deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #9978 from vinaypamnani-msft/vp-fresh1

Browse Source 
Freshness Updates
This commit is contained in:
Jeff Borsecnik 2024-06-27 15:17:28 -07:00 committed by GitHub
commit 6a119a56b0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
15 changed files with 80 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-home.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 57 KiB

After

Width:  |  Height:  |  Size: 59 KiB

BIN
windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-start-menu.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 49 KiB

After

Width:  |  Height:  |  Size: 80 KiB

BIN
windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-taskbar.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 5.3 KiB

After

Width:  |  Height:  |  Size: 3.2 KiB

BIN
windows/security/operating-system-security/system-security/windows-defender-security-center/images/settings-windows-defender-security-center-areas.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 238 KiB

After

Width:  |  Height:  |  Size: 30 KiB

BIN
windows/security/operating-system-security/system-security/windows-defender-security-center/images/wdsc-all-hide.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 7.6 KiB

After

Width:  |  Height:  |  Size: 7.4 KiB

7
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
View File

@ -1,11 +1,10 @@
---
title: Account protection in Windows Security
description: Use the Account protection section to manage security for your account and sign in to Microsoft.
ms.date: 08/11/2023
ms.date: 06/27/2024
ms.topic: how-to
---
# Account protection
The **Account protection** section contains information and settings for account protection and sign-in. You can get more information about these capabilities from the following list:
@ -14,7 +13,7 @@ The **Account protection** section contains information and settings for account
- [Windows Hello for Business](../../../identity-protection/hello-for-business/index.md)
- [Lock your Windows 10 PC automatically when you step away from it](https://support.microsoft.com/help/4028111/windows-lock-your-windows-10-pc-automatically-when-you-step-away-from)
You can also choose to hide the section from users of the device, if you don't want your employees to access or view user-configured options for these features.
You can also choose to hide the section from users of the device, if you don't want your users to access or view user-configured options for these features.
## Hide the Account protection section
@ -25,7 +24,7 @@ You can only configure these settings by using Group Policy.
> [!IMPORTANT]
> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
1. Expand the tree to **Windows components > Windows Security > Account protection**.
1. Open the **Hide the Account protection area** setting and set it to **Enabled**. Select **OK**.

14
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
View File

@ -1,7 +1,7 @@
---
title: App & browser control in Windows Security
description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
ms.date: 08/11/2023
ms.date: 06/27/2024
ms.topic: how-to
---
@ -11,22 +11,22 @@ The **App and browser control** section contains information and settings for Wi
In Windows 10, version 1709 and later, the section also provides configuration options for Exploit protection. You can prevent users from modifying these specific options with Group Policy. IT administrators can get more information at [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection).
You can also choose to hide the section from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
You can also choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
## Prevent users from making changes to the Exploit protection area in the App & browser control section
You can prevent users from modifying settings in the Exploit protection area. The settings will be either greyed out or not appear if you enable this setting. Users will still have access to other settings in the App & browser control section, such as those settings for Windows Defender SmartScreen, unless those options have been configured separately.
You can prevent users from modifying settings in the Exploit protection area. The settings are either greyed out or don't appear if you enable this setting. Users still have access to other settings in the App & browser control section, such as those settings for Windows Defender SmartScreen, unless those options are separately.
You can only prevent users from modifying Exploit protection settings by using Group Policy.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
2. In the **Group Policy Management Editor**, go to **Computer configuration**, select **Policies** and then **Administrative templates**.
3. Expand the tree to **Windows components > Windows Security > App and browser protection**.
4. Open the **Prevent users from modifying settings** setting and set it to **Enabled**. Select **OK**.
5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
5. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
## Hide the App & browser control section
@ -37,11 +37,11 @@ This section can be hidden only by using Group Policy.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
2. In the **Group Policy Management Editor** go to **Computer configuration**, select **Policies** and then **Administrative templates**.
3. Expand the tree to **Windows components > Windows Security > App and browser protection**.
4. Open the **Hide the App and browser protection area** setting and set it to **Enabled**. Select **OK**.
5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
5. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:

22
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
View File

@ -1,7 +1,7 @@
---
title: Customize Windows Security contact information in Windows Security
description: Provide information to your employees on how to contact your IT department when a security issue occurs
ms.date: 08/11/2023
description: Provide information to your users on how to contact your IT department when a security issue occurs
ms.date: 06/27/2024
ms.topic: how-to
---
@ -11,7 +11,7 @@ You can add information about your organization in a contact card in **Windows S
![The Windows Security custom fly-out.](images/security-center-custom-flyout.png)
This information will also be shown in some enterprise-specific notifications (including notifications for the [Block at first sight feature](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus), and [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)).
This information is shown in some enterprise-specific notifications (including notifications for the [Block at first sight feature](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus), and [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)).
Users can select the displayed information to initiate a support request:
@ -27,20 +27,20 @@ You must have Windows 10, version 1709 or later. The ADMX/ADML template files fo
There are two stages to using the contact card and customized notifications. First, you have to enable the contact card or custom notifications (or both), and then you must specify at least a name for your organization and one piece of contact information.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
3. Expand the tree to **Windows components > Windows Security > Enterprise Customization**.
4. Enable the contact card and the customized notifications by configuring two separate Group Policy settings. They'll both use the same source of information (explained in Steps 5 and 6). You can enable both, or select one or the other:
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
1. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
1. Expand the tree to **Windows components > Windows Security > Enterprise Customization**.
1. Enable the contact card and the customized notifications by configuring two separate Group Policy settings. They both use the same source of information (explained in Steps 5 and 6). You can enable both, or select one or the other:
1. To enable the contact card, open the **Configure customized contact information** setting and set it to **Enabled**. Select **OK**.
> [!NOTE]
> This can only be done in Group Policy.
2. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Select **OK**.
1. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Select **OK**.
5. After you've enabled the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Select **OK**.
6. To ensure the custom notifications or contact card appear, you must also configure at least one of the following settings. Open the setting, select **Enabled**, and then add the contact information in the field under **Options**:
1. After you enable the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Select **OK**.
1. To ensure the custom notifications or contact card appear, you must also configure at least one of the following settings. Open the setting, select **Enabled**, and then add the contact information in the field under **Options**:
1. **Specify contact email address or Email ID**
2. **Specify contact phone number or Skype ID**
@ -49,7 +49,7 @@ There are two stages to using the contact card and customized notifications. Fir
> [!NOTE]
> If you enable **Configure customized notifications** and **Specify contact website** policies, the contact website must begin with `http:` or `https:` (for example, `https://contoso.com/help`) to allow the user to interact with the notification and navigate to the specified URL.
7. Select **OK** after you configure each setting to save your changes.
1. Select **OK** after you configure each setting to save your changes.
To enable the customized notifications and add the contact information in Intune, see these articles:

12
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
View File

@ -1,18 +1,16 @@
---
title: Device & performance health in Windows Security
description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
ms.date: 07/31/2023
ms.date: 06/27/2024
ms.topic: how-to
---
# Device performance and health
The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine. IT administrators and IT pros should reference the appropriate documentation library for the issues they're seeing, such as the [configure the Load and unload device drivers security policy setting](/windows/device-security/security-policy-settings/load-and-unload-device-drivers) and how to [deploy drivers during Windows 10 deployment using Microsoft Configuration Manager](/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager).
The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine.
The [Windows 10 IT pro troubleshooting article](/windows/client-management/windows-10-support-solutions), and the main [Windows 10 documentation library](/windows/windows-10/) can also be helpful for resolving issues.
This section can be hidden from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
This section can be hidden from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
## Hide the Device performance & health section
@ -23,11 +21,11 @@ This section can be hidden only by using Group Policy.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
1. Expand the tree to **Windows components > Windows Security > Device performance and health**.
1. Open the **Hide the Device performance and health area** setting and set it to **Enabled**. Select **OK**.
1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:

34
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
View File

@ -1,7 +1,7 @@
---
title: Device security in Windows Security
description: Use the Device security section to manage security built into your device, including Virtualization-based security.
ms.date: 08/11/2023
ms.date: 06/27/2024
ms.topic: how-to
---
@ -9,7 +9,7 @@ ms.topic: how-to
The **Device security** section contains information and settings for built-in device security.
You can choose to hide the section from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
You can choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
## Hide the Device security section
@ -18,11 +18,11 @@ You can choose to hide the entire section by using Group Policy. The section won
> [!IMPORTANT]
> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
2. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
3. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
4. Open the **Hide the Device security area** setting and set it to **Enabled**. Select **OK**.
5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
1. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
1. Open the **Hide the Device security area** setting and set it to **Enabled**. Select **OK**.
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
@ -36,18 +36,18 @@ If you don't want users to be able to select the **Clear TPM** button in **Windo
> [!IMPORTANT]
> You must have Windows 10, version 1809 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
2. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
3. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
4. Open the **Disable the Clear TPM button** setting and set it to **Enabled**. Select **OK**.
5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
1. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
1. Open the **Disable the Clear TPM button** setting and set it to **Enabled**. Select **OK**.
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
## Hide the TPM Firmware Update recommendation
If you don't want users to see the recommendation to update TPM firmware, you can disable it.
1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
2. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
3. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
4. Open the **Hide the TPM Firmware Update recommendation** setting and set it to **Enabled**. Select **OK**.
5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
1. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
1. Open the **Hide the TPM Firmware Update recommendation** setting and set it to **Enabled**. Select **OK**.
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.

9
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
View File

@ -1,18 +1,17 @@
---
title: Family options in Windows Security
description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments.
ms.date: 08/11/2023
ms.date: 06/27/2024
ms.topic: how-to
---
# Family options
The **Family options** section contains links to settings and further information for parents of a Windows PC. It isn't intended for enterprise or business environments.
Home users can learn more at the [Help protection your family online in Windows Security article at support.microsoft.com](https://support.microsoft.com/help/4013209/windows-10-protect-your-family-online-in-windows-defender)
This section can be hidden from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to this section.
This section can be hidden from users of the machine. This option can be useful if you don't want users in your organization to see or have access to this section.
## Hide the Family options section
@ -23,11 +22,11 @@ This section can be hidden only by using Group Policy.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
1. Expand the tree to **Windows components > Windows Security > Family options**.
1. Open the **Hide the Family options area** setting and set it to **Enabled**. Select **OK**.
1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:

10
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
View File

@ -1,15 +1,15 @@
---
title: Firewall and network protection in Windows Security
description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
ms.date: 08/11/2023
ms.date: 06/27/2024
ms.topic: how-to
---
# Firewall and network protection
The **Firewall & network protection** section contains information about the firewalls and network connections used by the machine, including the status of Windows Defender Firewall and any other non-Microsoft firewalls. IT administrators and IT pros can get configuration guidance from the [Windows Defender Firewall with Advanced Security documentation library](../../network-security/windows-firewall/index.md).
The **Firewall & network protection** section contains information about the firewalls and network connections used by the machine, including the status of Windows Firewall and any other non-Microsoft firewalls. IT administrators and IT pros can get configuration guidance from the [Windows Firewall with Advanced Security documentation library](../../network-security/windows-firewall/index.md).
This section can be hidden from users of the machine. This information is useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
This section can be hidden from users of the machine. This information is useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
## Hide the Firewall & network protection section
@ -20,11 +20,11 @@ This section can be hidden only by using Group Policy.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management machine, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and select **Edit**.
1. On your Group Policy management machine, open the Group Policy Management Console. Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
1. Expand the tree to **Windows components > Windows Security > Firewall and network protection**.
1. Open the **Hide the Firewall and network protection area** setting and set it to **Enabled**. Select **OK**.
1. Deploy the updated GPO as you normally do.
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:

28
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
View File

@ -1,7 +1,7 @@
---
title: Hide notifications from Windows Security
description: Prevent Windows Security notifications from appearing on user endpoints
ms.date: 07/31/2023
ms.date: 06/27/2024
ms.topic: how-to
---
@ -9,18 +9,18 @@ ms.topic: how-to
**Windows Security** is used by many Windows security features to provide notifications about the health and security of the machine. These include notifications about firewalls, antivirus products, Windows Defender SmartScreen, and others.
In some cases, it may not be appropriate to show these notifications, for example, if you want to hide regular status updates, or if you want to hide all notifications to the employees in your organization.
In some cases, it may not be appropriate to show these notifications, for example, if you want to hide regular status updates, or if you want to hide all notifications to the users in your organization.
There are two levels to hiding notifications:
1. Hide non-critical notifications, such as regular updates about the number of scans Microsoft Defender Antivirus ran in the past week
2. Hide all notifications
1. Hide noncritical notifications, such as regular updates about the number of scans Microsoft Defender Antivirus ran in the past week
1. Hide all notifications
If you set **Hide all notifications** to **Enabled**, changing the **Hide non-critical notifications** setting has no effect.
You can only use Group Policy to change these settings.
## Use Group Policy to hide non-critical notifications
## Use Group Policy to hide noncritical notifications
You can hide notifications that describe regular events related to the health and security of the machine. These notifications are the ones that don't require an action from the machine's user. It can be useful to hide these notifications if you find they're too numerous or you have other status reporting on a larger scale (such as Windows Update for Business reports or Microsoft Configuration Manager reporting).
@ -30,11 +30,11 @@ These notifications can be hidden only by using Group Policy.
> You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. Download the latest [Administrative Templates (.admx) for Windows 10, v2004](https://www.microsoft.com/download/101445).
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
1. Expand the tree to **Windows components > Windows Security > Notifications**. For Windows 10 version 1803 and below, the path would be **Windows components > Windows Defender Security Center > Notifications**
1. Open the **Hide non-critical notifications** setting and set it to **Enabled**. Select **OK**.
1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
## Use Group Policy to hide all notifications
@ -45,7 +45,7 @@ These notifications can be hidden only by using Group Policy.
> [!IMPORTANT]
> You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
1. Expand the tree to **Windows components > Windows Security > Notifications**. For Windows 10 version 1803 and below, the path would be **Windows components > Windows Defender Security Center > Notifications**.
@ -53,7 +53,7 @@ These notifications can be hidden only by using Group Policy.
> For Windows 10 version 2004 and above the path would be **Windows components > Windows Security > Notifications**.
1. Open the **Hide all notifications** setting and set it to **Enabled**. Select **OK**.
1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> You can use the following registry key and DWORD value to **Hide all notifications**.
@ -90,14 +90,14 @@ These notifications can be hidden only by using Group Policy.
| OS support ended, device at risk | Support for your version of Windows has ended. Microsoft Defender Antivirus is no longer supported, and your device might be at risk. | SUPPORT_ENDED _and_ SUPPORT_ENDED_NO_DEFENDER | Yes |Virus & threat protection notification|
| Summary notification, items found | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. Your device was scanned _n_ times. | RECAP_FOUND_THREATS_SCANNED | No |Virus & threat protection notification|
| Summary notification, items found, no scan count | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. | RECAP_FOUND_THREATS | No |Virus & threat protection notification|
| Summary notification, **no** items found, scans performed | Microsoft Defender Antivirus didn't find any threats since your last summary. Your device was scanned _n_ times. | RECAP_NO THREATS_SCANNED | No |Virus & threat protection notification|
| Summary notification, **no** items found, scans performed | Microsoft Defender Antivirus didn't find any threats since your last summary. Your device was scanned _n_ times. | RECAP_NO THREATS_SCANNED | No |Virus & threat protection notification|
| Summary notification, **no** items found, no scans | Microsoft Defender Antivirus didn't find any threats since your last summary. | RECAP_NO_THREATS | No |Virus & threat protection notification|
| Scan finished, manual, threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_, and took action against threats. | RECENT_SCAN_FOUND_THREATS | No |Virus & threat protection notification|
| Scan finished, manual, **no** threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_. No threats were found. | RECENT_SCAN_NO_THREATS | No |Virus & threat protection notification|
| Scan finished, manual, **no** threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_. No threats were found. | RECENT_SCAN_NO_THREATS | No |Virus & threat protection notification|
| Threat found | Microsoft Defender Antivirus found threats. Get details. | CRITICAL | No |Virus & threat protection notification|
| LPS on notification | Microsoft Defender Antivirus is periodically scanning your device. You're also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No |Virus & threat protection notification|
| Long running BaFS | Your IT administrator requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS | No |Firewall and network protection notification|
| Long running BaFS customized | _Company_ requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
| LPS on notification | Microsoft Defender Antivirus is periodically scanning your device. You're also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No |Virus & threat protection notification|
| Long running BaFS | Your IT administrator requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS | No |Firewall and network protection notification|
| Long running BaFS customized | _Company_ requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
| Sense detection | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED | No |Firewall and network protection notification|
| Sense detection customized | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
| Ransomware specific detection | Microsoft Defender Antivirus has detected threats, which may include ransomware. | WDAV_RANSOMWARE_DETECTED | No |Virus & threat protection notification|

20
windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
View File

@ -1,15 +1,13 @@
---
title: Virus and threat protection in Windows Security
description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party AV products.
ms.date: 08/11/2023
ms.topic: conceptual
description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party antivirus products.
ms.date: 06/27/2024
ms.topic: how-to
---
# Virus and threat protection
The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party AV products.
In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. These settings include Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions if there's a ransomware attack.
The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party antivirus products. These settings include Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions if there's a ransomware attack.
IT administrators and IT pros can get more configuration information from these articles:
@ -20,7 +18,7 @@ IT administrators and IT pros can get more configuration information from these
- [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365)
- [Ransomware detection and recovering your files](https://support.office.com/article/ransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f?ui=en-US&rs=en-US&ad=US)
You can hide the **Virus & threat protection** section or the **Ransomware protection** area from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for these features.
You can hide the **Virus & threat protection** section or the **Ransomware protection** area from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for these features.
## Hide the Virus & threat protection section
@ -31,11 +29,11 @@ This section can be hidden only by using Group Policy.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
1. Expand the tree to **Windows components > Windows Security > Virus and threat protection**.
1. Open the **Hide the Virus and threat protection area** setting and set it to **Enabled**. Select **OK**.
1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
> [!NOTE]
> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
@ -51,8 +49,8 @@ This area can be hidden only by using Group Policy.
> [!IMPORTANT]
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
1. Expand the tree to **Windows components > Windows Security > Virus and threat protection**.
1. Open the **Hide the Ransomware data recovery area** setting and set it to **Enabled**. Select **OK**.
1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.

14
windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
View File

@ -1,21 +1,17 @@
---
title: Windows Security
description: Windows Security brings together common Windows security features into one place.
ms.date: 08/11/2023
ms.date: 06/27/2024
ms.topic: conceptual
---
# Windows Security
This library describes **Windows Security** settings, and provides information on configuring certain features, including:
This article describes **Windows Security** settings, and provides information on configuring certain features, including:
- [Showing and customizing contact information](wdsc-customize-contact-information.md)
- [Hiding notifications](wdsc-hide-notifications.md)
In Windows 10, version 1709 and later, the settings also show information from third-party antivirus and firewall apps.
In Windows 10, version 1803, the settings have two new areas: **Account protection** and **Device security**.
![Screenshot of the Windows Security showing that the device is protected and five icons for each of the features.](images/security-center-home.png)
> [!NOTE]
@ -31,7 +27,7 @@ For more information about each section, options for configuring the sections, a
- [Virus & threat protection](wdsc-virus-threat-protection.md), which has information and access to antivirus ransomware protection settings and notifications, including Controlled folder access, and sign-in to Microsoft OneDrive.
- [Account protection](wdsc-account-protection.md), which has information and access to sign-in and account protection settings.
- [Firewall & network protection](wdsc-firewall-network-protection.md), which has information and access to firewall settings, including Windows Defender Firewall.
- [Firewall & network protection](wdsc-firewall-network-protection.md), which has information and access to firewall settings, including Windows Firewall.
- [App & browser control](wdsc-app-browser-control.md), covering Windows Defender SmartScreen settings and Exploit protection mitigations.
- [Device security](wdsc-device-security.md), which provides access to built-in device security settings.
- [Device performance & health](wdsc-device-performance-health.md), which has information about drivers, storage space, and general Windows Update issues.
@ -52,7 +48,7 @@ For more information about each section, options for configuring the sections, a
![Screenshot of the Start menu showing the results of a search for the Windows Security, the first option with a large shield symbol is selected.](images/security-center-start-menu.png)
- Open an area from Windows **Settings**.
- Open an area from Windows **Settings** > **Privacy & security** > **Windows Security**.
![Screenshot of Windows Settings showing the different areas available in the Windows Security.](images/settings-windows-defender-security-center-areas.png)
@ -88,4 +84,4 @@ If you disable any of the individual features, it prevents that feature from rep
> [!IMPORTANT]
> If you individually disable any of the services, it won't disable the other services or **Windows Security** itself.
For example, [using a third-party antivirus disables Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility). However, **Windows Security** still runs, shows its icon in the taskbar, and displays information about the other features, such as Windows Defender SmartScreen and Windows Defender Firewall.
For example, [using a third-party antivirus disables Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility). However, **Windows Security** still runs, shows its icon in the taskbar, and displays information about the other features, such as Windows Defender SmartScreen and Windows Firewall.