diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 744a4be799..97778ca7b6 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -9,7 +9,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 07/19/2018 +ms.date: 10/21/2019 --- # Defender CSP @@ -352,6 +352,53 @@ The data type is a string. Supported operation is Get. +**Health/TamperProtectionEnabled** +Indicates whether the Windows Defender tamper protection feature is enabled.​ + +The data type is a boolean. + +Supported operation is Get. + +**Health/IsVirtualMachine** +Indicates whether the device is a virtual machine. + +The data type is a string. + +Supported operation is Get. + +**Configuration** +An interior node to group Windows Defender configuration information. + +Supported operation is Get. + +**Configuration/TamperProtection** +Tamper protection helps protect important security features from unwanted changes and interference. This includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions. + +Send off blob to device to reset tamper protection state before setting this configuration to "not configured" or "unassigned" in Intune. + +The data type is a Signed blob. + +Supported operation is Add, Delete, Get. Replace. + +Intune tamper protection setting UX supports 3 states: +- Not configured (default): Does not have any impact on the default state of the device. +- Enabled: Enables the tamper protection feature +- Disabled: Turns off the tamper protection feature + +When enabled or disabled exist on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state either enabled or disabled would require to be set explicitly. + +**Configuration/EnableFileHashComputation** +Enables or disables file hash computation feature. +When this feature is enabled Windows defender will compute hashes for files it scans. + +The data type is a integer. + +Supported operation is Add, Delete, Get. Replace. + +Valid values are: +- 1 – Enable. +- 0 (default) – Disable. + **Scan** Node that can be used to start a Windows Defender scan on a device. @@ -374,5 +421,4 @@ Supported operations are Get and Execute. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) - +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index fb7628c241..fca2196049 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -9,7 +9,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 07/12/2018 +ms.date: 10/21/2019 --- # Defender DDF file @@ -19,7 +19,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Defende Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -The XML below is for Windows 10, version 1809. +The XML below is the current version for this CSP. ```xml @@ -628,6 +628,112 @@ The XML below is for Windows 10, version 1809. + + TamperProtectionEnabled + + + + + + + + + + + + + + + text/plain + + + + + IsVirtualMachine + + + + + + + + + + + + + + + text/plain + + + + + + Configuration + + + + + + + + + + + + + + + + + + + TamperProtection + + + + + + + + + + + + + + + + + + text/plain + + + + + EnableFileHashComputation + + + + + + + + + + + + + + + + + + text/plain + + + Scan diff --git a/windows/client-management/mdm/images/provisioning-csp-defender.png b/windows/client-management/mdm/images/provisioning-csp-defender.png index c4a743deeb..793b1568ff 100644 Binary files a/windows/client-management/mdm/images/provisioning-csp-defender.png and b/windows/client-management/mdm/images/provisioning-csp-defender.png differ diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index df1f000ad7..0a50619021 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -165,7 +165,7 @@ ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswo
  • WindowsLogon/ConfigAutomaticRestartSignOn
  • WindowsLogon/EnableFirstLogonAnimation
    • -Policy CSP - Audit +Policy CSP - Audit

    Added new Audit policies in Windows 10, version 1903.

    @@ -175,6 +175,10 @@ ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswo

    Added new CSP in Windows 10, version 1903.

    +Defender CSP +

    Added the following new nodes:
    Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.

    + + DiagnosticLog CSP
    DiagnosticLog DDF

    Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes:
    @@ -1929,17 +1933,19 @@ What data is handled by dmwappushsvc? | It is a component handling the internal How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. | ## Change history in MDM documentation + ### October 2019 |New or updated topic | Description| |--- | ---| -|[BitLocker CSP](bitlocker-csp.md)|Added the following new nodes:
    ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID| +|[BitLocker CSP](bitlocker-csp.md)|Added the following new nodes:
    ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.| +|[Defender CSP](defender-csp.md)|Added the following new nodes:
    Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.| ### September 2019 |New or updated topic | Description| |--- | ---| -|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node:
    IsStub| +|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node:
    IsStub.| |[Policy CSP - Defender](policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.| |[Policy CSP - DeviceInstallation](policy-csp-deviceinstallation.md)|Added the following new policies:
    DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.| @@ -1958,7 +1964,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o |[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.| |[PassportForWork CSP](passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903:
    SecurityKey, SecurityKey/UseSecurityKeyForSignin| |[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:
    LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock| -|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:
    Create a custom configuration service provider
    Design a custom configuration service provider
    IConfigServiceProvider2
    IConfigServiceProvider2::ConfigManagerNotification
    IConfigServiceProvider2::GetNode
    ICSPNode
    ICSPNode::Add
    ICSPNode::Clear
    ICSPNode::Copy
    ICSPNode::DeleteChild
    ICSPNode::DeleteProperty
    ICSPNode::Execute
    ICSPNode::GetChildNodeNames
    ICSPNode::GetProperty
    ICSPNode::GetPropertyIdentifiers
    ICSPNode::GetValue
    ICSPNode::Move
    ICSPNode::SetProperty
    ICSPNode::SetValue
    ICSPNodeTransactioning
    ICSPValidate
    Samples for writing a custom configuration service provider| +|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:
    Create a custom configuration service provider
    Design a custom configuration service provider
    IConfigServiceProvider2
    IConfigServiceProvider2::ConfigManagerNotification
    IConfigServiceProvider2::GetNode
    ICSPNode
    ICSPNode::Add
    ICSPNode::Clear
    ICSPNode::Copy
    ICSPNode::DeleteChild
    ICSPNode::DeleteProperty
    ICSPNode::Execute
    ICSPNode::GetChildNodeNames
    ICSPNode::GetProperty
    ICSPNode::GetPropertyIdentifiers
    ICSPNode::GetValue
    ICSPNode::Move
    ICSPNode::SetProperty
    ICSPNode::SetValue
    ICSPNodeTransactioning
    ICSPValidate
    Samples for writing a custom configuration service provider.| ### June 2019