From bda280c12d7f596b31a03c3a2256f7104d955e6f Mon Sep 17 00:00:00 2001 From: Ananta Gupta Date: Thu, 26 Mar 2020 15:09:42 +0530 Subject: [PATCH 01/24] Troubleshooting document for installation in Linux --- .../linux-support-install.md | 99 +++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md new file mode 100644 index 0000000000..5a3c850cf9 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -0,0 +1,99 @@ +--- +title: Troubleshoot installation issues for Microsoft Defender ATP for Linux +ms.reviewer: +description: Troubleshoot installation issues for Microsoft Defender ATP for Linux +keywords: microsoft, defender, atp, linux, installation +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Troubleshoot installation issues for Microsoft Defender ATP for Linux + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md) + +## Installation failed + +An error in installation may or may not result in a meaningful error message by the package manager. One can obtain the installation logs using: +```bash +$ sudo journalctl | grep 'microsoft-mdatp' > installation.log +$ grep 'postinstall end' installation.log + +microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216 +``` +An output from the previous command with correct date and time indicates success. + +Check if the daemon is running: +```bash +$ ps aux | grep wdavdaemon + +root 1966 0.2 0.8 1068244 82492 ? Ssl 10:37 0:24 /opt/microsoft/mdatp/sbin/wdavdaemon +mdatp 1967 0.0 3.7 1133040 373652 ? Sl 10:37 0:02 /opt/microsoft/mdatp/sbin/wdavdaemon +root 1968 0.0 0.2 421316 27048 ? Sl 10:37 0:00 /opt/microsoft/mdatp/sbin/wdavdaemon +``` + +## Steps to troubleshoot if wdavdaemon is not running + +- Check if “mdatp” user exists: +```bash +$ id “mdatp” +``` +If there’s no output, run +```bash +$ useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp +``` + +- Try enabling and restarting the service using: +```bash +$ systemctl enable mdatp +$ systemctl restart mdatp +``` + +- If mdatp.service is not found upon running the previous command, run +```bash +$ cp /opt/microsoft/mdatp/conf/mdatp.service + +where is +lib/systemd/system for Ubuntu and Debian distributions +/usr/lib/systemd/system for Rhel, CentOS, Oracle and SLES +``` +and then re-run step 2. + +- If the above steps don’t work, try disabling SELinux, and then starting the service using step 2. Please re-enable immediately though for security reasons after trying this. + +- Ensure that the filesystem containing wdavdaemon should not be mounted with “noexec” + +## If wdavdaemon is running but eicar detection doesn't work + +- Check the filesystem type using: +```bash +$ mount +``` +Currently supported filesystems for on-access activity are ext2, ext3, ext4, temps, btrfs and xfs. Any files outside these filesystems will not be scanned. + +- Collect diagnostic logs: +```bash +$ mdatp --diagnostic --create +``` + +## Command line tool “mdatp” is not working + +- If running the command line tool `mdatp` gives an error `command not found`, run the following: +```bash +$ ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp +``` +and try again. + +- If step 1 doesn't work, please collect the diagnostic logs as indicated in the previous section. From a16bd060c52a5ed92c990d8aa51ba9a018a1b495 Mon Sep 17 00:00:00 2001 From: Ananta Gupta Date: Fri, 27 Mar 2020 10:43:14 +0530 Subject: [PATCH 02/24] Addressed the comments --- .../linux-support-install.md | 44 +++++++++++-------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 5a3c850cf9..b1256029d8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -37,63 +37,69 @@ An output from the previous command with correct date and time indicates success Check if the daemon is running: ```bash -$ ps aux | grep wdavdaemon +$ systemctl status mdatp -root 1966 0.2 0.8 1068244 82492 ? Ssl 10:37 0:24 /opt/microsoft/mdatp/sbin/wdavdaemon -mdatp 1967 0.0 3.7 1133040 373652 ? Sl 10:37 0:02 /opt/microsoft/mdatp/sbin/wdavdaemon -root 1968 0.0 0.2 421316 27048 ? Sl 10:37 0:00 /opt/microsoft/mdatp/sbin/wdavdaemon +● mdatp.service - Microsoft Defender ATP + Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled) + Active: active (running) since Thu 2020-03-26 10:37:30 IST; 23h ago + Main PID: 1966 (wdavdaemon) + Tasks: 105 (limit: 4915) + CGroup: /system.slice/mdatp.service + ├─1966 /opt/microsoft/mdatp/sbin/wdavdaemon + ├─1967 /opt/microsoft/mdatp/sbin/wdavdaemon + └─1968 /opt/microsoft/mdatp/sbin/wdavdaemon ``` ## Steps to troubleshoot if wdavdaemon is not running -- Check if “mdatp” user exists: +1. Check if “mdatp” user exists: ```bash $ id “mdatp” ``` If there’s no output, run ```bash -$ useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp +$ sudo useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp ``` -- Try enabling and restarting the service using: +2. Try enabling and restarting the service using: ```bash -$ systemctl enable mdatp -$ systemctl restart mdatp +$ sudo systemctl enable mdatp +$ sudo systemctl restart mdatp ``` -- If mdatp.service is not found upon running the previous command, run +3. If mdatp.service is not found upon running the previous command, run ```bash -$ cp /opt/microsoft/mdatp/conf/mdatp.service +$ sudo cp /opt/microsoft/mdatp/conf/mdatp.service where is -lib/systemd/system for Ubuntu and Debian distributions +/lib/systemd/system for Ubuntu and Debian distributions /usr/lib/systemd/system for Rhel, CentOS, Oracle and SLES ``` and then re-run step 2. -- If the above steps don’t work, try disabling SELinux, and then starting the service using step 2. Please re-enable immediately though for security reasons after trying this. +4. If the above steps don’t work, try disabling SELinux, and then starting the service using step 2. Please re-enable immediately though for security reasons after trying this. -- Ensure that the filesystem containing wdavdaemon should not be mounted with “noexec” +5. Ensure that the filesystem containing wdavdaemon is not mounted with “noexec” ## If wdavdaemon is running but eicar detection doesn't work -- Check the filesystem type using: +1. Check the filesystem type using: ```bash $ mount ``` Currently supported filesystems for on-access activity are ext2, ext3, ext4, temps, btrfs and xfs. Any files outside these filesystems will not be scanned. -- Collect diagnostic logs: +2. Collect diagnostic logs: ```bash $ mdatp --diagnostic --create ``` ## Command line tool “mdatp” is not working -- If running the command line tool `mdatp` gives an error `command not found`, run the following: +1. If running the command line tool `mdatp` gives an error `command not found`, run the following: ```bash -$ ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp +$ sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp ``` and try again. -- If step 1 doesn't work, please collect the diagnostic logs as indicated in the previous section. +2. If step 1 doesn't work, please collect the diagnostic logs as indicated in the previous section. From 961f3654e2243387f731ba8f4590fcd4e33cc8db Mon Sep 17 00:00:00 2001 From: Ananta Gupta Date: Fri, 27 Mar 2020 15:52:52 +0530 Subject: [PATCH 03/24] Added section to verify successful installation --- windows/security/threat-protection/TOC.md | 2 ++ .../linux-support-install.md | 14 +++++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index b74873055f..60968a7f67 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -334,6 +334,8 @@ ##### [Configure]() ###### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md) ###### [Set preferences](microsoft-defender-atp/linux-preferences.md) +##### [Troubleshoot]() +###### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md) ##### [Resources](microsoft-defender-atp/linux-resources.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index b1256029d8..2c4bf230cc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -24,18 +24,22 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md) -## Installation failed +## Verify if installation succeeded -An error in installation may or may not result in a meaningful error message by the package manager. One can obtain the installation logs using: +An error in installation may or may not result in a meaningful error message by the package manager. To verify if the installation succeeded, one can obtain and check the installation logs using: ```bash $ sudo journalctl | grep 'microsoft-mdatp' > installation.log $ grep 'postinstall end' installation.log microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216 ``` -An output from the previous command with correct date and time indicates success. +An output from the previous command with correct date and time of installation indicates success. -Check if the daemon is running: +Also check the [Client configuration](linux-install-manually.md#client-configuration) to verify the health of the product and detect eicar. + +## Installation failed + +Check if wdavdaemon is running ```bash $ systemctl status mdatp @@ -85,7 +89,7 @@ and then re-run step 2. 1. Check the filesystem type using: ```bash -$ mount +$ findmnt -T ``` Currently supported filesystems for on-access activity are ext2, ext3, ext4, temps, btrfs and xfs. Any files outside these filesystems will not be scanned. From b601535685e031eb55e4ced552c600f98fee5703 Mon Sep 17 00:00:00 2001 From: Ananta Gupta Date: Sat, 28 Mar 2020 16:31:58 +0530 Subject: [PATCH 04/24] Addressed the comments --- .../linux-support-install.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 2c4bf230cc..d8bd217a3d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -35,7 +35,7 @@ microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +00 ``` An output from the previous command with correct date and time of installation indicates success. -Also check the [Client configuration](linux-install-manually.md#client-configuration) to verify the health of the product and detect eicar. +Also check the [Client configuration](linux-install-manually.md#client-configuration) to verify the health of the product and detect the EICAR text file. ## Installation failed @@ -54,7 +54,7 @@ $ systemctl status mdatp └─1968 /opt/microsoft/mdatp/sbin/wdavdaemon ``` -## Steps to troubleshoot if wdavdaemon is not running +## Steps to troubleshoot if mdatp service isn't running 1. Check if “mdatp” user exists: ```bash @@ -71,7 +71,7 @@ $ sudo systemctl enable mdatp $ sudo systemctl restart mdatp ``` -3. If mdatp.service is not found upon running the previous command, run +3. If mdatp.service isn't found upon running the previous command, run ```bash $ sudo cp /opt/microsoft/mdatp/conf/mdatp.service @@ -81,29 +81,29 @@ where is ``` and then re-run step 2. -4. If the above steps don’t work, try disabling SELinux, and then starting the service using step 2. Please re-enable immediately though for security reasons after trying this. +4. If the above steps don’t work, try disabling SELinux, and then starting the service using step 2. Re-enable immediately though for security reasons after trying it. -5. Ensure that the filesystem containing wdavdaemon is not mounted with “noexec” +5. Ensure that the file system containing wdavdaemon isn't mounted with “noexec” -## If wdavdaemon is running but eicar detection doesn't work +## If mdatp service is running, but EICAR text file detection doesn't work -1. Check the filesystem type using: +1. Check the file system type using: ```bash -$ findmnt -T +$ findmnt -T ``` -Currently supported filesystems for on-access activity are ext2, ext3, ext4, temps, btrfs and xfs. Any files outside these filesystems will not be scanned. +Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#System-requirements). Any files outside these file systems won't be scanned. 2. Collect diagnostic logs: ```bash -$ mdatp --diagnostic --create +$ sudo mdatp --diagnostic --create ``` -## Command line tool “mdatp” is not working +## Command-line tool “mdatp” isn't working -1. If running the command line tool `mdatp` gives an error `command not found`, run the following: +1. If running the command-line tool `mdatp` gives an error `command not found`, run the following: ```bash $ sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp ``` and try again. -2. If step 1 doesn't work, please collect the diagnostic logs as indicated in the previous section. +2. If step 1 doesn't work, collect the diagnostic logs as indicated in the previous section. From 8320f9804ba8cee6fcb7a890badd06b21d620d8c Mon Sep 17 00:00:00 2001 From: Ananta Gupta Date: Sat, 28 Mar 2020 18:27:44 +0530 Subject: [PATCH 05/24] Adding reference in the main page --- .../microsoft-defender-atp/linux-support-install.md | 6 +++--- .../microsoft-defender-atp/microsoft-defender-atp-linux.md | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index d8bd217a3d..1de9872434 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -39,7 +39,7 @@ Also check the [Client configuration](linux-install-manually.md#client-configura ## Installation failed -Check if wdavdaemon is running +Check if the mdatp service is running ```bash $ systemctl status mdatp @@ -79,7 +79,7 @@ where is /lib/systemd/system for Ubuntu and Debian distributions /usr/lib/systemd/system for Rhel, CentOS, Oracle and SLES ``` -and then re-run step 2. +and then rerun step 2. 4. If the above steps don’t work, try disabling SELinux, and then starting the service using step 2. Re-enable immediately though for security reasons after trying it. @@ -100,7 +100,7 @@ $ sudo mdatp --diagnostic --create ## Command-line tool “mdatp” isn't working -1. If running the command-line tool `mdatp` gives an error `command not found`, run the following: +1. If running the command-line tool `mdatp` gives an error `command not found`, run the following command: ```bash $ sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 38477041ca..b682f3622d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -145,6 +145,10 @@ Microsoft regularly publishes software updates to improve performance, security, Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). +## How to troubleshoot installation failures in Microsoft Defender ATP for Linux + +If you experience any failures during installation or issues with basic working of the product post installation, refer to [Troubleshooting installation failures in Microsoft Defender ATP for Linux](linux-support-install.md). + ## Resources - For more information about logging, uninstalling, or other topics, see the [Resources](linux-resources.md) page. From aedb28f3e49af2d6985b11465edafb63e5220c57 Mon Sep 17 00:00:00 2001 From: Ananta Gupta Date: Sun, 29 Mar 2020 17:26:00 +0530 Subject: [PATCH 06/24] Fixing link warning --- .../microsoft-defender-atp/linux-support-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 1de9872434..60db667cd1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -91,7 +91,7 @@ and then rerun step 2. ```bash $ findmnt -T ``` -Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#System-requirements). Any files outside these file systems won't be scanned. +Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#system-requirements). Any files outside these file systems won't be scanned. 2. Collect diagnostic logs: ```bash From b1f5fbcfb9e4d9aded66e7384b3f1c6b62ad455c Mon Sep 17 00:00:00 2001 From: Ananta Gupta Date: Wed, 1 Apr 2020 11:52:50 +0530 Subject: [PATCH 07/24] Minor changes --- .../linux-support-install.md | 28 +++++++++++++------ 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 60db667cd1..6e47bdf901 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -81,9 +81,22 @@ where is ``` and then rerun step 2. -4. If the above steps don’t work, try disabling SELinux, and then starting the service using step 2. Re-enable immediately though for security reasons after trying it. +4. If the above steps don’t work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. This can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Please check the man page of selinux for more details. +Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot. -5. Ensure that the file system containing wdavdaemon isn't mounted with “noexec” +5. Ensure that the daemon has executable permission. +```bash +$ ls -l /opt/microsoft/mdatp/sbin/wdavdaemon + +-rwxr-xr-x 2 root root 15502160 Mar 3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon +``` +If the daemon doesn't have executable permissions, please make it executable using: +```bash +$ sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon +``` +and retry running step 2. + +6. Ensure that the file system containing wdavdaemon isn't mounted with “noexec”. ## If mdatp service is running, but EICAR text file detection doesn't work @@ -93,11 +106,6 @@ $ findmnt -T ``` Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#system-requirements). Any files outside these file systems won't be scanned. -2. Collect diagnostic logs: -```bash -$ sudo mdatp --diagnostic --create -``` - ## Command-line tool “mdatp” isn't working 1. If running the command-line tool `mdatp` gives an error `command not found`, run the following command: @@ -106,4 +114,8 @@ $ sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp ``` and try again. -2. If step 1 doesn't work, collect the diagnostic logs as indicated in the previous section. +If none of the above works, collect the diagnostic logs: +```bash +$ sudo mdatp --diagnostic --create +``` +Path to a zip file that contains the logs will be displayed as an output. Please reach out to our customer support with these logs. From 57ea36b23551a579e757f2ccf3827856ec709b16 Mon Sep 17 00:00:00 2001 From: Ananta Gupta Date: Wed, 1 Apr 2020 12:05:29 +0530 Subject: [PATCH 08/24] Acrolinx --- .../microsoft-defender-atp/linux-support-install.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 6e47bdf901..0982c630fa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -81,7 +81,7 @@ where is ``` and then rerun step 2. -4. If the above steps don’t work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. This can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Please check the man page of selinux for more details. +4. If the above steps don’t work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details. Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot. 5. Ensure that the daemon has executable permission. @@ -90,7 +90,7 @@ $ ls -l /opt/microsoft/mdatp/sbin/wdavdaemon -rwxr-xr-x 2 root root 15502160 Mar 3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon ``` -If the daemon doesn't have executable permissions, please make it executable using: +If the daemon doesn't have executable permissions, make it executable using: ```bash $ sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon ``` @@ -114,8 +114,8 @@ $ sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp ``` and try again. -If none of the above works, collect the diagnostic logs: +If none of the above steps help, collect the diagnostic logs: ```bash $ sudo mdatp --diagnostic --create ``` -Path to a zip file that contains the logs will be displayed as an output. Please reach out to our customer support with these logs. +Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs. From cf33ef96c6dbb83e6f43ba867be3977cacc696a8 Mon Sep 17 00:00:00 2001 From: Ananta Gupta Date: Wed, 1 Apr 2020 22:18:12 +0530 Subject: [PATCH 09/24] Link from installation section in main document --- .../microsoft-defender-atp/microsoft-defender-atp-linux.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index b682f3622d..bf5ad19c12 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -70,6 +70,8 @@ In general you need to take the following steps: - [Deploy using Puppet configuration management tool](linux-install-with-puppet.md) - [Deploy using Ansible configuration management tool](linux-install-with-ansible.md) +If you experience any installation failures, refer to [Troubleshooting installation failures in Microsoft Defender ATP for Linux](linux-support-install.md). + ### System requirements - Supported Linux server distributions and versions: @@ -145,10 +147,6 @@ Microsoft regularly publishes software updates to improve performance, security, Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). -## How to troubleshoot installation failures in Microsoft Defender ATP for Linux - -If you experience any failures during installation or issues with basic working of the product post installation, refer to [Troubleshooting installation failures in Microsoft Defender ATP for Linux](linux-support-install.md). - ## Resources - For more information about logging, uninstalling, or other topics, see the [Resources](linux-resources.md) page. From bfe8950c48ad7fe686ba7a762c4422e824c08097 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Thu, 2 Apr 2020 10:16:57 -0700 Subject: [PATCH 10/24] update table, add file update site list manager table with link to new file (scan neutral sites) --- ...ew-neutral-sites-with-site-list-manager.md | 31 +++++++++++++++++++ ...e-the-enterprise-mode-site-list-manager.md | 3 +- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md diff --git a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md new file mode 100644 index 0000000000..e552810040 --- /dev/null +++ b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md @@ -0,0 +1,31 @@ +--- +ms.localizationpriority: medium +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: How to use Site List Manager to review neutral sites for IE mode +author: dansimp +ms.prod: ie11 +ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b +ms.reviewer: +audience: itpro +manager: dansimp +ms.author: dansimp +title: Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager +ms.sitesec: library +ms.date: 04/02/2017 +--- + +# Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager + +**Applies to:** +- Windows 10 +- Windows 8 +- Windows Server 2012 R2 +- Microsoft Edge version 77 or later + +## Overview + +## Related topics: + +- [About IE Mode](https://docs.microsoft.com/deployedge/edge-ie-mode) +- [Configure neutral sites](https://docs.microsoft.com/en-us/deployedge/edge-ie-mode-sitelist#configure-neutral-sites) diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md index 58ffc300ce..5471883bf0 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md @@ -26,7 +26,7 @@ ms.date: 12/04/2017 - Windows Server 2012 R2 - Windows Server 2008 R2 with Service Pack 1 (SP1) -Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. +Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode. @@ -55,6 +55,7 @@ The following topics give you more information about the things that you can do |[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list.

This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list.

This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list.

This topic applies to both versions of the Enterprise Mode Site List Manager. | +| [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md)|How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion.

This topic applies to the latest version of the Enterprise Mode Site List Manager. ## Related topics From df63c991aefa7a0aaadedbff7f0f0f37df5d574a Mon Sep 17 00:00:00 2001 From: Shilpa Subramanian Date: Thu, 2 Apr 2020 14:06:54 -0700 Subject: [PATCH 11/24] Update review-neutral-sites-with-site-list-manager.md Added content --- ...iew-neutral-sites-with-site-list-manager.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md index e552810040..e480f85e91 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md @@ -1,3 +1,4 @@ + --- ms.localizationpriority: medium ms.mktglfcycl: deploy @@ -21,11 +22,24 @@ ms.date: 04/02/2017 - Windows 10 - Windows 8 - Windows Server 2012 R2 -- Microsoft Edge version 77 or later +- Microsoft Edge version 77 or later + +[!NOTE] This feature is available on the Enterprise Mode Site List Manager version 11.0. ## Overview +While converting your site from v.1 schema to v.2 schema using the latest version of the Enterprise Mode Site List Manager, sites with the *doNotTransition=true* in v.1 convert to *open-in=None* in the v.2 schema, which is characterized as a "neutral site". This is the expected behaviour for conversion unless you are using Internet Explorer mode (IE mode). When IE mode is enabled, only authentication servers that are used for modern and legacy sites should be set as neutral sites. For more information, see [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites). Otherwise, a site meant to open in Edge might potentially be tagged as neutral which results in inconsistent experiences for users. + +The Enterprise Mode Site List Manager provides the ability to flag sites that are listed as neutral sites, but may have been added in error. This check is automatically performed When you are converting from v.1 to v.2 through the tool. This check might flag sites even if there was no prior schema conversion. + + +To identify neutral sites to review: +1. In the Enterprise Mode Site List Manager (schema v.2), click **File > Flag neutral sites** +2. If selecting this option has no effect, there are no sites that needs to be reviewed. Otherwise, you will see a message **"Engine neutral sites flagged for review"**. When a site is flagged, you can assess if the site needs to be removed entirely, or if it needs the open-in attribute changed from None to MSEdge. +3. If you believe that a flagged site is correctly configured, you can edit the site entry and click on **"Clear Flag"**. Once you select that option for a site, it will not be flagged again. + + ## Related topics: - [About IE Mode](https://docs.microsoft.com/deployedge/edge-ie-mode) -- [Configure neutral sites](https://docs.microsoft.com/en-us/deployedge/edge-ie-mode-sitelist#configure-neutral-sites) +- [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites) From 4e7505d189d1d68cce71615ae87435234efd6dda Mon Sep 17 00:00:00 2001 From: Shilpa Subramanian Date: Thu, 2 Apr 2020 14:40:34 -0700 Subject: [PATCH 12/24] Site List manager 11.0 updates Added content for IE mode updates to the tool --- ...list-using-the-version-2-enterprise-mode-tool.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md index 46a8edef5e..0977b87b94 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md @@ -7,7 +7,8 @@ author: dansimp ms.prod: ie11 ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b ms.reviewer: -audience: itpro manager: dansimp +audience: itpro +manager: dansimp ms.author: dansimp title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros) ms.sitesec: library @@ -57,16 +58,20 @@ You can add individual sites to your compatibility list by using the Enterprise 5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site. - - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. + - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. If you have enabled [Internet Explorer mode integration on Microsoft Edge](https://docs.microsoft.com/deployedge/edge-ie-mode), this option will open sites in Internet Explorer mode. - **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee. - **None**. Opens in whatever browser the employee chooses. -6. Click **Save** to validate your website and to add it to the site list for your enterprise.

+6. If you have enabled [Internet Explorer mode integration on Microsoft Edge](https://docs.microsoft.com/deployedge/edge-ie-mode), and you have sites that still need to opened in the standalone Internet Explorer 11 application, you can check the box for **Standalone IE**. This checkbox is only relevant when associated to 'Open in' IE11. Checking the box when 'Open In' is set to MSEdge or None will not change browser behavior. + +7. The checkbox **Allow Redirect** applies to the treatment of server side redirects. If you check this box, server side redirects will open in the browser specified by the open-in tag. For more information, see [here](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance#updated-schema-attributes). + +8. Click **Save** to validate your website and to add it to the site list for your enterprise.

If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. -7. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.

+9. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.

You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). ## Next steps From ae54e9ddeafbc4503aaa659b6ad4a4ae904e2119 Mon Sep 17 00:00:00 2001 From: Shilpa Subramanian Date: Thu, 2 Apr 2020 14:45:45 -0700 Subject: [PATCH 13/24] Update use-the-enterprise-mode-site-list-manager.md Adding row for neutral sites review doc --- .../use-the-enterprise-mode-site-list-manager.md | 1 + 1 file changed, 1 insertion(+) diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md index 5471883bf0..3cbc140f4b 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md @@ -49,6 +49,7 @@ The following topics give you more information about the things that you can do |[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). | |[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.

This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors.

This topic applies to both versions of the Enterprise Mode Site List Manager. | +|[Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md) |How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion. This topic applies to the Enterprise Mode Site List Manager version 11.0 or later. | |[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list.

This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems.

This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else.

This topic applies to both versions of the Enterprise Mode Site List Manager. | From fc98ae1703a9d5064d36d708d1b02fe6f97ae414 Mon Sep 17 00:00:00 2001 From: Shilpa Subramanian Date: Thu, 2 Apr 2020 14:53:06 -0700 Subject: [PATCH 14/24] Update review-neutral-sites-with-site-list-manager.md --- .../review-neutral-sites-with-site-list-manager.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md index e480f85e91..eef1dc5d22 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md @@ -1,4 +1,3 @@ - --- ms.localizationpriority: medium ms.mktglfcycl: deploy @@ -16,6 +15,9 @@ ms.sitesec: library ms.date: 04/02/2017 --- + + + # Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager **Applies to:** From 26e62a59759e89e8ad93e3755032265e6fb96869 Mon Sep 17 00:00:00 2001 From: Shilpa Subramanian Date: Thu, 2 Apr 2020 14:54:50 -0700 Subject: [PATCH 15/24] Update review-neutral-sites-with-site-list-manager.md Added header --- .../review-neutral-sites-with-site-list-manager.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md index eef1dc5d22..f62b058428 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md @@ -33,6 +33,7 @@ While converting your site from v.1 schema to v.2 schema using the latest versio The Enterprise Mode Site List Manager provides the ability to flag sites that are listed as neutral sites, but may have been added in error. This check is automatically performed When you are converting from v.1 to v.2 through the tool. This check might flag sites even if there was no prior schema conversion. +## Flag neutral sites To identify neutral sites to review: 1. In the Enterprise Mode Site List Manager (schema v.2), click **File > Flag neutral sites** @@ -41,6 +42,7 @@ To identify neutral sites to review: + ## Related topics: - [About IE Mode](https://docs.microsoft.com/deployedge/edge-ie-mode) From 0438f50e215a0a8998aac72439d626a0936021a2 Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Thu, 2 Apr 2020 15:52:25 -0700 Subject: [PATCH 16/24] update run acrolinx add to toc --- browsers/internet-explorer/TOC.md | 1 + ...ew-neutral-sites-with-site-list-manager.md | 32 +++++++++---------- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md index c2812cb730..fd84f9696e 100644 --- a/browsers/internet-explorer/TOC.md +++ b/browsers/internet-explorer/TOC.md @@ -47,6 +47,7 @@ #### [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md) #### [Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) #### [Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) +#### [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md) ### [Use the Enterprise Mode Site List Portal](ie11-deploy-guide/use-the-enterprise-mode-portal.md) #### [Set up the Enterprise Mode Site List Portal](ie11-deploy-guide/set-up-enterprise-mode-portal.md) ##### [Use the Settings page to finish setting up the Enterprise Mode Site List Portal](ie11-deploy-guide/configure-settings-enterprise-mode-portal.md) diff --git a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md index f62b058428..bb22b43b3f 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md @@ -12,38 +12,36 @@ manager: dansimp ms.author: dansimp title: Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager ms.sitesec: library -ms.date: 04/02/2017 +ms.date: 04/02/2020 --- - - - # Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager **Applies to:** -- Windows 10 -- Windows 8 -- Windows Server 2012 R2 -- Microsoft Edge version 77 or later -[!NOTE] This feature is available on the Enterprise Mode Site List Manager version 11.0. +- Windows 10 +- Windows 8 +- Windows Server 2012 R2 +- Microsoft Edge version 77 or later + +> [!NOTE] +> This feature is available on the Enterprise Mode Site List Manager version 11.0. ## Overview -While converting your site from v.1 schema to v.2 schema using the latest version of the Enterprise Mode Site List Manager, sites with the *doNotTransition=true* in v.1 convert to *open-in=None* in the v.2 schema, which is characterized as a "neutral site". This is the expected behaviour for conversion unless you are using Internet Explorer mode (IE mode). When IE mode is enabled, only authentication servers that are used for modern and legacy sites should be set as neutral sites. For more information, see [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites). Otherwise, a site meant to open in Edge might potentially be tagged as neutral which results in inconsistent experiences for users. -The Enterprise Mode Site List Manager provides the ability to flag sites that are listed as neutral sites, but may have been added in error. This check is automatically performed When you are converting from v.1 to v.2 through the tool. This check might flag sites even if there was no prior schema conversion. +While converting your site from v.1 schema to v.2 schema using the latest version of the Enterprise Mode Site List Manager, sites with the *doNotTransition=true* in v.1 convert to *open-in=None* in the v.2 schema, which is characterized as a "neutral site". This is the expected behavior for conversion unless you are using Internet Explorer mode (IE mode). When IE mode is enabled, only authentication servers that are used for modern and legacy sites should be set as neutral sites. For more information, see [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites). Otherwise, a site meant to open in Edge might potentially be tagged as neutral, which results in inconsistent experiences for users. + +The Enterprise Mode Site List Manager provides the ability to flag sites that are listed as neutral sites, but might have been added in error. This check is automatically performed when you are converting from v.1 to v.2 through the tool. This check might flag sites even if there was no prior schema conversion. ## Flag neutral sites To identify neutral sites to review: -1. In the Enterprise Mode Site List Manager (schema v.2), click **File > Flag neutral sites** -2. If selecting this option has no effect, there are no sites that needs to be reviewed. Otherwise, you will see a message **"Engine neutral sites flagged for review"**. When a site is flagged, you can assess if the site needs to be removed entirely, or if it needs the open-in attribute changed from None to MSEdge. -3. If you believe that a flagged site is correctly configured, you can edit the site entry and click on **"Clear Flag"**. Once you select that option for a site, it will not be flagged again. +1. In the Enterprise Mode Site List Manager (schema v.2), click **File > Flag neutral sites**. +2. If selecting this option has no effect, there are no sites that needs to be reviewed. Otherwise, you will see a message **"Engine neutral sites flagged for review"**. When a site is flagged, you can assess if the site needs to be removed entirely, or if it needs the open-in attribute changed from None to MSEdge. +3. If you believe that a flagged site is correctly configured, you can edit the site entry and click on **"Clear Flag"**. Once you select that option for a site, it will not be flagged again. - - -## Related topics: +## Related topics - [About IE Mode](https://docs.microsoft.com/deployedge/edge-ie-mode) - [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites) From b504efaa560e16eb07594c4ee185cdc3bdacb1cf Mon Sep 17 00:00:00 2001 From: Dan Wesley <38053816+dan-wesley@users.noreply.github.com> Date: Thu, 2 Apr 2020 16:17:07 -0700 Subject: [PATCH 17/24] fix toc link --- browsers/internet-explorer/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md index fd84f9696e..45773621eb 100644 --- a/browsers/internet-explorer/TOC.md +++ b/browsers/internet-explorer/TOC.md @@ -47,7 +47,7 @@ #### [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md) #### [Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) #### [Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) -#### [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md) +#### [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md) ### [Use the Enterprise Mode Site List Portal](ie11-deploy-guide/use-the-enterprise-mode-portal.md) #### [Set up the Enterprise Mode Site List Portal](ie11-deploy-guide/set-up-enterprise-mode-portal.md) ##### [Use the Settings page to finish setting up the Enterprise Mode Site List Portal](ie11-deploy-guide/configure-settings-enterprise-mode-portal.md) From e5a2f35ae6c8e344be56c43231d7f756359f1b25 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 2 Apr 2020 16:52:24 -0700 Subject: [PATCH 18/24] Add release notes for 100.90.70 --- .../linux-exclusions.md | 13 ++++++--- .../microsoft-defender-atp/linux-whatsnew.md | 27 +++++++++++++++++++ 2 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index 088b47a20c..dbd6c02b98 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -42,9 +42,16 @@ The follow table shows the exclusion types supported by Microsoft Defender ATP f Exclusion | Definition | Examples ---|---|--- File extension | All files with the extension, anywhere on the machine | .test -File | A specific file identified by the full path | /var/log/test.log -Folder | All files under the specified folder | /var/log/ -Process | A specific process (specified either by the full path or file name) and all files opened by it | /bin/cat
cat +File | A specific file identified by the full path | /var/log/test.log
/var/log/*.log
/var/log/install.?.log +Folder | All files under the specified folder | /var/log/
/var/*/ +Process | A specific process (specified either by the full path or file name) and all files opened by it | /bin/cat
cat
c?t + +File, folder, and process exclusions support the following wilcards: + +Wildcard | Description | Example | Matches +---|---|---|--- +\* | Matches any number of any characters including none | /var/\*/\*.log | /var/log/system.log +? | Matches any single character | file?.log | file1.log
file2.log ## How to configure the list of exclusions diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md new file mode 100644 index 0000000000..9ebc453a7a --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -0,0 +1,27 @@ +--- +title: What's new in Microsoft Defender Advanced Threat Protection for Linux +description: List of major changes for Microsoft Defender ATP for Linux. +keywords: microsoft, defender, atp, linux, whatsnew, release +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: security +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# What's new in Microsoft Defender Advanced Threat Protection for Linux + +## 100.90.70 + +- Antivirus [exclusions now support wildcards](linux-exclusions.md#supported-exclusion-types) +- Added the ability to [troubleshoot performance issues](linux-support-perf.md) through the `mdatp` command-line tool +- Improvements to make the package installation more robust +- Performance improvements & bug fixes From 6408df8b3ed68f0324896eb311af4c7064976439 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 2 Apr 2020 16:54:06 -0700 Subject: [PATCH 19/24] Update TOC --- windows/security/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index f155348283..22fa95d3d8 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -228,6 +228,7 @@ ### [Microsoft Defender Advanced Threat Protection for Linux](microsoft-defender-atp/microsoft-defender-atp-linux.md) +#### [What's New](microsoft-defender-atp/linux-whatsnew.md) #### [Deploy]() ##### [Manual deployment](microsoft-defender-atp/linux-install-manually.md) ##### [Puppet based deployment](microsoft-defender-atp/linux-install-with-puppet.md) From 4c90d09448983a3d507334f8c09eb3e2e3722550 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 2 Apr 2020 17:19:08 -0700 Subject: [PATCH 20/24] Make Acrolinx happy --- .../microsoft-defender-atp/linux-exclusions.md | 14 +++++++------- .../microsoft-defender-atp/mac-exclusions.md | 8 ++++---- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index dbd6c02b98..ef0797f456 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -41,17 +41,17 @@ The follow table shows the exclusion types supported by Microsoft Defender ATP f Exclusion | Definition | Examples ---|---|--- -File extension | All files with the extension, anywhere on the machine | .test -File | A specific file identified by the full path | /var/log/test.log
/var/log/*.log
/var/log/install.?.log -Folder | All files under the specified folder | /var/log/
/var/*/ -Process | A specific process (specified either by the full path or file name) and all files opened by it | /bin/cat
cat
c?t +File extension | All files with the extension, anywhere on the machine | `.test` +File | A specific file identified by the full path | `/var/log/test.log`
`/var/log/*.log`
`/var/log/install.?.log` +Folder | All files under the specified folder | `/var/log/`
`/var/*/` +Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`
`cat`
`c?t` -File, folder, and process exclusions support the following wilcards: +File, folder, and process exclusions support the following wildcards: Wildcard | Description | Example | Matches ---|---|---|--- -\* | Matches any number of any characters including none | /var/\*/\*.log | /var/log/system.log -? | Matches any single character | file?.log | file1.log
file2.log +\* | Matches any number of any characters including none | `/var/\*/\*.log` | `/var/log/system.log` +? | Matches any single character | `file?.log` | `file1.log`
`file2.log` ## How to configure the list of exclusions diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 4ac890ab74..7e0983fb5f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -41,10 +41,10 @@ The follow table shows the exclusion types supported by Microsoft Defender ATP f Exclusion | Definition | Examples ---|---|--- -File extension | All files with the extension, anywhere on the machine | .test -File | A specific file identified by the full path | /var/log/test.log -Folder | All files under the specified folder | /var/log/ -Process | A specific process (specified either by the full path or file name) and all files opened by it | /bin/cat
cat +File extension | All files with the extension, anywhere on the machine | `.test` +File | A specific file identified by the full path | `/var/log/test.log` +Folder | All files under the specified folder | `/var/log/` +Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`
`cat` ## How to configure the list of exclusions From 2b9f9349b1189b02ee8872543da6ff5338793fb0 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 2 Apr 2020 17:22:00 -0700 Subject: [PATCH 21/24] Updated TOC --- windows/security/threat-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 22fa95d3d8..81198f6218 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -228,7 +228,7 @@ ### [Microsoft Defender Advanced Threat Protection for Linux](microsoft-defender-atp/microsoft-defender-atp-linux.md) -#### [What's New](microsoft-defender-atp/linux-whatsnew.md) +#### [What's New](microsoft-defender-atp/mac-whatsnew.md) #### [Deploy]() ##### [Manual deployment](microsoft-defender-atp/linux-install-manually.md) ##### [Puppet based deployment](microsoft-defender-atp/linux-install-with-puppet.md) From dca10fb7711b564b3cc59c8f4eadbfc73ac2229f Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 2 Apr 2020 17:23:18 -0700 Subject: [PATCH 22/24] One more try --- windows/security/threat-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 81198f6218..26df1d541e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -228,7 +228,7 @@ ### [Microsoft Defender Advanced Threat Protection for Linux](microsoft-defender-atp/microsoft-defender-atp-linux.md) -#### [What's New](microsoft-defender-atp/mac-whatsnew.md) +#### [What's New](microsoft-defender-atp/linux-whatsnew.md) #### [Deploy]() ##### [Manual deployment](microsoft-defender-atp/linux-install-manually.md) ##### [Puppet based deployment](microsoft-defender-atp/linux-install-with-puppet.md) From 4255406f2972274769dfe1e045f110c03b7739c1 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Fri, 3 Apr 2020 08:43:46 -0700 Subject: [PATCH 23/24] pencil edits --- .../windows-information-protection/limitations-with-wip.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index ae9b928ac7..3fc752f3ca 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -53,7 +53,7 @@ This table provides info about the most common problems you might encounter whil WIP is designed for use by a single user per device. - A secondary user on a device might experience app compat issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user’s content can be revoked during the unenrollment process. + A secondary user on a device might experience app compatibility issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user’s content can be revoked during the unenrollment process. We recommend only having one user per managed device. @@ -121,12 +121,12 @@ This table provides info about the most common problems you might encounter whil Only enlightened apps can be managed without device enrollment - If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintenionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment. + If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintentionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment. If all apps need to be managed, enroll the device for MDM. - By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encypted by one user, other users can't access it.
+ By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encrypted by one user, other users can't access it.
Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner. If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it. From c29ebc1bbe83b99a3bfdc9d96cff66457a6dafab Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Fri, 3 Apr 2020 09:14:57 -0700 Subject: [PATCH 24/24] pencil edit --- devices/hololens/hololens-cortana.md | 1 + 1 file changed, 1 insertion(+) diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index 99cad9c0b9..a19c9d48cf 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -49,6 +49,7 @@ Use these commands throughout Windows Mixed Reality to get around faster. Some c |See available speech commands | "What can I say?" | Starting with version 19041.x of HoloLens 2, you can also use these commands: + | Say this | To do this | | - | - | | "Restart device" | Bring up a dialogue to confirm you want to restart the device. You can say "yes" to restart. |