deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/rs4' into jdrs4

Browse Source 
# Conflicts:
#	windows/configuration/change-history-for-configure-windows-10.md
#	windows/configuration/guidelines-for-assigned-access-app.md
This commit is contained in:
Jeanie Decker
2018-04-16 06:38:15 -07:00
parent e8c5a8de1a 44baba8c61
commit 739e64c355
16 changed files with 80 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: surfacehub ms.pagetype: surfacehub
author: jdeckerms author: jdeckerms
ms.author: jdecker ms.author: jdecker
ms.date: 07/27/2017 ms.date: 04/13/2018
ms.localizationpriority: medium ms.localizationpriority: medium
--- ---
@ -100,13 +100,12 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013
8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it: 8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it:
```PowerShell ```PowerShell
Set-CsMeetingRoom HUB01 -DomainController DC-ND-001.contoso.com Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI “tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true
-LineURItel: +14255550555;ext=50555" Set-CsMeetingRoom -DomainController DC-ND-001.contoso.com
-Identity HUB01 -EnterpriseVoiceEnabled $true
``` ```
Again, you'll need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same. Again, you'll need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same.
   

2
education/trial-in-a-box/index.md
View File

@ -28,7 +28,7 @@ Welcome to Microsoft Education Trial in a Box. We built this trial to make it ea
</br> </br>
| ![Get started for Educators](images/teacher_rotated_resized.png) | ![Get started for IT Admins](images/itadmin_rotated_resized.png) | | [![Get started for Educators](images/teacher_rotated_resized.png)](educator-tib-get-started.md) | [![Get started for IT Admins](images/itadmin_rotated_resized.png)](itadmin-tib-get-started.md) |
| :---: | :---: | | :---: | :---: |
| <span style="font-size: 1.5em">**Educator**</span></br>Enhance students of all abilities by unleashing their creativity, collaboration, and improving problem-solving skills. </br>[Get started](educator-tib-get-started.md) | <span style="font-size: 1.5em">**IT Admin**</span></br>Quickly implement and deploy a full cloud infrastructure that's secure and easy to manage. </br> [Get started](itadmin-tib-get-started.md) | | <span style="font-size: 1.5em">**Educator**</span></br>Enhance students of all abilities by unleashing their creativity, collaboration, and improving problem-solving skills. </br>[Get started](educator-tib-get-started.md) | <span style="font-size: 1.5em">**IT Admin**</span></br>Quickly implement and deploy a full cloud infrastructure that's secure and easy to manage. </br> [Get started](itadmin-tib-get-started.md) |

2
mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md
View File

@ -94,7 +94,7 @@ Restoring a users device restores the currently registered Templates setti
- **Manual Restore** - **Manual Restore**
If you want to assist users by restoring a device during a refresh, you can choose to use the Restore-UevBackup cmdlet. This command ensures that the users current settings become the current state on the Settings Storage Location. If you want to assist users by restoring a device during a refresh, you can choose to use the Restore-UevBackup cmdlet. This command causes the users settings to be downloaded from the Settings Storage Location.
## Restore Application and Windows Settings to Original State ## Restore Application and Windows Settings to Original State

1
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -27,6 +27,7 @@ The topics in this library have been updated for Windows 10, version 1803. The f
New or changed topic | Description New or changed topic | Description
--- | --- --- | ---
[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Updated endpoints. [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Updated endpoints.
[Configure cellular settings for tablets and PCs](provisioning-apn.md) | Added instructions for confirming that the settings were applied.
## March 2018 ## March 2018

8
windows/configuration/guidelines-for-assigned-access-app.md
View File

@ -63,15 +63,17 @@ You can create your own web browser Windows app by using the WebView class. Lear
## Secure your information ## Secure your information
Avoid selecting Windows apps that may expose the information you dont want to show in your kiosk, since kiosk usually means anonymous access and kiosks are often located in public settings like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system. Avoid selecting this type of apps if they provide unnecessary data access. Avoid selecting Windows apps that may expose the information you dont want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
## App configuration ## App configuration
Some apps may require additional configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access. Check the guidelines published by your selected app and do the setup accordingly. Some apps may require additional configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
Check the guidelines published by your selected app and set up accordingly.
## Develop your kiosk app ## Develop your kiosk app
Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lockscreen. Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app.
Follow the [best practices guidance for developing a kiosk app for assigned access](https://msdn.microsoft.com/library/windows/hardware/mt633799%28v=vs.85%29.aspx). Follow the [best practices guidance for developing a kiosk app for assigned access](https://msdn.microsoft.com/library/windows/hardware/mt633799%28v=vs.85%29.aspx).

