From 1e0dfdc204ef5e02eb0f4a351d80fb586fea7106 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 5 Jul 2018 10:24:54 -0700 Subject: [PATCH 1/4] move security center app --- windows/security/threat-protection/TOC.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 7752e6c2e5..be580f9aa2 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -222,8 +222,6 @@ ### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md) ## [Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md) -### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md) - ### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md) ### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md) @@ -287,7 +285,7 @@ #### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md) #### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md) - +## [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md) ## [Windows Defender Exploit Guard](windows-defender-exploit-guard\windows-defender-exploit-guard.md) ### [Evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md) From 54dcfe380db8c31b9f71a753b657deef31eed8ba Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 5 Jul 2018 10:33:52 -0700 Subject: [PATCH 2/4] fix ca --- windows/security/threat-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index be580f9aa2..f41fb07b2f 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -96,7 +96,7 @@ ##### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md) -## [Protect users, data, and devices with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md) +### [Protect users, data, and devices with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md) ###API and SIEM support #### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md) From 7737b73c8e19618c4a5f3e178a7479cb95e96c96 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Thu, 5 Jul 2018 11:20:54 -0700 Subject: [PATCH 3/4] fixed sentence fragment --- windows/deployment/upgrade/upgrade-readiness-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md index ac75385be4..6e85f14d18 100644 --- a/windows/deployment/upgrade/upgrade-readiness-requirements.md +++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md @@ -40,7 +40,7 @@ While Upgrade Readiness can be used to assist with updating devices from Windows Upgrade Readiness is offered as a solution in Microsoft Operations Management Suite (OMS) and Azure Log Analytics, a collection of cloud based services for managing on premises and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/) or the Azure [Log Analytics overview](https://azure.microsoft.com/services/log-analytics/). -If you’re already using OMS or Azure Log Analytics, you’ll find Upgrade Readiness in the Solutions Gallery. Click the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution’s details page. Upgrade Readiness is now visible in your workspace. You can also +If you’re already using OMS or Azure Log Analytics, you’ll find Upgrade Readiness in the Solutions Gallery. Click the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution’s details page. Upgrade Readiness is now visible in your workspace. If you are not using OMS or Azure Log Analytics, go to [Log Analytics](https://azure.microsoft.com/services/log-analytics/) on Microsoft.com and select **Start free** to start the setup process. During the process, you’ll create a workspace and add the Upgrade Readiness solution to it. From acee3e2cca06c708fe943b612f70ab2f4d8ac0cc Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Thu, 5 Jul 2018 19:37:59 +0000 Subject: [PATCH 4/4] Merged PR 9571: Sediment pack events added to RS3 events and fields --- ...ndows-diagnostic-events-and-fields-1709.md | 91 ++++++++++++++++++- 1 file changed, 86 insertions(+), 5 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index 35e98f0a3c..072587c84a 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -6,10 +6,10 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium -author: eross-msft -ms.author: lizross -ms.date: 03/13/2018 +localizationpriority: high +author: danihalfin +ms.author: daniha +ms.date: 06/20/2018 --- @@ -2773,11 +2773,92 @@ The following fields are available: - **UserGuid** The CEIP user ID. +## Remediation events + +>[!NOTE] +>Events from this provider are sent with the installation of KB4023057 and any subsequent Windows update. For details, see [this support article](https://support.microsoft.com/help/4023057). + +### Microsoft.Windows.Remediation.Applicable + +Reports whether a specific remediation to issues preventing security and quality updates is applicable based on detection. + +The following fields are available: + +- **CV** Correlation vector. +- **DetectedCondition** Boolean true if detect condition is true and perform action will be run. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by the remediation system. +- **PackageVersion** Current package version of Remediation. +- **PluginName** Name of the remediation plugin specified for each generic plugin event. +- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated is disabled. +- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS. +- **RemediationShellDeviceSccm** TRUE if the device is SCCM managed. +- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely. +- **Result** Result for detection or perform action phases of the remediation system. + +### Microsoft.Windows.Remediation.ChangePowerProfileDetection + +Indicates whether the remediation system can put in a request to defer a system-initiated sleep to enable installation of security or quality updates. + +The following fields are available: + +- **ActionName** A descriptive name for the plugin action. +- **CurrentPowerPlanGUID** The ID of the current power plan configured on the device. +- **CV** Correlation vector. +- **GlobalEventCounter** Counter that indicates the ordering of events on the device. +- **PackageVersion** Current package version of remediation service. +- **RemediationBatteryPowerBatteryLevel** Integer between 0 and 100 indicating % battery power remaining (if not on battery, expect 0). +- **RemediationFUInProcess** Result that shows whether the device is currently installing a feature update. +- **RemediationScanInProcess** Result that shows whether the device is currently scanning for updates. +- **RemediationTargetMachine** Result that shows whether this device is a candidate for remediation(s) that will fix update issues. +- **SetupMutexAvailable** Result that shows whether setup mutex is available or not. +- **SysPowerStatusAC** Result that shows whether system is on AC power or not. + +### Microsoft.Windows.Remediation.Completed + +Enables tracking the completion of a process that remediates issues preventing security and quality updates. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by the remediation system. +- **PackageVersion** Current package version of Remediation. +- **PluginName** Name of the specific remediation for each generic plugin event. +- **RemediationNoisyHammerTaskKickOffIsSuccess** Event that indicates the Update Assistant task has been started successfully. +- **Result** Indicates whether the remediation has completed. + +### Microsoft.Windows.Remediation.RemediationShellMainExeEventId + +Enables tracking the ID of a process that remediates issues preventing security and quality updates. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by the remediation system. +- **PackageVersion** Current package version of Remediation. +- **RemediationShellCanAcquireSedimentMutex** True if the remediation was able to acquire the sediment mutex. False if it is already running. +- **RemediationShellExecuteShellResult** Indicates if the remediation system completed without errors. +- **RemediationShellFoundDriverDll** Indicates whether the remediation system found its component files to run properly. +- **RemediationShellLoadedShellDriver** Indicates whether the remediation system loaded its component files to run properly. +- **RemediationShellLoadedShellFunction** Indicates whether the remediation system loaded the functions from its component files to run properly. + +### Microsoft.Windows.Remediation.Started + +Enables tracking the start of a process that remediates issues preventing security and quality updates. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by the remediation system. +- **PackageVersion** Current package version of Remediation. +- **PluginName** Name of the specific remediation for each generic plugin event. +- **Result** Results of the detection or perform action phases of the remediation system. + + ## Setup events ### SetupPlatformTel.SetupPlatformTelActivityStarted -"This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date. " +This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date. The following fields are available: