deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #2143 from MicrosoftDocs/master

Browse Source 
Publish 2/25/2020 3:32 PM PST
This commit is contained in:
Thomas Raya 2020-02-25 17:42:55 -06:00 committed by GitHub
commit 6678103bdd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 98 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
devices/hololens/hololens-FAQ.md
View File

@ -44,6 +44,7 @@ This FAQ addresses the following questions and issues:
- [I can't connect to Wi-Fi](#i-cant-connect-to-wi-fi)
- [My HoloLens isn't running well, is unresponsive, or won't start](#my-hololens-isnt-running-well-is-unresponsive-or-wont-start)
- [HoloLens Management Questions](#hololens-management-questions)
- [HoloLens Security Questions](#hololens-security-questions)
- [How do I delete all spaces?](#how-do-i-delete-all-spaces)
- [I cannot find or use the keyboard to type in the HoloLens 2 Emulator](#i-cannot-find-or-use-the-keyboard-to-type-in-the-hololens-2-emulator)
- [I can't log in to a HoloLens because it was previously set up for someone else](#i-cant-log-in-to-a-hololens-because-it-was-previously-set-up-for-someone-else)
@ -230,6 +231,14 @@ If your device was previously set up for someone else, either a client or former
1. **What logging capabilities are available on HL1 and HL2?**
1. Logging is limited to traces captured in developer/troubleshooting scenarios or telemetry sent to Microsoft servers.
[Back to list](#list)
## HoloLens Security Questions
Frequently asked security questions can be found [here](hololens-faq-security.md).
[Back to list](#list)
## How do I delete all spaces?
*Coming soon*
@ -241,4 +250,3 @@ If your device was previously set up for someone else, either a client or former
*Coming soon*
[Back to list](#list)

2
devices/hololens/hololens-commercial-infrastructure.md
View File

@ -163,6 +163,8 @@ Directions for upgrading to the commercial suite can be found [here](https://doc
1. Check your app settings
1. Log into your Microsoft Store Business account
1. **Manage > Products and Services > Apps and Software > Select the app you want to sync > Private Store Availability > Select “Everyone” or “Specific Groups”**
>[!NOTE]
>If you don't see the app you want, you will have to "get" the app by searching the store for your app. **Click the "Search" bar in the upper right-hand corner > type in the name of the app > click on the app > select "Get"**.
1. If you do not see your apps in **Intune > Client Apps > Apps** , you may have to [sync your apps](https://docs.microsoft.com/intune/apps/windows-store-for-business#synchronize-apps) again.
1. [Create a device profile for Kiosk mode](https://docs.microsoft.com/intune/configuration/kiosk-settings#create-the-profile)

18
devices/hololens/hololens-requirements.md
View File

@ -33,6 +33,14 @@ This document also assumes that the HoloLens has been evaluated by security team
Before deploying the HoloLens in your environment, it is important to first determine what features, apps, and type of identities are needed. It is also important to ensure that your security team has approved of the use of the HoloLens on the company's network. Please see [Frequently ask security questions](hololens-faq-security.md) for additional security information.
### Type of identity
Determine the type of identity that will be used to sign into the device.
1. **Local Accounts:** This account is local to the device (like a local admin account on a windows PC). This will allow only 1 user to log into the device.
2. **MSA:** This is a personal account (like outlook, hotmail, gmail, yahoo, etc.) This will allow only 1 user to log into the device.
3. **Azure Active Directory (Azure AD) accounts:** This is an account created in Azure AD. This grants your corporation the ability to manage the HoloLens device. This will allow multiple users to log into the HoloLens 1st Gen Commercial Suite/the HoloLens 2 device.
### Type of Features
Your feature requirements will determine which HoloLens you need. One popular feature that we see deployed in customer environments frequently is Kiosk Mode. A list of HoloLens key features, and the editions of HoloLens that support them, can be found [here](hololens-commercial-features.md).
@ -66,18 +74,10 @@ The majority of the steps found in this document will also apply to the followin
2. Guides
3. Customer Apps
### Type of identity
Determine the type of identity that will be used to sign into the device.
1. **Local Accounts:** This account is local to the device (like a local admin account on a windows PC). This will allow only 1 user to log into the device.
2. **MSA:** This is a personal account (like outlook, hotmail, gmail, yahoo, etc.) This will allow only 1 user to log into the device.
3. **Azure Active Directory (Azure AD) accounts:** This is an account created in Azure AD. This grants your corporation the ability to manage the HoloLens device. This will allow multiple users to log into the HoloLens 1st Gen Commercial Suite/the HoloLens 2 device.
### Determine your enrollment method
1. Bulk enrollment with a security token in a provisioning package.
Pros: this is the most automated approach
Pros: this is the most automated approach\
Cons: takes initial server-side setup
1. Auto-enroll on user sign in.
Pros: easiest approach

2
windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md
View File

@ -23,7 +23,7 @@ This issue affects computers that meet the following criteria:
- The network adapter is a Broadcom NX1 Gigabit Ethernet network adapter.
- The number of logical processors is large (for example, a computer that has more than 38 logical processors).
On such a computer, when you update the in-box Broadcom network adapter driver to a later version, the computer experiences a Stop error (also known as a blue screen error or bug check error).
On such a computer, when you update the in-box Broadcom network adapter driver to a later version or when you install the Intel chipset driver, the computer experiences a Stop error (also known as a blue screen error or bug check error).
## Cause

81
windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
View File

@ -24,7 +24,7 @@ ms.topic: conceptual
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
This topic describes how to deploy Microsoft Defender ATP for Linux manually. A successful deployment requires the completion of all of the following tasks:
This article describes how to deploy Microsoft Defender ATP for Linux manually. A successful deployment requires the completion of all of the following tasks:
- [Configure the Linux software repository](#configure-the-linux-software-repository)
- [Application installation](#application-installation)
@ -33,7 +33,7 @@ This topic describes how to deploy Microsoft Defender ATP for Linux manually. A
## Prerequisites and system requirements
Before you get started, see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version.
Before you get started, see [Microsoft Defender ATP for Linux](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version.
## Configure the Linux software repository
@ -53,26 +53,29 @@ In order to preview new features and provide early feedback, it is recommended t
> In case of Oracle EL and CentOS 8, replace *[distro]* with “rhel”.
```bash
$ sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/[distro]/[version]/[channel].repo
sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/[distro]/[version]/[channel].repo
```
For example, if you are running CentOS 7 and wish to deploy MDATP for Linux from the *insider-fast* channel:
```bash
$ sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/centos/7/insiders-fast.repo
sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/centos/7/insiders-fast.repo
```
- Install the Microsoft GPG public key:
```bash
$ curl https://packages.microsoft.com/keys/microsoft.asc > microsoft.asc
$ sudo rpm --import microsoft.asc
curl https://packages.microsoft.com/keys/microsoft.asc > microsoft.asc
```
```bash
sudo rpm --import microsoft.asc
```
- Download and make usable all the metadata for the currently enabled yum repositories:
```bash
$ yum makecache
yum makecache
```
### SLES and variants
@ -82,20 +85,23 @@ In order to preview new features and provide early feedback, it is recommended t
In the following commands, replace *[distro]* and *[version]* with the information you've identified:
```bash
$ sudo zypper addrepo -c -f -n microsoft-[channel] https://packages.microsoft.com/config/[distro]/[version]/[channel].repo
sudo zypper addrepo -c -f -n microsoft-[channel] https://packages.microsoft.com/config/[distro]/[version]/[channel].repo
```
For example, if you are running SLES 12 and wish to deploy MDATP for Linux from the *insider-fast* channel:
```bash
$ sudo zypper addrepo -c -f -n microsoft-insiders-fast https://packages.microsoft.com/config/sles/12/insiders-fast.repo
sudo zypper addrepo -c -f -n microsoft-insiders-fast https://packages.microsoft.com/config/sles/12/insiders-fast.repo
```
- Install the Microsoft GPG public key:
```bash
$ curl https://packages.microsoft.com/keys/microsoft.asc > microsoft.asc
$ rpm --import microsoft.asc
curl https://packages.microsoft.com/keys/microsoft.asc > microsoft.asc
```
```bash
rpm --import microsoft.asc
```
### Ubuntu and Debian systems
@ -103,7 +109,7 @@ In order to preview new features and provide early feedback, it is recommended t
- Install `curl` if it is not already installed:
```bash
$ sudo apt-get install curl
sudo apt-get install curl
```
- Note your distribution and version, and identify the closest entry for it under `https://packages.microsoft.com/config`.
@ -111,45 +117,48 @@ In order to preview new features and provide early feedback, it is recommended t
In the below command, replace *[distro]* and *[version]* with the information you've identified:
```bash
$ curl -o microsoft.list https://packages.microsoft.com/config/[distro]/[version]/[channel].list
curl -o microsoft.list https://packages.microsoft.com/config/[distro]/[version]/[channel].list
```
For example, if you are running Ubuntu 18.04 and wish to deploy MDATP for Linux from the *insider-fast* channel:
```bash
$ curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/18.04/insiders-fast.list
curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/18.04/insiders-fast.list
```
- Install the repository configuration:
```bash
$ sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-[channel].list
sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-[channel].list
```
- Install the gpg package if not already installed:
```bash
$ sudo apt-get install gpg
sudo apt-get install gpg
```
- Install the Microsoft GPG public key:
```bash
$ curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
$ sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
```
```bash
sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/
```
- Install the https driver if it's not already present:
```bash
$ sudo apt-get install apt-transport-https
sudo apt-get install apt-transport-https
```
- Update the repository metadata:
```bash
$ sudo apt-get update
sudo apt-get update
```
## Application installation
@ -186,11 +195,11 @@ Download the onboarding package from Microsoft Defender Security Center:
Extract the contents of the archive:
```bash
$ ls -l
ls -l
total 8
-rw-r--r-- 1 test staff 5752 Feb 18 11:22 WindowsDefenderATPOnboardingPackage.zip
$ unzip WindowsDefenderATPOnboardingPackage.zip
unzip WindowsDefenderATPOnboardingPackage.zip
Archive: WindowsDefenderATPOnboardingPackage.zip
inflating: WindowsDefenderATPOnboarding.py
```
@ -202,26 +211,26 @@ Download the onboarding package from Microsoft Defender Security Center:
Initially the client machine is not associated with an organization. Note that the *orgId* attribute is blank:
```bash
$ mdatp --health orgId
mdatp --health orgId
```
2. Run WindowsDefenderATPOnboarding.py, and note that, in order to run this command, you must have `python` installed on the device:
```bash
$ python WindowsDefenderATPOnboarding.py
python WindowsDefenderATPOnboarding.py
```
3. Verify that the machine is now associated with your organization and reports a valid organization identifier:
```bash
$ mdatp --health orgId
mdatp --health orgId
[your organization identifier]
```
4. A few minutes after you complete the installation, you can see the status by running the following command. A return value of `1` denotes that the product is functioning as expected:
```bash
$ mdatp --health healthy
mdatp --health healthy
1
```
@ -229,22 +238,22 @@ Download the onboarding package from Microsoft Defender Security Center:
- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command):
```bash
$ mdatp --health realTimeProtectionEnabled
1
```
```bash
mdatp --health realTimeProtectionEnabled
1
```
- Open a Terminal window. Copy and execute the following command:
``` bash
$ curl -o ~/Downloads/eicar.com.txt http://www.eicar.org/download/eicar.com.txt
```
``` bash
curl -o ~/Downloads/eicar.com.txt http://www.eicar.org/download/eicar.com.txt
```
- The file should have been quarantined by Microsoft Defender ATP for Linux. Use the following command to list all the detected threats:
```bash
$ mdatp --threat --list --pretty
```
```bash
mdatp --threat --list --pretty
```
## Log installation issues

28
windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
View File

@ -24,7 +24,7 @@ ms.topic: conceptual
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
>[!IMPORTANT]
>This article contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise organizations. To configure Microsoft Defender ATP for Mac using the command-line interface, see the [Resources](mac-resources.md#configuring-from-the-command-line) page.
>This article contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise organizations. To configure Microsoft Defender ATP for Mac using the command-line interface, see [Resources](mac-resources.md#configuring-from-the-command-line).
## Summary
@ -325,6 +325,8 @@ Specify whether to enable EDR early preview features.
Specify a tag name and its value.
- The GROUP tag, tags the machine with the specified value. The tag is reflected in the portal under the machine page and can be used for filtering and grouping machines.
|||
|:---|:---|
| **Domain** | `com.microsoft.wdav` |
@ -569,6 +571,18 @@ The following configuration profile contains entries for all settings described
<key>automaticSampleSubmission</key>
<true/>
</dict>
<key>edr</key>
<dict>
<key>tags</key>
<array>
<dict>
<key>key</key>
<string>GROUP</string>
<key>value</key>
<string>ExampleTag</string>
</dict>
</array>
</dict>
<key>userInterface</key>
<dict>
<key>hideStatusMenuIcon</key>
@ -695,6 +709,18 @@ The following configuration profile contains entries for all settings described
<key>automaticSampleSubmission</key>
<true/>
</dict>
<key>edr</key>
<dict>
<key>tags</key>
<array>
<dict>
<key>key</key>
<string>GROUP</string>
<key>value</key>
<string>ExampleTag</string>
</dict>
</array>
</dict>
<key>userInterface</key>
<dict>
<key>hideStatusMenuIcon</key>

8
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
View File

@ -26,6 +26,8 @@ This topic describes how to install, configure, update, and use Microsoft Defend
> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Linux is likely to cause performance problems and unpredictable system errors.
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4q3yP]
## How to install Microsoft Defender ATP for Linux
### Prerequisites
@ -39,9 +41,9 @@ This topic describes how to install, configure, update, and use Microsoft Defend
- Logged on users do not appear in the ATP portal.
- In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
```bash
$ sudoSUSEConnect --status-text
```
```bash
$ sudoSUSEConnect --status-text
```
### Installation instructions