deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 08:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3343 from MicrosoftDocs/repo_sync_working_branch

Browse Source 
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)
This commit is contained in:
Tina Burden 2020-07-22 12:13:42 -07:00 committed by GitHub
commit 785527f280
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 40 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/configuration/kiosk-prepare.md
View File

@ -158,7 +158,7 @@ The following table describes some features that have interoperability issues we
<tr class="odd">
<td><p>Key sequences blocked by assigned access</p></td>
<td><p>When in assigned access, some key combinations are blocked for assigned access users.</p>
<p>Alt+F4, Alt+Shift+TaB, Alt+Tab are not blocked by Assigned Access, it is recommended you use <a href="https://docs.microsoft.com/windows-hardware/customize/enterprise/keyboardfilter" data-raw-source="[Keyboard Filter](https://docs.microsoft.com/windows-hardware/customize/enterprise/keyboardfilter)">Keyboard Filter</a> to block these key combinations.</p>
<p>Alt+F4, Alt+Shift+Tab, Alt+Tab are not blocked by Assigned Access, it is recommended you use <a href="https://docs.microsoft.com/windows-hardware/customize/enterprise/keyboardfilter" data-raw-source="[Keyboard Filter](https://docs.microsoft.com/windows-hardware/customize/enterprise/keyboardfilter)">Keyboard Filter</a> to block these key combinations.</p>
<p>Ctrl+Alt+Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in <a href="https://docs.microsoft.com/windows-hardware/customize/enterprise/wekf-settings" data-raw-source="[WEKF_Settings](https://docs.microsoft.com/windows-hardware/customize/enterprise/wekf-settings)">WEKF_Settings</a>.</p>
<table>
<colgroup>

2
windows/deployment/update/waas-delivery-optimization-setup.md
View File

@ -148,8 +148,6 @@ Using the `-Verbose` option returns additional information:
**Starting in Windows 10, version 2004**, `Get-DeliveryOptimizationPerfSnap` has a new option `-PeerInfo` which returns a real-time list of the connected peers.
Starting in Windows 10, version 1903, `get-DeliveryOptimizationPerfSnap` has a new option `-CacheSummary` which provides a summary of the cache status.
Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month.
#### Manage the Delivery Optimization cache

8
windows/privacy/manage-windows-1903-endpoints.md
View File

@ -7,12 +7,12 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.localizationpriority: high
audience: ITPro
author: danihalfin
ms.author: dansimp
manager: sanashar
author: obezeajo
ms.author: obezeajo
manager: robsize
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 5/3/2019
ms.date: 7/22/2020
---
# Manage connection endpoints for Windows 10 Enterprise, version 1903

6
windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
View File

@ -8,11 +8,11 @@ ms.sitesec: library
ms.localizationpriority: high
audience: ITPro
author: mikeedgar
ms.author: sanashar
manager: sanashar
ms.author: obezeajo
manager: robsize
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 5/9/2019
ms.date: 7/22/2020
---
# Windows 10, version 1903, connection endpoints for non-Enterprise editions

5
windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
View File

@ -74,6 +74,9 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c
|F | While Windows loads the user's desktop, lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider. The Cloud AP provider requests a nonce from Azure Active Directory. Azure AD returns a nonce.|
|G | The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Azure Active Directory. Azure Active Directory validates the signed nonce using the user's securely registered public key against the nonce signature. After validating the signature, Azure AD then validates the returned signed nonce. After validating the nonce, Azure AD creates a PRT with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider.<br>The Cloud AP provider receives the encrypted PRT with session key. Using the device's private transport key, the Cloud AP provider decrypt the session key and protects the session key using the device's TPM.<br>The Cloud AP provider returns a successful authentication response to lsass. Lsass caches the PRT.|
> [!IMPORTANT]
> In the above deployment model, a newly provisioned user will not be able to sign in using Windows Hello for Business until (a) Azure AD Connect successfully synchronizes the public key to the on-premises Active Directory and (b) device has line of sight to the domain controller for the first time.
## Hybrid Azure AD join authentication using a Certificate
![Hybrid Azure AD join authentication using a Certificate](images/howitworks/auth-haadj-certtrust.png)
@ -87,3 +90,5 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c
|F | While Windows loads the user's desktop, lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider. The Cloud AP provider requests a nonce from Azure Active Directory. Azure AD returns a nonce.|
|G | The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Azure Active Directory. Azure Active Directory validates the signed nonce using the user's securely registered public key against the nonce signature. After validating the signature, Azure AD then validates the returned signed nonce. After validating the nonce, Azure AD creates a PRT with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider.<br>The Cloud AP provider receives the encrypted PRT with session key. Using the device's private transport key, the Cloud AP provider decrypt the session key and protects the session key using the device's TPM.<br>The Cloud AP provider returns a successful authentication response to lsass. Lsass caches the PRT.|
> [!IMPORTANT]
> In the above deployment model, a newly provisioned user will not be able to sign in using Windows Hello for Business unless the device has line of sight to the domain controller for the first time.

2
windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
View File

@ -30,7 +30,7 @@ manager: dansimp
You can exclude certain files from Microsoft Defender Antivirus scans by modifying exclusion lists. **Generally, you shouldn't need to apply exclusions**. Microsoft Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations.
> [!NOTE]
> Automatic exclusions apply only to Windows Server 2016 and above. The default antimalware policy we deploy at Microsoft doesn't set any exclusions by default.
> Automatic exclusions apply only to Windows Server 2016 and above. These exclusions are not visible in the Windows Security app and in PowerShell.
This article describes how to configure exclusion lists for the files and folders. See [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists.

36
windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
View File

@ -12,7 +12,7 @@ ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
ms.date: 12/10/2018
ms.date: 07/22/2020
ms.reviewer:
manager: dansimp
---
@ -71,7 +71,7 @@ Scheduled scans will run at the day and time you specify. You can use Group Poli
>[!NOTE]
>If a computer is unplugged and running on battery during a scheduled full scan, the scheduled scan will stop with event 1002, which states that the scan stopped before completion. Microsoft Defender Antivirus will run a full scan at the next scheduled time.
**Use Group Policy to schedule scans:**
### Use Group Policy to schedule scans
Location | Setting | Description | Default setting (if not configured)
---|---|---|---
@ -80,7 +80,7 @@ Scan | Specify the day of the week to run a scheduled scan | Specify the day (or
Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am). | 2 am
Root | Randomize scheduled task times |In Microsoft Defender Antivirus: Randomize the start time of the scan to any interval from 0 to 4 hours. <br>In FEP/SCEP: randomize to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments. | Enabled
**Use PowerShell cmdlets to schedule scans:**
### Use PowerShell cmdlets to schedule scans
Use the following cmdlets:
@ -94,7 +94,7 @@ Set-MpPreference -RandomizeScheduleTaskTimes
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
**Use Windows Management Instruction (WMI) to schedule scans:**
### Use Windows Management Instruction (WMI) to schedule scans
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@ -113,13 +113,16 @@ See the following for more information and allowed parameters:
You can set the scheduled scan to only occur when the endpoint is turned on but not in use with Group Policy, PowerShell, or WMI.
**Use Group Policy to schedule scans**
> [!NOTE]
> These scans will not honor the CPU throttling configuration and take full advantage of the resources available to complete the scan as fast as possible.
### Use Group Policy to schedule scans
Location | Setting | Description | Default setting (if not configured)
---|---|---|---
Scan | Start the scheduled scan only when computer is on but not in use | Scheduled scans will not run, unless the computer is on but not in use | Enabled
**Use PowerShell cmdlets:**
### Use PowerShell cmdlets
Use the following cmdlets:
@ -129,7 +132,7 @@ Set-MpPreference -ScanOnlyIfIdleEnabled
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
**Use Windows Management Instruction (WMI):**
### Use Windows Management Instruction (WMI)
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@ -146,15 +149,14 @@ See the following for more information and allowed parameters:
Some threats may require a full scan to complete their removal and remediation. You can schedule when these scans should occur with Group Policy, PowerShell, or WMI.
**Use Group Policy to schedule remediation-required scans**
### Use Group Policy to schedule remediation-required scans
Location | Setting | Description | Default setting (if not configured)
---|---|---|---
Remediation | Specify the day of the week to run a scheduled full scan to complete remediation | Specify the day (or never) to run a scan. | Never
Remediation | Specify the time of day to run a scheduled full scan to complete remediation | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am
**Use PowerShell cmdlets:**
### Use PowerShell cmdlets
Use the following cmdlets:
@ -165,7 +167,7 @@ Set-MpPreference -RemediationScheduleTime
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
**Use Windows Management Instruction (WMI):**
### Use Windows Management Instruction (WMI)
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@ -185,14 +187,14 @@ See the following for more information and allowed parameters:
You can enable a daily quick scan that can be run in addition to your other scheduled scans with Group Policy, PowerShell, or WMI.
**Use Group Policy to schedule daily scans:**
### Use Group Policy to schedule daily scans
Location | Setting | Description | Default setting (if not configured)
---|---|---|---
Scan | Specify the interval to run quick scans per day | Specify how many hours should elapse before the next quick scan. For example, to run every two hours, enter **2**, for once a day, enter **24**. Enter **0** to never run a daily quick scan. | Never
Scan | Specify the time for a daily quick scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am
**Use PowerShell cmdlets to schedule daily scans:**
### Use PowerShell cmdlets to schedule daily scans
Use the following cmdlets:
@ -202,7 +204,7 @@ Set-MpPreference -ScanScheduleQuickTime
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
**Use Windows Management Instruction (WMI) to schedule daily scans:**
### Use Windows Management Instruction (WMI) to schedule daily scans
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@ -219,16 +221,12 @@ See the following for more information and allowed parameters:
You can force a scan to occur after every [protection update](manage-protection-updates-microsoft-defender-antivirus.md) with Group Policy.
**Use Group Policy to schedule scans after protection updates**
### Use Group Policy to schedule scans after protection updates
Location | Setting | Description | Default setting (if not configured)
---|---|---|---
Signature updates | Turn on scan after Security intelligence update | A scan will occur immediately after a new protection update is downloaded | Enabled
## Related topics

