From f44fb5ecfc8bbe8bc427a55334e3c7ed29f6e1f3 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 19 Oct 2017 13:35:25 -0700 Subject: [PATCH 1/6] update for AV reqs --- ...mpatibility-windows-defender-advanced-threat-protection.md | 4 +++- ...equirements-windows-defender-advanced-threat-protection.md | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md index e35be7bc63..5844a22096 100644 --- a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md @@ -13,7 +13,7 @@ ms.localizationpriority: high ms.date: 10/17/2017 --- -# Windows Defender compatibility +# Windows Defender Antivirus compatibility **Applies to:** @@ -30,6 +30,8 @@ ms.date: 10/17/2017 The Windows Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning. +You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Update Windows Defender signatures](https://support.microsoft.com/en-us/help/4027712/windows-update-windows-defender-signatures). + If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode. Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client. diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index e389fe6cf4..a7201ced3d 100644 --- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -121,7 +121,9 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the ``` ## Windows Defender Antivirus signature updates are configured -The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. If Windows Defender Antivirus is not the active antimalware in your organization, you may need to configure the signature updates. For more information see [Configure Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md). +The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. + +You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Update Windows Defender signatures](https://support.microsoft.com/en-us/help/4027712/windows-update-windows-defender-signatures). When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy. From 009a9b6719617e479719708ebf8b578dd065a9dd Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 20 Oct 2017 09:57:29 -0700 Subject: [PATCH 2/6] add wdav prereqs in onboarding and troubleshooting --- ...ty-windows-defender-advanced-threat-protection.md | 2 +- ...ts-windows-defender-advanced-threat-protection.md | 2 +- ...re-windows-defender-advanced-threat-protection.md | 12 +++++++++++- ...ng-windows-defender-advanced-threat-protection.md | 10 ++++++++++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md index 5844a22096..a5d76460ef 100644 --- a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md @@ -30,7 +30,7 @@ ms.date: 10/17/2017 The Windows Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning. -You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Update Windows Defender signatures](https://support.microsoft.com/en-us/help/4027712/windows-update-windows-defender-signatures). +You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode. diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index a7201ced3d..05d9b1b4ce 100644 --- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -123,7 +123,7 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the ## Windows Defender Antivirus signature updates are configured The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. -You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Update Windows Defender signatures](https://support.microsoft.com/en-us/help/4027712/windows-update-windows-defender-signatures). +You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy. diff --git a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index 68514478d8..a4a48a74b5 100644 --- a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Onboard endpoints and set up the Windows Defender ATP user access description: Set up user access in Azure Active Directory and use Group Policy, SCCM, or do manual registry changes to onboard endpoints to the service. -keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy +keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -40,6 +40,16 @@ Windows Defender Advanced Threat Protection requires one of the following Micros For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). +## Windows Defender Antivirus configuration requirement +The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. + +You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). + +When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy. + +For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md). + + ## In this section Topic | Description :---|:--- diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 6cadefb400..99e94a8a2f 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -130,6 +130,7 @@ If the deployment tools used does not indicate an error in the onboarding proces - [Ensure the service is set to start](#ensure-the-service-is-set-to-start) - [Ensure the endpoint has an Internet connection](#ensure-the-endpoint-has-an-internet-connection) - [Ensure that Windows Defender is not disabled by a policy](#ensure-that-windows-defender-is-not-disabled-by-a-policy) +- [Ensure that Windows Defender Antivirus signature updates are configured](#ensure-that-windows-defender-antivirus-signature-updates-are-configured) ### View agent onboarding errors in the endpoint event log @@ -265,6 +266,15 @@ If the verification fails and your environment is using a proxy to connect to th ![Image of registry key for Windows Defender](images/atp-disableantispyware-regkey.png) +### Ensure that Windows Defender Antivirus signature updates are configured +The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. + +You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). + +When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy. + +For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md). + ## Licensing requirements Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: From 266ddc581e16b429161356f3bf6d38da325f0e2a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 20 Oct 2017 10:17:47 -0700 Subject: [PATCH 3/6] update wdav links --- ...