From d23fab13bd66bf60a0fb7b5f598a0f2a14be7b62 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 21 Sep 2020 09:37:52 +0500 Subject: [PATCH 01/15] Update mac-sysext-policies.md --- .../mac-sysext-policies.md | 31 ++++++++++++++----- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index a146b082c5..33826c77a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -59,7 +59,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender >JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed. >As such, the following steps provide a workaround that involve signing the configuration profile. -1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` +1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` using a text editor ```xml @@ -122,21 +122,38 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender ``` -2. Verify that the above file was copied correctly. From the Terminal, run the following command and verify that it outputs `OK`: +2. Verify that the above file was copied correctly by running `plutil` utility in the Terminal: ```bash - $ plutil -lint com.microsoft.network-extension.mobileconfig - com.microsoft.network-extension.mobileconfig: OK + $ plutil -lint /com.microsoft.network-extension.mobileconfig ``` + For example, if the file was stored in the Documents: + + ```bash + $ plutil -lint ~/Documents/com.microsoft.network-extension.mobileconfig + ``` + + Verify that the command outputs `OK` + + ```bash + /com.microsoft.network-extension.mobileconfig: OK + ``` + 3. Follow the instructions on [this page](https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority) to create a signing certificate using JAMF’s built-in certificate authority -4. After the certificate is created and installed to your device, run the following command from the Terminal: +4. After the certificate is created and installed to your device, run the following command from the Terminal to sign the file: ```bash - $ security cms -S -N "" -i com.microsoft.network-extension.mobileconfig -o com.microsoft.network-extension.signed.mobileconfig + $ security cms -S -N "" -i /com.apple.webcontent-filter.mobileconfig -o /com.microsoft.network-extension.signed.mobileconfig ``` - + + For example, if the certificate name is **SigningCertificate** and the signed file is going to be stored in Documents: + + ```bash + $ security cms -S -N "SigningCertificate" -i ~/Documents/com.apple.webcontent-filter.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig + ``` + 5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.microsoft.network-extension.signed.mobileconfig` when prompted for the file. ## Intune From 80d0847c939522443ed8c7c2259d29b1c91044bb Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 22 Sep 2020 14:17:31 +0500 Subject: [PATCH 02/15] Update windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/mac-sysext-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 33826c77a4..2e237ef886 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -59,7 +59,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender >JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed. >As such, the following steps provide a workaround that involve signing the configuration profile. -1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` using a text editor +1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` using a text editor: ```xml From bd64e0a24d2741ce405abf59ac302f3f42703df1 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 22 Sep 2020 14:17:38 +0500 Subject: [PATCH 03/15] Update windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/mac-sysext-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 2e237ef886..a0b2600e6d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -122,7 +122,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender ``` -2. Verify that the above file was copied correctly by running `plutil` utility in the Terminal: +2. Verify that the above file was copied correctly by running the `plutil` utility in the Terminal: ```bash $ plutil -lint /com.microsoft.network-extension.mobileconfig From af0f2cdb0ea96e7f2f2df169f12a966f44463849 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 22 Sep 2020 14:17:45 +0500 Subject: [PATCH 04/15] Update windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/mac-sysext-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index a0b2600e6d..8df5adc20d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -134,7 +134,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender $ plutil -lint ~/Documents/com.microsoft.network-extension.mobileconfig ``` - Verify that the command outputs `OK` + Verify that the command outputs `OK`. ```bash /com.microsoft.network-extension.mobileconfig: OK From 8c86554082a2770da119a5b6b30e22599032245b Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 22 Sep 2020 14:17:58 +0500 Subject: [PATCH 05/15] Update windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/mac-sysext-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 8df5adc20d..d94d6f57e5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -140,7 +140,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender /com.microsoft.network-extension.mobileconfig: OK ``` -3. Follow the instructions on [this page](https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority) to create a signing certificate using JAMF’s built-in certificate authority +3. Follow the instructions on [this page](https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority) to create a signing certificate using JAMF’s built-in certificate authority. 4. After the certificate is created and installed to your device, run the following command from the Terminal to sign the file: From 52e67b477200519a6444ae7e423ed560607491c1 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 22 Sep 2020 14:18:10 +0500 Subject: [PATCH 06/15] Update windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/mac-sysext-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index d94d6f57e5..59b00113db 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -128,7 +128,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender $ plutil -lint /com.microsoft.network-extension.mobileconfig ``` - For example, if the file was stored in the Documents: + For example, if the file was stored in Documents: ```bash $ plutil -lint ~/Documents/com.microsoft.network-extension.mobileconfig From e021ddf40cd3a797231797313ee43ede6ba0aae5 Mon Sep 17 00:00:00 2001 From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com> Date: Tue, 6 Oct 2020 18:27:00 -0700 Subject: [PATCH 07/15] Update azure-active-directory-integration-with-mdm.md --- .../mdm/azure-active-directory-integration-with-mdm.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index 8e84d077d5..b511fd100f 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -165,7 +165,10 @@ The following image illustrates how MDM applications will show up in the Azure a ### Add cloud-based MDM to the app gallery -You should work with the Azure AD engineering team if your MDM application is cloud-based. The following table shows the required information to create an entry in the Azure AD app gallery. +> [!NOTE] +> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application + +The following table shows the required information to create an entry in the Azure AD app gallery. From b26a5781b35b69f178629b1a1da9ca44c930140d Mon Sep 17 00:00:00 2001 From: DanPandre <54847950+DanPandre@users.noreply.github.com> Date: Thu, 8 Oct 2020 10:08:15 -0400 Subject: [PATCH 08/15] Update surfacehub-csp.md Clarify background path requirements --- windows/client-management/mdm/surfacehub-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index fcb23c170c..cc0a0bc3d0 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -239,7 +239,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format

The data type is boolean. Supported operation is Get and Replace. **InBoxApps/Welcome/CurrentBackgroundPath** -

Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons). +

Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.

The data type is string. Supported operation is Get and Replace. From 53f0f0d13c7f009f7283a90f27b601511c9bd600 Mon Sep 17 00:00:00 2001 From: Caroline Gitonga Date: Mon, 12 Oct 2020 18:22:46 +0300 Subject: [PATCH 09/15] Add cs.dds.microsoft.com --- .../privacy/windows-endpoints-1909-non-enterprise-editions.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md index 7b104bdcb0..90ab13ce23 100644 --- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md @@ -96,6 +96,7 @@ The following methodology was used to derive the network endpoints: |activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows |adl.windows.com|HTTP|Used for compatibility database updates for Windows |spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile +|cs.dds.microsoft.com|TLSV1.2|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices. ## Windows 10 Pro @@ -161,6 +162,7 @@ The following methodology was used to derive the network endpoints: |activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows |adl.windows.com|HTTP|Used for compatibility database updates for Windows |spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile +|cs.dds.microsoft.com|TLSV1.2|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices. ## Windows 10 Education From 972c2ab0bc673793c2e5150868a0f9b51adbd6e9 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 12 Oct 2020 15:35:42 -0700 Subject: [PATCH 10/15] Release notes for 101.09.50 --- .../microsoft-defender-atp/mac-install-with-intune.md | 2 +- .../microsoft-defender-atp/mac-resources.md | 2 +- .../microsoft-defender-atp/mac-whatsnew.md | 11 +++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md index d7a00dd754..a22b5aab16 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md @@ -195,7 +195,7 @@ To approve the system extensions: 9. As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Download `netfilter.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig), save it as netext.xml and deploy it using the same steps as in the previous sections. -10. To allow Defender and Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. +10. To allow Microsoft Defender ATP for Mac and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. 11. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 2aafa7220d..87146fc807 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -97,7 +97,7 @@ Important tasks, such as controlling product settings and triggering on-demand s |Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action audit` | |Configuration|Turn on/off passiveMode |`mdatp config passive-mode --value enabled [enabled/disabled]` | |Diagnostics |Change the log level |`mdatp log level set --level [error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create` | +|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [path]` | |Health |Check the product's health |`mdatp health` | |Health |Check for a spefic product attribute |`mdatp health --field [attribute: healthy/licensed/engine_version...]` | |Protection |Scan a path |`mdatp scan custom --path [path]` | diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 7748721340..af2c710e12 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -41,6 +41,17 @@ ms.topic: conceptual > 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md). > 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update. +## 101.09.50 + +- This product version has been validated on macOS Big Sur 11 beta 9 +- The new syntax for the `mdatp` command-line tool is now the default one. For more information on the new syntax, see [Resources for Microsoft Defender ATP for Mac](mac-resources.md#configuring-from-the-command-line) + + > [!NOTE] + > The old command-line tool syntax will be removed from the product on **January 1st, 2021**. + +- Extended `mdatp diagnostic create` with a new parameter (`--path`) that allows the diagnostic logs to be saved to a different location +- Performance improvements & bug fixes + ## 101.09.49 - User interface improvements to differentiate exclusions that are managed by the IT administrator versus exclusions defined by the local user From 74118dfa4198a685d3e9f1ffba22c459e58b2052 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 12 Oct 2020 16:54:43 -0700 Subject: [PATCH 11/15] Add note on new parameter --- .../threat-protection/microsoft-defender-atp/mac-resources.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 87146fc807..22b92d8e46 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -44,6 +44,9 @@ If you can reproduce a problem, increase the logging level, run the system for s 3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. + > [!TIP] + > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the location where diagnostic logs are saved, pass `--path [path]` to the below command. + ```bash sudo mdatp diagnostic create ``` From 144cf1be53c5348e402581db452201abcc0dcdf1 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 12 Oct 2020 16:58:38 -0700 Subject: [PATCH 12/15] Clarity --- .../threat-protection/microsoft-defender-atp/mac-resources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 22b92d8e46..9c0b4cd2a5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -45,7 +45,7 @@ If you can reproduce a problem, increase the logging level, run the system for s 3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. > [!TIP] - > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the location where diagnostic logs are saved, pass `--path [path]` to the below command. + > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the location where diagnostic logs are saved, pass `--path [path]` to the below command, replacing `[path]` with the desired path. ```bash sudo mdatp diagnostic create From 2a864f18f85712d2eb04969b8c20d36bdb1a7f6c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 12 Oct 2020 17:37:37 -0700 Subject: [PATCH 13/15] Acrolinx: "occured" --- windows/client-management/mdm/surfacehub-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index cc0a0bc3d0..330dddba01 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -161,7 +161,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format

