mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 22:37:22 +00:00
Merge pull request #941 from MicrosoftDocs/FromPrivateRepo
From private repo
This commit is contained in:
huypub
GitHub
commit
75a378516e
@ -230,7 +230,7 @@ If you disable this setting, Microsoft Edge opens a new tab with a blank page. I
|
||||
If you don't configure this setting, employees can choose how new tabs appears.
|
||||
|
||||
|
||||
## Always Enable book library
|
||||
## Always show the Books Library in Microsoft Edge
|
||||
>*Supported versions: Windows 10, version 1709 or later*
|
||||
|
||||
This policy settings specifies whether to always show the Books Library in Microsoft Edge. By default, this setting is disabled, which means the library is only visible in countries or regions where available. if enabled, the Books Library is always shown regardless of countries or region of activation.
|
||||
|
||||
@ -11,7 +11,7 @@ ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 05/17/2018
|
||||
ms.date: 05/21/2018
|
||||
---
|
||||
|
||||
# Deploy, manage, and report on Windows Defender Antivirus
|
||||
@ -47,7 +47,7 @@ PowerShell|Deploy with Group Policy, System Center Configuration Manager, or man
|
||||
Group Policy and Active Directory (domain-joined)|Use a Group Policy Object to deploy configuration changes and ensure Windows Defender Antivirus is enabled.|Use Group Policy Objects (GPOs) to [Configure update options for Windows Defender Antivirus][] and [Configure Windows Defender features][]|Endpoint reporting is not available with Group Policy. You can generate a list of [Group Policies to determine if any settings or policies are not applied][]
|
||||
Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](https://docs.microsoft.com/en-us/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Azure Security Center](https://docs.microsoft.com/en-us/azure/security-center/security-center-install-endpoint-protection)|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/en-us/powershell/servicemanagement/azure.antimalware/v3.4.0/azure.antimalware) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe)|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/en-us/powershell/servicemanagement/azure.antimalware/v3.4.0/azure.antimalware) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the [Possibly infected devices][] report and configure an SIEM tool to report on [Windows Defender Antivirus events][] and add that tool as an app in AAD.
|
||||
|
||||
1. <span id="fn1" />The availability of some functions and features, especially related to cloud-delivered protection, differ between System Center Configuration Manager 2016 and System Center Configuration Manager 2012. In this library, we've focused on Windows 10, Windows Server 2016, and System Center Configuration Manager 2016. See [Use Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for a table that describes the major differences. [(Return to table)](#ref2)
|
||||
1. <span id="fn1" />The availability of some functions and features, especially related to cloud-delivered protection, differ between System Center Configuration Manager (Current Branch) and System Center Configuration Manager 2012. In this library, we've focused on Windows 10, Windows Server 2016, and System Center Configuration Manager (Current Branch). See [Use Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for a table that describes the major differences. [(Return to table)](#ref2)
|
||||
|
||||
2. <span id="fn2" />In Windows 10, Windows Defender Antivirus is a component available without installation or deployment of an additional client or service. It will automatically be enabled when third-party antivirus products are either uninstalled or out of date ([except on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md)). Traditional deployment therefore is not required. Deployment here refers to ensuring the Windows Defender Antivirus component is available and enabled on endpoints or servers. [(Return to table)](#ref2)
|
||||
|
||||
|
||||
@ -11,7 +11,7 @@ ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 04/30/2018
|
||||
ms.date: 05/21/2018
|
||||
---
|
||||
|
||||
# Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection
|
||||
@ -63,7 +63,7 @@ Organizations running Windows 10 E5, version 1803 can also take advantage of eme
|
||||
The following table describes the differences in cloud-delivered protection between recent versions of Windows and System Center Configuration Manager.
|
||||
|
||||
|
||||
Feature | Windows 8.1 (Group Policy) | Windows 10, version 1607 (Group Policy) | Windows 10, version 1703 (Group Policy) | Configuration manager 2012 | Configuration manager (current branch) | Microsoft Intune
|
||||
Feature | Windows 8.1 (Group Policy) | Windows 10, version 1607 (Group Policy) | Windows 10, version 1703 (Group Policy) | System Center Configuration Manager 2012 | System Center Configuration Manager (Current Branch) | Microsoft Intune
|
||||
---|---|---|---|---|---|---
|
||||
Cloud-protection service label | Microsoft Advanced Protection Service | Microsoft Advanced Protection Service | Cloud-based Protection | NA | Cloud protection service | Microsoft Advanced Protection Service
|
||||
Reporting level (MAPS membership level) | Basic, Advanced | Advanced | Advanced | Dependent on Windows version | Dependent on Windows version | Dependent on Windows version
|
||||
|
||||
@ -42,6 +42,7 @@ Use the following table to understand what the columns represent, its data type,
|
||||
| AdditionalFields | string | Additional information about the event in JSON array format. |
|
||||
| AlertId | string | Unique identifier for the alert. |
|
||||
| ComputerName | string | Fully qualified domain name (FQDN) of the machine. |
|
||||
| RemoteComputerName | string | Name of the machine that performed a remote operation on the affected machine. Depending on the event being reported, this name could be a fully-qualified domain name (FQDN), a NetBIOS name, or a host name without domain information. |
|
||||
| EventId | int | Unique identifier used by Event Tracing for Windows (ETW) for the event type. |
|
||||
| EventTime | datetime | Date and time when the event was recorded. |
|
||||
| EventType | string | Table where the record is stored. |
|
||||
@ -53,6 +54,7 @@ Use the following table to understand what the columns represent, its data type,
|
||||
| InitiatingProcessAccountDomain | string | Domain of the account that ran the process responsible for the event. |
|
||||
| InitiatingProcessAccountName | string | User name of the account that ran the process responsible for the event. |
|
||||
| InitiatingProcessAccountSid | string | Security Identifier (SID) of the account that ran the process responsible for the event. |
|
||||
| InitiatingProcessLogonId | string | Identifier for a logon session of the process that initiated the event. This identifier is unique on the same machine only between restarts. |
|
||||
| InitiatingProcessCommandLine | string | Command line used to run the process that initiated the event. |
|
||||
| InitiatingProcessCreationTime | datetime | Date and time when the process that initiated the event was started. |
|
||||
| InitiatingProcessFileName | string | Name of the process that initiated the event. |
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 05/08/2018
|
||||
ms.date: 05/21/2018
|
||||
---
|
||||
|
||||
# Use Automated investigations to investigate and remediate threats
|
||||
@ -117,7 +117,7 @@ Status | Description
|
||||
| Queued | Investigation has been queued and will resume as soon as other remediation activities are completed. |
|
||||
| Running | Investigation ongoing. Malicious entities found will be remediated. |
|
||||
| Remediated | Malicious entities found were successfully remediated. |
|
||||
| Terminated by system | Investigation was stopped due to <reason>. |
|
||||
| Terminated by system | Investigation was stopped by the system. |
|
||||
| Terminated by user | A user stopped the investigation before it could complete.
|
||||
| Partially investigated | Entities directly related to the alert have been investigated. However, a problem stopped the investigation of collateral entities. |
|
||||
|
||||
|
||||
@ -11,7 +11,7 @@ ms.pagetype: security
|
||||
localizationpriority: medium
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 04/30/2018
|
||||
ms.date: 05/21/2018
|
||||
---
|
||||
|
||||
|
||||
@ -63,11 +63,9 @@ Exploit protection works best with [Windows Defender Advanced Threat Protection]
|
||||
|
||||
## Requirements
|
||||
|
||||
Exploit protection requires Windows 10 Enterprise E3 and Windows Defender AV real-time protection.
|
||||
|
||||
Windows 10 version | Windows Defender Advanced Threat Protection
|
||||
-|-
|
||||
Windows 10 version 1709 or later | For full reporting you need a license for [Windows Defender ATP](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
|
||||
Windows 10 version 1709 or later | For full reporting, you need a license for [Windows Defender ATP](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
## Review Exploit protection events in Windows Event Viewer
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user