-requirements-windows-defender-advanced-threat-protection.md | 2 +- ...ard-configure-windows-defender-advanced-threat-protection.md | 2 +- ...ot-onboarding-windows-defender-advanced-threat-protection.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index 05d9b1b4ce..6e2509a904 100644 --- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -127,7 +127,7 @@ You must configure the signature updates on the Windows Defender ATP endpoints w When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy. -For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md). +For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). ## Windows Defender Early Launch Antimalware (ELAM) driver is enabled If you're running Windows Defender as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard. diff --git a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index a4a48a74b5..a0e2ab8d7c 100644 --- a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -47,7 +47,7 @@ You must configure the signature updates on the Windows Defender ATP endpoints w When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy. -For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md). +For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). ## In this section diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 99e94a8a2f..5ee5b4499f 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -273,7 +273,7 @@ You must configure the signature updates on the Windows Defender ATP endpoints w When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy. -For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md). +For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). ## Licensing requirements Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: From 13677d4666aebdc1b40dcd0fff01dfe25e9f9f0e Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 1 Nov 2017 15:33:39 -0700 Subject: [PATCH 4/6] update office app types --- .../attack-surface-reduction-exploit-guard.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index a3bb50ab5b..3c6dc15b5e 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -22,6 +22,11 @@ ms.date: 08/25/2017 **Applies to:** - Windows 10, version 1709 +- Microsoft Office 365 +- Microsoft Office 2016 +- Microsoft Office 2013 +- Microsoft Office 2010 + @@ -47,7 +52,7 @@ The feature is comprised of a number of rules, each of which target specific beh - Executable files and scripts used in Office apps or web mail that attempt to download or run files - Scripts that are obfuscated or otherwise suspicious -- Behaviors that apps undertake that are not usually inititated during normal day-to-day work +- Behaviors that apps undertake that are not usually initiated during normal day-to-day work See the [Attack surface reduction rules](#attack-surface-reduction-rules) section in this topic for more information on each rule. @@ -69,6 +74,15 @@ Block JavaScript or VBScript from launching downloaded executable content | D3E0 Block execution of potentially obfuscated scripts | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC Block Win32 API calls from Office macro | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B +The rules apply to the following Office apps running on Windows 10, version 1709. See the **Applies to** section at the start of this topic for a list of supported Office version. + +Supported Office apps: +- Microsoft Word +- Microsoft Excel +- Microsoft PowerPoint +- Microsoft OneNote + +The rules do not apply to any other Office apps. ### Rule: Block executable content from email client and webmail From 232dc4dcc99c9c2c817efcfd8681eb1885c42934 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Thu, 2 Nov 2017 13:05:11 -0700 Subject: [PATCH 5/6] added Microsoft for Listings, Connections, and Invoicing per marketing --- bcs/support/microsoft-365-business-faqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bcs/support/microsoft-365-business-faqs.md b/bcs/support/microsoft-365-business-faqs.md index 03a4f09a0c..f1d4a9918c 100644 --- a/bcs/support/microsoft-365-business-faqs.md +++ b/bcs/support/microsoft-365-business-faqs.md @@ -22,7 +22,7 @@ Microsoft 365 is an integrated solution that brings together best-in-class produ **A holistic set of business productivity and collaboration tools** * Word, Excel, PowerPoint, Outlook, OneNote, Publisher, and Access * Exchange, OneDrive, Skype for Business, Microsoft Teams, SharePoint -* Business apps from Office (Bookings, Outlook Customer Manager, MileIQ[1](#footnote1), Listings[1](#footnote1), Connections[1](#footnote1), Invoicing[1](#footnote1)) +* Business apps from Office (Bookings, Outlook Customer Manager, MileIQ[1](#footnote1), Microsoft Listings[1](#footnote1), Microsoft Connections[1](#footnote1), Microsoft Invoicing[1](#footnote1)) **Enterprise-grade device management and security capabilities** * App protection for Office mobile apps From e5ab7e6c72403a90f05ffd43a07c90f98e9f9ea2 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Thu, 2 Nov 2017 14:02:19 -0700 Subject: [PATCH 6/6] version update --- .../attack-surface-reduction-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 3c6dc15b5e..5173d88d30 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -21,7 +21,7 @@ ms.date: 08/25/2017 **Applies to:** -- Windows 10, version 1709 +- Windows 10, version 1709 (and later) - Microsoft Office 365 - Microsoft Office 2016 - Microsoft Office 2013