From 9454c60855e65a97d6bb5dbad76d00fd23c64b3c Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 11 Jun 2018 12:53:42 +0000 Subject: [PATCH 01/19] Revert "Merged PR 8963: Remove a statement from MicrosoftNetworkClient policy. This a real edit change. Thanks." --- .../policy-configuration-service-provider.md | 16 - ...policy-csp-localpoliciessecurityoptions.md | 365 +++--------------- 2 files changed, 64 insertions(+), 317 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 921e2c246d..403a5e2cb4 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2048,18 +2048,12 @@ The following diagram shows the Policy configuration service provider in tree fo
LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
-
- LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways -
LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
-
- LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession -
LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
@@ -2081,9 +2075,6 @@ The following diagram shows the Policy configuration service provider in tree fo
LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
-
- LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM -
LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
@@ -2093,9 +2084,6 @@ The following diagram shows the Policy configuration service provider in tree fo
LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
-
- LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients -
LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
@@ -4419,21 +4407,17 @@ The following diagram shows the Policy configuration service provider in tree fo - [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon) - [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon) - [LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior) -- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways) - [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees) - [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers) -- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession) - [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways) - [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsifclientagrees) - [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccounts) - [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccountsandshares) - [LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictanonymousaccesstonamedpipesandshares) - [LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam) -- [LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm) - [LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests) - [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange) - [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel) -- [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients) - [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers) - [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication) - [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index ce338ff2ae..49a48f512a 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -6,14 +6,11 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 06/05/2018 +ms.date: 04/06/2018 --- # Policy CSP - LocalPoliciesSecurityOptions -> [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -
@@ -84,18 +81,12 @@ ms.date: 06/05/2018
LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
-
- LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways -
LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
-
- LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession -
LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
@@ -117,9 +108,6 @@ ms.date: 06/05/2018
LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
-
- LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM -
LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
@@ -129,9 +117,6 @@ ms.date: 06/05/2018
LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
-
- LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients -
LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
@@ -853,6 +838,15 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + + + + + + +
@@ -920,6 +914,15 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + + + + + + +
@@ -982,6 +985,15 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + + + + + + +
@@ -1483,83 +1495,6 @@ GP Info:
- -**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways** - - - - - - - - - - - - - - - - - - - - - -
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark5check mark5check mark5check mark5
- - - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Microsoft network client: Digitally sign communications (always) - -This security setting determines whether packet signing is required by the SMB client component. - -The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted. - -If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server. - -Default: Disabled. - - -Notes - -All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: -Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. -Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. -Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. -Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. -SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. -For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - - - -GP Info: -- GP English name: *Microsoft network client: Digitally sign communications (always)* -- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - - - - - - - - - - - -
- **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees** @@ -1683,72 +1618,6 @@ GP Info:
- -**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession** - - - - - - - - - - - - - - - - - - - - - -
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark5check mark5check mark5check mark5
- - - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Microsoft network server: Amount of idle time required before suspending a session - -This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity. - -Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished. - -For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy. - -Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations. - - - -GP Info: -- GP English name: *Microsoft network server: Amount of idle time required before suspending session* -- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - - - - - - - - - - - -
- **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways** @@ -2182,78 +2051,6 @@ GP Info:
- -**LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM** - - - - - - - - - - - - - - - - - - - - - -
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark5check mark5check mark5check mark5
- - - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Network security: Allow Local System to use computer identity for NTLM - -This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication. - -If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error. - -If you disable this policy setting, services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously. - -By default, this policy is enabled on Windows 7 and above. - -By default, this policy is disabled on Windows Vista. - -This policy is supported on at least Windows Vista or Windows Server 2008. - -Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy. - - - -GP Info: -- GP English name: *Network security: Allow Local System to use computer identity for NTLM* -- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - - - - - - - - - - - -
- **LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests** @@ -2449,75 +2246,6 @@ GP Info:
- -**LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients** - - - - - - - - - - - - - - - - - - - - - -
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark5check mark5check mark5check mark5
- - - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Network security: Minimum session security for NTLM SSP based (including secure RPC) clients - -This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: - -Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated. -Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated. - -Default: - -Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements. - -Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - - - -GP Info: -- GP English name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) clients* -- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - - - - - - - - - - - -
- **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers** @@ -2631,6 +2359,15 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + + + + + + +
@@ -2692,6 +2429,15 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + + + + + + +
@@ -2753,6 +2499,15 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + + + + + + +
@@ -2814,6 +2569,15 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + + + + + + +
@@ -3642,7 +3406,6 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. -- 5 - Added in the next major release of Windows 10. From c9871554bb25ae15e56c4758298cc4d223d6d087 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 28 Sep 2019 05:43:15 +0500 Subject: [PATCH 02/19] Added query as example Added query in the document as an example. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4904 --- .../microsoft-defender-atp/custom-detection-rules.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 0af9f2e7a8..60f414ff15 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -26,7 +26,7 @@ ms.topic: article Custom detection rules built from [Advanced hunting](overview-hunting.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured machines. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches. >[!NOTE] ->To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. +>To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. ## Create a custom detection rule ### 1. Prepare the query. @@ -36,6 +36,13 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an >[!NOTE] >To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that don’t use the `project` operator to customize results usually return these common columns. +>[Example] +>MiscEvents +| where EventTime > ago(7d) +| where ActionType == "AntivirusDetection" +| summarize (EventTime, ReportId)=arg_max(EventTime, ReportId), count() by MachineId +This will fetch latest EventTime and ReportId of the latest event among multiple events returned by the query and adds the count by MachineId. + ### 2. Create new rule and provide alert details. With the query in the query editor, select **Create detection rule** and specify the following alert details: From f498ca39b7602921d31ca37308c66b4eb95fb65f Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 28 Sep 2019 09:34:03 +0500 Subject: [PATCH 03/19] Update windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/custom-detection-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 60f414ff15..5b4ec78036 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -41,7 +41,7 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an | where EventTime > ago(7d) | where ActionType == "AntivirusDetection" | summarize (EventTime, ReportId)=arg_max(EventTime, ReportId), count() by MachineId -This will fetch latest EventTime and ReportId of the latest event among multiple events returned by the query and adds the count by MachineId. +This will fetch the EventTime and ReportId of the latest event from multiple events returned by the query and adds the count by MachineId. ### 2. Create new rule and provide alert details. From 732026c25b6bf9a1a9c24f46305c4ae6130555c8 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 29 Sep 2019 19:06:38 +0500 Subject: [PATCH 04/19] Update windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/custom-detection-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 5b4ec78036..21b18db365 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -25,7 +25,7 @@ ms.topic: article Custom detection rules built from [Advanced hunting](overview-hunting.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured machines. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches. ->[!NOTE] +> [!NOTE] >To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. ## Create a custom detection rule From 83dd94f49335bb2b079ceaeda68cd2ec18c38f43 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 29 Sep 2019 19:06:47 +0500 Subject: [PATCH 05/19] Update windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/custom-detection-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 21b18db365..7d640952cc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -26,7 +26,7 @@ ms.topic: article Custom detection rules built from [Advanced hunting](overview-hunting.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured machines. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches. > [!NOTE] ->To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. +> To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. ## Create a custom detection rule ### 1. Prepare the query. From 1988d93b9fc1b0d7da120f828c0a9a38f6749fcf Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 29 Sep 2019 19:06:54 +0500 Subject: [PATCH 06/19] Update windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/custom-detection-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 7d640952cc..83f895f0c4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -33,7 +33,7 @@ Custom detection rules built from [Advanced hunting](overview-hunting.md) querie In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using an new query, run the query to identify errors and understand possible results. ->[!NOTE] +> [!NOTE] >To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that don’t use the `project` operator to customize results usually return these common columns. >[Example] From a1009d8c7c9c8e791bd69137c19d92506d670f53 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 29 Sep 2019 19:07:02 +0500 Subject: [PATCH 07/19] Update windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/custom-detection-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 83f895f0c4..627c14ca58 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -36,7 +36,7 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an > [!NOTE] >To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that don’t use the `project` operator to customize results usually return these common columns. ->[Example] +> [Example] >MiscEvents | where EventTime > ago(7d) | where ActionType == "AntivirusDetection" From 99fa2ef07fa7a4642ebaa157af5f6569d20f35d9 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 29 Sep 2019 19:07:10 +0500 Subject: [PATCH 08/19] Update windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/custom-detection-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 627c14ca58..fb9e202863 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -34,7 +34,7 @@ Custom detection rules built from [Advanced hunting](overview-hunting.md) querie In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using an new query, run the query to identify errors and understand possible results. > [!NOTE] ->To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that don’t use the `project` operator to customize results usually return these common columns. +> To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that don’t use the `project` operator to customize results usually return these common columns. > [Example] >MiscEvents From 892411670327a3387d8b8f18fe3c21b0b0f63924 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 29 Sep 2019 19:07:21 +0500 Subject: [PATCH 09/19] Update windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/custom-detection-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index fb9e202863..19f8bc230f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -37,7 +37,7 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an > To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that don’t use the `project` operator to customize results usually return these common columns. > [Example] ->MiscEvents +> MiscEvents | where EventTime > ago(7d) | where ActionType == "AntivirusDetection" | summarize (EventTime, ReportId)=arg_max(EventTime, ReportId), count() by MachineId From 06a38e3bc57a9a17be790dc10a6db27833e624c8 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Tue, 1 Oct 2019 13:54:56 +0500 Subject: [PATCH 10/19] Update windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/custom-detection-rules.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 19f8bc230f..fbb2aa14e6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -41,6 +41,7 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an | where EventTime > ago(7d) | where ActionType == "AntivirusDetection" | summarize (EventTime, ReportId)=arg_max(EventTime, ReportId), count() by MachineId +| where count_ > 5 This will fetch the EventTime and ReportId of the latest event from multiple events returned by the query and adds the count by MachineId. ### 2. Create new rule and provide alert details. From 010644b58b450c352b24a2b33b1d6bbdd76c8478 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Tue, 1 Oct 2019 07:49:08 -0700 Subject: [PATCH 11/19] Update custom-detection-rules.md Editing the file directly to reduce back and forth. --- .../microsoft-defender-atp/custom-detection-rules.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index fbb2aa14e6..2e925f762d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -36,13 +36,15 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an > [!NOTE] > To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that don’t use the `project` operator to customize results usually return these common columns. -> [Example] -> MiscEvents +The sample query below counts the number of unique machines (`MachineId`) with antivirus detections and uses this count to find only the machines with more than five detections. To return the latest `EventTime` and the corresponding `ReportId`, it uses the `summarize` operator with the `arg_max` function. + +``` +MiscEvents | where EventTime > ago(7d) | where ActionType == "AntivirusDetection" | summarize (EventTime, ReportId)=arg_max(EventTime, ReportId), count() by MachineId | where count_ > 5 -This will fetch the EventTime and ReportId of the latest event from multiple events returned by the query and adds the count by MachineId. +``` ### 2. Create new rule and provide alert details. From dc848851379b2f9195281187ebe75e4d60db53fd Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Tue, 1 Oct 2019 11:57:58 -0700 Subject: [PATCH 12/19] Updates for hardware event 8-30 a.m October 2 --- devices/surface/TOC.md | 2 + devices/surface/change-history-for-surface.md | 9 +- devices/surface/deploy.md | 13 +- .../surface/surface-pro-arm-app-management.md | 169 ++++++++++++++++++ .../surface-pro-arm-app-performance.md | 26 +++ 5 files changed, 213 insertions(+), 6 deletions(-) create mode 100644 devices/surface/surface-pro-arm-app-management.md create mode 100644 devices/surface/surface-pro-arm-app-performance.md diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index d402397000..d54bae662a 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -21,6 +21,8 @@ ## Deploy ### [Deploy Surface devices](deploy.md) +### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) +### [Windows 10 ARM-based PC app compatibility] (surface-pro-arm-app-performance.md) ### [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) ### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) ### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index 5e115df5df..2b70fe9dc4 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -15,12 +15,17 @@ ms.topic: article This topic lists new and updated topics in the Surface documentation library. +## October 2019 + +| **New or changed topic** | **Description** | +| ------------------------ | --------------- | +| [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)| New document providing an overview of key considerations for deploying, managing, and servicing Surface Pro X.| + ## September 2019 | **New or changed topic** | **Description** | | ------------------------ | --------------- | -| [Surface Dock Firmware Update](surface-dock-firmware-update.md)| New document for Microsoft Surface Dock Firmware Update, newly redesigned to automatically update Surface Dock firmware while running in the background on your Surface device.| - +| [Surface Dock Firmware Update](surface-dock-firmware-update.md)| New document for Microsoft Surface Dock Firmware Update, newly redesigned to update Surface Dock firmware while running in the background on your Surface device.| ## August 2019 diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md index c0b2ec4e85..289f0aedf7 100644 --- a/devices/surface/deploy.md +++ b/devices/surface/deploy.md @@ -15,7 +15,15 @@ ms.topic: article # Deploy Surface devices -Get deployment guidance for your Surface devices including information about Microsoft Deployment Toolkit (MDT), out-of-box-experience (OOBE) customization, Ethernet adaptors, Surface Deployment Accelerator, and the Battery Limit setting. +Learn about about deploying Surface devices using Windows Autopilot or on-premises tools. + +## Deploying ARM-based devices + +| Topic | Description | +| --- | --- | +| [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) | Get an overview of key considerations for deploying, managing, and servicing Surface Pro X running the Microsoft SQ1 ARM processor. | +| [Get application compatibility information for Surface Pro X](surface-pro-arm-app-performance.md) | Learn about key app deployment considerations for Surface Pro X. | + ## In this section @@ -36,9 +44,6 @@ Get deployment guidance for your Surface devices including information about Mic ## Related topics - -[Surface TechCenter](https://technet.microsoft.com/windows/surface) - [Surface for IT pros blog](http://blogs.technet.com/b/surface/)   diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md new file mode 100644 index 0000000000..5ff1cb1ec7 --- /dev/null +++ b/devices/surface/surface-pro-arm-app-management.md @@ -0,0 +1,169 @@ +--- +title: Deploying, managing, and servicing Surface Pro X +description: This article provides an overview of key considerations for deploying, managing, and servicing Surface Pro X. +ms.prod: w10 +ms.mktglfcycl: manage +ms.localizationpriority: normal +ms.sitesec: library +author: dansimp +ms.author: dansimp +ms.topic: article +ms.date: 10/03/2019 +ms.reviewer: jessko +manager: dansimp +ms.audience: itpro +--- +# Deploying, managing, and servicing Surface Pro X + +## Introduction + +Built to handle high performance commercial requirements, Surface Pro X breaks new ground by incorporating the most powerful processor ever released on an ARM device, the Microsoft SQ1 ARM chipset. + +Powered by a 3GHz CPU and a 2.1 teraflop GPU, Surface Pro X delivers a full Windows experience. Its 13-hour battery life and built-in 4G LTE make it ideally suited for mobile first-line workers and professionals across the financial, legal, and medical fields or any role demanding extended battery life and continuous connectivity capabilities. + +Surface Pro X is designed almost exclusively for a modern, cloud-based environment centered around Microsoft 365, Intune and Windows Autopilot. This article highlights what that looks like and outlines key considerations for deploying, managing, and servicing Surface Pro X. + +## Deploying Surface Pro X + +For the best experience, deploy Surface Pro X using Windows Autopilot either with the assistance of a Microsoft Cloud Solution Provider or self-provisioned using Autopilot deployment profiles and related features. For more information, refer to: + +- [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) +- [Adding devices to Windows Autopilot](windows/deployment/windows-autopilot/add-devices.md) + +Autopilot deployment has several advantages: It allows you to use the factory provisioned operating system, streamlined for zero-touch deployment, to include pre-installation of Office Pro Plus. + +Organizations already using modern management, security, and productivity solutions are well positioned to take advantage of the unique performance features in Surface Pro X. Customers using modernized line of business apps, Microsoft store (UWP) apps, or remote desktop solutions also stand to benefit. + +## Image-based deployment considerations + +Surface Pro X will be released without a standard Windows .ISO deployment image, which means it’s not easily deployable using established tools like the Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager (SCCM) aka ConfiMgr. Customers relying on image-based deployment may wish to consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud. + +## Managing Surface Pro X devices + +### Intune + +A component of Microsoft Enterprise Mobility + Security, Intune integrates with Azure Active Directory for identity and access control and provides granular management of enrolled Surface Pro X devices. Intune mobile device management (MDM) policies have a number of advantages over older on-premises tools such as Windows Group Policy. This includes faster device login times and a more streamlined catalog of policies enabling full device management from the cloud. For example, you can manage LTE using eSIM profiles to configure data plans and deploy activation codes to multiple devices.
+ +For more information about setting up Intune, refer to the [Intune documentation](https://docs.microsoft.com/intune/). + +### Co-management + +Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with SCCM, which will install the 32-bit x86 ConfigMgr client. + +### Third party MDM solutions + +You may be able to use third-party MDM tools to manage Surface Pro X devices. For details, contact your MDM provider. + +### Antivirus software + +Windows Defender will help protect Windows 10 on ARM-based PCs for the supported lifetime of the Windows 10 device. + +Some third-party antivirus software cannot be installed on a Windows 10 PC running on an ARM-based processor. Collaboration with third-party antivirus software providers is continuing for AV app readiness on on ARM-based PCs. Contact the antivirus software provider to understand when their apps will be available. + +## Servicing Surface Pro X + +Outside of personal devices that rely on Windows Update, servicing devices in most corporate environments requires downloading and managing the deployment of .MSI files to update target devices. Once Surface Pro X becomes available, refer to the following documentation, which will include guidance for servicing Surface Pro X: + +- [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). + +> [!NOTE] +> Surface Pro X supports Windows 10, version 1903 and later. + +## Running apps on Surface Pro X + +Most apps run on ARM-based Windows 10 PCs with limited exclusions. + +### Supported apps + +- Most x86 Win32 apps run on Surface Pro X. +- Native ARM64 and Microsoft Store UWP apps provide an excellent user experience utilizing the full native speed of the ARM-based processor while optimizing battery life. +- Apps that use drivers designed for a Windows 10 PC running on an ARM-based processor. + +### Not supported + +- x64 apps won't run on a Windows 10 PC on an ARM-based processor. + +For more information about running apps on Surface Pro X, refer to: + +- [Windows 10 ARM-based PCs Support FAQ](https://support.microsoft.com/help/4521606) +- [Windows 10 on ARM documentation](https://docs.microsoft.com/windows/arm) +- [Desktop App Assure](https://docs.microsoft.com/fasttrack/win-10-desktop-app-assure) + +## Virtual Desktops (VDI) + +Windows Virtual Desktop enables access to Windows desktops,applications, and data on any computing device or platform, from any location. To learn more, refer to the [Windows Virtual Desktop site](https://aka.ms/wvd). + +## Browsing with Surface Pro X + +Popular browsers run on Surface Pro X: + +- In-box Edge, Firefox, Chrome, and Internet Explorer all run on Surface Pro X. +- In-box Edge and Firefox run natively and therefore have enhanced performance on a Windows 10 PC on an ARM-based processor. + +## Installing and using Microsoft Office + +- Use Office 365 for the best experience on a Windows 10 PC on an ARM-based processor. +- Office 365 “click-to-run” installs Outlook, Word, Excel, and PowerPoint, optimized to run on a Windows 10 PC on an ARM-based processor. +- Microsoft Teams runs great on Surface Pro X. +- For “perpetual versions” of Office such as Office 2019, install the 32-bit version. + +## VPN + +To confirm if a specific third-party VPN supports a Windows 10 PC on an ARM-based processor, contact the VPN provider. + +## Comparing key features + +The following tables show the availability of selected key features on Surface Pro X with Windows 10 on ARM compared to Intel-based Surface Pro 7. + +| Deployment | Surface Pro 7 | Surface Pro X | Notes | +| --------------------------------------- | ------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------- | +| Windows Autopilot | Yes | Yes | | +| Support for Network Boot (PXE) | Yes | Yes | | +| Windows Configuration Designer | Yes | No | Not recommended for Surface Pro X. | +| WinPE | Yes | Yes | Not recommended for Surface Pro X. Microsoft does not provide the necessary .ISO and drivers to support WinPE with Surface Pro X. | +| SCCM: Operating System Deployment (OSD) | Yes | No | Not recommended for Surface Pro X. | +| MDT | Yes | No | Not recommended for Surface Pro X. | + + +| Management | Surface Pro 7 | Surface Pro X | Notes | +| --------------------------------------------- | ------------------- | ------------- | ------------------------------------------------------------------------------------- | +| Intune | Yes | Yes | Manage LTE with eSIM profiles. | +| Windows Autopilot | Yes | Yes | | +| Azure AD (co-management) | Yes | Yes | Ability to join Surface Pro X to Azure AD or Active Directory (Hybrid Azure AD Join). | +| SCCM | Yes | Yes | | +| Power on When AC Restore | Yes | Yes | **** | +| Surface Diagnostic Toolkit (SDT) for Business | Yes | Yes | **** | +| Surface Dock Firmware Update | Yes | Yes | **** | +| Asset Tag Utility | Yes | Yes | **** | +| Surface Enterprise management Mode (SEMM) | Hardware & Software | Partial | No option to disable hardware on Surface Pro X at the firmware level. | +| Surface UEFI Configurator | Hardware & Software | | No option to disable hardware. on Surface Pro X at the firmware level. | +| Surface UEFI Manager | Hardware & Software | Partial | No option to disable hardware on Surface Pro X at the firmware level. | + + +| Security | Surface Pro 7 | Surface Pro X | Notes | +| --------------------------------- | ------------- | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| BitLocker | Yes | Yes | | +| Windows Defender | Yes | Yes | | +| Support for third-party antivirus | Yes | See note | Some third-party antivirus software can’t be installed on a Windows 10 PC running on an ARM-based processor. Microsoft is working with third-party antivirus software providers so they can make their apps ready for Windows 10 on an ARM-based processor. Contact the antivirus software provider to understand when their apps will be available. | +| Conditional Access | Yes | Yes | | +| Secure Boot | Yes | Yes | | +| Windows Information Protection | Yes | Yes | | +| Surface Data Eraser (SDE) | Yes | Yes | | + +## FAQ + +### Will an OS image be available at launch? + +No. Surface Pro X will be released without a standard Windows .ISO deployment image, which means it’s not supported on the Microsoft Deployment Toolkit (MDT) or operating system deployment methods using System Center Configuration Manager (SCCM) aka ConfiMgr. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud. + +### How can I deploy Surface Pro X? + +Deploy Surface Pro X using Windows Autopilot. + +### Will a BMR be available? + +Yes. + +### Is Intune required to manage Surface Pro X? + +Intune is recommended but not required. Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with SCCM, which will install the 32-bit x86 ConfigMgr client. diff --git a/devices/surface/surface-pro-arm-app-performance.md b/devices/surface/surface-pro-arm-app-performance.md new file mode 100644 index 0000000000..a99ad649f9 --- /dev/null +++ b/devices/surface/surface-pro-arm-app-performance.md @@ -0,0 +1,26 @@ +--- +title: Windows 10 ARM-based PC app compatibility +description: This article provides introductory app compatibility information for Surface Pro X ARM-based PCs. +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +author: dansimp +ms.author: dansimp +ms.topic: article +ms.date: 10/03/2019 +ms.reviewer: jessko +manager: dansimp +ms.audience: itpro +--- +# Windows 10 ARM-based PC app compatibility + +Applications run differently on a Windows 10 ARM-based PC such as Surface Pro X. Limitations include the following: + +- **Drivers for hardware, games and apps will only work if they're designed for a Windows 10 ARM-based PC**. For more info, check with the hardware manufacturer or the organization that developed the driver. Drivers are software programs that communicate with hardware devices—they're commonly used for antivirus and antimalware software, printing or PDF software, assistive technologies, CD and DVD utilities, and virtualization software. If a driver doesn’t work, the app or hardware that relies on it won’t work either (at least not fully). Peripherals and devices only work if the drivers they depend on are built into Windows 10, or if the hardware developer has released ARM64 drivers for the device. +- **64-bit (x64) apps won’t work**. You'll need 64-bit (ARM64) apps, 32-bit (ARM32) apps, or 32-bit (x86) apps. You can usually find 32-bit (x86) versions of apps, but some app developers only offer 64-bit (x64) apps. +- **Certain games won’t work**. Games and apps won't work if they use a version of OpenGL greater than 1.1, or if they rely on "anti-cheat" drivers that haven't been made for Windows 10 ARM-based PCs. Check with your game publisher to see if a game will work. +- **Apps that customize the Windows experience might have problems**. This includes some input method editors (IMEs), assistive technologies, and cloud storage apps. The organization that develops the app determines whether their app will work on a Windows 10 ARM-based PC. +- **Some third-party antivirus software can’t be installed**. You won't be able to install some third-party antivirus software on a Windows 10 ARM-based PC. However, Windows Security will help keep you safe for the supported lifetime of your Windows 10 device. +- **Windows Fax and Scan isn’t available**. This feature isn’t available on a Windows 10 ARM-based PC. + +For more information about app compatibility, refer to [Windows 10 ARM-based PCs FAQ](https://support.microsoft.com/en-us/help/4521606) From d2fda21b666110f76bf8cde1682656e589530c08 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Tue, 1 Oct 2019 12:34:30 -0700 Subject: [PATCH 13/19] Updates for Hardware event October 2 0830 --- devices/surface/TOC.md | 4 ++-- devices/surface/change-history-for-surface.md | 2 +- devices/surface/deploy.md | 7 ++++--- devices/surface/surface-pro-arm-app-management.md | 10 +++++----- devices/surface/surface-pro-arm-app-performance.md | 2 +- 5 files changed, 13 insertions(+), 12 deletions(-) diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index d54bae662a..bbe7ce7519 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -22,8 +22,8 @@ ## Deploy ### [Deploy Surface devices](deploy.md) ### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) -### [Windows 10 ARM-based PC app compatibility] (surface-pro-arm-app-performance.md) -### [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) +### [Windows 10 ARM-based PC app compatibility](surface-pro-arm-app-performance.md) +### [Deploy the latest firmware & drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) ### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) ### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) ### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index 2b70fe9dc4..dcff7acd6d 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -19,7 +19,7 @@ This topic lists new and updated topics in the Surface documentation library. | **New or changed topic** | **Description** | | ------------------------ | --------------- | -| [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)| New document providing an overview of key considerations for deploying, managing, and servicing Surface Pro X.| +| [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)| New document highlighting key considerations for deploying, managing, and servicing Surface Pro X.| ## September 2019 diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md index 289f0aedf7..08149e26b7 100644 --- a/devices/surface/deploy.md +++ b/devices/surface/deploy.md @@ -15,17 +15,18 @@ ms.topic: article # Deploy Surface devices -Learn about about deploying Surface devices using Windows Autopilot or on-premises tools. +Learn about about deploying ARM- and Intel-based Surface devices. ## Deploying ARM-based devices | Topic | Description | | --- | --- | | [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) | Get an overview of key considerations for deploying, managing, and servicing Surface Pro X running the Microsoft SQ1 ARM processor. | -| [Get application compatibility information for Surface Pro X](surface-pro-arm-app-performance.md) | Learn about key app deployment considerations for Surface Pro X. | +| [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) | Learn about Autopilot, the recommended method for deploying Surface Pro X. | +| [Windows 10 ARM-based PC app compatibility](surface-pro-arm-app-performance.md) | Review app compatibility guidance for Surface Pro X. | -## In this section +## Deploying Intel-based devices | Topic | Description | | --- | --- | diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index 5ff1cb1ec7..a12014203f 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -19,7 +19,7 @@ ms.audience: itpro Built to handle high performance commercial requirements, Surface Pro X breaks new ground by incorporating the most powerful processor ever released on an ARM device, the Microsoft SQ1 ARM chipset. -Powered by a 3GHz CPU and a 2.1 teraflop GPU, Surface Pro X delivers a full Windows experience. Its 13-hour battery life and built-in 4G LTE make it ideally suited for mobile first-line workers and professionals across the financial, legal, and medical fields or any role demanding extended battery life and continuous connectivity capabilities. +Powered by a 3GHz CPU and a 2.1 teraflop GPU, Surface Pro X provides a full Windows experience. Its 13-hour battery life and built-in 4G LTE make it ideally suited for mobile first-line workers and professionals across the financial, legal, and medical fields or any role demanding extended battery life and continuous connectivity capabilities. Surface Pro X is designed almost exclusively for a modern, cloud-based environment centered around Microsoft 365, Intune and Windows Autopilot. This article highlights what that looks like and outlines key considerations for deploying, managing, and servicing Surface Pro X. @@ -131,10 +131,10 @@ The following tables show the availability of selected key features on Surface P | Windows Autopilot | Yes | Yes | | | Azure AD (co-management) | Yes | Yes | Ability to join Surface Pro X to Azure AD or Active Directory (Hybrid Azure AD Join). | | SCCM | Yes | Yes | | -| Power on When AC Restore | Yes | Yes | **** | -| Surface Diagnostic Toolkit (SDT) for Business | Yes | Yes | **** | -| Surface Dock Firmware Update | Yes | Yes | **** | -| Asset Tag Utility | Yes | Yes | **** | +| Power on When AC Restore | Yes | Yes | | +| Surface Diagnostic Toolkit (SDT) for Business | Yes | Yes | | +| Surface Dock Firmware Update | Yes | Yes | | +| Asset Tag Utility | Yes | Yes | | | Surface Enterprise management Mode (SEMM) | Hardware & Software | Partial | No option to disable hardware on Surface Pro X at the firmware level. | | Surface UEFI Configurator | Hardware & Software | | No option to disable hardware. on Surface Pro X at the firmware level. | | Surface UEFI Manager | Hardware & Software | Partial | No option to disable hardware on Surface Pro X at the firmware level. | diff --git a/devices/surface/surface-pro-arm-app-performance.md b/devices/surface/surface-pro-arm-app-performance.md index a99ad649f9..eb2af1f1be 100644 --- a/devices/surface/surface-pro-arm-app-performance.md +++ b/devices/surface/surface-pro-arm-app-performance.md @@ -14,7 +14,7 @@ ms.audience: itpro --- # Windows 10 ARM-based PC app compatibility -Applications run differently on a Windows 10 ARM-based PC such as Surface Pro X. Limitations include the following: +Applications run differently on ARM-based Windows 10 PCs such as Surface Pro X. Limitations include the following: - **Drivers for hardware, games and apps will only work if they're designed for a Windows 10 ARM-based PC**. For more info, check with the hardware manufacturer or the organization that developed the driver. Drivers are software programs that communicate with hardware devices—they're commonly used for antivirus and antimalware software, printing or PDF software, assistive technologies, CD and DVD utilities, and virtualization software. If a driver doesn’t work, the app or hardware that relies on it won’t work either (at least not fully). Peripherals and devices only work if the drivers they depend on are built into Windows 10, or if the hardware developer has released ARM64 drivers for the device. - **64-bit (x64) apps won’t work**. You'll need 64-bit (ARM64) apps, 32-bit (ARM32) apps, or 32-bit (x86) apps. You can usually find 32-bit (x86) versions of apps, but some app developers only offer 64-bit (x64) apps. From 21a0f954cc4c6b5d871e4bdf0d47959357c2a5ea Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Tue, 1 Oct 2019 12:39:12 -0700 Subject: [PATCH 14/19] Update TOC.md --- devices/surface/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index bbe7ce7519..1ec2e35f1b 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -23,7 +23,7 @@ ### [Deploy Surface devices](deploy.md) ### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) ### [Windows 10 ARM-based PC app compatibility](surface-pro-arm-app-performance.md) -### [Deploy the latest firmware & drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) +### [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) ### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) ### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) ### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) From ed4827529d94a133928bbeda7f0b8c5c62454c0c Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 1 Oct 2019 13:03:30 -0700 Subject: [PATCH 15/19] Updated default of DisableLockdownOfStartPages --- windows/client-management/mdm/policy-csp-browser.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index a9b0f42c12..952c02bc75 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -3019,8 +3019,6 @@ Most restricted value: 0 > [!IMPORTANT] > This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the [Microsoft browser extension policy](https://docs.microsoft.com/legal/windows/agreements/microsoft-browser-extension-policy). -Most restricted value: 0 - ADMX Info: @@ -3033,8 +3031,8 @@ ADMX Info: Supported values: -- 0 – Lock down Start pages configured in either the ConfigureOpenEdgeWith policy and HomePages policy. -- 1 (default) – Unlocked. Users can make changes to all configured start pages.

When you enable this policy and define a set of URLs in the HomePages policy, Microsoft Edge uses the URLs defined in the ConfigureOpenEdgeWith policy. +- 0 (default) – Lock down Start pages configured in either the ConfigureOpenEdgeWith policy and HomePages policy. +- 1 – Unlocked. Users can make changes to all configured start pages.

When you enable this policy and define a set of URLs in the HomePages policy, Microsoft Edge uses the URLs defined in the ConfigureOpenEdgeWith policy. Most restricted value: 0 From 8999b606b067eb17acd56adbf1d31b94aa152ea2 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Tue, 1 Oct 2019 14:23:21 -0700 Subject: [PATCH 16/19] Update surface-pro-arm-app-management.md --- .../surface/surface-pro-arm-app-management.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index a12014203f..359efe46e2 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -36,7 +36,7 @@ Organizations already using modern management, security, and productivity soluti ## Image-based deployment considerations -Surface Pro X will be released without a standard Windows .ISO deployment image, which means it’s not easily deployable using established tools like the Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager (SCCM) aka ConfiMgr. Customers relying on image-based deployment may wish to consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud. +Surface Pro X will be released without a standard Windows .ISO deployment image, which means it’s not supported on the Microsoft Deployment Toolkit (MDT) or operating system deployment methods using System Center Configuration Manager (SCCM) aka ConfiMgr. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud. ## Managing Surface Pro X devices @@ -58,11 +58,11 @@ You may be able to use third-party MDM tools to manage Surface Pro X devices. Fo Windows Defender will help protect Windows 10 on ARM-based PCs for the supported lifetime of the Windows 10 device. -Some third-party antivirus software cannot be installed on a Windows 10 PC running on an ARM-based processor. Collaboration with third-party antivirus software providers is continuing for AV app readiness on on ARM-based PCs. Contact the antivirus software provider to understand when their apps will be available. +Some third-party antivirus software cannot be installed on a Windows 10 PC running on an ARM-based processor. Collaboration with third-party antivirus software providers is continuing for AV app readiness on ARM-based PCs. Contact your antivirus software provider to understand when their apps will be available. ## Servicing Surface Pro X -Outside of personal devices that rely on Windows Update, servicing devices in most corporate environments requires downloading and managing the deployment of .MSI files to update target devices. Once Surface Pro X becomes available, refer to the following documentation, which will include guidance for servicing Surface Pro X: +Outside of personal devices that rely on Windows Update, servicing devices in most corporate environments requires downloading and managing the deployment of .MSI files to update target devices. Refer to the following documentation, which will be updated later to include guidance for servicing Surface Pro X: - [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). @@ -87,7 +87,6 @@ For more information about running apps on Surface Pro X, refer to: - [Windows 10 ARM-based PCs Support FAQ](https://support.microsoft.com/help/4521606) - [Windows 10 on ARM documentation](https://docs.microsoft.com/windows/arm) -- [Desktop App Assure](https://docs.microsoft.com/fasttrack/win-10-desktop-app-assure) ## Virtual Desktops (VDI) @@ -121,8 +120,8 @@ The following tables show the availability of selected key features on Surface P | Support for Network Boot (PXE) | Yes | Yes | | | Windows Configuration Designer | Yes | No | Not recommended for Surface Pro X. | | WinPE | Yes | Yes | Not recommended for Surface Pro X. Microsoft does not provide the necessary .ISO and drivers to support WinPE with Surface Pro