From 6b778b47406acb2ea456b663a467ea87853275fe Mon Sep 17 00:00:00 2001 From: Graham Williams Date: Mon, 16 Nov 2020 10:05:45 +0000 Subject: [PATCH 1/5] Updates Jamf Signing Step 4 for Clarity Changes for #8631 as suggested. --- .../microsoft-defender-atp/mac-sysext-policies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 9b20ff2260..73bb94faf9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -150,13 +150,13 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender 4. After the certificate is created and installed to your device, run the following command from the Terminal to sign the file: ```bash - $ security cms -S -N "" -i /com.apple.webcontent-filter.mobileconfig -o /com.microsoft.network-extension.signed.mobileconfig + $ security cms -S -N "" -i /com.microsoft.network-extension.mobileconfig -o /com.microsoft.network-extension.signed.mobileconfig ``` For example, if the certificate name is **SigningCertificate** and the signed file is going to be stored in Documents: ```bash - $ security cms -S -N "SigningCertificate" -i ~/Documents/com.apple.webcontent-filter.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig + $ security cms -S -N "SigningCertificate" -i ~/Documents/com.microsoft.network-extension.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig ``` 5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.microsoft.network-extension.signed.mobileconfig` when prompted for the file. From 0b4d83779cabda4f371efca225c1fb9a465bb00a Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 3 Dec 2020 07:05:08 +0530 Subject: [PATCH 2/5] Update policy-csp-defender.md as per the user report #8740 , so i added admx missing information after clearly cross with on my laptop runs with windows 10 20h2 64bit build no 19042.662 . From this editing , i struggled few minutes for formatting the line in correct and where to add those missing lines. This editing of this article is too complicated , editing needs too much concentration with dedicated experienced skills, I knew all the contributors and all Authors , how are spent time to edit this article to make perfect. --- windows/client-management/mdm/policy-csp-defender.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index dcea40a888..6387efccc5 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -2317,6 +2317,15 @@ Added in Windows 10, version 1607. Specifies the level of detection for potenti > Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices. For more information about PUA, see [Detect and block potentially unwanted applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus). + +ADMX Info: +- GP English name: *Configure detection for potentially unwanted applications* +- GP name: *Root_PUAProtection* +- GP element: *Root_PUAProtection* +- GP path: *Windows Components/Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + The following list shows the supported values: @@ -3112,6 +3121,7 @@ Footnotes: - 6 - Available in Windows 10, version 1903. - 7 - Available in Windows 10, version 1909. - 8 - Available in Windows 10, version 2004. +- 9 - Available in Windows 10, version 20H2. From b33b63572691a3e4ba36999d9bf2e09886415185 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 26 Dec 2020 22:54:30 +0500 Subject: [PATCH 3/5] Update deploy-enterprise-licenses.md --- windows/deployment/deploy-enterprise-licenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index e43658fdb5..7c7c2b7d4e 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -34,7 +34,7 @@ This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with To determine if the computer has a firmware-embedded activation key, type the following command at an elevated Windows PowerShell prompt ``` -(Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey +(Get-CimInstance -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey ``` If the device has a firmware-embedded activation key, it will be displayed in the output. If the output is blank, the device does not have a firmware embedded activation key. Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key. From 7c95151405f9ba5186c8ff57117da9c8366fffae Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 28 Dec 2020 17:05:06 +0500 Subject: [PATCH 4/5] Update windows/deployment/deploy-enterprise-licenses.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 7c7c2b7d4e..fbfeba0ca6 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -33,7 +33,7 @@ This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with To determine if the computer has a firmware-embedded activation key, type the following command at an elevated Windows PowerShell prompt -``` +```PowerShell (Get-CimInstance -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey ``` From 097edab0b5839ebd613f0ab27ccce357578e534b Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 28 Dec 2020 17:05:22 +0500 Subject: [PATCH 5/5] Update windows/deployment/deploy-enterprise-licenses.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index fbfeba0ca6..ef7a0b86fb 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -31,7 +31,7 @@ This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with ## Firmware-embedded activation key -To determine if the computer has a firmware-embedded activation key, type the following command at an elevated Windows PowerShell prompt +To determine if the computer has a firmware-embedded activation key, type the following command at an elevated Windows PowerShell prompt: ```PowerShell (Get-CimInstance -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey