From e5a42df8f32c7c1155dad95884249d1f966043c8 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Fri, 12 Jun 2020 12:43:54 -0700 Subject: [PATCH 01/12] New article Hub Teams app --- devices/surface-hub/TOC.md | 1 + devices/surface-hub/hub-teams-app.md | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 devices/surface-hub/hub-teams-app.md diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md index 67516c9773..867063cc0c 100644 --- a/devices/surface-hub/TOC.md +++ b/devices/surface-hub/TOC.md @@ -32,6 +32,7 @@ ### [Create provisioning packages for Surface Hub 2S](surface-hub-2s-deploy.md) ### [Deploy apps to Surface Hub 2S using Intune](surface-hub-2s-deploy-apps-intune.md) ### [Create Surface Hub 2S on-premises accounts with PowerShell](surface-hub-2s-onprem-powershell.md) +### [Surface Hub Teams app](hub-teams-app.md) ## Manage ### [Manage Surface Hub 2S with Microsoft Intune](surface-hub-2s-manage-intune.md) diff --git a/devices/surface-hub/hub-teams-app.md b/devices/surface-hub/hub-teams-app.md new file mode 100644 index 0000000000..4083dc8515 --- /dev/null +++ b/devices/surface-hub/hub-teams-app.md @@ -0,0 +1,28 @@ +--- +title: "Microsoft Teams app for Surface Hub" +description: "This page shows a summary of updates to the Microsoft Teams app for Surface Hub" +keywords: separate values with commas +ms.prod: surface-hub +ms.sitesec: library +author: greg-lindsay +ms.author: greglin +manager: laurawi +audience: Admin +ms.topic: article +ms.date: 06/12/2020 +ms.localizationpriority: Medium + +# Microsoft Teams app for Surface Hub + +The Microsoft Teams app for Surface Hub is periodically updated and available via the [Microsoft Store](https://www.microsoft.com/store/apps/windows). If you manage Surface Hub with Automatic Updates enabled (default setting), the app will update automatically. + + +## Version history + +| **Store app version** | **Updates** | **Published to Microsoft Store** | +| --------------------- | --------------------------------------------------------------------------------------------------- | -------------------------------- | +| 0.2020.13201.0 | - 3x3 Gallery view on Surface Hub
- Ability to search for External users | June 10, 2020
| +| 0.2020.13201 | - Quality improvements and Bug fixes | June 1, 2020
| +| 0.2020.4301.0 | - Accept incoming PSTN calls on Surface Hub
- Added controls for Attendee/Presenter role changes | May 21, 2020 | + + From 65e0c5ec71b385837537e557f306f28f5e0a982a Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Fri, 12 Jun 2020 13:49:45 -0700 Subject: [PATCH 02/12] Cut images showing old brand name Per Deniseb, but images showing the old Windows Defender Antivirus and/or Windows Defender Offline name. See task 4116148. --- ...network-connections-microsoft-defender-antivirus.md | 8 ++------ ...eal-time-protection-microsoft-defender-antivirus.md | 5 +---- ...d-periodic-scanning-microsoft-defender-antivirus.md | 10 ++-------- ...rosoft-defender-antivirus-on-windows-server-2016.md | 4 +--- .../microsoft-defender-offline.md | 4 +--- ...nges-to-security-settings-with-tamper-protection.md | 4 ---- 6 files changed, 7 insertions(+), 28 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md index 2992128fc2..1b7bc129b9 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md @@ -87,9 +87,7 @@ Download the file by visiting the following link: >[!NOTE] >This file is not an actual piece of malware. It is a fake file that is designed to test if you are properly connected to the cloud. -If you are properly connected, you will see a warning Microsoft Defender Antivirus notification: - -![Microsoft Defender Antivirus notification informing the user that malware was found](images/defender/wdav-malware-detected.png) +If you are properly connected, you will see a warning Microsoft Defender Antivirus notification. If you are using Microsoft Edge, you'll also see a notification message: @@ -107,9 +105,7 @@ You will also see a detection under **Quarantined threats** in the **Scan histor ![Screenshot of the Scan history label in the Windows Security app](images/defender/wdav-history-wdsc.png) -3. Under the **Quarantined threats** section, click the **See full history** label to see the detected fake malware: - - ![Screenshot of quarantined items in the Windows Security app](images/defender/wdav-quarantined-history-wdsc.png) +3. Under the **Quarantined threats** section, click the **See full history** label to see the detected fake malware. >[!NOTE] >Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](microsoft-defender-security-center-antivirus.md). diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md index a456334e1f..fbcf3e9352 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md @@ -38,7 +38,6 @@ To enable and configure always-on protection: 2. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**. ![GPEdit taskbar search result](images/gpedit-search.png) 2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus**. -![Microsoft Defender Antivirus](images/gpedit-windows-defender-antivirus.png) 3. Configure the Microsoft Defender Antivirus antimalware service policy settings. To do this: 1. In the **Microsoft Defender Antivirus** details pane on right, double-click the policy setting as specified in the following table: @@ -46,14 +45,12 @@ To enable and configure always-on protection: |-----------------------------|------------------------|-------------------------------| | Allow antimalware service to startup with normal priority | You can lower the priority of the Microsoft Defender Antivirus engine, which may be useful in lightweight deployments where you want to have as lean a startup process as possible. This may impact protection on the endpoint. | Enabled | Allow antimalware service to remain running always | If protection updates have been disabled, you can set Microsoft Defender Antivirus to still run. This lowers the protection on the endpoint. | Disabled | - 2. Configure the setting as appropriate, and click **OK**. 3. Repeat the previous steps for each setting in the table. 4. Configure the Microsoft Defender Antivirus real-time protection policy settings. To do this: 1. In the **Microsoft Defender Antivirus** details pane, double-click **Real-time Protection**. Or, from the **Microsoft Defender Antivirus** tree on left pane, click **Real-time Protection**. - ![Microsoft Defender Antivirus Real-time Protection options](images/gpedit-real-time-protection.png) - 2. In the **Real-time Protection** details pane on right, double-click the policy setting as specified in the following table: + 2. In the **Real-time Protection** details pane on right, double-click the policy setting as specified in the following table: | Setting | Description | Default setting | |-----------------------------|------------------------|-------------------------------| diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md index fdc1e748f8..545f77a114 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md @@ -39,18 +39,12 @@ If Microsoft Defender Antivirus is enabled, the usual options will appear to con ![Windows Security app showing Microsoft Defender AV options, including scan options, settings, and update options](images/vtp-wdav.png) -If another antivirus product is installed and working correctly, Microsoft Defender Antivirus will disable itself. The Windows Security app will change the **Virus & threat protection** section to show status about the AV product, and provide a link to the product's configuration options: +If another antivirus product is installed and working correctly, Microsoft Defender Antivirus will disable itself. The Windows Security app will change the **Virus & threat protection** section to show status about the AV product, and provide a link to the product's configuration options. -![Windows Security app showing ContosoAV as the installed and running antivirus provider. There is a single link to open ContosoAV settings.](images/vtp-3ps.png) - -Underneath any third party AV products, a new link will appear as **Microsoft Defender Antivirus options**. Clicking this link will expand to show the toggle that enables limited periodic scanning. - -![The limited periodic option is a toggle to enable or disable **periodic scanning**](images/vtp-3ps-lps.png) +Underneath any third party AV products, a new link will appear as **Microsoft Defender Antivirus options**. Clicking this link will expand to show the toggle that enables limited periodic scanning. Note that the limited periodic option is a toggle to enable or disable periodic scanning. Sliding the switch to **On** will show the standard Microsoft Defender AV options underneath the third party AV product. The limited periodic scanning option will appear at the bottom of the page. -![When enabled, periodic scanning shows the normal Microsoft Defender Antivirus options](images/vtp-3ps-lps-on.png) - ## Related articles - [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md index 5018ae9f9d..5a5fefca87 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md @@ -61,9 +61,7 @@ In Windows Server 2016, the **Add Roles and Features Wizard** looks like this: ![Add roles and feature wizard showing the GUI for Windows Defender option](images/server-add-gui.png) -In Windows Server 2019, the **Add Roles and Feature Wizard** looks like this: - -![Add roles and features wizard Windows Server 2019](images/WDAV-WinSvr2019-turnfeatureson.jpg) +In Windows Server 2019, the **Add Roles and Feature Wizard** looks much the same. ### Turn on the GUI using PowerShell diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md index 103ede404e..cb5f4ad90e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md @@ -62,9 +62,7 @@ The prompt can occur via a notification, similar to the following: ![Windows notification showing the requirement to run Microsoft Defender Offline](images/defender/notification.png) -The user will also be notified within the Windows Defender client: - -![Windows Defender showing the requirement to run Microsoft Defender Offline](images/defender/client.png) +The user will also be notified within the Windows Defender client. In Configuration Manager, you can identify the status of endpoints by navigating to **Monitoring > Overview > Security > Endpoint Protection Status > System Center Endpoint Protection Status**. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 971482d70d..4a2fe0777f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -112,10 +112,6 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal- 5. Assign the profile to one or more groups. - Here's what you see in the Windows Security app: - - ![Turning tamper protection on in Windows 10 Enterprise](images/turnontamperprotect-enterprise.png) - ### Are you using Windows OS 1709, 1803, or 1809? If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), or [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), you won't see **Tamper Protection** in the Windows Security app. In this case, you can use PowerShell to determine whether tamper protection is enabled. From 4a4f9781df96d5318010680908d2619c590403ff Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Fri, 12 Jun 2020 14:12:40 -0700 Subject: [PATCH 03/12] Update hub-teams-app.md --- devices/surface-hub/hub-teams-app.md | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/devices/surface-hub/hub-teams-app.md b/devices/surface-hub/hub-teams-app.md index 4083dc8515..ecc0410e36 100644 --- a/devices/surface-hub/hub-teams-app.md +++ b/devices/surface-hub/hub-teams-app.md @@ -1,28 +1,23 @@ --- -title: "Microsoft Teams app for Surface Hub" -description: "This page shows a summary of updates to the Microsoft Teams app for Surface Hub" -keywords: separate values with commas +title: Microsoft Teams app for Surface Hub +description: Provides a version history of updates for the Microsoft Teams app for Surface Hub +keywords: surface, hub, ms.prod: surface-hub ms.sitesec: library -author: greg-lindsay +author: greglin ms.author: greglin -manager: laurawi -audience: Admin ms.topic: article -ms.date: 06/12/2020 -ms.localizationpriority: Medium +ms.localizationpriority: medium +--- -# Microsoft Teams app for Surface Hub +# Microsoft Teams app for Surface Hub The Microsoft Teams app for Surface Hub is periodically updated and available via the [Microsoft Store](https://www.microsoft.com/store/apps/windows). If you manage Surface Hub with Automatic Updates enabled (default setting), the app will update automatically. ## Version history - | **Store app version** | **Updates** | **Published to Microsoft Store** | | --------------------- | --------------------------------------------------------------------------------------------------- | -------------------------------- | -| 0.2020.13201.0 | - 3x3 Gallery view on Surface Hub
- Ability to search for External users | June 10, 2020
| -| 0.2020.13201 | - Quality improvements and Bug fixes | June 1, 2020
| -| 0.2020.4301.0 | - Accept incoming PSTN calls on Surface Hub
- Added controls for Attendee/Presenter role changes | May 21, 2020 | - - +| 0.2020.13201.0 | - 3x3 Gallery view on Surface Hub
- Ability to search for External users | June 10, 2020
**** | +| 0.2020.13201 | - Quality improvements and Bug fixes | June 1, 2020
**** | +| 0.2020.4301.0 | - Accept incoming PSTN calls on Surface Hub
- Added controls for Attendee/Presenter role changes | May 21, 2020 | \ No newline at end of file From 2b296e5d6b2df591a681fcd3d5fe4c8f8c4d715c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 12 Jun 2020 15:16:55 -0700 Subject: [PATCH 04/12] Removed unnecessary bold from table headings --- devices/surface-hub/hub-teams-app.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/surface-hub/hub-teams-app.md b/devices/surface-hub/hub-teams-app.md index ecc0410e36..a2e25a8458 100644 --- a/devices/surface-hub/hub-teams-app.md +++ b/devices/surface-hub/hub-teams-app.md @@ -16,8 +16,8 @@ The Microsoft Teams app for Surface Hub is periodically updated and available vi ## Version history -| **Store app version** | **Updates** | **Published to Microsoft Store** | +| Store app version | Updates | Published to Microsoft Store | | --------------------- | --------------------------------------------------------------------------------------------------- | -------------------------------- | | 0.2020.13201.0 | - 3x3 Gallery view on Surface Hub
- Ability to search for External users | June 10, 2020
**** | | 0.2020.13201 | - Quality improvements and Bug fixes | June 1, 2020
**** | -| 0.2020.4301.0 | - Accept incoming PSTN calls on Surface Hub
- Added controls for Attendee/Presenter role changes | May 21, 2020 | \ No newline at end of file +| 0.2020.4301.0 | - Accept incoming PSTN calls on Surface Hub
- Added controls for Attendee/Presenter role changes | May 21, 2020 | From 85eee2b34ba7e8150065f4429949e16743dd95eb Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Fri, 12 Jun 2020 15:17:25 -0700 Subject: [PATCH 05/12] Updated meta descriptions for SEO --- .../appv-create-a-package-accelerator.md | 2 +- .../app-v/appv-for-windows.md | 2 +- .../app-v/appv-getting-started.md | 2 +- ...-publishing-server-on-a-remote-computer.md | 2 +- .../mdm/certificate-renewal-windows-mdm.md | 2 +- .../mdm/clientcertificateinstall-csp.md | 2 +- windows/client-management/mdm/defender-csp.md | 2 +- windows/client-management/mdm/defender-ddf.md | 2 +- .../mdm/enterpriseappvmanagement-csp.md | 2 +- .../mdm/enterpriseassignedaccess-xsd.md | 2 +- .../mdm/policy-csp-attachmentmanager.md | 2 +- .../mdm/policy-csp-education.md | 2 +- .../mdm/policy-csp-mssecurityguide.md | 2 +- .../mdm/policy-csp-system.md | 2 +- windows/configuration/kiosk-validate.md | 2 +- .../configuration/ue-v/uev-troubleshooting.md | 2 +- ...application-virtualization-applications.md | 2 +- windows/deployment/deploy.md | 2 +- .../update/windows-update-resources.md | 2 +- .../usmt/usmt-determine-what-to-migrate.md | 135 +++++++++--------- .../volume-activation/vamt-known-issues.md | 2 +- .../windows-autopilot-requirements.md | 2 +- ...ndows-7-and-windows-server-2008-r2-sp1.yml | 2 +- .../resolved-issues-windows-server-2012.yml | 2 +- ...windows-8.1-and-windows-server-2012-r2.yml | 2 +- .../status-windows-server-2008-sp2.yml | 2 +- windows/whats-new/get-started-with-1709.md | 2 +- 27 files changed, 94 insertions(+), 93 deletions(-) diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md index 7f2ec6c3c5..db4fe23b68 100644 --- a/windows/application-management/app-v/appv-create-a-package-accelerator.md +++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md @@ -1,6 +1,6 @@ --- title: How to create a package accelerator (Windows 10) -description: How to create a package accelerator. +description: Learn how to create App-V Package Accelerators to automatically generate new virtual application packages. author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md index 459032925c..bec88a55bf 100644 --- a/windows/application-management/app-v/appv-for-windows.md +++ b/windows/application-management/app-v/appv-for-windows.md @@ -1,6 +1,6 @@ --- title: Application Virtualization (App-V) (Windows 10) -description: Application Virtualization (App-V) +description: See various topics that can help you administer Application Virtualization (App-V) and its components. author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md index 1b1f6592d5..2e1556cb8a 100644 --- a/windows/application-management/app-v/appv-getting-started.md +++ b/windows/application-management/app-v/appv-getting-started.md @@ -1,6 +1,6 @@ --- title: Getting Started with App-V (Windows 10) -description: Getting Started with App-V for Windows 10 +description: Get started with Microsoft Application Virtualization (App-V) for Windows 10. author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md index 7209027bb8..8fce503469 100644 --- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md +++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md @@ -1,6 +1,6 @@ --- title: Install the Publishing Server on a Remote Computer (Windows 10) -description: How to Install the App-V Publishing Server on a Remote Computer +description: Use the procedures in this article to install the Microsoft Application Virtualization (App-V) publishing server on a separate computer. author: lomayor ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md index 26580c5095..415aa6a9b9 100644 --- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md +++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md @@ -1,6 +1,6 @@ --- title: Certificate Renewal -description: The enrolled client certificate expires after a period of use. +description: Find all the resources needed to provide continuous access to client certificates. MS-HAID: - 'p\_phdevicemgmt.certificate\_renewal' - 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm' diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index 8837ad757e..0f2ec33a8f 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -1,6 +1,6 @@ --- title: ClientCertificateInstall CSP -description: ClientCertificateInstall CSP +description: The ClientCertificateInstall configuration service provider (CSP) enables the enterprise to install client certificates. ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 8c398e4992..0842fb0031 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -1,6 +1,6 @@ --- title: Defender CSP -description: Defender CSP +description: See how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise. ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index 6ca8fc6f49..60c2372aed 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -1,6 +1,6 @@ --- title: Defender DDF file -description: Defender DDF file +description: See how the the OMA DM device description framework (DDF) for the **Defender** configuration service provider is used. ms.assetid: 39B9E6CF-4857-4199-B3C3-EC740A439F65 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md index ab13935f66..22445122ec 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md @@ -1,6 +1,6 @@ --- title: EnterpriseAppVManagement CSP -description: EnterpriseAppVManagement CSP +description: Examine the tree format for EnterpriseAppVManagement configuration service provider (CSP) to manage virtual applications in Windows 10 PCs.(Enterprise and Education editions). ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md index f73c18d744..3ee96832c7 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md @@ -1,6 +1,6 @@ --- title: EnterpriseAssignedAccess XSD -description: EnterpriseAssignedAccess XSD +description: This XSD can be used to validate that the lockdown XML in the \ block of the AssignedAccessXML node. ms.assetid: BB3B633E-E361-4B95-9D4A-CE6E08D67ADA ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index b09a07d3b2..bc3456d80d 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -1,6 +1,6 @@ --- title: Policy CSP - AttachmentManager -description: Policy CSP - AttachmentManager +description: Manage Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index e316fbdb3f..df04232bea 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -1,6 +1,6 @@ --- title: Policy CSP - Education -description: Policy CSP - Education +description: Control graphing functionality in the Windows Calculator app. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md index 598cad17d2..f896724225 100644 --- a/windows/client-management/mdm/policy-csp-mssecurityguide.md +++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md @@ -1,6 +1,6 @@ --- title: Policy CSP - MSSecurityGuide -description: Policy CSP - MSSecurityGuide +description: See how this ADMX-backed policy requires a special SyncML format to enable or disable. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 7cb986c7fd..a221c321b1 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1,6 +1,6 @@ --- title: Policy CSP - System -description: Policy CSP - System +description: Learn policy settings that determines whether users can access the Insider build controls in the advanced options for Windows Update. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md index ea34adf834..34b8124fa2 100644 --- a/windows/configuration/kiosk-validate.md +++ b/windows/configuration/kiosk-validate.md @@ -1,6 +1,6 @@ --- title: Validate kiosk configuration (Windows 10) -description: This topic explains what to expect on a multi-app kiosk. +description: Learn what to expect on a multi-app kiosk in Windows 10 Pro, Enterprise, and Education. ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC ms.reviewer: manager: dansimp diff --git a/windows/configuration/ue-v/uev-troubleshooting.md b/windows/configuration/ue-v/uev-troubleshooting.md index 1ffb99a964..9683bd771d 100644 --- a/windows/configuration/ue-v/uev-troubleshooting.md +++ b/windows/configuration/ue-v/uev-troubleshooting.md @@ -1,6 +1,6 @@ --- title: Troubleshooting UE-V -description: Troubleshooting UE-V +description: Find resources for troubleshooting UE-V for Windows 10. author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy diff --git a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md index d2e019723d..8b68977b69 100644 --- a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md +++ b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md @@ -1,6 +1,6 @@ --- title: Using UE-V with Application Virtualization applications -description: Using UE-V with Application Virtualization applications +description: Learn how to use User Experience Virtualization (UE-V) with Microsoft Application Virtualization (App-V). author: dansimp ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md index 4680e56b08..d86cb2f2a8 100644 --- a/windows/deployment/deploy.md +++ b/windows/deployment/deploy.md @@ -1,6 +1,6 @@ --- title: Deploy Windows 10 (Windows 10) -description: Deploying Windows 10 for IT professionals. +description: Learn Windows 10 upgrade options for planning, testing, and managing your production deployment. ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C ms.reviewer: manager: laurawi diff --git a/windows/deployment/update/windows-update-resources.md b/windows/deployment/update/windows-update-resources.md index 16e2488d65..d7c9b71e67 100644 --- a/windows/deployment/update/windows-update-resources.md +++ b/windows/deployment/update/windows-update-resources.md @@ -1,6 +1,6 @@ --- title: Windows Update - Additional resources -description: Additional resources for Windows Update +description: Use these resource to troubleshoot and reset Windows Update. ms.prod: w10 ms.mktglfcycl: diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md index cb04fac7e3..3b16df17e6 100644 --- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md +++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md @@ -1,67 +1,68 @@ ---- -title: Determine What to Migrate (Windows 10) -description: Determine What to Migrate -ms.assetid: 01ae1d13-c3eb-4618-b39d-ee5d18d55761 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Determine What to Migrate - - -By default, User State Migration Tool (USMT) 10.0 migrates the items listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md), depending on the migration .xml files you specify. These default settings are often enough for a basic migration. - -However, when considering what settings to migrate, you should also consider what settings you would like the user to be able to configure, if any, and what settings you would like to standardize. Many organizations use their migration as an opportunity to create and begin enforcing a better-managed environment. Some of the settings that users can configure on unmanaged computers prior to the migration can be locked on the new, managed computers. For example, standard wallpaper, Internet Explorer security settings, and desktop configuration are some of the items you can choose to standardize. - -To reduce complexity and increase standardization, your organization should consider creating a *standard operating environment (SOE)*. An SOE is a combination of hardware and software that you distribute to all users. This means selecting a baseline for all computers, including standard hardware drivers; core operating system features; core productivity applications, especially if they are under volume licensing; and core utilities. This environment should also include a standard set of security features, as outlined in the organization’s corporate policy. Using a standard operating environment can vastly simplify the migration and reduce overall deployment challenges. - -## In This Section - - - ---- - - - - - - - - - - - - - - - - - - -

Identify Users

Use command-line options to specify which users to migrate and how they should be migrated.

Identify Applications Settings

Determine which applications you want to migrate and prepare a list of application settings to be migrated.

Identify Operating System Settings

Use migration to create a new standard environment on each of the destination computers.

Identify File Types, Files, and Folders

Determine and locate the standard, company-specified, and non-standard locations of the file types, files, folders, and settings that you want to migrate.

- - - -## Related topics - - -[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) - - - - - - - - - +--- +title: Determine What to Migrate (Windows 10) +description: Determine migration settings for standard or customized for the User State Migration Tool (USMT) 10.0. +ms.assetid: 01ae1d13-c3eb-4618-b39d-ee5d18d55761 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Determine What to Migrate + + +By default, User State Migration Tool (USMT) 10.0 migrates the items listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md), depending on the migration .xml files you specify. These default settings are often enough for a basic migration. + +However, when considering what settings to migrate, you should also consider what settings you would like the user to be able to configure, if any, and what settings you would like to standardize. Many organizations use their migration as an opportunity to create and begin enforcing a better-managed environment. Some of the settings that users can configure on unmanaged computers prior to the migration can be locked on the new, managed computers. For example, standard wallpaper, Internet Explorer security settings, and desktop configuration are some of the items you can choose to standardize. + +To reduce complexity and increase standardization, your organization should consider creating a *standard operating environment (SOE)*. An SOE is a combination of hardware and software that you distribute to all users. This means selecting a baseline for all computers, including standard hardware drivers; core operating system features; core productivity applications, especially if they are under volume licensing; and core utilities. This environment should also include a standard set of security features, as outlined in the organization’s corporate policy. Using a standard operating environment can vastly simplify the migration and reduce overall deployment challenges. + +## In This Section + + + ++++ + + + + + + + + + + + + + + + + + + +

Identify Users

Use command-line options to specify which users to migrate and how they should be migrated.

Identify Applications Settings

Determine which applications you want to migrate and prepare a list of application settings to be migrated.

Identify Operating System Settings

Use migration to create a new standard environment on each of the destination computers.

Identify File Types, Files, and Folders

Determine and locate the standard, company-specified, and non-standard locations of the file types, files, folders, and settings that you want to migrate.

+ + + +## Related topics + + +[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) + + + + + + + + + diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 2259c02d2f..b4173bb737 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -1,6 +1,6 @@ --- title: VAMT known issues (Windows 10) -description: Volume Activation Management Tool (VAMT) known issues +description: Find out the current known issues with the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1. ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f ms.reviewer: manager: laurawi diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index 25fee702e2..eca7e2bf95 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -2,7 +2,7 @@ title: Windows Autopilot requirements ms.reviewer: manager: laurawi -description: Inform yourself about software, networking, licensing, and configuration requirements for Windows Autopilot deployment. +description: See the requirements you need to run Windows Autopilot in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index d559457fca..0e9d00f112 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -1,7 +1,7 @@ ### YamlMime:YamlDocument documentType: LandingData -title: Resolved issues in Windows 7 and Windows Server 2008 R2 SP1 +title: See a list of known issues that have been resolved for Windows 7 and Windows Server 2008 R2 SP1 over the last six months. metadata: document_id: title: Resolved issues in Windows 7 and Windows Server 2008 R2 SP1 diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 87c57cef75..d9f4e51351 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -1,7 +1,7 @@ ### YamlMime:YamlDocument documentType: LandingData -title: Resolved issues in Windows Server 2012 +title: See a list of known issues that have been resolved for Windows Server 2012 over the last six months. metadata: document_id: title: Resolved issues in Windows Server 2012 diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 1d522d681a..01f8a8436e 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -5,7 +5,7 @@ title: Windows 8.1 and Windows Server 2012 R2 metadata: document_id: title: Windows 8.1 and Windows Server 2012 R2 - description: View announcements and review known issues and fixes for Windows 8.1 and Windows Server 2012 R2 + description: View announcements and review known issues and fixes for Windows 8.1 and Windows Server 2012 R2. keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories ms.localizationpriority: high author: greg-lindsay diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index cf035b38eb..386d5d16ad 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -5,7 +5,7 @@ title: Windows Server 2008 SP2 metadata: document_id: title: Windows Server 2008 SP2 - description: View announcements and review known issues and fixes for Windows Server 2008 SP2 + description: View announcements and review known issues and fixes for Windows Server 2008 SP2. keywords: Windows, Windows 10, issues, fixes, announcements, Windows Server, advisories ms.localizationpriority: high author: greg-lindsay diff --git a/windows/whats-new/get-started-with-1709.md b/windows/whats-new/get-started-with-1709.md index b7879030be..2b22a606de 100644 --- a/windows/whats-new/get-started-with-1709.md +++ b/windows/whats-new/get-started-with-1709.md @@ -1,6 +1,6 @@ --- title: Get started with Windows 10, version 1709 -description: All the information to get you started with Windows 10, version 1709. +description: Learn the dos and don'ts for getting started with Windows 10, version 1709. keywords: ["get started", "windows 10", "fall creators update", "1709"] ms.prod: w10 ms.mktglfcycl: deploy From ef4ecf6cf21dbbdb04769cbc57e4c81e26883cfe Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Fri, 12 Jun 2020 15:27:58 -0700 Subject: [PATCH 06/12] Minor chages made to update docs --- mdop/appv-v5/app-v-51-supported-configurations.md | 2 ++ .../app-v/appv-supported-configurations.md | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/mdop/appv-v5/app-v-51-supported-configurations.md b/mdop/appv-v5/app-v-51-supported-configurations.md index 1883e4284b..5d7e251bfa 100644 --- a/mdop/appv-v5/app-v-51-supported-configurations.md +++ b/mdop/appv-v5/app-v-51-supported-configurations.md @@ -16,6 +16,8 @@ ms.date: 04/02/2020 # App-V 5.1 Supported Configurations +>Applies to: Windows 10, version 1607; Window Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 (Extended Security Update) + This topic specifies the requirements to install and run Microsoft Application Virtualization (App-V) 5.1 in your environment. ## App-V Server system requirements diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md index dcf1e72905..a1b4f90845 100644 --- a/windows/application-management/app-v/appv-supported-configurations.md +++ b/windows/application-management/app-v/appv-supported-configurations.md @@ -14,7 +14,7 @@ ms.topic: article --- # App-V Supported Configurations ->Applies to: Windows 10, version 1607; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 +>Applies to: Windows 10, version 1607; Window Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 (Extended Security Update) This topic specifies the requirements to install and run App-V in your Windows 10 environment. For information about prerequisite software such as the .NET Framework, see [App-V prerequisites](appv-prerequisites.md). @@ -34,7 +34,7 @@ The App-V server does not support the following scenarios: ### Management server operating system requirements -You can install the App-V Management server on a server running Windows Server 2008 R2 with SP1 or later. +You can install the App-V Management server on a server running Windows Server 2008 R2 with SP1 (Extended Security Update) or later. >[!IMPORTANT] >Deploying a Management server role to a computer with Remote Desktop Services enabled is not supported. From 1bb7409be8356431b6ec0d910636705c5299a947 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 12 Jun 2020 16:40:41 -0700 Subject: [PATCH 07/12] Corrected code block type and indentation --- ...re-network-connections-microsoft-defender-antivirus.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md index 1b7bc129b9..db0d9fed09 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md @@ -68,7 +68,7 @@ After whitelisting the URLs listed above, you can test if you are connected to t Use the following argument with the Microsoft Defender Antivirus command-line utility (`mpcmdrun.exe`) to verify that your network can communicate with the Microsoft Defender Antivirus cloud service: -```DOS +```console "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -ValidateMapsConnection ``` @@ -107,10 +107,10 @@ You will also see a detection under **Quarantined threats** in the **Scan histor 3. Under the **Quarantined threats** section, click the **See full history** label to see the detected fake malware. ->[!NOTE] ->Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](microsoft-defender-security-center-antivirus.md). + > [!NOTE] + > Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](microsoft-defender-security-center-antivirus.md). -The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-microsoft-defender-antivirus.md). + The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-microsoft-defender-antivirus.md). >[!IMPORTANT] >You will not be able to use a proxy auto-config (.pac) file to test network connections to these URLs. You will need to verify your proxy servers and any network filtering tools manually to ensure connectivity. From c1686f459e91285d36be5f91dfe0661f064ba9dd Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 12 Jun 2020 16:49:34 -0700 Subject: [PATCH 08/12] Attempting to fix layout and numbering --- ...protection-microsoft-defender-antivirus.md | 96 ++++++++++++------- 1 file changed, 59 insertions(+), 37 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md index fbcf3e9352..727463b3d6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md @@ -34,75 +34,97 @@ You can use **Local Group Policy Editor** to enable and configure Microsoft Defe To enable and configure always-on protection: 1. Open **Local Group Policy Editor**. To do this: + 1. In your Windows 10 taskbar search box, type **gpedit**. - 2. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**. -![GPEdit taskbar search result](images/gpedit-search.png) + + 1. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**. + + ![GPEdit taskbar search result](images/gpedit-search.png) + 2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus**. + 3. Configure the Microsoft Defender Antivirus antimalware service policy settings. To do this: + 1. In the **Microsoft Defender Antivirus** details pane on right, double-click the policy setting as specified in the following table: - | Setting | Description | Default setting | - |-----------------------------|------------------------|-------------------------------| - | Allow antimalware service to startup with normal priority | You can lower the priority of the Microsoft Defender Antivirus engine, which may be useful in lightweight deployments where you want to have as lean a startup process as possible. This may impact protection on the endpoint. | Enabled - | Allow antimalware service to remain running always | If protection updates have been disabled, you can set Microsoft Defender Antivirus to still run. This lowers the protection on the endpoint. | Disabled | - 2. Configure the setting as appropriate, and click **OK**. - 3. Repeat the previous steps for each setting in the table. + | Setting | Description | Default setting | + |-----------------------------|------------------------|-------------------------------| + | Allow antimalware service to startup with normal priority | You can lower the priority of the Microsoft Defender Antivirus engine, which may be useful in lightweight deployments where you want to have as lean a startup process as possible. This may impact protection on the endpoint. | Enabled + | Allow antimalware service to remain running always | If protection updates have been disabled, you can set Microsoft Defender Antivirus to still run. This lowers the protection on the endpoint. | Disabled | + + 1. Configure the setting as appropriate, and click **OK**. + + 1. Repeat the previous steps for each setting in the table. + +4. Configure the Microsoft Defender Antivirus real-time protection policy settings. To do this: -4. Configure the Microsoft Defender Antivirus real-time protection policy settings. To do this: 1. In the **Microsoft Defender Antivirus** details pane, double-click **Real-time Protection**. Or, from the **Microsoft Defender Antivirus** tree on left pane, click **Real-time Protection**. - 2. In the **Real-time Protection** details pane on right, double-click the policy setting as specified in the following table: + + 1. In the **Real-time Protection** details pane on right, double-click the policy setting as specified in the following table: - | Setting | Description | Default setting | - |-----------------------------|------------------------|-------------------------------| - | Turn on behavior monitoring | The AV engine will monitor file processes, file and registry changes, and other events on your endpoints for suspicious and known malicious activity. | Enabled | - | Scan all downloaded files and attachments | Downloaded files and attachments are automatically scanned. This operates in addition to the Windows Defender SmartScreen filter, which scans files before and during downloading. | Enabled | - | Monitor file and program activity on your computer | The Microsoft Defender Antivirus engine makes note of any file changes (file writes, such as moves, copies, or modifications) and general program activity (programs that are opened or running and that cause other programs to run). | Enabled | - | Turn on raw volume write notifications | Information about raw volume writes will be analyzed by behavior monitoring. | Enabled | - | Turn on process scanning whenever real-time protection is enabled | You can independently enable the Microsoft Defender Antivirus engine to scan running processes for suspicious modifications or behaviors. This is useful if you have temporarily disabled real-time protection and want to automatically scan processes that started while it was disabled. | Enabled | - | Define the maximum size of downloaded files and attachments to be scanned | You can define the size in kilobytes. | Enabled | - | Configure local setting override for turn on behavior monitoring | Configure a local override for the configuration of behavior monitoring. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.| Enabled | - | Configure local setting override for scanning all downloaded files and attachments | Configure a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.| Enabled | - | Configure local setting override for monitoring file and program activity on your computer | Configure a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.| Enabled | - | Configure local setting override to turn on real-time protection | Configure a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.| Enabled | - | Configure local setting override for monitoring for incoming and outgoing file activity | Configure a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. | Enabled | - | Configure monitoring for incoming and outgoing file and program activity | Specify whether monitoring should occur on incoming, outgoing, both, or neither direction. This is relevant for Windows Server installations where you have defined specific servers or Server Roles that see large amounts of file changes in only one direction and you want to improve network performance. Fully updated endpoints (and servers) on a network will see little performance impact irrespective of the number or direction of file changes. | Enabled (both directions) | + | Setting | Description | Default setting | + |-----------------------------|------------------------|-------------------------------| + | Turn on behavior monitoring | The AV engine will monitor file processes, file and registry changes, and other events on your endpoints for suspicious and known malicious activity. | Enabled | + | Scan all downloaded files and attachments | Downloaded files and attachments are automatically scanned. This operates in addition to the Windows Defender SmartScreen filter, which scans files before and during downloading. | Enabled | + | Monitor file and program activity on your computer | The Microsoft Defender Antivirus engine makes note of any file changes (file writes, such as moves, copies, or modifications) and general program activity (programs that are opened or running and that cause other programs to run). | Enabled | + | Turn on raw volume write notifications | Information about raw volume writes will be analyzed by behavior monitoring. | Enabled | + | Turn on process scanning whenever real-time protection is enabled | You can independently enable the Microsoft Defender Antivirus engine to scan running processes for suspicious modifications or behaviors. This is useful if you have temporarily disabled real-time protection and want to automatically scan processes that started while it was disabled. | Enabled | + | Define the maximum size of downloaded files and attachments to be scanned | You can define the size in kilobytes. | Enabled | + | Configure local setting override for turn on behavior monitoring | Configure a local override for the configuration of behavior monitoring. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.| Enabled | + | Configure local setting override for scanning all downloaded files and attachments | Configure a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.| Enabled | + | Configure local setting override for monitoring file and program activity on your computer | Configure a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.| Enabled | + | Configure local setting override to turn on real-time protection | Configure a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.| Enabled | + | Configure local setting override for monitoring for incoming and outgoing file activity | Configure a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. | Enabled | + | Configure monitoring for incoming and outgoing file and program activity | Specify whether monitoring should occur on incoming, outgoing, both, or neither direction. This is relevant for Windows Server installations where you have defined specific servers or Server Roles that see large amounts of file changes in only one direction and you want to improve network performance. Fully updated endpoints (and servers) on a network will see little performance impact irrespective of the number or direction of file changes. | Enabled (both directions) | - 3. Configure the setting as appropriate, and click **OK**. - 4. Repeat the previous steps for each setting in the table. + 1. Configure the setting as appropriate, and click **OK**. + + 1. Repeat the previous steps for each setting in the table. 5. Configure the Microsoft Defender Antivirus scanning policy setting. To do this: + 1. From the **Microsoft Defender Antivirus** tree on left pane, click **Scan**. - ![Microsoft Defender Antivirus Scan options](images/gpedit-windows-defender-antivirus-scan.png) + + ![Microsoft Defender Antivirus Scan options](images/gpedit-windows-defender-antivirus-scan.png) - 2. In the **Scan** details pane on right, double-click the policy setting as specified in the following table: + 1. In the **Scan** details pane on right, double-click the policy setting as specified in the following table: - | Setting | Description | Default setting | - |-----------------------------|------------------------|-------------------------------| - | Turn on heuristics | Heuristic protection will disable or block suspicious activity immediately before the Microsoft Defender Antivirus engine is asked to detect the activity. | Enabled | + | Setting | Description | Default setting | + |-----------------------------|------------------------|-------------------------------| + | Turn on heuristics | Heuristic protection will disable or block suspicious activity immediately before the Microsoft Defender Antivirus engine is asked to detect the activity. | Enabled | - 3. Configure the setting as appropriate, and click **OK**. + 1. Configure the setting as appropriate, and click **OK**. + 6. Close **Local Group Policy Editor**. ## Disable real-time protection in Group Policy + > [!WARNING] > Disabling real-time protection drastically reduces the protection on your endpoints and is not recommended. The main real-time protection capability is enabled by default, but you can disable it by using **Local Group Policy Editor**. -To disable real-time protection in Group policy: +To disable real-time protection in Group policy: + 1. Open **Local Group Policy Editor**. - 1. In your Windows 10 taskbar search box, type **gpedit**. - 2. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**. + + 1. In your Windows 10 taskbar search box, type **gpedit**. + + 1. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**. 2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Real-time Protection**. 3. In the **Real-time Protection** details pane on right, double-click **Turn off real-time protection**. -![Turn off real-time protection](images/gpedit-turn-off-real-time-protection.png) + + ![Turn off real-time protection](images/gpedit-turn-off-real-time-protection.png) 4. In the **Turn off real-time protection** setting window, set the option to **Enabled**. -![Turn off real-time protection enabled](images/gpedit-turn-off-real-time-protection-enabled.png) + + ![Turn off real-time protection enabled](images/gpedit-turn-off-real-time-protection-enabled.png) + 5. Click **OK**. + 6. Close **Local Group Policy Editor**. ## Related articles From 5e741c12f1adf735d3a1231ad33ca2e2db5183e8 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 12 Jun 2020 16:54:27 -0700 Subject: [PATCH 09/12] Corrected type on code block to a valid type We need to use one of the types on this list: https://docsmetadatatool.azurewebsites.net/allowlists# --- .../microsoft-defender-offline.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md index cb5f4ad90e..0a396c5667 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md @@ -106,7 +106,7 @@ Use the [**MSFT_MpWDOScan**](https://msdn.microsoft.com/library/dn455323(v=vs.85 The following WMI script snippet will immediately run a Microsoft Defender Offline scan, which will cause the endpoint to restart, run the offline scan, and then restart and boot into Windows. -```WMI +```console wmic /namespace:\\root\Microsoft\Windows\Defender path MSFT_MpWDOScan call Start ``` @@ -119,11 +119,9 @@ See the following for more information: 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Advanced scan** label: - 3. Select **Microsoft Defender Offline scan** and click **Scan now**. - > [!NOTE] > In Windows 10, version 1607, the offline scan could be run from under **Windows Settings** > **Update & security** > **Windows Defender** or from the Windows Defender client. From 943d2bf8965a8a1a2ffd8c69f86b20ad97f66f41 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 12 Jun 2020 16:56:10 -0700 Subject: [PATCH 10/12] Indented content in a list item --- ...ent-changes-to-security-settings-with-tamper-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 4a2fe0777f..3d058b3d8f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -73,9 +73,9 @@ If you are a home user, or you are not subject to settings managed by a security 3. Set **Tamper Protection** to **On** or **Off**. -Here's what you see in the Windows Security app: + Here's what you see in the Windows Security app: -![Tamper protection turned on in Windows 10 Home](images/tamperprotectionturnedon.png) + ![Tamper protection turned on in Windows 10 Home](images/tamperprotectionturnedon.png) ## Turn tamper protection on (or off) for your organization using Intune From fc555d881cfa8eed71dcceacb1387a8a9e7a7d0b Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 12 Jun 2020 17:30:59 -0700 Subject: [PATCH 11/12] Applied a valid type to a code block Code blocks should have a type in this list: https://docsmetadatatool.azurewebsites.net/allowlists# --- .../microsoft-defender-antivirus-on-windows-server-2016.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md index 5a5fefca87..2108fffbab 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md @@ -108,7 +108,7 @@ Get-Service -Name mpssvc As an alternative to PowerShell, you can use Command Prompt to verify that Microsoft Defender Antivirus is running. To do that, run the following command from a command prompt: -```DOS +```console sc query Windefend ``` From a4534aa49956f9a5d72b8e948a4a36a0f6124358 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 12 Jun 2020 18:38:37 -0700 Subject: [PATCH 12/12] Corrected the type on the code block --- .../appv-install-the-publishing-server-on-a-remote-computer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md index 8fce503469..f08f5dfe4d 100644 --- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md +++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md @@ -38,7 +38,7 @@ Use the following procedure to install the publishing server on a separate compu 3. Enter the server name and a description (if required), then select **Add**. 9. To verify that the publishing server is running correctly, you should import a package to the management server, entitle that package to an AD group, then publish it. Using an internet browser, open the following URL: https://publishingserver:pubport. If the server is running correctly, information like the following example should appear. - ```SQL + ```xml