From 5eed901934569dab92344258b65bc8c641c46842 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 19 Feb 2021 23:31:32 -0800 Subject: [PATCH] Style --- windows/security/threat-protection/TOC.md | 1 - .../mac-device-control-intune.md | 6 +++--- .../mac-device-control-jamf.md | 6 +++--- .../mac-device-control-overview.md | 16 ++++++++-------- 4 files changed, 14 insertions(+), 15 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 5f17983864..3c51b36bf6 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -257,7 +257,6 @@ ###### [Overview](microsoft-defender-atp/mac-device-control-overview.md) ###### [JAMF examples](mac-device-control-jamf.md) ###### [Intune examples](mac-device-control-intune.md) - ##### [Schedule scans](microsoft-defender-atp/mac-schedule-scan-atp.md) #### [Troubleshoot]() diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-device-control-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-device-control-intune.md index 92050bc570..c9a7031428 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-device-control-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-device-control-intune.md @@ -33,7 +33,7 @@ ms.technology: mde > [!IMPORTANT] > **Device control for macOS is currently in public preview**
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. -> For more information, see [Microsoft Defender for Endpoint preview features](preview.md). +> See [Microsoft Defender for Endpoint preview features](preview.md) for more information. This document contains examples of device control policies that you can customize in your own organization. These examples are applicable if you are using Intune to manage your enterprise. @@ -238,7 +238,7 @@ The following example shows how program execution from removable media can be di ## Restrict all devices from specific vendors -The following example restricts all devices from specific vendors (in this case identified by `090c` and `8068`). Note that all other devices will be unrestricted, since the permission defined at the top level of the policy lists all possible permissions (read, write, and execute). +The following example restricts all devices from specific vendors (in this case identified by `090c` and `8068`). All other devices will be unrestricted, since the permission defined at the top level of the policy lists all possible permissions (read, write, and execute). ```xml @@ -323,7 +323,7 @@ The following example restricts all devices from specific vendors (in this case ## Restrict specific devices identified by vendor ID, product ID, and serial number -The following example restricts two specific devices, identified by vendor ID `090c`, product ID `1000`, and serial numbers `04ZSSMHI2O7WBVOA` and `04ZSSMHI2O7WBVOB`. Note that at all other levels of the policy the permissions include all possible values (read, write, and execute), meaning that all other devices will be unrestricted. +The following example restricts two specific devices, identified by vendor ID `090c`, product ID `1000`, and serial numbers `04ZSSMHI2O7WBVOA` and `04ZSSMHI2O7WBVOB`. At all other levels of the policy the permissions include all possible values (read, write, and execute), meaning that all other devices will be unrestricted. ```xml diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-device-control-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-device-control-jamf.md index d0c447dc99..2b059af7c6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-device-control-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-device-control-jamf.md @@ -33,7 +33,7 @@ ms.technology: mde > [!IMPORTANT] > **Device control for macOS is currently in public preview**
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. -> For more information, see [Microsoft Defender for Endpoint preview features](preview.md). +> See [Microsoft Defender for Endpoint preview features](preview.md) for more information. This document contains examples of device control policies that you can customize in your own organization. These examples are applicable if you are using JAMF to manage your enterprise. @@ -115,7 +115,7 @@ The following example shows how program execution from removable media can be di ## Restrict all devices from specific vendors -The following example restricts all devices from specific vendors (in this case identified by `090c` and `8068`). Note that all other devices will be unrestricted, since the permission defined at the top level of the policy lists all possible permissions (read, write, and execute). +The following example restricts all devices from specific vendors (in this case identified by `090c` and `8068`). All other devices will be unrestricted, since the permission defined at the top level of the policy lists all possible permissions (read, write, and execute). ```xml @@ -159,7 +159,7 @@ The following example restricts all devices from specific vendors (in this case ## Restrict specific devices identified by vendor ID, product ID, and serial number -The following example restricts two specific devices, identified by vendor ID `090c`, product ID `1000`, and serial numbers `04ZSSMHI2O7WBVOA` and `04ZSSMHI2O7WBVOB`. Note that at all other levels of the policy the permissions include all possible values (read, write, and execute), meaning that all other devices will be unrestricted. +The following example restricts two specific devices, identified by vendor ID `090c`, product ID `1000`, and serial numbers `04ZSSMHI2O7WBVOA` and `04ZSSMHI2O7WBVOB`. At all other levels of the policy the permissions include all possible values (read, write, and execute), meaning that all other devices will be unrestricted. ```xml diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-device-control-overview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-device-control-overview.md index 86bbbddde0..6f0c16e427 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-device-control-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-device-control-overview.md @@ -33,7 +33,7 @@ ms.technology: mde > [!IMPORTANT] > **Device control for macOS is currently in public preview**
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. -> For more information, see [Microsoft Defender for Endpoint preview features](preview.md). +> See [Microsoft Defender for Endpoint preview features](preview.md) for more information. ## Requirements @@ -88,7 +88,7 @@ The device control policy can be used to: ### Customize URL target for notifications raised by device control -When the device control policy that you have put in place is enforced on a device (*e.g.* access to a removable media device is restricted), a notification is displayed to the user. +When the device control policy that you have put in place is enforced on a device (for example, access to a removable media device is restricted), a notification is displayed to the user. ![Device control notification](images/mac-device-control-notification.png) @@ -132,13 +132,13 @@ This section of the policy is hierarchical, allowing for maximum flexibility and For information on how to find the device identifiers, see [Look up device identifiers](#look-up-device-identifiers). -The policy is evaluated from the most specific entry to the most general one. In other words, the product tries to find the most specific match in the policy for each removable media device and apply the permissions at that level. If there is no match, then the next best match is applied, all the way to the permission specified at the top-level, which is the default when a device does not match any other entry. +The policy is evaluated from the most specific entry to the most general one. In other words, the product tries to find the most specific match in the policy for each removable media device and apply the permissions at that level. If there is no match, then the next best match is applied, all the way to the permission specified at the top level, which is the default when a device does not match any other entry. #### Policy enforcement level Under the removable media section, there is an option to set the enforcement level, which can take one of the following values: -- `audit` - Under this enforcement level, if access to a device is restricted, a notification is displayed to the user, however the device can still be used. This can be useful to evaluate the effectiveness of a policy. +- `audit` - Under this enforcement level, if access to a device is restricted, a notification is displayed to the user, however the device can still be used. This enforcement level can be useful to evaluate the effectiveness of a policy. - `block` - Under this enforcement level, the operations that the user can perform on the device are limited to what is defined in the policy. Furthermore, a notification is raised to the user. ||| @@ -155,7 +155,7 @@ At the top level of the removable media section, you can configure the default p This setting can be set to: - `none` - no operations can be performed against the device -- A combination of the following: +- A combination of the following values: - `read` - Read operations are permitted on the device - `write` - Write operations are permitted on the device - `execute` - Execute operations are permitted on the device @@ -290,7 +290,7 @@ We have included more examples of device control policies in the following docum #### Look up device identifiers -To find the vendor ID, product ID, and serial number of a USB device, do the following: +To find the vendor ID, product ID, and serial number of a USB device: 1. Log into a Mac device. 1. Plug in the USB device for which you want to look up the identifiers. @@ -310,11 +310,11 @@ To find the vendor ID, product ID, and serial number of a USB device, do the fol ![Details of a USB device](images/mac-device-control-lookup-4.png) -1. The vendor ID, product ID, and serial number are displayed. Note that when adding the vendor ID and product ID to the removable media policy, you should only add the part after `0x`. For example, in the below image, vendor ID is `1000` and product ID is `090c`. +1. The vendor ID, product ID, and serial number are displayed. When adding the vendor ID and product ID to the removable media policy, you should only add the part after `0x`. For example, in the below image, vendor ID is `1000` and product ID is `090c`. #### Discover USB devices in your organization -You can view mount, unmount, and volume change events originating from USB devices in Microsoft Defender for Endpoint advanced hunting. This can be helpful to identify suspicious usage activity or perform internal investigations. +You can view mount, unmount, and volume change events originating from USB devices in Microsoft Defender for Endpoint advanced hunting. These events can be helpful to identify suspicious usage activity or perform internal investigations. ``` DeviceEvents