policy is applied on domain level. If individual groups require distinct password policies, consider using of fine-grained password policies, as described above. The following topics provide a discussion of password policy implementation and best practices considerations, policy location, default values for the server type or GPO, relevant differences in operating system versions, security considerations (including the possible vulnerabilities of each setting), countermeasures that you can take, and the potential impact for each setting. From f4d1ce167ef544827355e31d17c4b3bddcbdeaa9 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 4 Nov 2020 16:27:43 +0100 Subject: [PATCH 13/18] Policy CSP/Update: place important blob below list MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As reported in issue ticket #8580 (The position of the "Important" section of Update/AllowAutoUpdate is incorrect. (Update/AllowAutoUpdate の「Important」セクションの位置が正しくありません)), the current placement of the important Note blob does not make it clear enough which of the details it is referring to. Placing the important note blob directly beneath bullet list point 5, which the important blob is referring to, makes it much more clear. Thanks to 新宅 伸啓 (ShintakuNobuhiro) for reporting this clarification issue. Closes #8580 --- windows/client-management/mdm/policy-csp-update.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 5403dbf610..11b7b08a4d 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -461,11 +461,6 @@ Enables the IT admin to manage automatic update behavior to scan, download, and Supported operations are Get and Replace. - -> [!IMPORTANT] -> This option should be used only for systems under regulatory compliance, as you will not get security updates as well. - - If the policy is not configured, end-users get the default behavior (Auto install and restart). @@ -488,6 +483,11 @@ The following list shows the supported values: - 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only. - 5 – Turn off automatic updates. + +> [!IMPORTANT] +> This option should be used only for systems under regulatory compliance, as you will not get security updates as well. + + From bfce7c598bf97d4bf1f07dd83c691dcd62bb8848 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 4 Nov 2020 21:51:59 +0500 Subject: [PATCH 14/18] Update windows/security/threat-protection/microsoft-defender-atp/apis-intro.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/apis-intro.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md index ebf717e331..ed7b21ccdf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md +++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md @@ -57,7 +57,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User - **User Context:**
Used to perform actions in the API on behalf of a user. - Steps that needs to be taken to access Microsoft Defender ATP API with user context: + Steps that need to be taken to access Microsoft Defender ATP API with user context: 1. Create AAD Native-Application. 2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 3. Get token using the application with user credentials. From 2d6bba7c64209ef0ac3cb3ff0dd6ec635b520d90 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 4 Nov 2020 21:58:16 +0500 Subject: [PATCH 15/18] Update windows/security/threat-protection/security-policy-settings/password-policy.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../security-policy-settings/password-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md index f4b1f58262..4e9a967608 100644 --- a/windows/security/threat-protection/security-policy-settings/password-policy.md +++ b/windows/security/threat-protection/security-policy-settings/password-policy.md @@ -38,7 +38,7 @@ You can configure the password policy settings in the following location by usin **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy** -This group policy is applied on domain level. If individual groups require distinct password policies, consider using of fine-grained password policies, as described above. +This group policy is applied on the domain level. If individual groups require distinct password policies, consider using fine-grained password policies, as described above. The following topics provide a discussion of password policy implementation and best practices considerations, policy location, default values for the server type or GPO, relevant differences in operating system versions, security considerations (including the possible vulnerabilities of each setting), countermeasures that you can take, and the potential impact for each setting. From 216a2c77341eb58a1eff3fd2954d260606eeeb54 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 4 Nov 2020 22:12:34 +0500 Subject: [PATCH 16/18] Update minimum-requirements.md --- .../microsoft-defender-atp/minimum-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index b659b20797..0b66e73431 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -51,7 +51,7 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options: -- [Azure Security Center Standard plan](https://docs.microsoft.com/azure/security-center/security-center-pricing) (per node) +- [Azure Security Center with enabled Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-pricing) - Microsoft Defender ATP for Servers (one per covered Server) > [!NOTE] From 872f48fd4f039627377c8edb4f2087951c47ed30 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 4 Nov 2020 09:58:15 -0800 Subject: [PATCH 17/18] Update minimum-requirements.md --- .../microsoft-defender-atp/minimum-requirements.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index 0b66e73431..0f05ee52c8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -51,8 +51,8 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options: -- [Azure Security Center with enabled Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-pricing) -- Microsoft Defender ATP for Servers (one per covered Server) +- [Azure Security Center with Azure Defender enabled](https://docs.microsoft.com/azure/security-center/security-center-pricing) +- Microsoft Defender ATP for Servers (one per covered server) > [!NOTE] > Customers with a combined minimum of 50 licenses for one or more of the following may acquire Server SLs for Microsoft Defender Advanced Threat Protection for Servers (one per covered Server OSE): Microsoft Defender Advanced Threat Protection, Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs. This license applies to Microsoft Defender ATP for Linux. From 5e3fa651980166275c396d6388fddd9bed17b1bd Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 4 Nov 2020 09:59:57 -0800 Subject: [PATCH 18/18] Update policy-csp-update.md --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 11b7b08a4d..df70a21a7c 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 10/21/2020 +ms.date: 11/03/2020 ms.reviewer: manager: dansimp ---