Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

2025-06-18 11:53:37 +00:00 · 2020-04-03 19:29:06 +00:00
parent f7f059c2b0 2826f98d9a
commit 71f0688e75
12 changed files with 231 additions and 16 deletions
--- a/browsers/internet-explorer/TOC.md
+++ b/browsers/internet-explorer/TOC.md
@ -47,6 +47,7 @@
 #### [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
 #### [Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
 #### [Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
 #### [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md)
 ### [Use the Enterprise Mode Site List Portal](ie11-deploy-guide/use-the-enterprise-mode-portal.md)
 #### [Set up the Enterprise Mode Site List Portal](ie11-deploy-guide/set-up-enterprise-mode-portal.md)
 ##### [Use the Settings page to finish setting up the Enterprise Mode Site List Portal](ie11-deploy-guide/configure-settings-enterprise-mode-portal.md)
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@ -7,7 +7,8 @@ author: dansimp
 ms.prod: ie11
 ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
 ms.reviewer: 
-audience: itpro
+audience: itpro
 manager: dansimp
 ms.author: dansimp
 title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
@ -57,16 +58,20 @@ You can add individual sites to your compatibility list by using the Enterprise
 5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site.
-
+   -   **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. If you have enabled [Internet Explorer mode integration on Microsoft Edge](https://docs.microsoft.com/deployedge/edge-ie-mode), this option will open sites in Internet Explorer mode.
   -   **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
   -   **None**. Opens in whatever browser the employee chooses.
-
+6. If you have enabled [Internet Explorer mode integration on Microsoft Edge](https://docs.microsoft.com/deployedge/edge-ie-mode), and you have sites that still need to opened in the standalone Internet Explorer 11 application, you can check the box for **Standalone IE**. This checkbox is only relevant when associated to 'Open in' IE11. Checking the box when 'Open In' is set to MSEdge or None will not change browser behavior.
 7. The checkbox **Allow Redirect** applies to the treatment of server side redirects. If you check this box, server side redirects will open in the browser specified by the open-in tag. For more information, see [here](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance#updated-schema-attributes).
 8. Click **Save** to validate your website and to add it to the site list for your enterprise.<p>
   If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
-
+9. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p>
   You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
 ## Next steps
--- a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
@ -0,0 +1,47 @@
 ---
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: How to use Site List Manager to review neutral sites for IE mode
 author: dansimp
 ms.prod: ie11
 ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
 ms.reviewer: 
 audience: itpro
 manager: dansimp
 ms.author: dansimp
 title: Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
 ms.sitesec: library
 ms.date: 04/02/2020
 ---
 # Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
 **Applies to:**
 - Windows 10
 - Windows 8
 - Windows Server 2012 R2
 - Microsoft Edge version 77 or later
 > [!NOTE]
 > This feature is available on the Enterprise Mode Site List Manager version 11.0.
 ## Overview
 While converting your site from v.1 schema to v.2 schema using the latest version of the Enterprise Mode Site List Manager, sites with the *doNotTransition=true* in v.1 convert to *open-in=None* in the v.2 schema, which is characterized as a "neutral site". This is the expected behavior for conversion unless you are using Internet Explorer mode (IE mode). When IE mode is enabled, only authentication servers that are used for modern and legacy sites should be set as neutral sites. For more information, see [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites). Otherwise, a site meant to open in Edge might potentially be tagged as neutral, which results in inconsistent experiences for users.
 The Enterprise Mode Site List Manager provides the ability to flag sites that are listed as neutral sites, but might have been added in error. This check is automatically performed when you are converting from v.1 to v.2 through the tool. This check might flag sites even if there was no prior schema conversion.
 ## Flag neutral sites
 To identify neutral sites to review:
 1. In the Enterprise Mode Site List Manager (schema v.2), click **File > Flag neutral sites**.
 2. If selecting this option has no effect, there are no sites that needs to be reviewed. Otherwise, you will see a message **"Engine neutral sites flagged for review"**. When a site is flagged, you can assess if the site needs to be removed entirely, or if it needs the open-in attribute changed from None to MSEdge.
 3. If you believe that a flagged site is correctly configured, you can edit the site entry and click on **"Clear Flag"**. Once you select that option for a site, it will not be flagged again.
 ## Related topics
 - [About IE Mode](https://docs.microsoft.com/deployedge/edge-ie-mode)
 - [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites)
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
@ -26,7 +26,7 @@ ms.date: 12/04/2017
 -   Windows Server 2012 R2
 -   Windows Server 2008 R2 with Service Pack 1 (SP1)
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
 You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
@ -49,12 +49,14 @@ The following topics give you more information about the things that you can do
 |[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). |
 |[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
 |[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
 |[Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md) |How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion. This topic applies to the Enterprise Mode Site List Manager version 11.0 or later. |
 |[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
 |[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
 |[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
 |[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
 |[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
 |[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
 | [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md)|How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion.<p> This topic applies to the latest version of the Enterprise Mode Site List Manager.
 ## Related topics
--- a/devices/hololens/hololens-cortana.md
+++ b/devices/hololens/hololens-cortana.md
@ -49,6 +49,7 @@ Use these commands throughout Windows Mixed Reality to get around faster. Some c
 |See available speech commands | "What can I say?" |
 Starting with version 19041.x of HoloLens 2, you can also use these commands:
 | Say this | To do this |
 | - | - |
 | "Restart device" | Bring up a dialogue to confirm you want to restart the device. You can say "yes" to restart. |
--- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
@ -53,7 +53,7 @@ This table provides info about the most common problems you might encounter whil
    </tr>
    <tr>
        <td>WIP is designed for use by a single user per device.</td>
-        <td>A secondary user on a device might experience app compat issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user’s content can be revoked during the unenrollment process.</td>
+        <td>A secondary user on a device might experience app compatibility issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user’s content can be revoked during the unenrollment process.</td>
        <td>We recommend only having one user per managed device.</td>
    </tr>
    <tr>
@ -121,12 +121,12 @@ This table provides info about the most common problems you might encounter whil
    <tr>
        <td>Only enlightened apps can be managed without device enrollment
        </td>
-        <td>If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintenionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment.</td>
+        <td>If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintentionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment.</td>
        <td>If all apps need to be managed, enroll the device for MDM.
        </td>
    </tr>
    <tr>
-        <td>By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encypted by one user, other users can&#39;t access it.<br/>        </td>
+        <td>By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encrypted by one user, other users can&#39;t access it.<br/>        </td>
        <td>Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner. 
        </td>
        <td>If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it.
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@ -230,6 +230,7 @@
 ### [Microsoft Defender Advanced Threat Protection for Linux](microsoft-defender-atp/microsoft-defender-atp-linux.md)
 #### [What's New](microsoft-defender-atp/linux-whatsnew.md)
 #### [Deploy]()
 ##### [Manual deployment](microsoft-defender-atp/linux-install-manually.md)
 ##### [Puppet based deployment](microsoft-defender-atp/linux-install-with-puppet.md)
@ -244,6 +245,7 @@
 ##### [Set preferences](microsoft-defender-atp/linux-preferences.md)
 #### [Troubleshoot]()
 ##### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md)
 ##### [Troubleshoot cloud connectivity issues](microsoft-defender-atp/linux-support-connectivity.md)
 ##### [Troubleshoot performance issues](microsoft-defender-atp/linux-support-perf.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
@ -41,10 +41,17 @@ The follow table shows the exclusion types supported by Microsoft Defender ATP f
 Exclusion | Definition | Examples
 ---|---|---
-File extension | All files with the extension, anywhere on the machine | .test
+File extension | All files with the extension, anywhere on the machine | `.test`
-File | A specific file identified by the full path | /var/log/test.log
+File | A specific file identified by the full path | `/var/log/test.log`<br/>`/var/log/*.log`<br/>`/var/log/install.?.log`
-Folder | All files under the specified folder | /var/log/
+Folder | All files under the specified folder | `/var/log/`<br/>`/var/*/`
-Process | A specific process (specified either by the full path or file name) and all files opened by it | /bin/cat<br/>cat
+Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`<br/>`cat`<br/>`c?t`
 File, folder, and process exclusions support the following wildcards:
 Wildcard | Description | Example | Matches
 ---|---|---|---
 \* |	Matches any number of any characters including none | `/var/\*/\*.log` | `/var/log/system.log`
 ? | Matches any single character | `file?.log` | `file1.log`<br/>`file2.log`
 ## How to configure the list of exclusions
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
@ -0,0 +1,121 @@
 ---
 title: Troubleshoot installation issues for Microsoft Defender ATP for Linux
 ms.reviewer:
 description: Troubleshoot installation issues for Microsoft Defender ATP for Linux
 keywords: microsoft, defender, atp, linux, installation
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: dansimp
 author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 # Troubleshoot installation issues for Microsoft Defender ATP for Linux
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
 ## Verify if installation succeeded
 An error in installation may or may not result in a meaningful error message by the package manager. To verify if the installation succeeded, one can obtain and check the installation logs using:
 ```bash
 $ sudo journalctl | grep 'microsoft-mdatp'  > installation.log
 $ grep 'postinstall end' installation.log
 microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216
 ```
 An output from the previous command with correct date and time of installation indicates success.
