From 29bb6fc16b81301fa6bb971a257988a42f9edc84 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 8 Nov 2020 08:15:47 +0500 Subject: [PATCH 1/7] Update secure-the-windows-10-boot-process.md --- .../secure-the-windows-10-boot-process.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md index 017eb64762..d3ff0fb615 100644 --- a/windows/security/information-protection/secure-the-windows-10-boot-process.md +++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md @@ -84,7 +84,7 @@ These requirements help protect you from rootkits while allowing you to run any - **Configure UEFI to trust your custom bootloader.** All Certified For Windows 10 PCs allow you to trust a non-certified bootloader by adding a signature to the UEFI database, allowing you to run any operating system, including homemade operating systems. - **Turn off Secure Boot.** All Certified For Windows 10 PCs allow you to turn off Secure Boot so that you can run any software. This does not help protect you from bootkits, however. -To prevent malware from abusing these options, the user must manually configure the UEFI firmware to trust a non-certified bootloader or to turn off Secure Boot. Software cannot change the Secure Boot settings. For more information about Secure Boot, read the blog, [Protecting the pre-OS environment with UEFI](https://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx). +To prevent malware from abusing these options, the user must manually configure the UEFI firmware to trust a non-certified bootloader or to turn off Secure Boot. Software cannot change the Secure Boot settings. Like most mobile devices, ARM-based Certified For Windows RT devices, such as the Microsoft Surface RT device, are designed to run only Windows 8.1. Therefore, Secure Boot cannot be turned off, and you cannot load a different operating system. Fortunately, there is a large market of ARM devices designed to run other operating systems. From 226cccf52940619a134b5b21b2356f15ea4b8b45 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 9 Nov 2020 11:46:12 -0800 Subject: [PATCH 2/7] add field --- .../microsoft-defender-atp/indicator-manage.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md index a446f06755..b7fbb4cac8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md @@ -65,8 +65,13 @@ expirationTime | DateTimeOffset | The expiration time of the indicator in the fo severity | Enum | The severity of the indicator. Possible values are: "Informational", "Low", "Medium" and "High". **Optional** recommendedActions | String | TI indicator alert recommended actions. **Optional** rbacGroupNames | String | Comma-separated list of RBAC group names the indicator would be applied to. **Optional** +category | String | Category of the alert. +mitretechniques| String | MITRE techniques code/id (comma separated). For more information, see [Enterprise tactics](https://attack.mitre.org/tactics/enterprise/). -## Related topics +For more information, see [Microsoft Defender ATP alert categories are now aligned with MITRE ATT&CK!](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-atp-alert-categories-are-now-aligned-with/ba-p/732748). + + +## See also - [Create indicators](manage-indicators.md) - [Create indicators for files](indicator-file.md) - [Create indicators for IPs and URLs/domains](indicator-ip-domain.md) From f6d212195dad0e8bb61e70c413f1cef2c1cca950 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 9 Nov 2020 11:51:15 -0800 Subject: [PATCH 3/7] update keyword --- .../microsoft-defender-atp/indicator-manage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md index b7fbb4cac8..82fe774e42 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md @@ -2,7 +2,7 @@ title: Manage indicators ms.reviewer: description: Manage indicators for a file hash, IP address, URLs, or domains that define the detection, prevention, and exclusion of entities. -keywords: import, indicator, list, ioc, csv, manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain +keywords: import, indicator, list, ioc, csv, manage, allowed, blocked, block, clean, malicious, file hash, ip address, urls, domain search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 From b6567fc91858e019b820c169d7bd9c00229a9cd3 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 10 Nov 2020 23:19:40 +0530 Subject: [PATCH 4/7] removed duplicate entry as per the user report #8609 , so I removed the duplicate entry which is appeared two times. --- windows/deployment/planning/windows-10-deprecated-features.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md index 18d1d96008..fa4f088b49 100644 --- a/windows/deployment/planning/windows-10-deprecated-features.md +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -28,7 +28,6 @@ The features described below are no longer being actively developed, and might b | ----------- | --------------------- | ---- | | Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 | | Companion Device Framework | The [Companion Device Framework](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello-companion-device-framework) is no longer under active development.| 2004 | -| Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 | | Dynamic Disks | The [Dynamic Disks](https://docs.microsoft.com/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](https://docs.microsoft.com/windows-server/storage/storage-spaces/overview) in a future release.| 2004 | | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 | | My People / People in the Shell | My People is no longer being developed. It may be removed in a future update. | 1909 | From 98b06537adf8e6ece3350b8afc4470abec9c2eff Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 10 Nov 2020 11:00:14 -0800 Subject: [PATCH 5/7] Update manage-auto-investigation.md --- .../microsoft-defender-atp/manage-auto-investigation.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index ab130cb910..9eb235425e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -50,7 +50,6 @@ Whether taken automatically or upon approval, remediation actions following an a - Remove a registry key - Kill a process - Stop a service -- Remove a registry key - Disable a driver - Remove a scheduled task From d6b9339bc9b47f582cacec91abeac7b572cbad29 Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Tue, 10 Nov 2020 11:01:36 -0800 Subject: [PATCH 6/7] attempting to add m365 nav again --- windows/application-management/docfx.json | 1 + windows/client-management/docfx.json | 1 + windows/configuration/docfx.json | 1 + windows/deployment/docfx.json | 1 + windows/hub/docfx.json | 1 + windows/privacy/docfx.json | 1 + windows/security/docfx.json | 1 + windows/whats-new/docfx.json | 1 + 8 files changed, 8 insertions(+) diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json index 09bd474c3e..abbb5fac56 100644 --- a/windows/application-management/docfx.json +++ b/windows/application-management/docfx.json @@ -32,6 +32,7 @@ "externalReference": [], "globalMetadata": { "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "uhfHeaderId": "MSDocsHeader-M365-IT", "ms.technology": "windows", "audience": "ITPro", "ms.topic": "article", diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json index ffd1c9d266..c81879ba3f 100644 --- a/windows/client-management/docfx.json +++ b/windows/client-management/docfx.json @@ -32,6 +32,7 @@ "externalReference": [], "globalMetadata": { "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "uhfHeaderId": "MSDocsHeader-M365-IT", "ms.technology": "windows", "audience": "ITPro", "ms.topic": "article", diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json index ea2a557e39..662747f3a4 100644 --- a/windows/configuration/docfx.json +++ b/windows/configuration/docfx.json @@ -32,6 +32,7 @@ "externalReference": [], "globalMetadata": { "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "uhfHeaderId": "MSDocsHeader-M365-IT", "ms.technology": "windows", "audience": "ITPro", "ms.topic": "article", diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json index d90a888be9..bc71e70299 100644 --- a/windows/deployment/docfx.json +++ b/windows/deployment/docfx.json @@ -35,6 +35,7 @@ "externalReference": [], "globalMetadata": { "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "uhfHeaderId": "MSDocsHeader-M365-IT", "ms.technology": "windows", "audience": "ITPro", "ms.topic": "article", diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json index 07a8ea153b..2fad5a8fc9 100644 --- a/windows/hub/docfx.json +++ b/windows/hub/docfx.json @@ -36,6 +36,7 @@ "globalMetadata": { "audience": "ITPro", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "uhfHeaderId": "MSDocsHeader-M365-IT", "ms.technology": "windows", "ms.topic": "article", "feedback_system": "GitHub", diff --git a/windows/privacy/docfx.json b/windows/privacy/docfx.json index f7ff32cbfe..0f24cde486 100644 --- a/windows/privacy/docfx.json +++ b/windows/privacy/docfx.json @@ -33,6 +33,7 @@ "externalReference": [], "globalMetadata": { "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "uhfHeaderId": "MSDocsHeader-M365-IT", "ms.technology": "windows", "audience": "ITPro", "ms.topic": "article", diff --git a/windows/security/docfx.json b/windows/security/docfx.json index ab00e42eba..1998bdf279 100644 --- a/windows/security/docfx.json +++ b/windows/security/docfx.json @@ -33,6 +33,7 @@ "externalReference": [], "globalMetadata": { "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "uhfHeaderId": "MSDocsHeader-M365-IT", "ms.topic": "article", "manager": "dansimp", "audience": "ITPro", diff --git a/windows/whats-new/docfx.json b/windows/whats-new/docfx.json index 5ff6fb5017..c04bfa1498 100644 --- a/windows/whats-new/docfx.json +++ b/windows/whats-new/docfx.json @@ -32,6 +32,7 @@ "externalReference": [], "globalMetadata": { "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "uhfHeaderId": "MSDocsHeader-M365-IT", "ms.technology": "windows", "ms.topic": "article", "audience": "ITPro", From 55fba333be68ee6109296a8a28a62114a58d2de5 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 10 Nov 2020 11:30:34 -0800 Subject: [PATCH 7/7] update parameters --- .../microsoft-defender-atp/indicator-manage.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md index 82fe774e42..3cb8685e67 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md @@ -65,8 +65,8 @@ expirationTime | DateTimeOffset | The expiration time of the indicator in the fo severity | Enum | The severity of the indicator. Possible values are: "Informational", "Low", "Medium" and "High". **Optional** recommendedActions | String | TI indicator alert recommended actions. **Optional** rbacGroupNames | String | Comma-separated list of RBAC group names the indicator would be applied to. **Optional** -category | String | Category of the alert. -mitretechniques| String | MITRE techniques code/id (comma separated). For more information, see [Enterprise tactics](https://attack.mitre.org/tactics/enterprise/). +category | String | Category of the alert. Examples include: Execution and credential access. **Optional** +mitretechniques| String | MITRE techniques code/id (comma separated). For more information, see [Enterprise tactics](https://attack.mitre.org/tactics/enterprise/). **Optional** It is recommended to add a value in category when a MITRE technique. For more information, see [Microsoft Defender ATP alert categories are now aligned with MITRE ATT&CK!](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-atp-alert-categories-are-now-aligned-with/ba-p/732748).