- + From 887e29376706dd6d2c683ea48f331f34007731d5 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 12 Oct 2020 19:35:14 -0700 Subject: [PATCH 14/15] Clarify that path is directory --- .../threat-protection/microsoft-defender-atp/mac-resources.md | 4 ++-- .../threat-protection/microsoft-defender-atp/mac-whatsnew.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 9c0b4cd2a5..7ce45a0fee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -45,7 +45,7 @@ If you can reproduce a problem, increase the logging level, run the system for s 3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. > [!TIP] - > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the location where diagnostic logs are saved, pass `--path [path]` to the below command, replacing `[path]` with the desired path. + > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the directory where diagnostic logs are saved, pass `--path [directory]` to the below command, replacing `[directory]` with the desired directory. ```bash sudo mdatp diagnostic create @@ -100,7 +100,7 @@ Important tasks, such as controlling product settings and triggering on-demand s |Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action audit` | |Configuration|Turn on/off passiveMode |`mdatp config passive-mode --value enabled [enabled/disabled]` | |Diagnostics |Change the log level |`mdatp log level set --level [error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [path]` | +|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [directory]` | |Health |Check the product's health |`mdatp health` | |Health |Check for a spefic product attribute |`mdatp health --field [attribute: healthy/licensed/engine_version...]` | |Protection |Scan a path |`mdatp scan custom --path [path]` | diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index af2c710e12..434fdb15ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -49,7 +49,7 @@ ms.topic: conceptual > [!NOTE] > The old command-line tool syntax will be removed from the product on **January 1st, 2021**. -- Extended `mdatp diagnostic create` with a new parameter (`--path`) that allows the diagnostic logs to be saved to a different location +- Extended `mdatp diagnostic create` with a new parameter (`--path [directory]`) that allows the diagnostic logs to be saved to a different directory - Performance improvements & bug fixes ## 101.09.49 From fe713333bd2533087f597008aade8762e350c925 Mon Sep 17 00:00:00 2001 From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com> Date: Tue, 13 Oct 2020 06:44:22 -0700 Subject: [PATCH 15/15] Update hello-faq.md --- .../security/identity-protection/hello-for-business/hello-faq.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md index e6d36e6967..b5dfff553e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.md +++ b/windows/security/identity-protection/hello-for-business/hello-faq.md @@ -75,6 +75,7 @@ Communicating with Azure Active Directory uses the following URLs: - enterpriseregistration.windows.net - login.microsoftonline.com - login.windows.net +- account.live.com If your environment uses Microsoft Intune, you need these additional URLs: - enrollment.manage.microsoft.com
ErrorContext valueStage where error occuredStage where error occurred Description and suggestions