From 31bad6539ff77733b1739798e1e89f18249685c3 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:33:51 -0700 Subject: [PATCH 01/29] add note to address bar doc --- browsers/edge/group-policies/address-bar-settings-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/address-bar-settings-gp.md b/browsers/edge/group-policies/address-bar-settings-gp.md index c9cf088a60..016e64c3ee 100644 --- a/browsers/edge/group-policies/address-bar-settings-gp.md +++ b/browsers/edge/group-policies/address-bar-settings-gp.md @@ -18,6 +18,9 @@ ms.sitesec: library # Address bar +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Microsoft Edge, by default, shows a list of search suggestions in the address bar. You can minimize network connections from Microsoft Edge to Microsoft services by hiding the functionality of the Address bar drop-down list. You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: From d9374227e67e7157e0c09b7fac102a19569370e8 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:35:07 -0700 Subject: [PATCH 02/29] add note to adobe flash --- browsers/edge/group-policies/adobe-settings-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/adobe-settings-gp.md b/browsers/edge/group-policies/adobe-settings-gp.md index 5fc4021fce..36927b380c 100644 --- a/browsers/edge/group-policies/adobe-settings-gp.md +++ b/browsers/edge/group-policies/adobe-settings-gp.md @@ -18,6 +18,9 @@ ms.sitesec: library # Adobe Flash +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Adobe Flash Player still has a significant presence on the internet, such as digital ads. However, open standards, such as HTML5, provide many of the capabilities and functionalities becoming an alternative for content on the web. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content. To learn more about Microsoft’s plan for phasing out Flash from Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash]( https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article). From fd8ec935de7c0d0d826f9018a419e01eba7e8130 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:36:17 -0700 Subject: [PATCH 03/29] add note to books library --- browsers/edge/group-policies/books-library-management-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/books-library-management-gp.md b/browsers/edge/group-policies/books-library-management-gp.md index c8742367b6..07a8d0e80d 100644 --- a/browsers/edge/group-policies/books-library-management-gp.md +++ b/browsers/edge/group-policies/books-library-management-gp.md @@ -18,6 +18,9 @@ ms.sitesec: library # Books Library +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Microsoft Edge decreases the amount of storage used by book files by downloading them to a shared folder in Windows. You can configure Microsoft Edge to update the configuration data for the library automatically or gather diagnostic data, such as usage data. From f8b91d0812a75fe755121dd538158b755d9d6b7b Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:37:21 -0700 Subject: [PATCH 04/29] add note to browser settings --- browsers/edge/group-policies/browser-settings-management-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/browser-settings-management-gp.md b/browsers/edge/group-policies/browser-settings-management-gp.md index c4f392209e..89159d490d 100644 --- a/browsers/edge/group-policies/browser-settings-management-gp.md +++ b/browsers/edge/group-policies/browser-settings-management-gp.md @@ -18,6 +18,9 @@ ms.sitesec: library # Browser experience +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Not only do the other Microsoft Edge group policies enhance the browsing experience, but we also want to mention some of the other and common browsing experiences. For example, printing web content is a common browsing experience. However, if you want to prevent users from printing web content, Microsoft Edge has a group policy that allows you to prevent printing. The same goes for Pop-up Blocker; Microsoft Edge has a group policy that lets you prevent pop-up windows or let users choose to use Pop-up Blocker. You can use any one of the following group policies to continue enhancing the browsing experience for your users. From 8fc445a86e6856a42cc8e0d592b1d887bfa2c420 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:40:28 -0700 Subject: [PATCH 05/29] add note to developer tools --- browsers/edge/group-policies/developer-settings-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/developer-settings-gp.md b/browsers/edge/group-policies/developer-settings-gp.md index 67fce97c58..2383f8f333 100644 --- a/browsers/edge/group-policies/developer-settings-gp.md +++ b/browsers/edge/group-policies/developer-settings-gp.md @@ -18,6 +18,9 @@ ms.sitesec: library # Developer tools +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Microsoft Edge, by default, allows users to use the F12 developer tools as well as access the about:flags page. You can prevent users from using the F12 developer tools or from accessing the about:flags page. You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: From c2f27fcf13310ebba9542c41c6c14dc08c6a1a76 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:41:09 -0700 Subject: [PATCH 06/29] add note to extensions --- browsers/edge/group-policies/extensions-management-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/extensions-management-gp.md b/browsers/edge/group-policies/extensions-management-gp.md index 22ad6057c4..a69f976d40 100644 --- a/browsers/edge/group-policies/extensions-management-gp.md +++ b/browsers/edge/group-policies/extensions-management-gp.md @@ -18,6 +18,9 @@ ms.sitesec: library # Extensions +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Currently, Microsoft Edge allows users to add or personalize, and uninstall extensions. You can prevent users from uninstalling extensions or sideloading of extensions, which does not prevent sideloading using Add-AppxPackage via PowerShell. Allowing sideloading of extensions installs and runs unverified extensions. You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: From ceb2a8c9b455c907adadd1bbbb5309636919b819 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:41:51 -0700 Subject: [PATCH 07/29] add note to favorites --- browsers/edge/group-policies/favorites-management-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/favorites-management-gp.md b/browsers/edge/group-policies/favorites-management-gp.md index 58ce30eb7f..78131e021a 100644 --- a/browsers/edge/group-policies/favorites-management-gp.md +++ b/browsers/edge/group-policies/favorites-management-gp.md @@ -18,6 +18,9 @@ ms.sitesec: library # Favorites +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + You can customize the favorites bar, for example, you can turn off features such as Save a Favorite and Import settings, and hide or show the favorites bar on all pages. Another customization you can make is provisioning a standard list of favorites, including folders, to appear in addition to the user’s favorites. If it’s important to keep the favorites in both IE11 and Microsoft Edge synced, you can turn on syncing where changes to the list of favorites in one browser reflect in the other. >[!TIP] From bd4b3ec657ee2864769ab4c7e6521c88abbcebe0 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:42:35 -0700 Subject: [PATCH 08/29] add note to home button --- browsers/edge/group-policies/home-button-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/home-button-gp.md b/browsers/edge/group-policies/home-button-gp.md index 8993518748..47d016dd19 100644 --- a/browsers/edge/group-policies/home-button-gp.md +++ b/browsers/edge/group-policies/home-button-gp.md @@ -16,6 +16,9 @@ ms.topic: reference # Home button +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Microsoft Edge shows the home button, by default, and by clicking it the Start page loads. With the relevant Home button policies, you can configure the Home button to load the New tab page or a specific page. You can also configure Microsoft Edge to hide the home button. ## Relevant group policies From f78798073403d80a23b0dabd38f39152d8b385a6 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:43:43 -0700 Subject: [PATCH 09/29] add note to interop and enterprise mode --- .../group-policies/interoperability-enterprise-guidance-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md index 009ea51226..2fbd5caa4c 100644 --- a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md +++ b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md @@ -16,6 +16,9 @@ ms.topic: reference # Interoperability and enterprise mode guidance +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support. >[!TIP] From 79a383c78b740942d0e2b0a2cd5c23a4f5890140 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:46:03 -0700 Subject: [PATCH 10/29] add note to new tab page --- browsers/edge/group-policies/new-tab-page-settings-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/new-tab-page-settings-gp.md b/browsers/edge/group-policies/new-tab-page-settings-gp.md index 838228b705..1fa117d110 100644 --- a/browsers/edge/group-policies/new-tab-page-settings-gp.md +++ b/browsers/edge/group-policies/new-tab-page-settings-gp.md @@ -17,6 +17,9 @@ ms.topic: reference # New Tab page +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Microsoft Edge loads the default New tab page by default. With the relevant New Tab policies, you can set a URL to load in the New Tab page and prevent users from making changes. You can also load a blank page instead or let the users choose what loads. >[!NOTE] From b25b80dfb4e2a7058273432c08ca6b88ee5261fb Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:47:42 -0700 Subject: [PATCH 11/29] add note to prelaunch and preload --- browsers/edge/group-policies/prelaunch-preload-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/prelaunch-preload-gp.md b/browsers/edge/group-policies/prelaunch-preload-gp.md index 3f41505fce..9993abc25c 100644 --- a/browsers/edge/group-policies/prelaunch-preload-gp.md +++ b/browsers/edge/group-policies/prelaunch-preload-gp.md @@ -13,6 +13,9 @@ ms.topic: reference # Prelaunch Microsoft Edge and preload tabs in the background +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. You can also configure Microsoft Edge to prevent Microsoft Edge from pre-launching. Additionally, Microsoft Edge preloads the Start and New Tab pages during Windows sign in, which minimizes the amount of time required to start Microsoft Edge and load a new tab. You can also configure Microsoft Edge to prevent preloading of tabs. From 5d3d3c024ca6af7b086b2ce370bae5dc7cb0120c Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:48:20 -0700 Subject: [PATCH 12/29] add note to search engine cust --- browsers/edge/group-policies/search-engine-customization-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/search-engine-customization-gp.md b/browsers/edge/group-policies/search-engine-customization-gp.md index 52cf1ca380..0aa2c8486b 100644 --- a/browsers/edge/group-policies/search-engine-customization-gp.md +++ b/browsers/edge/group-policies/search-engine-customization-gp.md @@ -13,6 +13,9 @@ ms.topic: reference # Search engine customization +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Microsoft Edge, by default, uses the search engine specified in App settings, which lets users make changes. You can prevent users from making changes and still use the search engine specified in App settings by disabling the Allow search engine customization policy. You can also use the policy-set search engine specified in the OpenSearch XML file in which you can configure up to five additional search engines and setting any one of them as the default. ## Relevant group policies From 724adbddbf5f053bd2a6c773c4d923a417d39589 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:49:00 -0700 Subject: [PATCH 13/29] add note to sec and privacy --- browsers/edge/group-policies/security-privacy-management-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/security-privacy-management-gp.md b/browsers/edge/group-policies/security-privacy-management-gp.md index 66fc6f99a7..91d2387988 100644 --- a/browsers/edge/group-policies/security-privacy-management-gp.md +++ b/browsers/edge/group-policies/security-privacy-management-gp.md @@ -13,6 +13,9 @@ ms.topic: reference # Security and privacy +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Microsoft Edge is designed with improved security in mind, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. Because Microsoft Edge is designed like a Universal Windows app, changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the different content processes all live within app container sandboxes. Microsoft Edge runs in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes on a 64-bit system. From f632dceff863d23f3b4051c5511cf24fcf21e7c0 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:49:33 -0700 Subject: [PATCH 14/29] add note to start pages --- browsers/edge/group-policies/start-pages-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/start-pages-gp.md b/browsers/edge/group-policies/start-pages-gp.md index 4b9682362f..77c35dfae0 100644 --- a/browsers/edge/group-policies/start-pages-gp.md +++ b/browsers/edge/group-policies/start-pages-gp.md @@ -16,6 +16,9 @@ ms.topic: reference # Start pages +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Microsoft Edge loads the pages specified in App settings as the default Start pages. With the relevant Start pages policies, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes. ## Relevant group policies From e520f04ad969e9e351ca9b2b813a96a4bb47fe4f Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:50:07 -0700 Subject: [PATCH 15/29] add note to sync browser --- browsers/edge/group-policies/sync-browser-settings-gp.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/browsers/edge/group-policies/sync-browser-settings-gp.md b/browsers/edge/group-policies/sync-browser-settings-gp.md index fc5a62e81c..11d7190da9 100644 --- a/browsers/edge/group-policies/sync-browser-settings-gp.md +++ b/browsers/edge/group-policies/sync-browser-settings-gp.md @@ -13,6 +13,8 @@ ms.topic: reference # Sync browser settings +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. From 7bbca0f0e8d8585691c2713767a75852879cf90f Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 13:50:48 -0700 Subject: [PATCH 16/29] add note to telemetry --- browsers/edge/group-policies/telemetry-management-gp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/group-policies/telemetry-management-gp.md b/browsers/edge/group-policies/telemetry-management-gp.md index a14fc3aaf6..19d10a1830 100644 --- a/browsers/edge/group-policies/telemetry-management-gp.md +++ b/browsers/edge/group-policies/telemetry-management-gp.md @@ -13,6 +13,9 @@ ms.topic: reference # Telemetry and data collection +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). + Microsoft Edge gathers diagnostic data, intranet history, internet history, tracking information of sites visited, and Live Tile metadata. You can configure Microsoft Edge to collect all or none of this information. You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: From f21451c80ebd836a0bc28c247d34f19fb3d88af1 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Tue, 8 Oct 2019 14:20:27 -0700 Subject: [PATCH 17/29] make note link agnostic --- browsers/edge/group-policies/address-bar-settings-gp.md | 2 +- browsers/edge/group-policies/adobe-settings-gp.md | 2 +- browsers/edge/group-policies/books-library-management-gp.md | 2 +- browsers/edge/group-policies/browser-settings-management-gp.md | 2 +- browsers/edge/group-policies/developer-settings-gp.md | 2 +- browsers/edge/group-policies/extensions-management-gp.md | 2 +- browsers/edge/group-policies/favorites-management-gp.md | 2 +- browsers/edge/group-policies/home-button-gp.md | 2 +- .../group-policies/interoperability-enterprise-guidance-gp.md | 2 +- browsers/edge/group-policies/new-tab-page-settings-gp.md | 2 +- browsers/edge/group-policies/prelaunch-preload-gp.md | 2 +- browsers/edge/group-policies/search-engine-customization-gp.md | 2 +- browsers/edge/group-policies/security-privacy-management-gp.md | 2 +- browsers/edge/group-policies/start-pages-gp.md | 2 +- browsers/edge/group-policies/sync-browser-settings-gp.md | 2 +- browsers/edge/group-policies/telemetry-management-gp.md | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/browsers/edge/group-policies/address-bar-settings-gp.md b/browsers/edge/group-policies/address-bar-settings-gp.md index 016e64c3ee..d718092a90 100644 --- a/browsers/edge/group-policies/address-bar-settings-gp.md +++ b/browsers/edge/group-policies/address-bar-settings-gp.md @@ -19,7 +19,7 @@ ms.sitesec: library # Address bar > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Microsoft Edge, by default, shows a list of search suggestions in the address bar. You can minimize network connections from Microsoft Edge to Microsoft services by hiding the functionality of the Address bar drop-down list. diff --git a/browsers/edge/group-policies/adobe-settings-gp.md b/browsers/edge/group-policies/adobe-settings-gp.md index 36927b380c..7d9d3e6652 100644 --- a/browsers/edge/group-policies/adobe-settings-gp.md +++ b/browsers/edge/group-policies/adobe-settings-gp.md @@ -19,7 +19,7 @@ ms.sitesec: library # Adobe Flash > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Adobe Flash Player still has a significant presence on the internet, such as digital ads. However, open standards, such as HTML5, provide many of the capabilities and functionalities becoming an alternative for content on the web. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content. diff --git a/browsers/edge/group-policies/books-library-management-gp.md b/browsers/edge/group-policies/books-library-management-gp.md index 07a8d0e80d..b2689d9638 100644 --- a/browsers/edge/group-policies/books-library-management-gp.md +++ b/browsers/edge/group-policies/books-library-management-gp.md @@ -19,7 +19,7 @@ ms.sitesec: library # Books Library > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Microsoft Edge decreases the amount of storage used by book files by downloading them to a shared folder in Windows. You can configure Microsoft Edge to update the configuration data for the library automatically or gather diagnostic data, such as usage data. diff --git a/browsers/edge/group-policies/browser-settings-management-gp.md b/browsers/edge/group-policies/browser-settings-management-gp.md index 89159d490d..2301806f5f 100644 --- a/browsers/edge/group-policies/browser-settings-management-gp.md +++ b/browsers/edge/group-policies/browser-settings-management-gp.md @@ -19,7 +19,7 @@ ms.sitesec: library # Browser experience > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Not only do the other Microsoft Edge group policies enhance the browsing experience, but we also want to mention some of the other and common browsing experiences. For example, printing web content is a common browsing experience. However, if you want to prevent users from printing web content, Microsoft Edge has a group policy that allows you to prevent printing. The same goes for Pop-up Blocker; Microsoft Edge has a group policy that lets you prevent pop-up windows or let users choose to use Pop-up Blocker. You can use any one of the following group policies to continue enhancing the browsing experience for your users. diff --git a/browsers/edge/group-policies/developer-settings-gp.md b/browsers/edge/group-policies/developer-settings-gp.md index 2383f8f333..67c6d1284c 100644 --- a/browsers/edge/group-policies/developer-settings-gp.md +++ b/browsers/edge/group-policies/developer-settings-gp.md @@ -19,7 +19,7 @@ ms.sitesec: library # Developer tools > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Microsoft Edge, by default, allows users to use the F12 developer tools as well as access the about:flags page. You can prevent users from using the F12 developer tools or from accessing the about:flags page. diff --git a/browsers/edge/group-policies/extensions-management-gp.md b/browsers/edge/group-policies/extensions-management-gp.md index a69f976d40..dc9b9406b4 100644 --- a/browsers/edge/group-policies/extensions-management-gp.md +++ b/browsers/edge/group-policies/extensions-management-gp.md @@ -19,7 +19,7 @@ ms.sitesec: library # Extensions > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Currently, Microsoft Edge allows users to add or personalize, and uninstall extensions. You can prevent users from uninstalling extensions or sideloading of extensions, which does not prevent sideloading using Add-AppxPackage via PowerShell. Allowing sideloading of extensions installs and runs unverified extensions. diff --git a/browsers/edge/group-policies/favorites-management-gp.md b/browsers/edge/group-policies/favorites-management-gp.md index 78131e021a..9a022da181 100644 --- a/browsers/edge/group-policies/favorites-management-gp.md +++ b/browsers/edge/group-policies/favorites-management-gp.md @@ -19,7 +19,7 @@ ms.sitesec: library # Favorites > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). You can customize the favorites bar, for example, you can turn off features such as Save a Favorite and Import settings, and hide or show the favorites bar on all pages. Another customization you can make is provisioning a standard list of favorites, including folders, to appear in addition to the user’s favorites. If it’s important to keep the favorites in both IE11 and Microsoft Edge synced, you can turn on syncing where changes to the list of favorites in one browser reflect in the other. diff --git a/browsers/edge/group-policies/home-button-gp.md b/browsers/edge/group-policies/home-button-gp.md index 47d016dd19..8f498a5d58 100644 --- a/browsers/edge/group-policies/home-button-gp.md +++ b/browsers/edge/group-policies/home-button-gp.md @@ -17,7 +17,7 @@ ms.topic: reference # Home button > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Microsoft Edge shows the home button, by default, and by clicking it the Start page loads. With the relevant Home button policies, you can configure the Home button to load the New tab page or a specific page. You can also configure Microsoft Edge to hide the home button. diff --git a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md index 2fbd5caa4c..f1a0929bb3 100644 --- a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md +++ b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md @@ -17,7 +17,7 @@ ms.topic: reference # Interoperability and enterprise mode guidance > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support. diff --git a/browsers/edge/group-policies/new-tab-page-settings-gp.md b/browsers/edge/group-policies/new-tab-page-settings-gp.md index 1fa117d110..2f61f0bd35 100644 --- a/browsers/edge/group-policies/new-tab-page-settings-gp.md +++ b/browsers/edge/group-policies/new-tab-page-settings-gp.md @@ -18,7 +18,7 @@ ms.topic: reference # New Tab page > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Microsoft Edge loads the default New tab page by default. With the relevant New Tab policies, you can set a URL to load in the New Tab page and prevent users from making changes. You can also load a blank page instead or let the users choose what loads. diff --git a/browsers/edge/group-policies/prelaunch-preload-gp.md b/browsers/edge/group-policies/prelaunch-preload-gp.md index 9993abc25c..5c4bf7c5fe 100644 --- a/browsers/edge/group-policies/prelaunch-preload-gp.md +++ b/browsers/edge/group-policies/prelaunch-preload-gp.md @@ -14,7 +14,7 @@ ms.topic: reference # Prelaunch Microsoft Edge and preload tabs in the background > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. You can also configure Microsoft Edge to prevent Microsoft Edge from pre-launching. diff --git a/browsers/edge/group-policies/search-engine-customization-gp.md b/browsers/edge/group-policies/search-engine-customization-gp.md index 0aa2c8486b..480d0e275f 100644 --- a/browsers/edge/group-policies/search-engine-customization-gp.md +++ b/browsers/edge/group-policies/search-engine-customization-gp.md @@ -14,7 +14,7 @@ ms.topic: reference # Search engine customization > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Microsoft Edge, by default, uses the search engine specified in App settings, which lets users make changes. You can prevent users from making changes and still use the search engine specified in App settings by disabling the Allow search engine customization policy. You can also use the policy-set search engine specified in the OpenSearch XML file in which you can configure up to five additional search engines and setting any one of them as the default. diff --git a/browsers/edge/group-policies/security-privacy-management-gp.md b/browsers/edge/group-policies/security-privacy-management-gp.md index 91d2387988..033d73b50e 100644 --- a/browsers/edge/group-policies/security-privacy-management-gp.md +++ b/browsers/edge/group-policies/security-privacy-management-gp.md @@ -14,7 +14,7 @@ ms.topic: reference # Security and privacy > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Microsoft Edge is designed with improved security in mind, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. Because Microsoft Edge is designed like a Universal Windows app, changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the different content processes all live within app container sandboxes. diff --git a/browsers/edge/group-policies/start-pages-gp.md b/browsers/edge/group-policies/start-pages-gp.md index 77c35dfae0..5ea55bba9f 100644 --- a/browsers/edge/group-policies/start-pages-gp.md +++ b/browsers/edge/group-policies/start-pages-gp.md @@ -17,7 +17,7 @@ ms.topic: reference # Start pages > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Microsoft Edge loads the pages specified in App settings as the default Start pages. With the relevant Start pages policies, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes. diff --git a/browsers/edge/group-policies/sync-browser-settings-gp.md b/browsers/edge/group-policies/sync-browser-settings-gp.md index 11d7190da9..cdce19d2e5 100644 --- a/browsers/edge/group-policies/sync-browser-settings-gp.md +++ b/browsers/edge/group-policies/sync-browser-settings-gp.md @@ -14,7 +14,7 @@ ms.topic: reference # Sync browser settings > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. diff --git a/browsers/edge/group-policies/telemetry-management-gp.md b/browsers/edge/group-policies/telemetry-management-gp.md index 19d10a1830..fb3329f960 100644 --- a/browsers/edge/group-policies/telemetry-management-gp.md +++ b/browsers/edge/group-policies/telemetry-management-gp.md @@ -14,7 +14,7 @@ ms.topic: reference # Telemetry and data collection > [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/index?). +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). Microsoft Edge gathers diagnostic data, intranet history, internet history, tracking information of sites visited, and Live Tile metadata. You can configure Microsoft Edge to collect all or none of this information. From 8ab24a56b898781d30547f541ce8a7bdd14ae94c Mon Sep 17 00:00:00 2001 From: Rebecca Agiewich Date: Tue, 8 Oct 2019 15:39:45 -0700 Subject: [PATCH 18/29] fixed spelling error --- .../hello-for-business/hello-errors-during-pin-creation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index daf03b598f..cf4016e37e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -60,7 +60,7 @@ If the error occurs again, check the error code against the following table to s 0x80090036 -User cancelled an interactive dialog +User canceled an interactive dialog User will be asked to try again From 25923dd4b2c9f609fee3a143a2c5f0d48c7aa2bd Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Tue, 8 Oct 2019 16:58:01 -0700 Subject: [PATCH 19/29] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...perating-system-components-to-microsoft-services-using-MDM.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 8211fc3089..9470e33324 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -164,6 +164,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt |client.wns.windows.com| |crl.microsoft.com/pki/crl/*| |ctldl.windowsupdate.com| +|*displaycatalog.mp.microsoft.com| |dm3p.wns.windows.com| |\*microsoft.com/pkiops/\*| |ocsp.digicert.com/*| From e7116a24e78928885312f371b0ded965c364e27c Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Tue, 8 Oct 2019 17:10:04 -0700 Subject: [PATCH 20/29] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...perating-system-components-to-microsoft-services-using-MDM.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 9470e33324..f74bd5bfa6 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -138,6 +138,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt 1. **Windows Defender** 1. [Defender/AllowCloudProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection). Disconnect from the Microsoft Antimalware Protection Service. **Set to 0 (zero)** 1. [Defender/SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent). Stop sending file samples back to Microsoft. **Set to 2 (two)** + 1. [Defender/EnableSmartScreenInShell](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings#mdm-settings). Turns off SmartScreen in Windows for app and file execution. **Set to 0 (zero)** 1. Windows Defender Smartscreen - [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen). Disable Windows Defender Smartscreen. **Set to 0 (zero)** 1. Windows Defender Smartscreen EnableAppInstallControl - [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol). Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)** 1. Windows Defender Potentially Unwanted Applications(PUA) Protection - [Defender/PUAProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-puaprotection). Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)** From 3ae0eead8c8fae1ff1b6a5b3dcbaf689f1fe4bd3 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Tue, 8 Oct 2019 17:38:54 -0700 Subject: [PATCH 21/29] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...perating-system-components-to-microsoft-services.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 6914061b54..5f7979787c 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1437,15 +1437,15 @@ To turn this Off in the UI: -OR- -- Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)** +- Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 2 (two)** -and- -- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)** +- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 2 (two)** -and- -- Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)** +- Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 2 (two)** ### 18.23 Voice Activation @@ -1466,11 +1466,11 @@ To turn this Off in the UI: -OR- -- Create a REG_DWORD registry setting named **LetAppsActivateWithVoice** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)** +- Create a REG_DWORD registry setting named **LetAppsActivateWithVoice** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)** -and- -- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)** +- Create a REG_DWORD registry setting named **LetAppsActivateWithVoiceAboveLock** in HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppPrivacy with a **value of 2 (two)** From 1fabc089d0e548a10c2e5bc1b146217983a26e3f Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Tue, 8 Oct 2019 17:40:07 -0700 Subject: [PATCH 22/29] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 5f7979787c..c602f4f148 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1470,7 +1470,7 @@ To turn this Off in the UI: -and- -- Create a REG_DWORD registry setting named **LetAppsActivateWithVoiceAboveLock** in HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppPrivacy with a **value of 2 (two)** +- Create a REG_DWORD registry setting named **LetAppsActivateWithVoiceAboveLock** in **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppPrivacy** with a **value of 2 (two)** From 4dcea5448fe2a7922a88ad4d59c9b26430cecf36 Mon Sep 17 00:00:00 2001 From: lomayor Date: Tue, 8 Oct 2019 17:59:54 -0700 Subject: [PATCH 23/29] AH-SEO --- .../advanced-hunting-alertevents-table.md | 12 ++++++------ .../advanced-hunting-best-practices.md | 8 ++++---- .../advanced-hunting-filecreationevents-table.md | 10 +++++----- .../advanced-hunting-imageloadevents-table.md | 10 +++++----- .../advanced-hunting-logonevents-table.md | 10 +++++----- .../advanced-hunting-machineinfo-table.md | 10 +++++----- .../advanced-hunting-machinenetworkinfo-table.md | 10 +++++----- .../advanced-hunting-miscevents-table.md | 12 ++++++------ ...anced-hunting-networkcommunicationevents-table.md | 10 +++++----- .../advanced-hunting-processcreationevents-table.md | 10 +++++----- .../advanced-hunting-reference.md | 6 +++--- .../advanced-hunting-registryevents-table.md | 10 +++++----- .../advanced-hunting-shared-queries.md | 8 ++++---- .../microsoft-defender-atp/advanced-hunting.md | 6 +++--- .../microsoft-defender-atp/overview-hunting.md | 5 +++-- 15 files changed, 69 insertions(+), 68 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md index 2904a8e60e..fa1d929b79 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md @@ -1,21 +1,21 @@ --- -title: AlertEvents table in the advanced hunting schema -description: Learn about the AlertEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, alertevent +title: AlertEvents table in the Advanced hunting schema +description: Learn about alert generation events in the AlertEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, alertevents, alert, severity, category search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # AlertEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 5acedaa5f1..05e285ca16 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -1,7 +1,7 @@ --- -title: Advanced hunting best practices in Microsoft Defender ATP -description: Learn about Advanced hunting best practices such as what filters and keywords to use to effectively query data. -keywords: advanced hunting, best practices, keyword, filters, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, kusto +title: Query best practices for Advanced hunting +description: Learn how to construct fast, efficient, and error-free threat hunting queries when using Advanced hunting +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, custom detections, schema, kusto, avoid timeout, command lines, process id search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/25/2019 +ms.date: 10/08/2019 --- # Advanced hunting query best practices diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md index 04b9c39707..2d482ec3ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md @@ -1,21 +1,21 @@ --- title: FileCreationEvents table in the Advanced hunting schema -description: Learn about the FileCreationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, filecreationevents +description: Learn about file-related events in the FileCreationEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, filecreationevents, files, path, hash, sha1, sha256, md5 search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # FileCreationEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md index 6f682f0578..c9726c95ad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md @@ -1,21 +1,21 @@ --- title: ImageLoadEvents table in the Advanced hunting schema -description: Learn about the ImageLoadEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, imageloadevents +description: Learn about DLL loading events in the ImageLoadEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, imageloadevents, DLL loading, library, file image search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # ImageLoadEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md index 0ef85d6027..795a3bb3f0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md @@ -1,21 +1,21 @@ --- title: LogonEvents table in the Advanced hunting schema -description: Learn about the LogonEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, logonevents +description: Learn about authentication or sign-in events in the LogonEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, logonevents, authentication, logon, sign in search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # LogonEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md index 5dd8272cc3..6ddae6ac6d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md @@ -1,21 +1,21 @@ --- title: MachineInfo table in the Advanced hunting schema -description: Learn about the MachineInfo table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machineinfo +description: Learn about OS, computer name, and other machine information in the MachineInfo table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, machineinfo, device, machine, OS, platform, users search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # MachineInfo diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md index 6ed1b6e9b3..e9a9f9f1b8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md @@ -1,21 +1,21 @@ --- title: MachineNetworkInfo table in the Advanced hunting schema -description: Learn about the MachineNetworkInfo table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machinenetworkinfo +description: Learn about network configuration information in the MachineNetworkInfo table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, machinenetworkinfo, device, machine, mac, ip, adapter, dns, dhcp, gateway, tunnel search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # MachineNetworkInfo diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md index 6a3f93d80f..e26dbbdf0e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md @@ -1,21 +1,21 @@ --- title: MiscEvents table in the advanced hunting schema -description: Learn about the MiscEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, miscEvents +description: Learn about antivirus, firewall, and other event types in the miscellaneous events (MiscEvents) table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, security events, antivirus, firewall, exploit guard search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # MiscEvents @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The MiscEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table. +The miscellaneous events or MiscEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table. For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md index b1f12de327..9d2c7a81f7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md @@ -1,21 +1,21 @@ --- title: NetworkCommunicationEvents table in the Advanced hunting schema -description: Learn about the NetworkCommunicationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, networkcommunicationevents +description: Learn about network connection events you can query from the NetworkCommunicationEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, networkcommunicationevents, network connection, remote ip, local ip search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # NetworkCommunicationEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md index 84aeeafcd5..6c25801d28 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md @@ -1,21 +1,21 @@ --- title: ProcessCreationEvents table in the Advanced hunting schema -description: Learn about the ProcessCreationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, processcreationevents +description: Learn about the process spawning or creation events in the ProcessCreationEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, processcreationevents, process id, command line search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # ProcessCreationEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md index 88124e8c37..d5c8fe8da7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md @@ -1,7 +1,7 @@ --- title: Advanced hunting schema reference -description: Learn about the tables in the advanced hunting schema -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description +description: Learn about the tables in the Advanced hunting schema to understand the data you can run threat hunting queries on +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, data search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/25/2019 +ms.date: 10/08/2019 --- # Understand the Advanced hunting schema diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md index b5150e366e..ab9f9fce88 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md @@ -1,21 +1,21 @@ --- title: RegistryEvents table in the Advanced hunting schema -description: Learn about the RegistryEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, registryevents +description: Learn about registry events you can query from the RegistryEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, registryevents, registry, key, subkey, value search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # RegistryEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md index a7f66ba422..a41f6cefcc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md @@ -1,7 +1,7 @@ --- -title: Use shared queries in advanced hunting -description: Take advantage of shared advanced hunting queries. Share your queries to the public or to your organization. -keywords: advanced hunting, atp query, query atp data, atp telemetry, events, events telemetry, kusto, github repo +title: Use shared queries in Advanced hunting +description: Start threat hunting immediately with predefined and shared queries. Share your queries to the public or to your organization. +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, custom detections, schema, kusto, github repo, my queries, shared queries search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/25/2019 +ms.date: 10/08/2019 --- # Use shared queries in Advanced hunting diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md index 6ef8ce1994..863f35da47 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md @@ -1,7 +1,7 @@ --- title: Learn the Advanced hunting query language -description: Get an overview of the common operators and other aspects of the Advanced hunting query language you can use to formulate queries -keywords: advanced hunting, atp query, query atp data, atp telemetry, events, events telemetry, kusto +description: Create your first threat hunting query and learn about common operators and other aspects of the Advanced hunting query language +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, language, learn, first query, telemetry, events, telemetry, custom detections, schema, kusto, operators, data types search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/25/2019 +ms.date: 10/08/2019 --- # Learn the Advanced hunting query language diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md index ab47dc3981..e9d04dbc05 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md @@ -1,7 +1,7 @@ --- title: Overview of Advanced hunting -description: Hunt for possible threats across your organization using a powerful search and query tool -keywords: advanced hunting, hunting, search, query, tool, telemetry, custom detection, schema, kusto +description: Use threat hunting capabilities in Microsoft Defender ATP to build queries that find threats and weaknesses in your network +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, custom detections, schema, kusto search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,6 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article +ms.date: 10/08/2019 --- # Proactively hunt for threats with Advanced hunting From d37bd867525aad27f97da0875939906db7b092da Mon Sep 17 00:00:00 2001 From: lomayor Date: Tue, 8 Oct 2019 18:21:28 -0700 Subject: [PATCH 24/29] AH-SEO-optimization Legacy files renamed, redirected. Meta desc and keywords enhanced --- .openpublishing.redirection.json | 21 ++++++++++++++++--- windows/security/threat-protection/TOC.md | 6 +++--- .../advanced-hunting-alertevents-table.md | 10 ++++----- .../advanced-hunting-best-practices.md | 6 +++--- ...vanced-hunting-filecreationevents-table.md | 10 ++++----- .../advanced-hunting-imageloadevents-table.md | 10 ++++----- .../advanced-hunting-logonevents-table.md | 10 ++++----- .../advanced-hunting-machineinfo-table.md | 10 ++++----- ...vanced-hunting-machinenetworkinfo-table.md | 10 ++++----- .../advanced-hunting-miscevents-table.md | 10 ++++----- ...unting-networkcommunicationevents-table.md | 10 ++++----- ...unting.md => advanced-hunting-overview.md} | 8 +++---- ...ced-hunting-processcreationevents-table.md | 10 ++++----- ....md => advanced-hunting-query-language.md} | 6 +++--- .../advanced-hunting-registryevents-table.md | 10 ++++----- ...d => advanced-hunting-schema-reference.md} | 6 +++--- .../advanced-hunting-shared-queries.md | 6 +++--- .../attack-surface-reduction.md | 2 +- .../custom-detection-rules.md | 6 +++--- .../microsoft-defender-atp/evaluation-lab.md | 2 +- .../microsoft-defender-atp/manage-edr.md | 2 +- .../microsoft-defender-atp/oldTOC.txt | 6 +++--- .../overview-custom-detections.md | 4 ++-- .../microsoft-defender-atp/overview.md | 2 +- .../raw-data-export-event-hub.md | 4 ++-- .../raw-data-export-storage.md | 4 ++-- .../microsoft-defender-atp/raw-data-export.md | 8 +++---- .../run-advanced-query-api.md | 2 +- 28 files changed, 108 insertions(+), 93 deletions(-) rename windows/security/threat-protection/microsoft-defender-atp/{overview-hunting.md => advanced-hunting-overview.md} (93%) rename windows/security/threat-protection/microsoft-defender-atp/{advanced-hunting.md => advanced-hunting-query-language.md} (96%) rename windows/security/threat-protection/microsoft-defender-atp/{advanced-hunting-reference.md => advanced-hunting-schema-reference.md} (85%) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 8e4ac2faed..f634e4f591 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -877,7 +877,7 @@ }, { "source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language", "redirect_document_id": true }, { @@ -887,7 +887,22 @@ }, { "source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference", "redirect_document_id": true }, { @@ -1573,7 +1588,7 @@ }, { "source_path": "windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-hunting", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview", "redirect_document_id": true }, { diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index f6259064c6..ef12771132 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -107,11 +107,11 @@ ### [Threat analytics](microsoft-defender-atp/threat-analytics.md) ### [Advanced hunting]() -#### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md) -#### [Learn the query language](microsoft-defender-atp/advanced-hunting.md) +#### [Advanced hunting overview](microsoft-defender-atp/advanced-hunting-overview.md) +#### [Learn the query language](microsoft-defender-atp/advanced-hunting-query-language.md) #### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md) #### [Advanced hunting schema reference]() -##### [Understand the schema](microsoft-defender-atp/advanced-hunting-reference.md) +##### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md) ##### [AlertEvents](microsoft-defender-atp/advanced-hunting-alertevents-table.md) ##### [FileCreationEvents](microsoft-defender-atp/advanced-hunting-filecreationevents-table.md) ##### [ImageLoadEvents](microsoft-defender-atp/advanced-hunting-imageloadevents-table.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md index fa1d929b79..84eb799e45 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md @@ -26,9 +26,9 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The AlertEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from the table. +The AlertEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from the table. -For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). +For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md). | Column name | Data type | Description | |-------------|-----------|-------------| @@ -47,6 +47,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | Table | string | Table that contains the details of the event | ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) \ No newline at end of file +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 05e285ca16..10961a9499 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -88,6 +88,6 @@ ProcessCreationEvents >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink) ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) \ No newline at end of file +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md index 2d482ec3ba..957282b72c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md @@ -26,9 +26,9 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The FileCreationEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table. +The FileCreationEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table. -For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). +For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md). | Column name | Data type | Description | |-------------|-----------|-------------| @@ -73,6 +73,6 @@ For information on other tables in the Advanced hunting schema, see [the Advanc | IsAzureInfoProtectionApplied | boolean | Indicates whether the file is encrypted by Azure Information Protection | ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md index c9726c95ad..68ceff1055 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md @@ -26,9 +26,9 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The ImageLoadEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. +The ImageLoadEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. -For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). +For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md). | Column name | Data type | Description | |-------------|-----------|-------------| @@ -59,6 +59,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md index 795a3bb3f0..eb6044fda7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md @@ -26,9 +26,9 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The LogonEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table. +The LogonEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table. -For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). +For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md). | Column name | Data type | Description | |-------------|-----------|-------------| @@ -67,6 +67,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | IsLocalAdmin | boolean | Boolean indicator of whether the user is a local administrator on the machine | ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) \ No newline at end of file +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md index 6ddae6ac6d..a986602549 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md @@ -26,9 +26,9 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The MachineInfo table in the [Advanced hunting](overview-hunting.md) schema contains information about machines in the organization, including their OS version, active users, and computer name. Use this reference to construct queries that return information from the table. +The MachineInfo table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about machines in the organization, including their OS version, active users, and computer name. Use this reference to construct queries that return information from the table. -For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). +For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md). | Column name | Data type | Description | |-------------|-----------|-------------| @@ -48,6 +48,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | MachineGroup | string | Machine group of the machine. This group is used by role-based access control to determine access to the machine | ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md index e9a9f9f1b8..a09d2619f2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md @@ -26,9 +26,9 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The MachineNetworkInfo table in the [Advanced hunting](overview-hunting.md) schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table. +The MachineNetworkInfo table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table. -For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). +For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md). | Column name | Data type | Description | |-------------|-----------|-------------| @@ -49,6 +49,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | IPAddresses | string | JSON array containing all the IP addresses assigned to the adapter, along with their respective subnet prefix and IP address space, such as public, private, or link-local | ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md index e26dbbdf0e..2e6c3ad70f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md @@ -26,9 +26,9 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The miscellaneous events or MiscEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table. +The miscellaneous events or MiscEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table. -For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). +For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md). | Column name | Data type | Description | |-------------|-----------|-------------| @@ -80,6 +80,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md index 9d2c7a81f7..5485d2b86e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md @@ -26,9 +26,9 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The NetworkCommunicationEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about network connections and related events. Use this reference to construct queries that return information from the table. +The NetworkCommunicationEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about network connections and related events. Use this reference to construct queries that return information from the table. -For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). +For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md). | Column name | Data type | Description | |-------------|-----------|-------------| @@ -63,6 +63,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) \ No newline at end of file +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md similarity index 93% rename from windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md index e9d04dbc05..bccd87a2d8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md @@ -34,8 +34,8 @@ We recommend going through several steps to quickly get up and running with Adva | Learning goal | Description | Resource | |--|--|--| -| **Get a feel for the language** | Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/), supporting the same syntax and operators. Start learning the query language by running your first query. | [Query language overview](advanced-hunting.md) | -| **Understand the schema** | Get a good, high-level understanding of the tables in the schema and their columns. This will help you determine where to look for data and how to construct your queries. | [Schema reference](advanced-hunting-reference.md) | +| **Get a feel for the language** | Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/), supporting the same syntax and operators. Start learning the query language by running your first query. | [Query language overview](advanced-hunting-query-language.md) | +| **Understand the schema** | Get a good, high-level understanding of the tables in the schema and their columns. This will help you determine where to look for data and how to construct your queries. | [Schema reference](advanced-hunting-schema-reference.md) | | **Use predefined queries** | Explore collections of predefined queries covering different threat hunting scenarios. | [Shared queries](advanced-hunting-shared-queries.md) | | **Learn about custom detections** | Understand how you can use advanced hunting queries to trigger alerts and apply response actions automatically. | [Custom detections overview](overview-custom-detections.md) | @@ -66,8 +66,8 @@ Refine your query by selecting the "+" or "-" buttons next to the values that yo Once you apply the filter to modify the query and then run the query, the results are updated accordingly. ## Related topics -- [Learn the query language](advanced-hunting.md) +- [Learn the query language](advanced-hunting-query-language.md) - [Use shared queries](advanced-hunting-shared-queries.md) -- [Understand the schema](advanced-hunting-reference.md) +- [Understand the schema](advanced-hunting-schema-reference.md) - [Apply query best practices](advanced-hunting-best-practices.md) - [Custom detections overview](overview-custom-detections.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md index 6c25801d28..43746ac557 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md @@ -26,9 +26,9 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The ProcessCreationEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about process creation and related events. Use this reference to construct queries that return information from the table. +The ProcessCreationEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about process creation and related events. Use this reference to construct queries that return information from the table. -For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). +For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md). | Column name | Data type | Description | |-------------|-----------|-------------| @@ -71,6 +71,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md similarity index 96% rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md index 863f35da47..89e50cf072 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md @@ -25,7 +25,7 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) -Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-reference.md) specifically structured for Advanced hunting. To understand these concepts better, run your first query. +Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-schema-reference.md) specifically structured for Advanced hunting. To understand these concepts better, run your first query. ## Try your first query @@ -138,6 +138,6 @@ For more information on Kusto query language and supported operators, see [Quer >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink) ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Understand the schema](advanced-hunting-schema-reference.md) - [Apply query best practices](advanced-hunting-best-practices.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md index ab9f9fce88..05c6b7386b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md @@ -26,9 +26,9 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The RegistryEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table. +The RegistryEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table. -For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). +For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md). | Column name | Data type | Description | |-------------|-----------|-------------| @@ -61,6 +61,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md similarity index 85% rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md index d5c8fe8da7..8841cd7785 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md @@ -27,7 +27,7 @@ ms.date: 10/08/2019 ## Schema tables -The [Advanced hunting](overview-hunting.md) schema is made up of multiple tables that provide either event information or information about machines and other entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the Advanced hunting schema. +The [Advanced hunting](advanced-hunting-overview.md) schema is made up of multiple tables that provide either event information or information about machines and other entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the Advanced hunting schema. The following reference lists all the tables in the Advanced hunting schema. Each table name links to a page describing the column names for that table. @@ -47,5 +47,5 @@ Table and column names are also listed within the Microsoft Defender Security Ce | **[MiscEvents](advanced-hunting-miscevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection | ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) \ No newline at end of file +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md index a41f6cefcc..d32a485fd7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md @@ -25,7 +25,7 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) -[Advanced hunting](overview-hunting.md) queries can be shared among users in the same organization. You can also find queries shared publicly on GitHub. These queries let you quickly pursue specific threat hunting scenarios without having to write queries from scratch. +[Advanced hunting](advanced-hunting-overview.md) queries can be shared among users in the same organization. You can also find queries shared publicly on GitHub. These queries let you quickly pursue specific threat hunting scenarios without having to write queries from scratch. ![Image of shared queries](images/atp-advanced-hunting-shared-queries.png) @@ -60,5 +60,5 @@ Microsoft security researchers regularly share Advanced hunting queries in a [de >Microsoft security researchers also provide Advanced hunting queries that you can use to locate activities and indicators associated with emerging threats. These queries are provided as part of the [threat analytics](threat-analytics.md) reports in Microsoft Defender Security Center. ## Related topics -- [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) \ No newline at end of file +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index a858f74cac..b5bd5c3d18 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -45,7 +45,7 @@ For information about configuring attack surface reduction rules, see [Enable at Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios. -You can query Microsoft Defender ATP data by using [Advanced hunting](advanced-hunting.md). If you're using [audit mode](audit-windows-defender.md), you can use Advanced hunting to understand how attack surface reduction rules could affect your environment. +You can query Microsoft Defender ATP data by using [Advanced hunting](advanced-hunting-query-language.md). If you're using [audit mode](audit-windows-defender.md), you can use Advanced hunting to understand how attack surface reduction rules could affect your environment. Here is an example query: diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 010274d097..e8692e242a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -23,7 +23,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Custom detection rules built from [Advanced hunting](overview-hunting.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured machines. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches. +Custom detection rules built from [Advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured machines. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches. > [!NOTE] > To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. @@ -114,5 +114,5 @@ You can also take the following actions on the rule from this page: ## Related topic - [Custom detections overview](overview-custom-detections.md) -- [Advanced hunting overview](overview-hunting.md) -- [Learn the Advanced hunting query language](advanced-hunting.md) +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the Advanced hunting query language](advanced-hunting-query-language.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md index bc33d59c55..b657e78ae2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md @@ -112,7 +112,7 @@ Use the test machines to run attack simulations by connecting to them. If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Microsoft Defender ATP capabilities and walk you through investigation experience. -You can also use [Advanced hunting](advanced-hunting.md) to query data and [Threat analytics](threat-analytics.md) to view reports about emerging threats. +You can also use [Advanced hunting](advanced-hunting-query-language.md) to query data and [Threat analytics](threat-analytics.md) to view reports about emerging threats. >[!NOTE] >The connection to the test machines is done using RDP. Make sure that your firewall settings allow RDP connections. diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md index 2e124ba8aa..0d82ce51ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md @@ -29,4 +29,4 @@ Topic | Description [Alerts queue](alerts-queue-endpoint-detection-response.md)| View the alerts surfaced in Microsoft Defender Security Center. [Machines list](machines-view-overview.md) | Learn how you can view and manage the machines list, manage machine groups, and investigate machine related alerts. [Take response actions](response-actions.md)| Take response actions on machines and files to quickly respond to detected attacks and contain threats. -[Query data using advanced hunting](advanced-hunting.md)| Proactively hunt for possible threats across your organization using a powerful search and query tool. +[Query data using advanced hunting](advanced-hunting-query-language.md)| Proactively hunt for possible threats across your organization using a powerful search and query tool. diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt index 9dd1998f62..ffdde6dfa0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt +++ b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt @@ -105,11 +105,11 @@ ### [Advanced hunting]() -#### [Advanced hunting overview](overview-hunting.md) +#### [Advanced hunting overview](advanced-hunting-overview.md) #### [Query data using Advanced hunting]() -##### [Data querying basics](advanced-hunting.md) -##### [Advanced hunting reference](advanced-hunting-reference.md) +##### [Data querying basics](advanced-hunting-query-language.md) +##### [Advanced hunting reference](advanced-hunting-schema-reference.md) ##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md) #### [Custom detections]() diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md index 425427b295..13b9cef73c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md @@ -25,7 +25,7 @@ ms.topic: conceptual With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured machines. This is made possible by customizable detection rules that automatically trigger alerts as well as response actions. -Custom detections work with [Advanced hunting](overview-hunting.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches. +Custom detections work with [Advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches. Custom detections provide: - Alerts for rule-based detections built from Advanced hunting queries @@ -36,4 +36,4 @@ Custom detections provide: ## Related topic - [Create and manage custom detection rules](custom-detection-rules.md) -- [Advanced hunting overview](overview-hunting.md) \ No newline at end of file +- [Advanced hunting overview](advanced-hunting-overview.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview.md b/windows/security/threat-protection/microsoft-defender-atp/overview.md index e649152e6b..1ce8866d9c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview.md @@ -40,7 +40,7 @@ Topic | Description [Automated investigation and remediation](automated-investigations.md) | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. [Secure score](overview-secure-score.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place. [Microsoft Threat Experts](microsoft-threat-experts.md) | Managed cybersecurity threat hunting service. Learn how you can get expert-driven insights and data through targeted attack notification and access to experts on demand. -[Advanced hunting](overview-hunting.md) | Use a powerful search and query language to create custom queries and detection rules. +[Advanced hunting](advanced-hunting-overview.md) | Use a powerful search and query language to create custom queries and detection rules. [Management and APIs](management-apis.md) | Microsoft Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows. [Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack. [Portal overview](portal-overview.md) |Learn to navigate your way around Microsoft Defender Security Center. diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md index f689022abe..7f28e73b98 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md +++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md @@ -62,7 +62,7 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w - Each event hub message in Azure Event Hubs contains list of records. - Each record contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**". -- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](overview-hunting.md). +- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](advanced-hunting-overview.md). ## Data types mapping: @@ -83,7 +83,7 @@ To get the data types for event properties do the following: ![Image of event hub resource Id](images/machine-info-datatype-example.png) ## Related topics -- [Overview of Advanced Hunting](overview-hunting.md) +- [Overview of Advanced Hunting](advanced-hunting-overview.md) - [Microsoft Defender ATP streaming API](raw-data-export.md) - [Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md) - [Azure Event Hubs documentation](https://docs.microsoft.com/azure/event-hubs/) diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md index a30dc4ead2..3d9ca8313a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md @@ -62,7 +62,7 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w - Each blob contains multiple rows. - Each row contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "properties". -- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](overview-hunting.md). +- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](advanced-hunting-overview.md). ## Data types mapping: @@ -83,7 +83,7 @@ In order to get the data types for our events properties do the following: ![Image of event hub resource ID](images/machine-info-datatype-example.png) ## Related topics -- [Overview of Advanced Hunting](overview-hunting.md) +- [Overview of Advanced Hunting](advanced-hunting-overview.md) - [Microsoft Defender Advanced Threat Protection Streaming API](raw-data-export.md) - [Stream Microsoft Defender Advanced Threat Protection events to your Azure storage account](raw-data-export-storage.md) - [Azure Storage Account documentation](https://docs.microsoft.com/azure/storage/common/storage-account-overview) diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md index 75e88ccf52..7155ac0422 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md +++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md @@ -27,17 +27,17 @@ ms.topic: article ## Stream Advanced Hunting events to Event Hubs and/or Azure storage account. -Microsoft Defender ATP supports streaming all the events available through [Advanced Hunting](overview-hunting.md) to an [Event Hubs](https://docs.microsoft.com/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/azure/event-hubs/). +Microsoft Defender ATP supports streaming all the events available through [Advanced Hunting](advanced-hunting-overview.md) to an [Event Hubs](https://docs.microsoft.com/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/azure/event-hubs/). ## In this section Topic | Description :---|:--- -[Stream Microsoft Defender ATP events to Azure Event Hubs](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](overview-hunting.md) to Event Hubs. -[Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](overview-hunting.md) to your Azure storage account. +[Stream Microsoft Defender ATP events to Azure Event Hubs](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](advanced-hunting-overview.md) to Event Hubs. +[Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](advanced-hunting-overview.md) to your Azure storage account. ## Related topics -- [Overview of Advanced Hunting](overview-hunting.md) +- [Overview of Advanced Hunting](advanced-hunting-overview.md) - [Azure Event Hubs documentation](https://docs.microsoft.com/azure/event-hubs/) - [Azure Storage Account documentation](https://docs.microsoft.com/azure/storage/common/storage-account-overview) diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md index 457a33f85a..079a79034a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md @@ -145,5 +145,5 @@ If the 'roles' section in the token does not include the necessary permission: ## Related topic - [Microsoft Defender ATP APIs](apis-intro.md) -- [Advanced Hunting from Portal](advanced-hunting.md) +- [Advanced Hunting from Portal](advanced-hunting-query-language.md) - [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md) From ed751617df627039b83afaa4f35e6543861891f2 Mon Sep 17 00:00:00 2001 From: lomayor Date: Tue, 8 Oct 2019 18:38:50 -0700 Subject: [PATCH 25/29] Fixed doc_id carry over duplicate Removed carry over (set to False) on newer redirects --- .openpublishing.redirection.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index faa25f02fa..cdd5a12e21 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -893,17 +893,17 @@ { "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md", From 225e4ca78a1c7ceaf19819b1261df97fe4ac2841 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 8 Oct 2019 21:13:18 -0700 Subject: [PATCH 26/29] Add info on hotfix build --- .../microsoft-defender-atp-mac-whatsnew.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md index 45d099e7d3..1c41a72e38 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md @@ -20,6 +20,10 @@ ms.topic: conceptual # What's new in Microsoft Defender Advanced Threat Protection for Mac +## 100.70.99 + +- Addressed an issue that prevents some users from upgrading to macOS Catalina when real-time protection is enabled. This was caused by Microsoft Defender ATP locking files from the upgrade package (to scan them for antiviruses), which in turn triggered failures in the upgrade sequence. + ## 100.68.99 - Added the ability to configure the antivirus functionality to run in [passive mode](microsoft-defender-atp-mac-preferences.md#enable--disable-passive-mode) From 063b194681f04dae54c1c9bc1d100968a410ee53 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 8 Oct 2019 21:15:21 -0700 Subject: [PATCH 27/29] Styling --- .../microsoft-defender-atp-mac-whatsnew.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md index 1c41a72e38..7063c1ac4a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md @@ -22,7 +22,7 @@ ms.topic: conceptual ## 100.70.99 -- Addressed an issue that prevents some users from upgrading to macOS Catalina when real-time protection is enabled. This was caused by Microsoft Defender ATP locking files from the upgrade package (to scan them for antiviruses), which in turn triggered failures in the upgrade sequence. +- Addressed an issue that prevents some users from upgrading to macOS Catalina when real-time protection is enabled. This problem was caused by Microsoft Defender ATP locking files from the upgrade package (to scan them for antiviruses). In turn this triggered failures in the upgrade sequence. ## 100.68.99 From bf59e7db3ffe68f20aad3f659bcdf43d08c52cb5 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Wed, 9 Oct 2019 08:56:50 -0700 Subject: [PATCH 28/29] update emie-to-improve-compatibility add note to direct to new docset --- browsers/edge/emie-to-improve-compatibility.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md index 2925106064..880289a39d 100644 --- a/browsers/edge/emie-to-improve-compatibility.md +++ b/browsers/edge/emie-to-improve-compatibility.md @@ -20,6 +20,9 @@ ms.localizationpriority: medium > Applies to: Windows 10 +> [!NOTE] +> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). + If you have specific websites and apps that have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites open in Internet Explorer 11 automatically. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to automatically open using IE11 with the **Send all intranet sites to IE** group policy. Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. From 289252222fab8e025cce11f67fea96d429733f53 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Wed, 9 Oct 2019 09:19:47 -0700 Subject: [PATCH 29/29] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...erating-system-components-to-microsoft-services-using-MDM.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index f74bd5bfa6..a764dd0f94 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -138,7 +138,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt 1. **Windows Defender** 1. [Defender/AllowCloudProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection). Disconnect from the Microsoft Antimalware Protection Service. **Set to 0 (zero)** 1. [Defender/SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent). Stop sending file samples back to Microsoft. **Set to 2 (two)** - 1. [Defender/EnableSmartScreenInShell](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings#mdm-settings). Turns off SmartScreen in Windows for app and file execution. **Set to 0 (zero)** + 1. [Defender/EnableSmartScreenInShell](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings#mdm-settings). Turns off SmartScreen in Windows for app and file execution. **Set to 0 (zero)** 1. Windows Defender Smartscreen - [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen). Disable Windows Defender Smartscreen. **Set to 0 (zero)** 1. Windows Defender Smartscreen EnableAppInstallControl - [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol). Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)** 1. Windows Defender Potentially Unwanted Applications(PUA) Protection - [Defender/PUAProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-puaprotection). Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)**