2
windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
View File

@ -18,7 +18,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Create indicators based on certificates (preview)
# Create indicators based on certificates
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)

4
windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
View File

@ -42,9 +42,9 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
> [!NOTE]
> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP).
Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options:
@ -97,7 +97,7 @@ The hardware requirements for Microsoft Defender ATP on devices are the same for
> [!NOTE]
> Machines running mobile versions of Windows are not supported.
>
> Virtual Machines running Windows 10 Enterprise 2016 LTSC (which is based on Windows 10, version 1607) may encounter performance issues if run on non-Microsoft virtualization platforms.
> Virtual Machines running Windows 10 Enterprise 2016 LTSB (which is based on Windows 10, version 1607) may encounter performance issues if run on non-Microsoft virtualization platforms.
>
> For virtual environments, we recommend using Windows 10 Enterprise LTSC 2019 (which is based on Windows 10, version 1809) or later.

5
windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
View File

@ -41,3 +41,8 @@ Follow the corresponding instructions depending on your preferred deployment met
## Offboard non-Windows devices
- [Offboard non-Windows devices](configure-endpoints-non-windows.md#offboard-non-windows-devices)
>[!NOTE]
> Offboarded devices will remain in the portal until [retention period](data-storage-privacy.md#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy) for the device's data expires. The status will be switched to ['Inactive'](fix-unhealthy-sensors.md#inactive-devices) 7 days after offboarding. <br>
> In addition, [Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's threat and vulnerability management exposure score and Microsoft Secure Score for Devices.](tvm-dashboard-insights.md) <br>
> To view only active devices, you can filter by [health state](machines-view-overview.md#health-state) or by [device tags](machine-tags.md) and [groups](machine-groups.md) etc.