mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 05:17:22 +00:00
Merge pull request #2029 from MicrosoftDocs/FromPrivateRepo
From private repo
This commit is contained in:
huypub
GitHub
commit
6e1f7602f2
@ -121,7 +121,7 @@ The app will still be in your inventory, but your employees will not have access
|
||||
### Private store availability
|
||||
On the details page for each app, you can directly assign an app to a user, or for apps in your private store, you can set **Private store availability**.
|
||||
|
||||
Settings **Private store availability** allows you to choose which groups of people can see an app in the private store:
|
||||
**Private store availability** allows you to choose which groups of people can see an app in the private store:
|
||||
- No one - The app isn't in your private store
|
||||
- Everyone - The app is available to anyone in your organization
|
||||
- Specific groups - The app is available to all users in assigned security groups
|
||||
|
||||
@ -10,12 +10,11 @@ author: TrudyHa
|
||||
ms.author: TrudyHa
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 3/19/2018
|
||||
ms.date: 10/31/2018
|
||||
---
|
||||
|
||||
# Distribute apps using your private store
|
||||
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
@ -33,12 +32,12 @@ You can make an app available in your private store when you acquire the app, or
|
||||
|
||||
<!---  -->
|
||||
|
||||
Microsoft Store adds the app to **Apps & software**. Click **Manage**, **Apps & software** for app distribution options.
|
||||
Microsoft Store adds the app to **Products and services**. Click **Manage**, **Apps & software** for app distribution options.
|
||||
|
||||
**To make an app in Apps & software available in your private store**
|
||||
|
||||
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
|
||||
2. Click **Manage**, and then choose **Apps & software**.
|
||||
2. Click **Manage**, and then choose **Products and services**.
|
||||
|
||||
<!---  -->
|
||||
|
||||
@ -52,6 +51,9 @@ The value under **Private store** for the app will change to pending. It will ta
|
||||
>[!Note]
|
||||
> If you are working with a new Line-of-Business (LOB) app, you have to wait for the app to be avilable in **Products & services** before adding it to your private store. For more information, see [Working with line of business apps](working-with-line-of-business-apps.md).
|
||||
|
||||
## Private store availability
|
||||
You can use security groups to scope which users can install an app from your private store. For more information, see [Private store availability](app-inventory-management-microsoft-store-for-business.md#private-store-availability).
|
||||
|
||||
Employees can claim apps that admins added to the private store by doing the following.
|
||||
|
||||
**To claim an app from the private store**
|
||||
@ -60,16 +62,8 @@ Employees can claim apps that admins added to the private store by doing the fol
|
||||
2. Click the **private store** tab.
|
||||
3. Click the app you want to install, and then click **Install**.
|
||||
|
||||
|
||||
## Related topics
|
||||
- [Manage access to private store](manage-access-to-private-store.md)
|
||||
- [Manage private store settings](manage-private-store-settings.md)
|
||||
- [Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
- [Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store)
|
||||
BIN
store-for-business/images/security-groups-icon.png
Normal file
BIN
store-for-business/images/security-groups-icon.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 8.1 KiB |
@ -8,7 +8,7 @@ ms.pagetype: store
|
||||
author: TrudyHa
|
||||
ms.author: TrudyHa
|
||||
ms.topic: conceptual
|
||||
ms.date: 09/27/2018
|
||||
ms.date: 10/31/2018
|
||||
---
|
||||
|
||||
# Microsoft Store for Business and Education release history
|
||||
@ -17,6 +17,9 @@ Microsoft Store for Business and Education regularly releases new and improved f
|
||||
|
||||
Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md)
|
||||
|
||||
## September 2018
|
||||
- **Performance improvements** - With updates and improvements in the private store, most changes, like adding an app, will take fifteen minutes or less. [Get more info](https://https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance)
|
||||
|
||||
## August 2018
|
||||
- **App requests** - People in your organization can make requests for apps that they need. hey can also request them on behalf of other people. Admins review requests and can decide on purchases. [Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#allow-app-requests)
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ ms.pagetype: store
|
||||
author: TrudyHa
|
||||
ms.author: TrudyHa
|
||||
ms.topic: conceptual
|
||||
ms.date: 09/27/2018
|
||||
ms.date: 10/31/2018
|
||||
---
|
||||
|
||||
# What's new in Microsoft Store for Business and Education
|
||||
@ -17,10 +17,10 @@ Microsoft Store for Business and Education regularly releases new and improved f
|
||||
|
||||
## Latest updates for Store for Business and Education
|
||||
|
||||
**September 2018**
|
||||
**October 2018**
|
||||
| | |
|
||||
|-----------------------|---------------------------------|
|
||||
|  |**Performance improvements**<br /><br /> With updates and improvements in the private store, most changes, like adding an app, will take fifteen minutes or less. If you make multiple changes at once, they may show at different times within the fifteen minutes. On rare occasions, private store changes might take up to an hour. <br /><br />[Get more info](https://https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
|
||||
|  |**Use security groups with Private store apps**<br /><br /> On the details page for apps in your private store, you can set **Private store availability**. This allows you to choose which security groups can see an app in the private store. <br /><br />[Get more info](https://docs.microsoft.com/microsoft-store/app-inventory-management-microsoft-store-for-business#private-store-availability)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
|
||||
|
||||
<!---
|
||||
We’ve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
|
||||
@ -34,6 +34,9 @@ We’ve been working on bug fixes and performance improvements to provide you a
|
||||
|
||||
## Previous releases and updates
|
||||
|
||||
[September 2018](release-history-microsoft-store-business-education.md#september-2018)
|
||||
- Performance improvements
|
||||
|
||||
[August 2018](release-history-microsoft-store-business-education.md#august-2018)
|
||||
- App requests
|
||||
|
||||
|
||||
@ -30,7 +30,7 @@ There are several ways that a solution provider can work with you. Solution prov
|
||||
| ------ | ------------------- |
|
||||
| Reseller | Solution providers sell Microsoft products to your organization or school. |
|
||||
| Delegated administrator | Solution provider manages products and services for your organization or school. In Azure Active Directory (AD), the Partner will be a Global Administrator for tenant. This allows them to manage services like creating user accounts, assigning and managing licenses, and password resets. |
|
||||
| Reseller & delegated administrator | This is a team of two solution providers. You'll receive one partner invitation, but there will be two Solution providers listed on the request. One will sell products, and the other will manage them for you. |
|
||||
| Reseller & delegated administrator | Solution providers that sell and manage Microsoft products and services to your organization or school. |
|
||||
| Partner | You can give your solution provider a user account in your tenant, and they work on your behalf with other Microsoft services. |
|
||||
| Microsoft Products & Services Agreement (MPSA) partner | If you've worked with multiple solution providers through the MPSA program, you can allow partners to see purchases made by each other. |
|
||||
| OEM PC partner | Solution providers can upload device IDs for PCs that you're [managing with Autopilot](https://docs.microsoft.com/microsoft-store/add-profile-to-devices). |
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
---
|
||||
title: Get started with Device Health
|
||||
description: Configure Device Health in Azure Log Analytics to monitor health (such as crashes and sign-in failures) for your Windows 10 devices.
|
||||
description: Configure Device Health in Azure Monitor to monitor health (such as crashes and sign-in failures) for your Windows 10 devices.
|
||||
keywords: Device Health, oms, operations management suite, prerequisites, requirements, monitoring, crash, drivers, azure
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.date: 09/11/2018
|
||||
ms.date: 10/29/2018
|
||||
ms.pagetype: deploy
|
||||
author: jaimeo
|
||||
ms.author: jaimeo
|
||||
@ -26,7 +26,7 @@ This topic explains the steps necessary to configure your environment for Window
|
||||
|
||||
## Add the Device Health solution to your Azure subscription
|
||||
|
||||
Device Health is offered as a *solution* which you link to a new or existing [Azure Log Analytics](https://azure.microsoft.com/services/log-analytics/) *workspace* within your Azure *subscription*. To configure this, follows these steps:
|
||||
Device Health is offered as a *solution* which you link to a new or existing [Azure Monitor](https://azure.microsoft.com/services/monitor/) *workspace* within your Azure *subscription*. To configure this, follows these steps:
|
||||
|
||||
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
|
||||
|
||||
@ -38,7 +38,7 @@ Device Health is offered as a *solution* which you link to a new or existing [Az
|
||||
|
||||
|
||||
3. Choose an existing workspace or create a new workspace to host the Device Health solution.
|
||||
|
||||
|
||||
- If you are using other Windows Analytics solutions (Upgrade Readiness or Update Compliance) you should add Device Health to the same workspace.
|
||||
- If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started:
|
||||
- Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*.
|
||||
@ -48,7 +48,7 @@ Device Health is offered as a *solution* which you link to a new or existing [Az
|
||||
4. Now that you have selected a workspace, you can go back to the Device Health blade and select **Create**.
|
||||
|
||||
5. Watch for a Notification (in the Azure portal) that "Deployment 'Microsoft.DeviceHealth' to resource group 'YourResourceGroupName' was successful." and then select **Go to resource** This might take several minutes to appear.
|
||||
|
||||
|
||||
- Suggestion: Choose the **Pin to Dashboard** option to make it easy to navigate to your newly added Device Health solution.
|
||||
- Suggestion: If a "resource unavailable" error occurs when navigating to the solution, try again after one hour.
|
||||
|
||||
|
||||
@ -38,7 +38,7 @@ The Update Compliance architecture and data flow is summarized by the following
|
||||
|
||||
**(1)** User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.<BR>
|
||||
**(2)** Diagnostic data is analyzed by the Update Compliance Data Service.<BR>
|
||||
**(3)** Diagnostic data is pushed from the Update Compliance Data Service to your Azure Log Analytics workspace.<BR>
|
||||
**(3)** Diagnostic data is pushed from the Update Compliance Data Service to your Azure Monitor workspace.<BR>
|
||||
**(4)** Diagnostic data is available in the Update Compliance solution.<BR>
|
||||
|
||||
|
||||
|
||||
@ -4,10 +4,10 @@ description: A strong Windows 10 deployment strategy begins with establishing a
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: DaniHalfin
|
||||
author: Jaimeo
|
||||
ms.localizationpriority: medium
|
||||
ms.author: daniha
|
||||
ms.date: 07/27/2017
|
||||
ms.author: jaimeo
|
||||
ms.date: 11/02/2018
|
||||
---
|
||||
|
||||
# Prepare servicing strategy for Windows 10 updates
|
||||
@ -20,17 +20,17 @@ ms.date: 07/27/2017
|
||||
|
||||
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
||||
|
||||
In the past, traditional Windows deployments tended to be large, lengthy, and expensive. Windows 10 offers a new approach to deploying both quality and feature updates, making the process much simpler and therefore the planning much more straightforward. With Windows as a service, the methodology around updating Windows has completely changed, moving away from major upgrades every few years to iterative updates twice per year. Each iteration contains a smaller subset of changes so that they won’t seem like substantial differences, like they do today. Figure 1 shows the level of effort needed for traditional Windows deployments versus servicing Windows 10 and how it is now spread evenly over time versus spiking every few years.
|
||||
In the past, traditional Windows deployments tended to be large, lengthy, and expensive. Windows 10 offers a new approach to deploying both quality and feature updates, making the process much simpler and therefore the planning much more straightforward. With Windows as a service, the methodology around updating Windows has completely changed, moving away from major upgrades every few years to iterative updates twice per year. Each iteration contains a smaller subset of changes so that they won’t seem like substantial differences, like they do today. This image illustrates the level of effort needed for traditional Windows deployments versus servicing Windows 10 and how it is now spread evenly over time versus spiking every few years.
|
||||
|
||||
**Figure 1**
|
||||
|
||||
|
||||
|
||||
Windows 10 spreads the traditional deployment effort of a Windows upgrade, which typically occurred every few years, over smaller, continuous updates. With this change, you must approach the ongoing deployment and servicing of Windows differently. A strong Windows 10 deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. Here’s an example of what this process might look like:
|
||||
|
||||
- **Configure test devices.** Configure testing PCs in the Windows Insider Program so that Insiders can test feature updates before they’re available to the Semi-annual Channel. Typically, this would be a small number of test machines that IT staff members use to evaluate prereleased builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program on a Windows 10 device.
|
||||
- **Identify excluded PCs.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the Semi-annual Channel can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these PCs, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
|
||||
- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the Semi-Annual Channel. Typically, this would be a small number of test devices that IT staff members use to evaluate pre-releas builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program on a Windows 10 device.
|
||||
- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the Semi-annual Channel can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
|
||||
- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
|
||||
- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download a .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](https://msdn.microsoft.com/library/bb530196.aspx) directory in the SYSVOL of a domain controller if not using a Central Store). Always manage new group polices from the version of Windows 10 they shipped with by using the Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
|
||||
- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or System Center Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. With Windows 10, multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
|
||||
- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those that are the most business critical. Because the expectation is that application compatibility with Windows 10 will be high, only the most business critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](../upgrade/manage-windows-upgrades-with-upgrade-readiness.md).
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: brianlic-msft
|
||||
ms.date: 10/26/2018
|
||||
ms.date: 11/02/2018
|
||||
---
|
||||
|
||||
# Account lockout threshold
|
||||
@ -37,8 +37,11 @@ Because vulnerabilities can exist when this value is configured and when it is n
|
||||
|
||||
### Best practices
|
||||
|
||||
The threshold that you select is a balance between operational efficiency and security, and it depends on your organization's risk level. To allow for user error and to thwart brute force attacks, a value of 10 could be an acceptable starting point for your organization.
|
||||
> **Important:** Implementation of this policy setting is dependent on your operational environment; threat vectors, deployed operating systems, and deployed apps. For more information, see [Implementation considerations](#bkmk-impleconsiderations) in this topic.
|
||||
The threshold that you select is a balance between operational efficiency and security, and it depends on your organization's risk level. To allow for user error and to thwart brute force attacks, [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend a value of 10 could be an acceptable starting point for your organization.
|
||||
|
||||
As with other account lockeout settings, this value is more of a guideline than a rule or best practice because there is no "one size fits all." For more information, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/).
|
||||
|
||||
Implementation of this policy setting is dependent on your operational environment; threat vectors, deployed operating systems, and deployed apps. For more information, see [Implementation considerations](#bkmk-impleconsiderations) in this topic.
|
||||
|
||||
### Location
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: brianlic-msft
|
||||
ms.date: 10/26/2018
|
||||
ms.date: 11/02/2018
|
||||
---
|
||||
|
||||
# Reset account lockout counter after
|
||||
@ -31,7 +31,9 @@ A disadvantage to setting this too high is that users lock themselves out for an
|
||||
|
||||
### Best practices
|
||||
|
||||
- You need to determine the threat level for your organization and balance that against the cost of your Help Desk support for password resets. Each organization will have specific requirements.
|
||||
You need to determine the threat level for your organization and balance that against the cost of your Help Desk support for password resets. Each organization will have specific requirements.
|
||||
|
||||
[Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring the **Reset account lockout counter after** policy setting to 15, but as with other account lockeout settings, this value is more of a guideline than a rule or best practice because there is no "one size fits all." For more information, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/).
|
||||
|
||||
### Location
|
||||
|
||||
|
||||
@ -14,7 +14,7 @@ ms.author: v-anbic
|
||||
ms.date: 09/03/2018
|
||||
---
|
||||
|
||||
# Enable and configure antivirius always-on protection and monitoring
|
||||
# Enable and configure antivirus always-on protection and monitoring
|
||||
|
||||
**Applies to:**
|
||||
|
||||
|
||||
@ -69,13 +69,13 @@ Functionality, configuration, and management is largely the same when using Wind
|
||||
|
||||
## Related topics
|
||||
|
||||
[Windows Defender AV in the Windows Security app](windows-defender-security-center-antivirus.md)
|
||||
[Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md)
|
||||
[Windows Defender AV compatibility](windows-defender-antivirus-compatibility.md)
|
||||
[Evaluate Windows Defender AV protection](evaluate-windows-defender-antivirus.md)
|
||||
[Deploy, manage updates, and report on Windows Defender AV](deploy-manage-report-windows-defender-antivirus.md)
|
||||
[Configure Windows Defender AV features](configure-windows-defender-antivirus-features.md)
|
||||
[Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
|
||||
[Review event logs and error codes to troubleshoot issues](troubleshoot-windows-defender-antivirus.md)
|
||||
[Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
|
||||
- [Windows Defender AV in the Windows Security app](windows-defender-security-center-antivirus.md)
|
||||
- [Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md)
|
||||
- [Windows Defender AV compatibility](windows-defender-antivirus-compatibility.md)
|
||||
- [Evaluate Windows Defender AV protection](evaluate-windows-defender-antivirus.md)
|
||||
- [Deploy, manage updates, and report on Windows Defender AV](deploy-manage-report-windows-defender-antivirus.md)
|
||||
- [Configure Windows Defender AV features](configure-windows-defender-antivirus-features.md)
|
||||
- [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
|
||||
- [Review event logs and error codes to troubleshoot issues](troubleshoot-windows-defender-antivirus.md)
|
||||
- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/09/2018
|
||||
ms.date: 11/02/2018
|
||||
---
|
||||
|
||||
# Onboard servers to the Windows Defender ATP service
|
||||
@ -44,6 +44,10 @@ For a practical guidance on what needs to be in place for licensing and infrastr
|
||||
To onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP, you’ll need to:
|
||||
|
||||
- For Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
|
||||
|
||||
>[!NOTE]
|
||||
>This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
|
||||
|
||||
- Turn on server monitoring from Windows Defender Security Center.
|
||||
- If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through [Multi Homing support](https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/). Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below.
|
||||
|
||||
|
||||
@ -53,7 +53,7 @@ Use advanced protection against ransomware | c1db55ab-c21a-4637-bb3f-a12568109d3
|
||||
Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
|
||||
Block process creations originating from PSExec and WMI commands | d1e49aac-8f56-4280-b9ba-993a6d77406c
|
||||
Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
|
||||
Block only Office communication applications from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869
|
||||
Block Office communication applications from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869
|
||||
Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
|
||||
|
||||
The rules apply to the following Office apps:
|
||||
@ -112,8 +112,6 @@ Malware and other threats can attempt to obfuscate or hide their malicious code
|
||||
|
||||
This rule prevents scripts that appear to be obfuscated from running.
|
||||
|
||||
It uses the [AntiMalwareScanInterface (AMSI)](https://msdn.microsoft.com/en-us/library/windows/desktop/dn889587(v=vs.85).aspx) to determine if a script is potentially obfuscated, and then blocks such a script, or blocks scripts when an attempt is made to access them.
|
||||
|
||||
### Rule: Block Win32 API calls from Office macro
|
||||
|
||||
Malware can use macro code in Office files to import and load Win32 DLLs, which can then be used to make API calls to allow further infection throughout the system.
|
||||
@ -160,7 +158,7 @@ With this rule, admins can prevent unsigned or untrusted executable files from r
|
||||
- Executable files (such as .exe, .dll, or .scr)
|
||||
- Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
|
||||
|
||||
### Rule: Block only Office communication applications from creating child processes
|
||||
### Rule: Block Office communication applications from creating child processes
|
||||
|
||||
Office communication apps will not be allowed to create child processes. This includes Outlook.
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user