From f0a3f290f93856da60efe2c03fcdfed2301eefd7 Mon Sep 17 00:00:00 2001 From: "Yong Rhee [MSFT]" <56358587+YongRhee-MSFT@users.noreply.github.com> Date: Fri, 13 Jun 2025 18:16:52 -0700 Subject: [PATCH 1/5] Learn Editor: Update policy-csp-defender.md --- windows/client-management/mdm/policy-csp-defender.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 55a3527bd5..f62ff5a636 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -2872,6 +2872,9 @@ Valid remediation action values are: +> [!NOTE] +> "Ignore" is the same as "Allow" in [Microsoft Defender for Endpoint Security Settings Management](/defender-endpoint/mde-security-settings-management), [Microsoft Intune](/intune/intune-service/protect/endpoint-security-antivirus-policy), and Defender Powershell module: [Set-MpPreference](/powershell/module/defender/set-mppreference?view=windowsserver2025-ps). + **Description framework properties**: | Property name | Property value | From 9d820f6a9052070560f64884e2787004689ee16b Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 16 Jun 2025 10:03:12 -0600 Subject: [PATCH 3/5] Update policy-csp-defender.md Move the note to editable section --- windows/client-management/mdm/policy-csp-defender.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index f62ff5a636..3bd5c02887 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -2868,13 +2868,12 @@ Valid remediation action values are: > [!NOTE] -> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. +> +> - **Ignore** is the same as **Allow** in [Microsoft Defender for Endpoint Security Settings Management](/defender-endpoint/mde-security-settings-management), [Microsoft Intune](/intune/intune-service/protect/endpoint-security-antivirus-policy), and Defender Powershell module: [Set-MpPreference](/powershell/module/defender/set-mppreference). +> - Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. -> [!NOTE] -> "Ignore" is the same as "Allow" in [Microsoft Defender for Endpoint Security Settings Management](/defender-endpoint/mde-security-settings-management), [Microsoft Intune](/intune/intune-service/protect/endpoint-security-antivirus-policy), and Defender Powershell module: [Set-MpPreference](/powershell/module/defender/set-mppreference?view=windowsserver2025-ps). - **Description framework properties**: | Property name | Property value | From dbf33c60f3a228d600fdc4f4589e87f1eab48993 Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Mon, 16 Jun 2025 22:34:16 +0530 Subject: [PATCH 4/5] typo fix --- windows/client-management/mdm/policy-csp-defender.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 3bd5c02887..699ddca948 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -1814,7 +1814,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul - If you enable this setting, low CPU priority will be used during scheduled scans. -- If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans. +- If you disable or don't configure this setting, no changes will be made to CPU priority for scheduled scans. @@ -2069,7 +2069,7 @@ Allows an administrator to specify a list of directory paths to ignore during a Allows an administrator to specify a list of files opened by processes to ignore during a scan. > [!IMPORTANT] -> The process itself isn't excluded from the scan, but can be by using the Defender/ExcludedPaths policy to exclude its path. Each file type must be separated by a |. For example, C:\Example. exe|C:\Example1.exe. +> The process itself isn't excluded from the scan, but can be by using the Defender/ExcludedPaths policy to exclude its path. Each file type must be separated by a |. For example, C:\Example.exe|C:\Example1.exe. From fbdaf229c2242f5ee9a7ee9128d99b715d3971b6 Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Mon, 16 Jun 2025 22:54:54 +0530 Subject: [PATCH 5/5] typo fix --- .../mdm/policy-csp-defender.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 699ddca948..0c163a6d0b 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -41,7 +41,7 @@ This policy setting allows you to configure scans for malicious software and unw > [!NOTE] -> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. +> Changes to this setting aren't applied when [tamper protection][TAMPER-1] is enabled. @@ -110,7 +110,7 @@ This policy setting allows you to configure behavior monitoring. > [!NOTE] -> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. +> Changes to this setting aren't applied when [tamper protection][TAMPER-1] is enabled. @@ -192,7 +192,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to > [!NOTE] -> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. +> Changes to this setting aren't applied when [tamper protection][TAMPER-1] is enabled. @@ -461,7 +461,7 @@ Allows or disallows Windows Defender Intrusion Prevention functionality. > [!NOTE] -> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. +> Changes to this setting aren't applied when [tamper protection][TAMPER-1] is enabled. @@ -516,7 +516,7 @@ This policy setting allows you to configure scanning for all downloaded files an > [!NOTE] -> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. +> Changes to this setting aren't applied when [tamper protection][TAMPER-1] is enabled. @@ -585,7 +585,7 @@ This policy setting allows you to configure monitoring for file and program acti > [!NOTE] -> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. +> Changes to this setting aren't applied when [tamper protection][TAMPER-1] is enabled. @@ -650,7 +650,7 @@ Allows or disallows Windows Defender Realtime Monitoring functionality. > [!NOTE] -> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. +> Changes to this setting aren't applied when [tamper protection][TAMPER-1] is enabled. @@ -713,12 +713,12 @@ Allows or disallows Windows Defender Realtime Monitoring functionality. -This policy setting allows you to configure scheduled scans and on-demand (manually initiated) scans for files that are accessed over the network. It is recommended to enable this setting. +This policy setting allows you to configure scheduled scans and on-demand (manually initiated) scans for files that are accessed over the network. It's recommended to enable this setting. >[!NOTE] -> Real-time protection (on-access) scanning is not impacted by this policy. +> Real-time protection (on-access) scanning isn't impacted by this policy. -- If you enable this setting or do not configure this setting, network files will be scanned. -- If you disable this setting, network files will not be scanned. +- If you enable this setting or don't configure this setting, network files will be scanned. +- If you disable this setting, network files won't be scanned. @@ -783,7 +783,7 @@ Allows or disallows Windows Defender Script Scanning functionality. > [!NOTE] -> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. +> Changes to this setting aren't applied when [tamper protection][TAMPER-1] is enabled. @@ -1549,7 +1549,7 @@ This policy setting defines the number of days items should be kept in the Quara This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that's initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. -- If you disable or don't configure this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. +- If you disable or don't configure this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there's no scheduled scan configured, there will be no catch-up scan run. - If you enable this setting, catch-up scans for scheduled full scans will be disabled. @@ -1619,7 +1619,7 @@ This policy setting allows you to configure catch-up scans for scheduled full sc This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that's initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. -- If you disable or don't configure this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. +- If you disable or don't configure this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there's no scheduled scan configured, there will be no catch-up scan run. - If you enable this setting, catch-up scans for scheduled quick scans will be disabled. @@ -2164,7 +2164,7 @@ Same as Disabled. | Value | Description | |:--|:--| | 0 (Default) | PUA Protection off. Windows Defender won't protect against potentially unwanted applications. | -| 1 | PUA Protection on. Detected items are blocked. They will show in history along with other threats. | +| 1 | PUA Protection on. Detected items are blocked. They'll show in history along with other threats. | | 2 | Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would've taken action against by searching for events created by Windows Defender in the Event Viewer. | @@ -2204,7 +2204,7 @@ Same as Disabled. -This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It's recommended for use on servers where there is a lot of incoming and outgoing file activity but for performance reasons need to have scanning disabled for a particular scan direction. The appropriate configuration should be evaluated based on the server role. +This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It's recommended for use on servers where there's a lot of incoming and outgoing file activity but for performance reasons need to have scanning disabled for a particular scan direction. The appropriate configuration should be evaluated based on the server role. Note that this configuration is only honored for NTFS volumes. For any other file system type, full monitoring of file and program activity will be present on those volumes. @@ -2870,7 +2870,7 @@ Valid remediation action values are: > [!NOTE] > > - **Ignore** is the same as **Allow** in [Microsoft Defender for Endpoint Security Settings Management](/defender-endpoint/mde-security-settings-management), [Microsoft Intune](/intune/intune-service/protect/endpoint-security-antivirus-policy), and Defender Powershell module: [Set-MpPreference](/powershell/module/defender/set-mppreference). -> - Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled. +> - Changes to this setting aren't applied when [tamper protection][TAMPER-1] is enabled. @@ -2888,7 +2888,7 @@ Valid remediation action values are: | Name | Value | |:--|:--| | Name | Threats_ThreatSeverityDefaultAction | -| Friendly Name | Specify threat alert levels at which default action should not be taken when detected | +| Friendly Name | Specify threat alert levels at which default action shouldn't be taken when detected | | Element Name | Specify threat alert levels at which default action shouldn't be taken when detected. | | Location | Computer Configuration | | Path | Windows Components > Microsoft Defender Antivirus > Threats |