36
windows/configuration/provisioning-apn.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library
author: jdeckerMS author: jdeckerMS
ms.localizationpriority: high ms.localizationpriority: high
ms.date: 07/27/2017 ms.date: 04/13/2018
--- ---
# Configure cellular settings for tablets and PCs # Configure cellular settings for tablets and PCs
@ -76,5 +76,39 @@ For users who work in different locations, you can configure one APN to connect
9. [Apply the package to devices.](provisioning-packages/provisioning-apply-package.md) 9. [Apply the package to devices.](provisioning-packages/provisioning-apply-package.md)
## Confirm the settings
After you apply the provisioning package, you can confirm that the settings have been applied.
1. On the configured device, open a command prompt as an administrator.
2. Run the following command:
```
netsh mbn show profiles
```
3. The command will list the mobile broadband profiles. Using the "Name" for the listed mobile broadband profile, run:
```
netsh mbn show profiles name="name"
```
This command will list details for that profile, including Access Point Name.
Alternatively, you can also use the command:
```
netsh mbn show interface
```
From the results of that command, get the name of the cellular/mobile broadband interface and run:
```
netsh mbn show connection interface="name"
```
The result of that command will show details for the cellular interface, including Access Point Name.

2
windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
View File

@ -13,7 +13,7 @@ ms.date: 04/03/2018
# Frequently asked questions and troubleshooting Windows Analytics # Frequently asked questions and troubleshooting Windows Analytics
This topic compiles the most common issues encountered with configuring and using Windows Analytics, as well as general questions. This topic compiles the most common issues encountered with configuring and using Windows Analytics, as well as general questions. This FAQ, along with the [Windows Analytics Technical Community](https://techcommunity.microsoft.com/t5/Windows-Analytics/ct-p/WindowsAnalytics), are recommended resources to consult before contacting Microsoft support.
## Troubleshooting common problems ## Troubleshooting common problems

2
windows/deployment/upgrade/upgrade-readiness-requirements.md
View File

@ -31,7 +31,7 @@ See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-1
Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates. Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates.
The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility updates are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com). The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility updates are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com).
Windows 10 LTSB is not supported by Upgrade Readiness. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not compatible with Upgrade Readiness. See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSB. While Upgrade Readiness can be used to assist with updating devices from Windows 10 Long-Term Servicing Channel (LTSC) to Windows 10 Semi-Annual Channel, Upgrade Readiness does not support updates to Windows 10 LTSC. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not a supported target with Upgrade Readiness. See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSC.
## Operations Management Suite ## Operations Management Suite

2
windows/security/threat-protection/applocker/requirements-to-use-applocker.md
View File

@ -35,7 +35,7 @@ The following table show the on which operating systems AppLocker features are s
| Version | Can be configured | Can be enforced | Available rules | Notes | | Version | Can be configured | Can be enforced | Available rules | Notes |
| - | - | - | - | - | | - | - | - | - | - |
| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10. You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016. | | Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10 supported by Mobile Device Management (MDM). You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016. |
| Windows Server 2016<br/>Windows Server 2012 R2<br/>Windows Server 2012| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| | | Windows Server 2016<br/>Windows Server 2012 R2<br/>Windows Server 2012| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| |
| Windows 8.1 Pro| Yes| No| N/A|| | Windows 8.1 Pro| Yes| No| N/A||
| Windows 8.1 Enterprise| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| | | Windows 8.1 Enterprise| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| |

17
windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
View File

@ -15,18 +15,7 @@ ms.date: 04/19/2017
**Applies to** **Applies to**
- Windows 10 - Windows 10
This reference topic for the IT professional describes which versions of the Windows operating systems support advanced security auditing policies. Advanced audit policy configuration is supported on all versions of Windows since it was introduced in Windows Vista.
There is no difference in security auditing support between 32-bit and 64-bit versions.
Windows editions that cannot join a domain, such as Windows 10 Home edition, do not have access to these features.
Versions of the Windows operating system that cannot join a domain do not have access to these features. There is no difference in security auditing support between 32-bit and 64-bit versions.
## Are there any special considerations?
In addition, the following special considerations apply to the various tasks associated with advanced security auditing enhancements:
- **Creating an audit policy.** To create an advanced security auditing policy, you must use a computer running any supported version of Windows. You can use the Group Policy Management Console (GPMC) on a computer running a supported version of the Windows client operating system after installing the Remote Server Administration Tools.
- **Applying audit policy settings.** If you are using Group Policy to apply the advanced audit policy settings and global object access settings, client computers must be running any supported version of the Windows server operating system or Windows client operating system. In addition, only computers running any of these supported operating systems can provide "reason for access" reporting data.
- **Developing an audit policy model.** To plan advanced security audit settings and global object access settings, you must use the GPMC that targets a domain controller running a supported version of the Windows server operating system.
- **Distributing the audit policy.** After a Group Policy Object (GPO) that includes advanced security auditing settings is developed, it can be distributed by using domain controllers running any Windows Server operating system.
However, if you cannot put client computers running a supported version of the Windows client operating system into a separate organizational unit (OU), you should use Windows Management Instrumentation (WMI) filtering to ensure that the advanced security auditing policy settings are applied only to client computers running a supported version of the Windows client operating system.
>**Important:**  Using both the basic auditing policy settings under **Local Policies\\Audit Policy** and the advanced auditing policy settings under **Advanced Audit Policy Configuration** can cause unexpected results in audit reporting. Therefore, the two sets of audit policy settings should not be combined. If you use advanced audit policy configuration settings, you should enable the **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings** policy setting under **Local Policies\\Security Options**. This will prevent conflicts between similar settings by forcing basic security auditing to be ignored.  

37
windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security.md
View File

@ -22,30 +22,9 @@ Virtualization-based protection of code integrity (herein referred to as Hypervi
Use the following procedure to enable virtualization-based protection of code integrity: Use the following procedure to enable virtualization-based protection of code integrity:
1. **Decide whether to use the procedures in this topic, or to use the Windows Defender Device Guard readiness tool**. To enable HVCI, you can use [the Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) or follow the procedures in this topic. 1. Decide whether to use the procedures in this topic, or to use [the Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337).
2. **Verify that hardware and firmware requirements are met**. Verify that your client computers have the hardware and firmware to run HVCI. For a list of requirements, see [Hardware, firmware, and software requirements for Windows Defender Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-windows-defender-device-guard). 2. Verify that [hardware and firmware requirements](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-windows-defender-device-guard) are met.
3. **Enable the necessary Windows features**. You can use the [hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) or see [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-protection-of-code-integrity).
4. **Enable additional features as desired**. You can use the [hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) or see [Enable virtualization-based protection of code integrity](#enable-virtualization-based-protection-of-code-integrity).
## Windows feature requirements for virtualization-based protection of code integrity
Make sure these operating system features are enabled before you can enable HVCI:
- Beginning with Windows 10, version 1607 or Windows Server 2016:<br>
Hyper-V Hypervisor, which is enabled automatically. No further action is needed.
- With an earlier version of Windows 10:<br>
Hyper-V Hypervisor and Isolated User Mode (shown in Figure 1).
 
![Turn Windows features on or off](images/dg-fig1-enableos.png)
**Figure 1. Enable operating system features for HVCI, Windows 10, version 1511**
> [!NOTE]
> You can configure these features by using Group Policy or Dism.exe, or manually by using Windows PowerShell or the Windows Features dialog box.
## Enable virtualization-based protection of code integrity ## Enable virtualization-based protection of code integrity
@ -57,16 +36,12 @@ If you don't want to use the [hardware readiness tool](https://www.microsoft.com
![Group Policy Management, create a GPO](images/dg-fig2-createou.png) ![Group Policy Management, create a GPO](images/dg-fig2-createou.png)
Figure 2. Create a new OU-linked GPO
2. Give the new GPO a name, then right-click the new GPO, and click **Edit**. 2. Give the new GPO a name, then right-click the new GPO, and click **Edit**.
4. Within the selected GPO, navigate to Computer Configuration\\Policies\\Administrative Templates\\System\\Device Guard. Right-click **Turn On Virtualization Based Security**, and then click **Edit**. 4. Within the selected GPO, navigate to Computer Configuration\\Policies\\Administrative Templates\\System\\Device Guard. Right-click **Turn On Virtualization Based Security**, and then click **Edit**.
![Edit the group policy for Virtualization Based Security](images/dg-fig3-enablevbs.png) ![Edit the group policy for Virtualization Based Security](images/dg-fig3-enablevbs.png)
Figure 3. Enable virtualization-based security (VBS)
5. Select the **Enabled** button. For **Select Platform Security Level**: 5. Select the **Enabled** button. For **Select Platform Security Level**:
- **Secure Boot** provides as much protection as a computers hardware can support. If the computer does not have input/output memory management units (IOMMUs), enable **Secure Boot**. - **Secure Boot** provides as much protection as a computers hardware can support. If the computer does not have input/output memory management units (IOMMUs), enable **Secure Boot**.
@ -78,9 +53,7 @@ If you don't want to use the [hardware readiness tool](https://www.microsoft.com
- With earlier versions of Windows 10:<br>Select the **Enable Virtualization Based Protection of Code Integrity** check box. - With earlier versions of Windows 10:<br>Select the **Enable Virtualization Based Protection of Code Integrity** check box.
![Group Policy, Turn On Virtualization Based Security](images/dg-fig7-enablevbsofkmci.png) ![Group Policy, Turn On Virtualization Based Security](images/dg-fig7-enablevbsofkmci.png)
Figure 5. Configure HVCI, Lock setting (in Windows 10, version 1607)
7. Close the Group Policy Management Editor, and then restart the Windows 10 test computer. The settings will take effect upon restart. 7. Close the Group Policy Management Editor, and then restart the Windows 10 test computer. The settings will take effect upon restart.
@ -281,12 +254,10 @@ This field indicates whether VBS is enabled and running.
This field lists the computer name. All valid values for computer name. This field lists the computer name. All valid values for computer name.
Another method to determine the available and enabled Windows Defender Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Windows Defender Device Guard properties are displayed at the bottom of the **System Summary** section, as shown in Figure 6. Another method to determine the available and enabled Windows Defender Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Windows Defender Device Guard properties are displayed at the bottom of the **System Summary** section.
![Windows Defender Device Guard properties in the System Summary](images/dg-fig11-dgproperties.png) ![Windows Defender Device Guard properties in the System Summary](images/dg-fig11-dgproperties.png)
Figure 6. Windows Defender Device Guard properties in the System Summary
## Related topics ## Related topics
- [Introduction to Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) - [Introduction to Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)

2
windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
View File

@ -82,7 +82,7 @@ Hiding notifications can be useful in situations where you cannot hide the entir
> [!NOTE] > [!NOTE]
> Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [System Center Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection). > Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [System Center Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection).
See the [Customize the Windows Defender Security Center app for your organization](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center-antivirus) topic for instructions to add custom contact information to the notifications that users see on their machines. See the [Customize the Windows Defender Security Center app for your organization](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md) topic for instructions to add custom contact information to the notifications that users see on their machines.
**Use Group Policy to hide notifications:** **Use Group Policy to hide notifications:**

9
windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
View File

@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: medium
author: iaanw author: andreabichsel
ms.author: iawilt ms.author: v-anbic
ms.date: 10/12/2017 ms.date: 04/11/2018
--- ---
@ -59,6 +59,9 @@ This topic includes the following instructions for setting up and running Window
## Enable or disable the interface on Windows Server 2016 ## Enable or disable the interface on Windows Server 2016
By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required. By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required.
>[!NOTE]
>You can't uninstall the Windows Defender Security Center app, but you can disable the interface with these instructions.
If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option. If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option.
![Add roles and feature wizard showing the GUI for Windows Defender option](images/server-add-gui.png) ![Add roles and feature wizard showing the GUI for Windows Defender option](images/server-add-gui.png)

2
windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
View File

@ -30,7 +30,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Net
|-----------|------------------|-----------| |-----------|------------------|-----------|
|Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.| |Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may optionally use "." as a wildcard character to automatically trust subdomains. Configuring ".constoso.com" will automatically trust "subdomain1.contoso.com", "subdomain2.contoso.com" etc. | |Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may optionally use "." as a wildcard character to automatically trust subdomains. Configuring ".constoso.com" will automatically trust "subdomain1.contoso.com", "subdomain2.contoso.com" etc. |
|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.| |Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment.|
### Application-specific settings ### Application-specific settings
These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard. These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard.

10
windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
View File

@ -67,18 +67,18 @@ POST /72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/token HTTP/1.1
Host: login.microsoftonline.com Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com&client_id=35e0f735-5fe4-4693-9e68-3de80f1d3745&client_secret=IKXc6PxB2eoFNJ%2FIT%2Bl2JZZD9d9032VXz6Ul3D2WyUQ%3D&grant_type=client_credentials resource=https%3A%2F%2Fgraph.windows.net&client_id=35e0f735-5fe4-4693-9e68-3de80f1d3745&client_secret=IKXc6PxB2eoFNJ%2FIT%2Bl2JZZD9d9032VXz6Ul3D2WyUQ%3D&grant_type=client_credentials
``` ```
The response will include an access token and expiry information. The response will include an access token and expiry information.
```json ```json
{ {
"token type": "Bearer", "token_type": "Bearer",
"expires in": "3599" "expires_in": "3599",
"ext_expires_in": "0", "ext_expires_in": "0",
"expires_on": "1488720683", "expires_on": "1488720683",
"not_before": "1488720683", "not_before": "1488720683",
"resource": "https://WDATPAlertExport.Seville.onmicrosoft.com", "resource": "https://graph.windows.net",
"access_token":"eyJ0eXaioJJOIneiowiouqSuzNiZ345FYOVkaJL0625TueyaJasjhIjEnbMlWqP..." "access_token":"eyJ0eXaioJJOIneiowiouqSuzNiZ345FYOVkaJL0625TueyaJasjhIjEnbMlWqP..."
} }
``` ```
@ -117,7 +117,7 @@ Authorization: Bearer <your access token>
The following example demonstrates a request to get the last 20 alerts since 2016-09-12 00:00:00. The following example demonstrates a request to get the last 20 alerts since 2016-09-12 00:00:00.
```syntax ```syntax
GET https://wdatp-alertexporter-eu.windows.com/api/alerts?limit=20&sinceTimeUtc="2016-09-12 00:00:00" GET https://wdatp-alertexporter-eu.windows.com/api/alerts?limit=20&sinceTimeUtc=2016-09-12T00:00:00.000
Authorization: Bearer <your access token> Authorization: Bearer <your access token>
``` ```

14
windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
View File

@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: medium
author: iaanw author: andreabichsel
ms.author: iawilt ms.author: v-anbic
ms.date: 10/17/2017 ms.date: 04/11/2018
--- ---
@ -39,12 +39,18 @@ In Windows 10, version 1709, we increased the scope of the app to also show info
>[!NOTE] >[!NOTE]
>The Windows Defender Security Center app is a client interface on Windows 10, version 1703 and later. It is not the Windows Defender Security Center web portal console that is used to review and manage [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). >The Windows Defender Security Center app is a client interface on Windows 10, version 1703 and later. It is not the Windows Defender Security Center web portal console that is used to review and manage [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
This library describes the Windows defender Security Center app, and provides information on configuring certain features, inlcuding: This library describes the Windows Defender Security Center app, and provides information on configuring certain features, including:
<a id="customize-notifications-from-the-windows-defender-security-center"></a> <a id="customize-notifications-from-the-windows-defender-security-center"></a>
- [Showing and customizing contact information on the app and in notifications](wdsc-customize-contact-information.md) - [Showing and customizing contact information on the app and in notifications](wdsc-customize-contact-information.md)
- [Hiding notifications](wdsc-hide-notifications.md) - [Hiding notifications](wdsc-hide-notifications.md)
You can't uninstall the Windows Defender Security Center app, but you can do one of the following:
- Disable the interface on Windows Server 2016. See [Windows Defender Antivirus on Windows Server 2016](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016).
- Hide all of the sections on client computers (see below).
- Disable Windows Defender Antivirus, if needed. See [Enable and configure Windows Defender AV always-on protection and monitoring](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus).
You can find more information about each section, including options for configuring the sections - such as hiding each of the sections - at the following topics: You can find more information about each section, including options for configuring the sections - such as hiding each of the sections - at the following topics: