deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into tocideas

Browse Source
This commit is contained in:
Greg Lindsay
2020-06-18 16:28:00 -07:00
parent c794e06e21 3a6858d86b
commit 6f8053f2c0
43 changed files with 295 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
devices/hololens/hololens-calibration.md
View File

@ -25,7 +25,7 @@ While both devices need to calibrate for the best hologram viewing experience, t
## Calibrating your HoloLens 2
HoloLens 2 uses eye-tracking technology to improve your experience seeing and interacting with the virtual environment. Calibrating the HoloLens 2 ensures that it can accurately track your eyes (and the eyes of anyone else who uses the device). After calibration, holograms will appear correctly even as the visor shifts on your head.
HoloLens 2 uses eye-tracking technology to improve your experience seeing and interacting with the virtual environment. Calibrating the HoloLens 2 ensures that it can accurately track your eyes (and the eyes of anyone else who uses the device). It also helps with user comfort, hologram alignment, and hand tracking. After calibration, holograms will appear correctly even as the visor shifts on your head.
HoloLens 2 prompts a user to calibrate the device under the following circumstances:

7
devices/hololens/hololens-release-notes.md
View File

@ -20,6 +20,10 @@ appliesto:
# HoloLens 2 release notes
To ensure you have a productive experience with your HoloLens devices, we continue to release feature, bug and security updates. In this page you can learn about whats new on HoloLens each month. If you would like to download the latest HoloLens 2 FFU to flash your device via [Advanced Recovery Companion](hololens-recovery.md#re-install-the-operating-system) then you may download it from [here](https://aka.ms/hololens2download). This is kept up-to-date and will match the latest generally available build.
HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
## Windows Holographic, version 2004 - June 2020 Update
- Build 19041.1106
@ -80,9 +84,6 @@ We are excited to announce our May 2020 major software update for HoloLens 2, **
| Hand Tracking improvements | Hand Tracking improvements make buttons and 2D slate interactions more accurate |
| Quality improvements and fixes | Various system performance and reliability improvements across the platform |
> [!Note]
> HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
### Support for Windows Autopilot
Windows Autopilot for HoloLens 2 lets the device sales channel pre-enroll HoloLens into your Intune tenant. When devices arrive, theyre ready to self-deploy as shared devices under your tenant. To take advantage of self-deployment, devices will need to connect to a network during the first screen in setup using either a USB-C to ethernet dongle or USB-C to LTE dongle.

2
devices/surface-hub/hub-teams-app.md
View File

@ -21,4 +21,4 @@ The Microsoft Teams app for Surface Hub is periodically updated and available vi
| --------------------- | --------------------------------------------------------------------------------------------------- | -------------------------------- |
| 0.2020.13201.0 | - 3x3 Gallery view on Surface Hub<br>- Ability to search for External users | June 10, 2020<br> |
| 0.2020.13201 | - Quality improvements and Bug fixes | June 1, 2020<br> |
| 0.2020.4301.0 | - Accept incoming PSTN calls on Surface Hub<br>- Added controls for Attendee/Presenter role changes | May 21, 2020 |
| 0.2020.4301.0 | - Accept incoming PSTN calls on Surface Hub<br>- Consume Attendee/Presenter role changes | May 21, 2020 |

21
devices/surface-hub/surface-hub-2s-adoption-videos.md
View File

@ -9,7 +9,6 @@ ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
ms.date: 11/04/2019
ms.localizationpriority: Medium
---
@ -19,7 +18,7 @@ This page contains comprehensive training for Surface Hub 2S, available on deman
## Chapter 1 - Training overview
> ![VIDEO <https://www.microsoft.com/videoplayer/embed/RE46Jud>]<br>
> [!video https://www.microsoft.com/videoplayer/embed/RE46Jud]
- Welcome and introduction
- Training overview and agenda
@ -31,7 +30,7 @@ This page contains comprehensive training for Surface Hub 2S, available on deman
## Chapter 2 - Getting started with Surface Hub
> ![VIDEO <https://www.microsoft.com/videoplayer/embed/RE46Ejt>]<br>
> [!video https://www.microsoft.com/videoplayer/embed/RE46Ejt]
- What is Surface Hub?
- Technical overview
@ -42,7 +41,7 @@ This page contains comprehensive training for Surface Hub 2S, available on deman
## Chapter 3 - Navigating Surface Hub
> ![VIDEO <https://www.microsoft.com/videoplayer/embed/RE46OFW>]<br>
> [!video https://www.microsoft.com/videoplayer/embed/RE46OFW]
- Welcome screen
- Start menu
@ -54,7 +53,7 @@ This page contains comprehensive training for Surface Hub 2S, available on deman
## Chapter 4 - Whiteboarding and collaboration
> ![VIDEO <https://www.microsoft.com/videoplayer/embed/RE46M4v>]<br>
> [!video https://www.microsoft.com/videoplayer/embed/RE46M4v]
- Whiteboard introduction
- Starting the Whiteboard
@ -66,7 +65,7 @@ This page contains comprehensive training for Surface Hub 2S, available on deman
## Chapter 5 - Exploring Surface Hub apps
> ![VIDEO <https://www.microsoft.com/videoplayer/embed/RE46Ejz>]<br>
> [!video https://www.microsoft.com/videoplayer/embed/RE46Ejz]
- Surface Hub apps introduction
- PowerPoint overview
@ -76,7 +75,7 @@ This page contains comprehensive training for Surface Hub 2S, available on deman
## Chapter 6 - Advanced apps and Office 365
> ![VIDEO <https://www.microsoft.com/videoplayer/embed/RE46EjA>]<br>
> [!video https://www.microsoft.com/videoplayer/embed/RE46EjA]
- Advanced apps introduction
- Microsoft Maps
@ -88,7 +87,7 @@ This page contains comprehensive training for Surface Hub 2S, available on deman
## Chapter 7 - Connecting devices
> ![VIDEO <https://www.microsoft.com/videoplayer/embed/RE46M4w>]<br>
> [!video https://www.microsoft.com/videoplayer/embed/RE46M4w]
- Connect introduction
- Miracast overview
@ -99,7 +98,7 @@ This page contains comprehensive training for Surface Hub 2S, available on deman
## Chapter 8 - Skype for Business meetings
> ![VIDEO <https://www.microsoft.com/videoplayer/embed/RE46M4x>]<br>
> [!video https://www.microsoft.com/videoplayer/embed/RE46M4x]
- Introduction to Skype for Business
-Scheduling Skype for Business meetings
@ -111,7 +110,7 @@ This page contains comprehensive training for Surface Hub 2S, available on deman
## Chapter 9 - Microsoft Teams meetings
> ![VIDEO <https://www.microsoft.com/videoplayer/embed/RE46OFZ>]<br>
> [!video https://www.microsoft.com/videoplayer/embed/RE46OFZ]
- Introduction to Microsoft Teams
- Scheduling Microsoft Teams meetings
@ -124,7 +123,7 @@ This page contains comprehensive training for Surface Hub 2S, available on deman
## Chapter 10 - Basic troubleshooting
> ![VIDEO <https://www.microsoft.com/videoplayer/embed/RE46z65>]<br>
> [!video https://www.microsoft.com/videoplayer/embed/RE46z65]
- Introduction to Surface Hub troubleshooting
- Application troubleshooting

BIN
windows/configuration/images/Shared_PC_1.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

BIN
windows/configuration/images/Shared_PC_1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 54 KiB

7
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -9,7 +9,6 @@ author: dansimp
ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
---
@ -93,20 +92,20 @@ You can configure Windows to be in shared PC mode in a couple different ways:
5. From the **Platform** menu, select **Windows 10 and later**.
6. From the **Profile** menu, select **Shared multi-user device**.
![custom OMA-URI policy in Intune](images/Shared_PC_1.png)
![custom OMA-URI policy in Intune](images/shared_pc_1.jpg)
7. Select **Create**.
8. Enter a name for the policy (e.g. My Win10 Shared devices policy). You can optionally add a description should you wish to do so.
9. Select **Next**.
10. On the **Configuration settings** page, set the Shared PC Mode value to **Enabled**.
![Shared PC settings in ICD](images/Shared_PC_3.png)
![Shared PC settings in ICD](images/shared_pc_3.png)
11. From this point on, you can configure any additional settings youd like to be part of this policy, and then follow the rest of the set-up flow to its completion by selecting **Create** after **Step 6**.
- A provisioning package created with the Windows Configuration Designer: You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Configuration Designer. Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/sharedpc-csp), exposed in Windows Configuration Designer as **SharedPC**.
![Shared PC settings in ICD](images/icd-adv-shared-pc.PNG)
![Shared PC settings in ICD](images/icd-adv-shared-pc.png)
- WMI bridge: Environments that use Group Policy can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the [MDM_SharedPC class](https://msdn.microsoft.com/library/windows/desktop/mt779129.aspx). For all device settings, the WMI Bridge client must be executed under local system user; for more information, see [Using PowerShell scripting with the WMI Bridge Provider](https://docs.microsoft.com/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). For example, open PowerShell as an administrator and enter the following:

8
windows/deployment/TOC.yml
View File

@ -42,7 +42,7 @@
- name: Determine application readiness
href: update/plan-determine-app-readiness.md
- name: Define your servicing strategy
href: update/waas-servicing-strategy-windows-10-updates.md
href: update/plan-define-strategy.md
- name: Best practices for feature updates on mission-critical devices
href: update/feature-update-mission-critical.md
- name: Windows 10 deployment considerations
@ -165,8 +165,10 @@
items:
- name: Monitor Delivery Optimization
href: update/waas-delivery-optimization-setup.md#monitor-delivery-optimization
- name: Monitor Windows Updates with Update Compliance
- name: Monitor Windows Updates
items:
- name: Monitor Windows Updates with Update Compliance
href: update/update-compliance-monitor.md
- name: Get started
items:
- name: Get started with Update Compliance
@ -238,6 +240,8 @@
items:
- name: How does Windows Update work?
href: update/how-windows-update-works.md
- name: Deploy Windows 10 with Microsoft 365
href: deploy-m365.md
- name: Understanding the Unified Update Platform
href: update/windows-update-overview.md
- name: Servicing stack updates

4
windows/deployment/deploy-m365.md
View File

@ -50,8 +50,8 @@ You can check out the Microsoft 365 deployment advisor and other resources for f
>If you have not run a setup guide before, you will see the **Prepare your environment** guide first. This is to make sure you have basics covered like domain verification and a method for adding users. At the end of the "Prepare your environment" guide, there will be a **Ready to continue** button that sends you to the original guide that was selected.
1. [Obtain a free M365 trial](https://docs.microsoft.com/office365/admin/try-or-buy-microsoft-365).
2. Check out the [Microsoft 365 deployment advisor](https://portal.office.com/onboarding/Microsoft365DeploymentAdvisor#/).
3. Also check out the [Windows Analytics deployment advisor](https://portal.office.com/onboarding/WindowsAnalyticsDeploymentAdvisor#/). This advisor will walk you through deploying [Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness), [Update Compliance](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), and [Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor).
2. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide).
3. Also check out the [Windows Analytics deployment advisor](https://aka.ms/windowsanalyticssetupguide). This advisor will walk you through deploying [Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview).
That's all there is to it!

2
windows/deployment/update/get-started-updates-channels-tools.md
View File

@ -47,7 +47,7 @@ The first step of controlling when and how devices install updates is assigning
### Semi-annual Channel
In the Semi-annual Channel, feature updates are available as soon as Microsoft releases them, twice per year. As long as a device isn't set to defer feature updates, any device using the Semi-annual Channel will install a feature update as soon as it's released. If you use Windows Update for Business, the Semi-annual Channel provides three months of additional total deployment time before being required to update to the next release.{IS THIS STILL TRUE?}
In the Semi-annual Channel, feature updates are available as soon as Microsoft releases them, twice per year. As long as a device isn't set to defer feature updates, any device using the Semi-annual Channel will install a feature update as soon as it's released. If you use Windows Update for Business, the Semi-annual Channel provides three months of additional total deployment time before being required to update to the next release.
> [!NOTE]
> All releases of Windows 10 have **18 months of servicing for all editions**--these updates provide security and feature updates for the release. However, fall releases of the **Enterprise and Education editions** will have an **additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release**. This extended servicing window applies to Enterprise and Education editions starting with Windows 10, version 1607.

BIN
windows/deployment/update/images/annual-calendar.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 77 KiB

After

Width:  |  Height:  |  Size: 178 KiB

BIN
windows/deployment/update/images/rapid-calendar.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 114 KiB

After

Width:  |  Height:  |  Size: 157 KiB

49
windows/deployment/update/plan-define-strategy.md Normal file
View File

@ -0,0 +1,49 @@
---
title: Define update strategy
description: Two examples of a calendar-based approach to consistent update installation
keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, tools
ms.prod: w10
ms.mktglfcycl: manage
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
ms.reviewer:
manager: laurawi
ms.topic: article
---
# Define update strategy with a calendar
Traditionally, organizations treated the deployment of operating system updates (especially feature updates) as a discrete project that had a beginning, a middle, and an end. A release was "built" (usually in the form of an image) and then distributed to users and their devices.
Today, more organizations are treating deployment as a continual process of updates which roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release.
Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, an so you might choose to update annually. The 18/30 month lifecycle cadence lets you to allow some portion of you environment to move faster while a majority can move less quickly.
## Calendar approaches
You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing Windows 10 feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates.
### Annual
Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Endpoint Configuration Manager and Microsoft 365 Apps release cycles:
![Calendar showing an annual update cadence](images/annual-calendar.png)
This approach provides approximately twelve months of use from each feature update before the next update is due to be installed. By aligning to the Windows 10, version H2 feature update, each release will be serviced for 30 months from the time of availability, giving you more flexibility when applying future feature updates.
This cadence might be most suitable for you if any of these conditions apply:
- You are just starting your journey with the Windows 10 servicing process. If you are unfamiliar with new processes that support Windows 10 servicing, moving from a once every 3-5 year project to a twice a year feature update process can be daunting. This approach gives you time to learn new approaches and tools to reduce effort and cost.
- You want to wait and see how successful other companies are at adopting a Windows 10 feature update.
- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the second half of each calendar year, you get additional servicing for Windows 10 (30 months of servicing compared to 18 months).
### Rapid
This calendar shows an example schedule that installs each feature update as it is released, twice per year:
![Update calendar showing a faster update cadence](images/rapid-calendar.png)
This cadence might be best for you if these conditions apply:
- You have a strong appetite for change.
- You want to continuously update supporting infrastructure and unlock new scenarios.
- Your organization has a large population of information workers that can use the latest features and functionality in Windows 10 and Office.
- You have experience with feature updates for Windows 10.

32
windows/deployment/vda-subscription-activation.md
View File

@ -66,28 +66,26 @@ For examples of activation issues, see [Troubleshoot the user experience](https:
4. On the Remote tab, choose **Allow remote connections to this computer** and then click **Select Users**.
5. Click **Add**, type **Authenticated users**, and then click **OK** three times.
6. Follow the instructions to use sysprep at [Steps to generalize a VHD](https://docs.microsoft.com/azure/virtual-machines/windows/prepare-for-upload-vhd-image#steps-to-generalize-a-vhd) and then start the VM again.
7. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
8. Open Windows Configuration Designer and click **Provison desktop services**.
9. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps. Otherwise, skip to step 10.
1. Under **Name**, type **Desktop AD Enrollment Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name.
7. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps to use Windows Configuration Designer and inject an activation key. Otherwise, skip to step 20.
8. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
9. Open Windows Configuration Designer and click **Provison desktop services**.
10. Under **Name**, type **Desktop AD Enrollment Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name.
- Note: You can use a different project name, but this name is also used with dism.exe in a subsequent step.
2. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**.
10. On the Set up network page, choose **Off**.
11. On the Account Management page, choose **Enroll into Active Directory** and then enter the account details.
11. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**.
12. On the Set up network page, choose **Off**.
13. On the Account Management page, choose **Enroll into Active Directory** and then enter the account details.
- Note: This step is different for [Azure AD-joined VMs](#azure-active-directory-joined-vms).
12. On the Add applications page, add applications if desired. This step is optional.
13. On the Add certificates page, add certificates if desired. This step is optional.
14. On the Finish page, click **Create**.
15. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps. Otherwise, skip to step 16.
1. In file explorer, double-click the VHD to mount the disk image. Determine the drive letter of the mounted image.
2. Type the following at an elevated commnand prompt. Replace the letter **G** with the drive letter of the mounted image, and enter the project name you used if it is different than the one suggested:
14. On the Add applications page, add applications if desired. This step is optional.
15. On the Add certificates page, add certificates if desired. This step is optional.
16. On the Finish page, click **Create**.
17. In file explorer, double-click the VHD to mount the disk image. Determine the drive letter of the mounted image.
18. Type the following at an elevated command prompt. Replace the letter **G** with the drive letter of the mounted image, and enter the project name you used if it is different than the one suggested:
```
```cmd
Dism.exe /Image=G:\ /Add-ProvisioningPackage /PackagePath: "Desktop AD Enrollment Pro GVLK.ppkg"
```
3. Right-click the mounted image in file explorer and click **Eject**.
16. See instructions at [Upload and create VM from generalized VHD](https://docs.microsoft.com/azure/virtual-machines/windows/upload-generalized-managed#log-in-to-azure) to log in to Azure, get your storage account details, upload the VHD, and create a managed image.
19. Right-click the mounted image in file explorer and click **Eject**.
20. See instructions at [Upload and create VM from generalized VHD](https://docs.microsoft.com/azure/virtual-machines/windows/upload-generalized-managed#log-in-to-azure) to log in to Azure, get your storage account details, upload the VHD, and create a managed image.
## Azure Active Directory-joined VMs

11
windows/deployment/windows-autopilot/policy-conflicts.md
View File

@ -23,13 +23,18 @@ ms.topic: article
- Windows 10
There are a sigificant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.
There are a significant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.
<table>
<th>Policy<th>More information
<tr><td width="50%">Device restriction / <a href="https://docs.microsoft.com/partner-center/regional-authorization-overview">Password policy</a>
<td>When certain <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock">DeviceLock policies</a>, such as minimum password length and password complexity, or any similar group policy settings, including any that disable auto-logon, are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience or user desktop auto-logon could fail unexpectantly.
<tr><td width="50%">Device restriction / <a href="https://docs.microsoft.com/windows/client-management/mdm/devicelock-csp">Password Policy</a></td>
<td>When certain <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock">DeviceLock policies</a>, such as minimum password length and password complexity, or any similar group policy settings, including any that disable auto-logon, are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience or user desktop auto-logon could fail unexpectantly. This is especially true for kiosk scenarios where passwords are automatically generated.</td>
<tr><td width="50%">Windows 10 Security Baseline / <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions">Administrator elevation prompt behavior</a>
<br>Windows 10 Security Baseline / <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions">Require admin approval mode for administrators</a></td>
<td>When modifying user account control (UAC) settings during the out-of-box experience (OOBE) using device Enrollment Status Page (ESP), additional UAC prompts may result, especially if the device reboots after these policies are applied enabling them to take effect. To work around this issue, the policies can be targeted to users instead of devices so that they apply later in the process.</td>
</table>
## Related topics

88
windows/security/identity-protection/access-control/active-directory-security-groups.md
View File

@ -79,8 +79,8 @@ Groups are characterized by a scope that identifies the extent to which the grou
- Domain Local
**Note**  
In addition to these three scopes, the default groups in the **Builtin** container have a group scope of Builtin Local. This group scope and group type cannot be changed.
> [!NOTE]
> In addition to these three scopes, the default groups in the **Builtin** container have a group scope of Builtin Local. This group scope and group type cannot be changed.
@ -111,8 +111,8 @@ The following table lists the three group scopes and more information about each
<td><p>Accounts from any domain in the same forest</p>
<p>Global groups from any domain in the same forest</p>
<p>Other Universal groups from any domain in the same forest</p></td>
<td><p>Can be converted to Domain Local scope</p>
<p>Can be converted to Global scope if the group is not a member of any other Universal groups</p></td>
<td><p>Can be converted to Domain Local scope if the group is not a member of any other Universal groups</p>
<p>Can be converted to Global scope if the group does not contain any other Universal groups</p></td>
<td><p>On any domain in the same forest or trusting forests</p></td>
<td><p>Other Universal groups in the same forest</p>
<p>Domain Local groups in the same forest or trusting forests</p>
@ -620,8 +620,8 @@ Members of the Account Operators group cannot manage the Administrator user acco
The Account Operators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
**Note**  
By default, this built-in group has no members, and it can create and manage users and groups in the domain, including its own membership and that of the Server Operators group. This group is considered a service administrator group because it can modify Server Operators, which in turn can modify domain controller settings. As a best practice, leave the membership of this group empty, and do not use it for any delegated administration. This group cannot be renamed, deleted, or moved.
> [!NOTE]
> By default, this built-in group has no members, and it can create and manage users and groups in the domain, including its own membership and that of the Server Operators group. This group is considered a service administrator group because it can modify Server Operators, which in turn can modify domain controller settings. As a best practice, leave the membership of this group empty, and do not use it for any delegated administration. This group cannot be renamed, deleted, or moved.
@ -686,8 +686,8 @@ Members of the Administrators group have complete and unrestricted access to the
The Administrators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
**Note**  
The Administrators group has built-in capabilities that give its members full control over the system. This group cannot be renamed, deleted, or moved. This built-in group controls access to all the domain controllers in its domain, and it can change the membership of all administrative groups.
> [!NOTE]
> The Administrators group has built-in capabilities that give its members full control over the system. This group cannot be renamed, deleted, or moved. This built-in group controls access to all the domain controllers in its domain, and it can change the membership of all administrative groups.
Membership can be modified by members of the following groups: the default service Administrators, Domain Admins in the domain, or Enterprise Admins. This group has the special privilege to take ownership of any object in the directory or any resource on a domain controller. This account is considered a service administrator group because its members have full access to the domain controllers in the domain.
@ -2056,8 +2056,8 @@ When a member of the Guests group signs out, the entire profile is deleted. This
Computer Configuration\\Administrative Templates\\System\\User Profiles
**Note**  
A Guest account is a default member of the Guests security group. People who do not have an actual account in the domain can use the Guest account. A user whose account is disabled (but not deleted) can also use the Guest account.
> [!NOTE]
> A Guest account is a default member of the Guests security group. People who do not have an actual account in the domain can use the Guest account. A user whose account is disabled (but not deleted) can also use the Guest account.
The Guest account does not require a password. You can set rights and permissions for the Guest account as in any user account. By default, the Guest account is a member of the built-in Guests group and the Domain Guests global group, which allows a user to sign in to a domain. The Guest account is disabled by default, and we recommend that it stay disabled.
@ -2125,8 +2125,8 @@ This security group has not changed since Windows Server 2008.
Members of the Hyper-V Administrators group have complete and unrestricted access to all the features in Hyper-V. Adding members to this group helps reduce the number of members required in the Administrators group, and further separates access.
**Note**  
Prior to Windows Server 2012, access to features in Hyper-V was controlled in part by membership in the Administrators group.
> [!NOTE]
> Prior to Windows Server 2012, access to features in Hyper-V was controlled in part by membership in the Administrators group.
@ -2252,8 +2252,8 @@ Members of the Incoming Forest Trust Builders group can create incoming, one-way
To make this determination, the Windows security system computes a trust path between the domain controller for the server that receives the request and a domain controller in the domain of the requesting account. A secured channel extends to other Active Directory domains through interdomain trust relationships. This secured channel is used to obtain and verify security information, including security identifiers (SIDs) for users and groups.
**Note**  
This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
> [!NOTE]
> This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
@ -2261,8 +2261,8 @@ For more information, see [How Domain and Forest Trusts Work: Domain and Forest
The Incoming Forest Trust Builders group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
**Note**  
This group cannot be renamed, deleted, or moved.
> [!NOTE]
> This group cannot be renamed, deleted, or moved.
@ -2359,17 +2359,15 @@ Members of the Network Configuration Operators group can have the following admi
- Enter the PIN unblock key (PUK) for mobile broadband devices that support a SIM card.
**Note**  
This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
> [!NOTE]
> This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
The Network Configuration Operators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
**Note**  
This group cannot be renamed, deleted, or moved.
> [!NOTE]
> This group cannot be renamed, deleted, or moved.
This security group has not changed since Windows Server 2008.
@ -2434,26 +2432,23 @@ Members of the Performance Log Users group can manage performance counters, logs
- Can create and modify Data Collector Sets after the group is assigned the [Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job) user right.
**Warning**  
If you are a member of the Performance Log Users group, you must configure Data Collector Sets that you create to run under your credentials.
> [!WARNING]
> If you are a member of the Performance Log Users group, you must configure Data Collector Sets that you create to run under your credentials.
- Cannot use the Windows Kernel Trace event provider in Data Collector Sets.
For members of the Performance Log Users group to initiate data logging or modify Data Collector Sets, the group must first be assigned the [Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job) user right. To assign this user right, use the Local Security Policy snap-in in Microsoft Management Console.
**Note**  
This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
> [!NOTE]
> This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
The Performance Log Users group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
**Note**  
This account cannot be renamed, deleted, or moved.
> [!NOTE]
> This account cannot be renamed, deleted, or moved.
This security group has not changed since Windows Server 2008.
@ -2524,13 +2519,13 @@ Specifically, members of this security group:
- Cannot create or modify Data Collector Sets.
**Warning**  
You cannot configure a Data Collector Set to run as a member of the Performance Monitor Users group.
> [!WARNING]
> You cannot configure a Data Collector Set to run as a member of the Performance Monitor Users group.
**Note**  
This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO). This group cannot be renamed, deleted, or moved.
> [!NOTE]
> This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO). This group cannot be renamed, deleted, or moved.
@ -2590,15 +2585,13 @@ This security group has not changed since Windows Server 2008.
</table>
### <a href="" id="bkmk-pre-ws2kcompataccess"></a>PreWindows 2000 Compatible Access
Members of the PreWindows 2000 Compatible Access group have Read access for all users and groups in the domain. This group is provided for backward compatibility for computers running Windows NT 4.0 and earlier. By default, the special identity group, Everyone, is a member of this group. Add users to this group only if they are running Windows NT 4.0 or earlier.
**Warning**  
This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
> [!WARNING]
> This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
The PreWindows 2000 Compatible Access group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
@ -3243,8 +3236,8 @@ This security group was introduced in Windows Server 2012, and it has not chang
Computers that are members of the Replicator group support file replication in a domain. Windows Server operating systems use the File Replication service (FRS) to replicate system policies and logon scripts stored in the System Volume (SYSVOL). Each domain controller keeps a copy of SYSVOL for network clients to access. FRS can also replicate data for the Distributed File System (DFS), synchronizing the content of each member in a replica set as defined by DFS. FRS can copy and maintain shared files and folders on multiple servers simultaneously. When changes occur, content is synchronized immediately within sites and by a schedule between sites.
**Important**  
In Windows Server 2008 R2, FRS cannot be used for replicating DFS folders or custom (non-SYSVOL) data. A Windows Server 2008 R2 domain controller can still use FRS to replicate the contents of a SYSVOL shared resource in a domain that uses FRS for replicating the SYSVOL shared resource between domain controllers.
> [!WARNING]
> In Windows Server 2008 R2, FRS cannot be used for replicating DFS folders or custom (non-SYSVOL) data. A Windows Server 2008 R2 domain controller can still use FRS to replicate the contents of a SYSVOL shared resource in a domain that uses FRS for replicating the SYSVOL shared resource between domain controllers.
However, Windows Server 2008 R2 servers cannot use FRS to replicate the contents of any replica set apart from the SYSVOL shared resource. The DFS Replication service is a replacement for FRS, and it can be used to replicate the contents of a SYSVOL shared resource, DFS folders, and other custom (non-SYSVOL) data. You should migrate all non-SYSVOL FRS replica sets to DFS Replication. For more information, see:
@ -3489,8 +3482,8 @@ For more information about this security group, see [Terminal Services License S
The Terminal Server License Servers group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
**Note**  
This group cannot be renamed, deleted, or moved.
> [!NOTE]
> This group cannot be renamed, deleted, or moved.
@ -3624,11 +3617,10 @@ Members of this group have access to the computed token GroupsGlobalAndUniversal
The Windows Authorization Access group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
**Note**  
This group cannot be renamed, deleted, or moved.
> [!NOTE]
> This group cannot be renamed, deleted, or moved.
This security group has not changed since Windows Server 2008.
<table>
@ -3704,8 +3696,8 @@ The WinRMRemoteWMIUsers\_ group applies to versions of the Windows Server operat
In Windows Server 2012, the Access Denied Assistance functionality adds the Authenticated Users group to the local WinRMRemoteWMIUsers\_\_ group. Therefore, when the Access Denied Assistance functionality is enabled, all authenticated users who have Read permissions to the file share can view the file share permissions.
**Note**  
The WinRMRemoteWMIUsers\_ group allows running Windows PowerShell commands remotely whereas the [Remote Management Users](#bkmk-remotemanagementusers) group is generally used to allow users to manage servers by using the Server Manager console.
> [!NOTE]
> The WinRMRemoteWMIUsers\_ group allows running Windows PowerShell commands remotely whereas the [Remote Management Users](#bkmk-remotemanagementusers) group is generally used to allow users to manage servers by using the Server Manager console.

2
windows/security/information-protection/TOC.md
View File

@ -38,7 +38,7 @@
## [Encrypted Hard Drive](encrypted-hard-drive.md)
## [Kernel DMA Protection for Thunderbolt&trade; 3](kernel-dma-protection-for-thunderbolt.md)
## [Kernel DMA Protection](kernel-dma-protection-for-thunderbolt.md)
## [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection\protect-enterprise-data-using-wip.md)
### [Create a WIP policy using Microsoft Intune](windows-information-protection\overview-create-wip-policy.md)

2
windows/security/information-protection/index.md
View File

@ -22,7 +22,7 @@ Learn more about how to secure documents and other data across your organization
|-|-|
| [BitLocker](bitlocker/bitlocker-overview.md)| Provides information about BitLocker, which is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. |
| [Encrypted Hard Drive](encrypted-hard-drive.md)| Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. |
| [Kernel DMA Protection for Thunderbolt™ 3](kernel-dma-protection-for-thunderbolt.md)| Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports. |
| [Kernel DMA Protection](kernel-dma-protection-for-thunderbolt.md)| Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to PCI accessible ports, such as Thunderbolt™ 3 ports. |
| [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Provides info about how to create a Windows Information Protection policy that can help protect against potential corporate data leakage.|
| [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Windows 10 supports features to help prevent rootkits and bootkits from loading during the startup process. |
| [Trusted Platform Module](tpm/trusted-platform-module-top-node.md)| Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that helps you with actions such as generating, storing, and limiting the use of cryptographic keys. |

8
windows/security/threat-protection/intelligence/TOC.md
View File

@ -2,10 +2,6 @@
## [Understand malware & other threats](understanding-malware.md)
### [Prevent malware infection](prevent-malware-infection.md)
### [Malware names](malware-naming.md)
### [Coin miners](coinminer-malware.md)
### [Exploits and exploit kits](exploits-malware.md)
@ -30,6 +26,10 @@
### [Worms](worms-malware.md)
## [Prevent malware infection](prevent-malware-infection.md)
## [Malware naming convention](malware-naming.md)
## [How Microsoft identifies malware and PUA](criteria.md)
## [Submit files for analysis](submission-guide.md)

4
windows/security/threat-protection/intelligence/index.md
View File

@ -15,9 +15,11 @@ ms.topic: conceptual
---
# Security intelligence
Here you will find information about different types of malware, safety tips on how you can protect your organization, and resources for industry collaboration programs
Here you will find information about different types of malware, safety tips on how you can protect your organization, and resources for industry collaboration programs.
* [Understand malware & other threats](understanding-malware.md)
* [Prevent malware infection](prevent-malware-infection.md)
* [Malware naming convention](malware-naming.md)
* [How Microsoft identifies malware and PUA](criteria.md)
* [Submit files for analysis](submission-guide.md)
* [Safety Scanner download](safety-scanner-download.md)

1
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
View File

@ -50,6 +50,7 @@ The following table summarizes what happens with Microsoft Defender Antivirus wh
If you are Using Windows Server, version 1803 and Windows 2019, you can enable passive mode by setting this registry key:
- Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
- Name: ForceDefenderPassiveMode
- Type: REG_DWORD
- Value: 1
See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations.

2
windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
View File

@ -399,7 +399,7 @@ GUID: `e6db77e5-3df2-4cf1-b95a-636979351e5b`
## Related topics
- [Attack surface reduction FAQ](attack-surface-reduction.md)
- [Attack surface reduction FAQ](attack-surface-reduction-faq.md)
- [Enable attack surface reduction rules](enable-attack-surface-reduction.md)

6
windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
View File

@ -93,6 +93,12 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w
3. In the next field, provide enough information to give the Microsoft Threat Experts enough context to start the investigation.
4. Enter the email address that you'd like to use to correspond with Microsoft Threat Experts.
> [!NOTE]
> Customers with Premier Support subscription mapped to their Office 365 license can track the status of their Experts on Demand cases through Microsoft Services Hub. Watch this video for a quick overview of the Microsoft Services Hub.
>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4pk9f]
<BR>
## Sample investigation topics that you can consult with Microsoft Threat Experts

9
windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
View File

@ -85,9 +85,9 @@ You'll need to take the following steps if you choose to onboard servers through
Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
The following steps are required to enable this integration:
- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie)
- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie).
- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting
- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting.
### Turn on Server monitoring from the Microsoft Defender Security Center portal
@ -156,6 +156,7 @@ Support for Windows Server, provide deeper insight into activities happening on
1. Set the following registry entry:
- Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
- Name: ForceDefenderPassiveMode
- Type: REG_DWORD
- Value: 1
1. Run the following PowerShell command to verify that the passive mode was configured:
@ -185,7 +186,7 @@ The following capabilities are included in this integration:
> Automated onboarding is only applicable for Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016.
- Servers monitored by Azure Security Center will also be available in Microsoft Defender ATP - Azure Security Center seamlessly connects to the Microsoft Defender ATP tenant, providing a single view across clients and servers. In addition, Microsoft Defender ATP alerts will be available in the Azure Security Center console.
- Server investigation - Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach
- Server investigation - Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach.
> [!IMPORTANT]
> - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created. The Microsoft Defender ATP data is stored in Europe by default.
@ -233,7 +234,7 @@ To offboard the server, you can use either of the following methods:
2. Open an elevated PowerShell and run the following command. Use the Workspace ID you obtained and replacing `WorkspaceID`:
```
```powershell
# Load agent scripting object
$AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg
# Remove OMS Workspace

BIN
windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf
View File

Binary file not shown.

BIN
windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx
View File

Binary file not shown.

18
windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
View File

@ -64,7 +64,7 @@ For more information on how to configure exclusions from Puppet, Ansible, or ano
Run the following command to see the available switches for managing exclusions:
```bash
$ mdatp --exclusion
$ mdatp exclusion
```
Examples:
@ -72,29 +72,29 @@ Examples:
- Add an exclusion for a file extension:
```bash
$ mdatp --exclusion --add-extension .txt
Configuration updated successfully
$ mdatp exclusion extension add --name .txt
Extension exclusion configured successfully
```
- Add an exclusion for a file:
```bash
$ mdatp --exclusion --add-folder /var/log/dummy.log
Configuration updated successfully
$ mdatp exclusion file add --path /var/log/dummy.log
File exclusion configured successfully
```
- Add an exclusion for a folder:
```bash
$ mdatp --exclusion --add-folder /var/log/
Configuration updated successfully
$ mdatp exclusion folder add --path /var/log/
Folder exclusion configured successfully
```
- Add an exclusion for a process:
```bash
$ mdatp --exclusion --add-process cat
Configuration updated successfully
$ mdatp exclusion process add --name cat
Process exclusion configured successfully
```
## Validate exclusions lists with the EICAR test file

15
windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
View File

@ -268,7 +268,7 @@ Download the onboarding package from Microsoft Defender Security Center:
Initially the client machine is not associated with an organization. Note that the *orgId* attribute is blank:
```bash
mdatp --health orgId
mdatp health --field org_id
```
2. Run MicrosoftDefenderATPOnboardingLinuxServer.py, and note that, in order to run this command, you must have `python` installed on the device:
@ -280,17 +280,20 @@ Download the onboarding package from Microsoft Defender Security Center:
3. Verify that the machine is now associated with your organization and reports a valid organization identifier:
```bash
mdatp --health orgId
mdatp health --field org_id
```
4. A few minutes after you complete the installation, you can see the status by running the following command. A return value of `1` denotes that the product is functioning as expected:
```bash
mdatp --health healthy
mdatp health --field healthy
```
> [!IMPORTANT]
> When the product starts for the first time, it downloads the latest antimalware definitions. Depending on your Internet connection, this can take up to a few minutes. During this time the above command returns a value of `0`.<br>
> When the product starts for the first time, it downloads the latest antimalware definitions. Depending on your Internet connection, this can take up to a few minutes. During this time the above command returns a value of `false`. You can check the status of the definition update using the following command:
> ```bash
> mdatp health --field definitions_status
> ```
> Please note that you may also need to configure a proxy after completing the initial installation. See [Configure Microsoft Defender ATP for Linux for static proxy discovery: Post-installation configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration#post-installation-configuration).
5. Run a detection test to verify that the machine is properly onboarded and reporting to the service. Perform the following steps on the newly onboarded machine:
@ -298,7 +301,7 @@ Download the onboarding package from Microsoft Defender Security Center:
- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command):
```bash
mdatp --health realTimeProtectionEnabled
mdatp health --field real_time_protection_enabled
```
- Open a Terminal window. Copy and execute the following command:
@ -310,7 +313,7 @@ Download the onboarding package from Microsoft Defender Security Center:
- The file should have been quarantined by Microsoft Defender ATP for Linux. Use the following command to list all the detected threats:
```bash
mdatp --threat --list --pretty
mdatp threat list
```
## Log installation issues

50
windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
View File

@ -149,31 +149,31 @@ Create subtask or role files that contribute to an actual task. First create the
> [!NOTE]
> In case of Oracle Linux, replace *[distro]* with “rhel”.
```bash
- name: Add Microsoft apt repository for MDATP
apt_repository:
repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/[distro]/[version]/prod [channel] main
update_cache: yes
state: present
filename: microsoft-[channel].list
when: ansible_os_family == "Debian"
```bash
- name: Add Microsoft apt repository for MDATP
apt_repository:
repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/[distro]/[version]/prod [channel] main
update_cache: yes
state: present
filename: microsoft-[channel].list
when: ansible_os_family == "Debian"
- name: Add Microsoft APT key
apt_key:
keyserver: https://packages.microsoft.com/
id: BC528686B50D79E339D3721CEB3E94ADBE1229CF
when: ansible_os_family == "Debian"
- name: Add Microsoft APT key
apt_key:
keyserver: https://packages.microsoft.com/
id: BC528686B50D79E339D3721CEB3E94ADBE1229CF
when: ansible_os_family == "Debian"
- name: Add Microsoft yum repository for MDATP
yum_repository:
name: packages-microsoft-com-prod-[channel]
description: Microsoft Defender ATP
file: microsoft-[channel]
baseurl: https://packages.microsoft.com/[distro]/[version]/[channel]/
gpgcheck: yes
enabled: Yes
when: ansible_os_family == "RedHat"
```
- name: Add Microsoft yum repository for MDATP
yum_repository:
name: packages-microsoft-com-prod-[channel]
description: Microsoft Defender ATP
file: microsoft-[channel]
baseurl: https://packages.microsoft.com/[distro]/[version]/[channel]/
gpgcheck: yes
enabled: Yes
when: ansible_os_family == "RedHat"
```
- Create the actual install/uninstall YAML files under `/etc/ansible/playbooks`.
@ -241,8 +241,8 @@ Now run the tasks files under `/etc/ansible/playbooks/`.
- Validation/configuration:
```bash
$ ansible -m shell -a 'mdatp --connectivity-test' all
$ ansible -m shell -a 'mdatp --health' all
$ ansible -m shell -a 'mdatp connectivity test' all
$ ansible -m shell -a 'mdatp health' all
```
- Uninstallation:

6
windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
View File

@ -174,10 +174,10 @@ Enrolled agent devices periodically poll the Puppet Server, and install new conf
On the agent machine, you can also check the onboarding status by running:
```bash
$ mdatp --health
$ mdatp health
...
licensed : true
orgId : "[your organization identifier]"
org_id : "[your organization identifier]"
...
```
@ -190,7 +190,7 @@ orgId : "[your organization identifier]"
You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status:
```bash
mdatp --health healthy
mdatp health --field healthy
```
The above command prints `1` if the product is onboarded and functioning as expected.

18
windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
View File

@ -247,13 +247,17 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de
#### Enable / disable automatic sample submissions
Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. You are prompted if the submitted file is likely to contain personal information.
Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. There are three levels for controlling sample submission:
- **None**: no suspicious samples are submitted to Microsoft.
- **Safe**: only suspicious samples that do not contain personally identifiable information (PII) are submitted automatically. This is the default value for this setting.
- **All**: all suspicious samples are submitted to Microsoft.
|||
|:---|:---|
| **Key** | automaticSampleSubmission |
| **Data type** | Boolean |
| **Possible values** | true (default) <br/> false |
| **Key** | automaticSampleSubmissionConsent |
| **Data type** | String |
| **Possible values** | none <br/> safe (default) <br/> all |
## Recommended configuration profile
@ -266,7 +270,7 @@ The following configuration profile will:
- **Potentially unwanted applications (PUA)** are blocked.
- **Archive bombs** (file with a high compression rate) are audited to the product logs.
- Enable cloud-delivered protection.
- Enable automatic sample submission.
- Enable automatic sample submission at `safe` level.
### Sample profile
@ -286,7 +290,7 @@ The following configuration profile will:
]
},
"cloudService":{
"automaticSampleSubmission":true,
"automaticSampleSubmissionConsent":"safe",
"enabled":true
}
}
@ -346,7 +350,7 @@ The following configuration profile contains entries for all settings described
"cloudService":{
"enabled":true,
"diagnosticLevel":"optional",
"automaticSampleSubmission":true
"automaticSampleSubmissionConsent":"safe"
}
}
```

2
windows/security/threat-protection/microsoft-defender-atp/linux-pua.md
View File

@ -53,7 +53,7 @@ You can configure how PUA files are handled from the command line or from the ma
In Terminal, execute the following command to configure PUA protection:
```bash
$ mdatp --threat --type-handling potentially_unwanted_application [off|audit|block]
$ mdatp threat policy set --type potentially_unwanted_application --action [off|audit|block]
```
### Use the management console to configure PUA protection:

50
windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
View File

@ -31,29 +31,24 @@ If you can reproduce a problem, please increase the logging level, run the syste
1. Increase logging level:
```bash
$ mdatp --log-level verbose
Creating connection to daemon
Connection established
Operation succeeded
$ mdatp log level set --level verbose
Log level configured successfully
```
2. Reproduce the problem.
3. Run `sudo mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds:
3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds:
```bash
$ sudo mdatp --diagnostic --create
Creating connection to daemon
Connection established
$ sudo mdatp diagnostic create
Diagnostic file created: <path to file>
```
4. Restore logging level:
```bash
$ mdatp --log-level info
Creating connection to daemon
Connection established
Operation succeeded
$ mdatp log level set --level info
Log level configured successfully
```
## Log installation issues
@ -78,21 +73,22 @@ Important tasks, such as controlling product settings and triggering on-demand s
|Group |Scenario |Command |
|-------------|-------------------------------------------|-----------------------------------------------------------------------|
|Configuration|Turn on/off real-time protection |`mdatp --config realTimeProtectionEnabled [true/false]` |
|Configuration|Turn on/off cloud protection |`mdatp --config cloudEnabled [true/false]` |
|Configuration|Turn on/off product diagnostics |`mdatp --config cloudDiagnosticEnabled [true/false]` |
|Configuration|Turn on/off automatic sample submission |`mdatp --config cloudAutomaticSampleSubmission [true/false]` |
|Configuration|Turn on PUA protection |`mdatp --threat --type-handling potentially_unwanted_application block`|
|Configuration|Turn off PUA protection |`mdatp --threat --type-handling potentially_unwanted_application off` |
|Configuration|Turn on audit mode for PUA protection |`mdatp --threat --type-handling potentially_unwanted_application audit`|
|Diagnostics |Change the log level |`mdatp --log-level [error/warning/info/verbose]` |
|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic --create` |
|Health |Check the product's health |`mdatp --health` |
|Protection |Scan a path |`mdatp --scan --path [path]` |
|Protection |Do a quick scan |`mdatp --scan --quick` |
|Protection |Do a full scan |`mdatp --scan --full` |
|Protection |Cancel an ongoing on-demand scan |`mdatp --scan --cancel` |
|Protection |Request a security intelligence update |`mdatp --definition-update` |
|Configuration|Turn on/off real-time protection |`mdatp config real_time_protection --value [enabled|disabled]` |
|Configuration|Turn on/off cloud protection |`mdatp config cloud --value [enabled|disabled]` |
|Configuration|Turn on/off product diagnostics |`mdatp config cloud-diagnostic --value [enabled|disabled]` |
|Configuration|Turn on/off automatic sample submission |`mdatp config cloud-automatic-sample-submission [enabled|disabled]` |
|Configuration|Turn on/off AV passive mode |`mdatp config passive-mode [enabled|disabled]` |
|Configuration|Turn on PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action block` |
|Configuration|Turn off PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action off` |
|Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action audit` |
|Diagnostics |Change the log level |`mdatp log level set --level verbose [error|warning|info|verbose]` |
|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create` |
|Health |Check the product's health |`mdatp health` |
|Protection |Scan a path |`mdatp scan custom --path [path]` |
|Protection |Do a quick scan |`mdatp scan quick` |
|Protection |Do a full scan |`mdatp scan full` |
|Protection |Cancel an ongoing on-demand scan |`mdatp scan cancel` |
|Protection |Request a security intelligence update |`mdatp definitions update` |
## Microsoft Defender ATP portal information

4
windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
View File

@ -29,7 +29,7 @@ ms.topic: conceptual
To test if Microsoft Defender ATP for Linux can communicate to the cloud with the current network settings, run a connectivity test from the command line:
```bash
$ mdatp --connectivity-test
$ mdatp connectivity test
```
If the connectivity test fails, check if the machine has Internet access and if [any of the endpoints required by the product](microsoft-defender-atp-linux.md#network-connections) are blocked by a proxy or firewall.
@ -84,7 +84,7 @@ $ sudo systemctl daemon-reload; sudo systemctl restart mdatp
Upon success, attempt another connectivity test from the command line:
```bash
$ mdatp --connectivity-test
$ mdatp connectivity test
```
If the problem persists, contact customer support.

3
windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
View File

@ -116,6 +116,7 @@ and try again.
If none of the above steps help, collect the diagnostic logs:
```bash
$ sudo mdatp --diagnostic --create
$ sudo mdatp diagnostic create
Diagnostic file created: <path to file>
```
Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs.

10
windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
View File

@ -36,7 +36,8 @@ The following steps can be used to troubleshoot and mitigate these issues:
If your device is not managed by your organization, real-time protection can be disabled from the command line:
```bash
$ mdatp --config realTimeProtectionEnabled false
$ mdatp config real-time-protection --value disabled
Configuration property updated
```
If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md).
@ -49,19 +50,20 @@ The following steps can be used to troubleshoot and mitigate these issues:
This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line:
```bash
$ mdatp config real_time_protection_statistics_enabled on
$ mdatp config real-time-protection-statistics --value enabled
```
This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command:
```bash
$ mdatp health
$ mdatp health --field real_time_protection_enabled
```
Verify that the `real_time_protection_enabled` entry is `true`. Otherwise, run the following command to enable it:
```bash
$ mdatp --config realTimeProtectionEnabled true
$ mdatp config real-time-protection --value enabled
Configuration property updated
```
To collect current statistics, run:

6
windows/security/threat-protection/microsoft-defender-atp/linux-updates.md
View File

@ -26,6 +26,12 @@ ms.topic: conceptual
Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.
> [!WARNING]
> Each version of Microsoft Defender ATP for Linux has an expiration date, after which it will no longer continue to protect your device. You must update the product prior to this date. To check the expiration date, run the following command:
> ```bash
> mdatp health --field product_expiration
> ```
To update Microsoft Defender ATP for Linux manually, execute one of the following commands:
## RHEL and variants (CentOS and Oracle Linux)

6
windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md
View File

@ -19,6 +19,12 @@ ms.topic: conceptual
# What's new in Microsoft Defender Advanced Threat Protection for Linux
## 101.00.75
- Added support for the following file system types: `ecryptfs`, `fuse`, `fuseblk`, `jfs`, `nfs`, `overlay`, `ramfs`, `reiserfs`, `udf`, and `vfat`
- New syntax for the command-line tool. For more information, see [this page](linux-resources.md#configure-from-the-command-line).
- Performance improvements & bug fixes
## 100.90.70
> [!WARNING]

2
windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
View File

@ -50,7 +50,7 @@ File, folder, and process exclusions support the following wildcards:
Wildcard | Description | Example | Matches | Does not match
---|---|---|---|---
\* | Matches any number of any characters including none (note that when this wildcard is used inside a path it will substitute only one folder) | `/var/\*/\*.log` | `/var/log/system.log` | `/var/log/nested/system.log`
\* | Matches any number of any characters including none (note that when this wildcard is used inside a path it will substitute only one folder) | `/var/*/*.log` | `/var/log/system.log` | `/var/log/nested/system.log`
? | Matches any single character | `file?.log` | `file1.log`<br/>`file2.log` | `file123.log`
## How to configure the list of exclusions

14
windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
View File

@ -66,10 +66,10 @@ To complete this process, you must have admin privileges on the machine.
![Security and privacy window screenshot](../microsoft-defender-antivirus/images/MDATP-31-SecurityPrivacySettings.png)
The installation proceeds.
The installation proceeds.
> [!CAUTION]
> If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but some features, such as real-time protection, will be disabled. See [Troubleshoot kernel extension issues](mac-support-kext.md) for information on how to resolve this.
> [!CAUTION]
> If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but some features, such as real-time protection, will be disabled. See [Troubleshoot kernel extension issues](mac-support-kext.md) for information on how to resolve this.
> [!NOTE]
> macOS may request to reboot the machine upon the first installation of Microsoft Defender. Real-time protection will not be available until the machine is rebooted.
@ -81,21 +81,19 @@ The installation proceeds.
The client machine is not associated with orgId. Note that the *orgId* attribute is blank.
```bash
$ mdatp --health orgId
mdatp --health orgId
```
2. Run the Python script to install the configuration file:
```bash
$ /usr/bin/python MicrosoftDefenderATPOnboardingMacOs.py
Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
/usr/bin/python MicrosoftDefenderATPOnboardingMacOs.py
```
3. Verify that the machine is now associated with your organization and reports a valid *orgId*:
```bash
$ mdatp --health orgId
E6875323-A6C0-4C60-87AD-114BBE7439B8
mdatp --health orgId
```
After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.

2
windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
View File

@ -148,7 +148,7 @@ It's important to understand the following prerequisites prior to creating indic
5. Review the details in the Summary tab, then click **Save**.
## Create indicators for certificates (preview)
## Create indicators for certificates
You can create indicators for certificates. Some common use cases include:

22
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
View File

@ -91,12 +91,22 @@ If you experience any installation failures, refer to [Troubleshooting installat
- Disk space: 650 MB
- The solution currently provides real-time protection for the following file system types:
- btrfs
- ext2
- ext3
- ext4
- tmpfs
- xfs
- `btrfs`
- `ecryptfs`
- `ext2`
- `ext3`
- `ext4`
- `fuse`
- `fuseblk`
- `jfs`
- `nfs`
- `overlay`
- `ramfs`
- `reiserfs`
- `tmpfs`
- `udf`
- `vfat`
- `xfs`
More file system types will be added in the future.

6
windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
View File

@ -65,5 +65,11 @@ The option to **Consult a threat expert** is available in several places in the
- <i>**File page actions menu**</i><BR>
![Screenshot of MTE-EOD file page action menu option](images/mte-eod-file.png)
> [!NOTE]
> Customers with Premier Support subscription mapped to their Office 365 license can track the status of their Experts on Demand cases through Microsoft Services Hub. Watch this video for a quick overview of the Microsoft Services Hub.
<BR>
>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4pk9f]
<BR>
## Related topic
- [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)