deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into UCazure

Browse Source
This commit is contained in:
jaimeo
2018-10-04 11:03:44 -07:00
parent 258f05c177 8c3c7d78ce
commit 7a7bdef3ce
3 changed files with 46 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/deployment/TOC.md
View File

@ -218,6 +218,13 @@
### [Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md) ### [Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md)
### [Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md) ### [Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md)
### [Assign devices to servicing channels for Windows 10 updates](update/waas-servicing-channels-windows-10-updates.md) ### [Assign devices to servicing channels for Windows 10 updates](update/waas-servicing-channels-windows-10-updates.md)
### [Get started with Windows Update](update/windows-update-overview.md)
#### [How Windows Update works](update/how-windows-update-works.md)
#### [Windows Update log files](update/windows-update-logs.md)
#### [How to troubleshoot Windows Update](update/windows-update-troubleshooting.md)
#### [Common Windows Update errors](update/windows-update-errors.md)
#### [Windows Update error code reference](update/windows-update-error-reference.md)
#### [Other Windows Update resources](update/windows-update-resources.md)
### [Optimize Windows 10 update delivery](update/waas-optimize-windows-10-updates.md) ### [Optimize Windows 10 update delivery](update/waas-optimize-windows-10-updates.md)
#### [Configure Delivery Optimization for Windows 10 updates](update/waas-delivery-optimization.md) #### [Configure Delivery Optimization for Windows 10 updates](update/waas-delivery-optimization.md)
#### [Configure BranchCache for Windows 10 updates](update/waas-branchcache.md) #### [Configure BranchCache for Windows 10 updates](update/waas-branchcache.md)

2
windows/deployment/update/windows-analytics-azure-portal.md
View File

@ -33,7 +33,7 @@ To check the Log Analytics workspaces you can access, select **Log Analytics**.
[![Log Analytics workspace page showing accessible workspaces and linked Azure subscriptions](images/azure-portal-LAmain-wkspc-subname-sterile.png)](images/azure-portal-LAmain-wkspc-subname-sterile.png) [![Log Analytics workspace page showing accessible workspaces and linked Azure subscriptions](images/azure-portal-LAmain-wkspc-subname-sterile.png)](images/azure-portal-LAmain-wkspc-subname-sterile.png)
If you do not see your workspace in this view, but you are able to access the workspace from the classic portal, that means you do not have access to the workspaces's Azure subscription or resource group. To remedy this, you will need to find someone with admin rights to grant you access, which they can do by selecting the subscription name and selecting **Access control (IAM)** (alternatively they can configure your access at the resource group level). They should either grant you "Log Analytics Reader" access (for read-only access) or "Log Analytics Contributor" access (which enables making changes such as creating deployment plans and changing application readiness states). If you do not see your workspace in this view, but you are able to access the workspace from the classic portal, that means you do not have access to the workspace's Azure subscription or resource group. To remedy this, you will need to find someone with admin rights to grant you access, which they can do by selecting the subscription name and selecting **Access control (IAM)** (alternatively they can configure your access at the resource group level). They should either grant you "Log Analytics Reader" access (for read-only access) or "Log Analytics Contributor" access (which enables making changes such as creating deployment plans and changing application readiness states).
When permissions are configured, you can select the workspace and then select **Workspace summary** to see information similar to what was shown in the OMS overview page. When permissions are configured, you can select the workspace and then select **Workspace summary** to see information similar to what was shown in the OMS overview page.

38
windows/security/threat-protection/mbsa-removal-and-guidance.md Normal file
View File

@ -0,0 +1,38 @@
---
title: Microsoft Baseline Security Analyzer (MBSA) removal and guidance on alternative solutions
description: This article documents the removal of MBSA and alternative solutions
keywords: MBSA, security, removal
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.author: astoica
author: andreiztm
ms.date: 10/04/2018
---
### What is Microsoft Baseline Security Analyzer and its uses?
Microsoft Baseline Security Analyzer (MBSA) is used to verify patch compliance. MBSA also performed several other security checks for Windows, IIS, and SQL Server. Unfortunately, the logic behind these additional checks had not been actively maintained since the Windows XP and Windows Server 2003. Changes in the products since then rendered many of these security checks obsolete and some of their recommendations counterproductive.
MBSA was largely used in situations where neither Microsoft Update nor a local WSUS/SCCM server was available or as a compliance tool to ensure that all security updates were deployed to a managed environment. With MBSA version 2.3 support for Windows Server 2012 R2 and Windows 8.1 was added, it has since been deprecated and no longer developed. MBSA 2.3 is not updated to fully support Windows 10 and Windows Server 2016.
### The Solution
A script can help you with an alternative to MBSAs patch-compliance checking:
- [Using WUA to Scan for Updates Offline](https://docs.microsoft.com/en-us/previous-versions/windows/desktop/aa387290(v=vs.85)), which includes a sample .vbs script.
For a PowerShell alternative, see [Using WUA to Scan for Updates Offline with PowerShell](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be).
For example:
[![VBS script](images/vbs-example.png)](https://docs.microsoft.com/en-us/previous-versions/windows/desktop/aa387290(v=vs.85))
[![PowerShell script](images/powershell-example.png)](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be)
The above scripts leverage the [WSUS offline scan file](https://support.microsoft.com/en-us/help/927745/detailed-information-for-developers-who-use-the-windows-update-offline) (wsusscn2.cab) to perform a scan and get the same information on missing updates as MBSA supplied. MBSA also relied on the wsusscn2.cab to determine which updates were missing from a given system without connecting to any online service or server. The wsusscn2.cab file is still available and there are currently no plans to remove or replace it.
The wsusscn2.cab file contains the metadata of only security updates, update rollups and service packs available from Microsoft Update, it does not contain any information on non-security updates, tools or drivers.
### More Information
For security compliance and for desktop/server hardening, we recommend the Microsoft Security Baselines and the Security Compliance Toolkit.
- [Windows security baselines](https://docs.microsoft.com/en-us/windows/device-security/windows-security-baselines)
- [Download Microsoft Security Compliance Toolkit 1.0 ](https://www.microsoft.com/download/details.aspx?id=55319)
- [Microsoft Security Guidance blog
](https://blogs.technet.microsoft.com/secguide/)