X. | -| SCCM: Operating System Deployment (OSD) | Yes | No | Not recommended for Surface Pro X. | -| MDT | Yes | No | Not recommended for Surface Pro X. | +| SCCM: Operating System Deployment (OSD) | Yes | No | Not supported on Surface Pro X. | +| MDT | Yes | No | Not supported on Surface Pro X. | | Management | Surface Pro 7 | Surface Pro X | Notes | @@ -135,16 +134,16 @@ The following tables show the availability of selected key features on Surface P | Surface Diagnostic Toolkit (SDT) for Business | Yes | Yes | | | Surface Dock Firmware Update | Yes | Yes | | | Asset Tag Utility | Yes | Yes | | -| Surface Enterprise management Mode (SEMM) | Hardware & Software | Partial | No option to disable hardware on Surface Pro X at the firmware level. | -| Surface UEFI Configurator | Hardware & Software | | No option to disable hardware. on Surface Pro X at the firmware level. | -| Surface UEFI Manager | Hardware & Software | Partial | No option to disable hardware on Surface Pro X at the firmware level. | +| Surface Enterprise management Mode (SEMM) | Yes | Partial | No option to disable hardware on Surface Pro X at the firmware level. | +| Surface UEFI Configurator | Yes | | No option to disable hardware. on Surface Pro X at the firmware level. | +| Surface UEFI Manager | Yes | Partial | No option to disable hardware on Surface Pro X at the firmware level. | | Security | Surface Pro 7 | Surface Pro X | Notes | | --------------------------------- | ------------- | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | BitLocker | Yes | Yes | | | Windows Defender | Yes | Yes | | -| Support for third-party antivirus | Yes | See note | Some third-party antivirus software can’t be installed on a Windows 10 PC running on an ARM-based processor. Microsoft is working with third-party antivirus software providers so they can make their apps ready for Windows 10 on an ARM-based processor. Contact the antivirus software provider to understand when their apps will be available. | +| Support for third-party antivirus | Yes | See note |Some third-party antivirus software cannot be installed on a Windows 10 PC running on an ARM-based processor. Collaboration with third-party antivirus software providers is continuing for AV app readiness on ARM-based PCs. Contact your antivirus software provider to understand when their apps will be available. | | Conditional Access | Yes | Yes | | | Secure Boot | Yes | Yes | | | Windows Information Protection | Yes | Yes | | From 9a4a5ee9a920ee23964ece244da7bfd3dafd53eb Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Tue, 1 Oct 2019 14:31:41 -0700 Subject: [PATCH 17/19] Update surface-pro-arm-app-management.md --- devices/surface/surface-pro-arm-app-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index 359efe46e2..fadb0fdc09 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -28,7 +28,7 @@ Surface Pro X is designed almost exclusively for a modern, cloud-based environme For the best experience, deploy Surface Pro X using Windows Autopilot either with the assistance of a Microsoft Cloud Solution Provider or self-provisioned using Autopilot deployment profiles and related features. For more information, refer to: - [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) -- [Adding devices to Windows Autopilot](windows/deployment/windows-autopilot/add-devices.md) +- [Adding devices to Windows Autopilot](/windows/deployment/windows-autopilot/add-devices.md) Autopilot deployment has several advantages: It allows you to use the factory provisioned operating system, streamlined for zero-touch deployment, to include pre-installation of Office Pro Plus. From 950d70b9916d348a53c7753efa5b6c4d89445cd1 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Tue, 1 Oct 2019 14:40:35 -0700 Subject: [PATCH 18/19] Update surface-pro-arm-app-management.md --- devices/surface/surface-pro-arm-app-management.md | 1 - 1 file changed, 1 deletion(-) diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index fadb0fdc09..1460a42c3c 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -28,7 +28,6 @@ Surface Pro X is designed almost exclusively for a modern, cloud-based environme For the best experience, deploy Surface Pro X using Windows Autopilot either with the assistance of a Microsoft Cloud Solution Provider or self-provisioned using Autopilot deployment profiles and related features. For more information, refer to: - [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) -- [Adding devices to Windows Autopilot](/windows/deployment/windows-autopilot/add-devices.md) Autopilot deployment has several advantages: It allows you to use the factory provisioned operating system, streamlined for zero-touch deployment, to include pre-installation of Office Pro Plus. From 3f89a21feb28220be98f6b058e66c69abfee29ef Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Tue, 1 Oct 2019 15:08:24 -0700 Subject: [PATCH 19/19] Update surface-pro-arm-app-performance.md --- devices/surface/surface-pro-arm-app-performance.md | 1 + 1 file changed, 1 insertion(+) diff --git a/devices/surface/surface-pro-arm-app-performance.md b/devices/surface/surface-pro-arm-app-performance.md index eb2af1f1be..a78f666503 100644 --- a/devices/surface/surface-pro-arm-app-performance.md +++ b/devices/surface/surface-pro-arm-app-performance.md @@ -2,6 +2,7 @@ title: Windows 10 ARM-based PC app compatibility description: This article provides introductory app compatibility information for Surface Pro X ARM-based PCs. ms.prod: w10 +ms.localizationpriority: normal ms.mktglfcycl: manage ms.sitesec: library author: dansimp