 Also check the [Client configuration](linux-install-manually.md#client-configuration) to verify the health of the product and detect the EICAR text file.
 ## Installation failed
 Check if the mdatp service is running
 ```bash
 $ systemctl status mdatp
 ● mdatp.service - Microsoft Defender ATP
   Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-03-26 10:37:30 IST; 23h ago
 Main PID: 1966 (wdavdaemon)
    Tasks: 105 (limit: 4915)
   CGroup: /system.slice/mdatp.service
           ├─1966 /opt/microsoft/mdatp/sbin/wdavdaemon
           ├─1967 /opt/microsoft/mdatp/sbin/wdavdaemon
           └─1968 /opt/microsoft/mdatp/sbin/wdavdaemon
 ```
 ## Steps to troubleshoot if mdatp service isn't running
 1. Check if “mdatp” user exists:
 ```bash
 $ id “mdatp”
 ```
 If there’s no output, run
 ```bash
 $ sudo useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp
 ```
 2. Try enabling and restarting the service using:
 ```bash
 $ sudo systemctl enable mdatp
 $ sudo systemctl restart mdatp
 ```
 3. If mdatp.service isn't found upon running the previous command, run
 ```bash
 $ sudo cp /opt/microsoft/mdatp/conf/mdatp.service <systemd_path>
 where <systemd_path> is
 /lib/systemd/system for Ubuntu and Debian distributions
 /usr/lib/systemd/system for Rhel, CentOS, Oracle and SLES
 ```
 and then rerun step 2.
 4. If the above steps don’t work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details.
 Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot.
 5. Ensure that the daemon has executable permission.
 ```bash
 $ ls -l /opt/microsoft/mdatp/sbin/wdavdaemon
 -rwxr-xr-x 2 root root 15502160 Mar  3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon
 ```
 If the daemon doesn't have executable permissions, make it executable using:
 ```bash
 $ sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon
 ```
 and retry running step 2.
 6. Ensure that the file system containing wdavdaemon isn't mounted with “noexec”.
 ## If mdatp service is running, but EICAR text file detection doesn't work
 1. Check the file system type using:
 ```bash
 $ findmnt -T <path_of_EICAR_file>
 ```
 Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#system-requirements). Any files outside these file systems won't be scanned.
 ## Command-line tool “mdatp” isn't working
 1. If running the command-line tool `mdatp` gives an error `command not found`, run the following command:
 ```bash
 $  sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp
 ```
 and try again.
 If none of the above steps help, collect the diagnostic logs:
 ```bash
 $ sudo mdatp --diagnostic --create
 ```
 Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs.
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md
@ -0,0 +1,27 @@
 ---
 title: What's new in Microsoft Defender Advanced Threat Protection for Linux
 description: List of major changes for Microsoft Defender ATP for Linux.
 keywords: microsoft, defender, atp, linux, whatsnew, release
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: security
 ms.sitesec: library
 ms.pagetype: security
 ms.author: dansimp
 author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 # What's new in Microsoft Defender Advanced Threat Protection for Linux
 ## 100.90.70
 - Antivirus [exclusions now support wildcards](linux-exclusions.md#supported-exclusion-types)
 - Added the ability to [troubleshoot performance issues](linux-support-perf.md) through the `mdatp` command-line tool
 - Improvements to make the package installation more robust
 - Performance improvements & bug fixes
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
@ -41,10 +41,10 @@ The follow table shows the exclusion types supported by Microsoft Defender ATP f
 Exclusion | Definition | Examples
 ---|---|---
-File extension | All files with the extension, anywhere on the machine | .test
+File extension | All files with the extension, anywhere on the machine | `.test`
-File | A specific file identified by the full path | /var/log/test.log
+File | A specific file identified by the full path | `/var/log/test.log`
-Folder | All files under the specified folder | /var/log/
+Folder | All files under the specified folder | `/var/log/`
-Process | A specific process (specified either by the full path or file name) and all files opened by it | /bin/cat<br/>cat
+Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`<br/>`cat`
 ## How to configure the list of exclusions
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
@ -70,6 +70,8 @@ In general you need to take the following steps:
    - [Deploy using Puppet configuration management tool](linux-install-with-puppet.md)
    - [Deploy using Ansible configuration management tool](linux-install-with-ansible.md)
 If you experience any installation failures, refer to [Troubleshooting installation failures in Microsoft Defender ATP for Linux](linux-support-install.md).
 ### System requirements
 - Supported Linux server distributions and versions: