mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-28 05:07:23 +00:00
Merge pull request #5241 from MicrosoftDocs/master
Publish - Merge master to live 6/2/2021 10:30 AM PT
This commit is contained in:
Jeff Borsecnik
GitHub
commit
7e3c150bd1
@ -8,9 +8,9 @@ ms.author: dansimp
|
||||
ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: manikadhiman
|
||||
author: dansimp
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 08/11/2020
|
||||
ms.date: 06/02/2021
|
||||
---
|
||||
|
||||
# Defender CSP
|
||||
@ -56,8 +56,8 @@ Defender
|
||||
--------TamperProtectionEnabled (Added in Windows 10, version 1903)
|
||||
--------IsVirtualMachine (Added in Windows 10, version 1903)
|
||||
----Configuration (Added in Windows 10, version 1903)
|
||||
--------TamperProetection (Added in Windows 10, version 1903)
|
||||
--------EnableFileHashcomputation (Added in Windows 10, version 1903)
|
||||
--------TamperProtection (Added in Windows 10, version 1903)
|
||||
--------EnableFileHashComputation (Added in Windows 10, version 1903)
|
||||
--------SupportLogLocation (Added in the next major release of Windows 10)
|
||||
----Scan
|
||||
----UpdateSignature
|
||||
@ -491,7 +491,7 @@ Supported operations are Add, Delete, Get, Replace.
|
||||
|
||||
<a href="" id="configuration-enablefilehashcomputation"></a>**Configuration/EnableFileHashComputation**
|
||||
Enables or disables file hash computation feature.
|
||||
When this feature is enabled Windows defender will compute hashes for files it scans.
|
||||
When this feature is enabled Windows Defender will compute hashes for files it scans.
|
||||
|
||||
The data type is integer.
|
||||
|
||||
|
||||
@ -6,7 +6,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: manikadhiman
|
||||
ms.date:
|
||||
ms.date: 06/02/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
---
|
||||
@ -18,9 +18,9 @@ Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto
|
||||
The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account.
|
||||
|
||||
Requirements:
|
||||
- AD-joined PC running Windows 10, version 1709 or later
|
||||
- Active Directory-joined PC running Windows 10, version 1709 or later
|
||||
- The enterprise has configured a mobile device management (MDM) service
|
||||
- The on-premises AD must be [integrated with Azure AD (via Azure AD Connect)](/azure/architecture/reference-architectures/identity/azure-ad)
|
||||
- The on-premises Active Directory must be [integrated with Azure AD (via Azure AD Connect)](/azure/architecture/reference-architectures/identity/azure-ad)
|
||||
- The device should not already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`)
|
||||
- The minimum Windows Server version requirement is based on the Hybrid Azure AD join requirement. See [How to plan your hybrid Azure Active Directory join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan) for more information.
|
||||
|
||||
@ -195,6 +195,8 @@ Requirements:
|
||||
|
||||
- 20H2 --> [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157)
|
||||
|
||||
- 21H1 --> [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124)
|
||||
|
||||
2. Install the package on the Domain Controller.
|
||||
|
||||
3. Navigate, depending on the version to the folder:
|
||||
@ -211,6 +213,8 @@ Requirements:
|
||||
|
||||
- 20H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2020 Update (20H2)**
|
||||
|
||||
- 21H1 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2021 Update (21H1)**
|
||||
|
||||
4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**.
|
||||
|
||||
5. Copy PolicyDefinitions folder to **\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions**.
|
||||
@ -294,7 +298,7 @@ To collect Event Viewer logs:
|
||||
- [Group Policy Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
|
||||
|
||||
### Useful Links
|
||||
|
||||
- [Windows 10 Administrative Templates for Windows 10 May 2021 Update 21H1](https://www.microsoft.com/download/details.aspx?id=103124)
|
||||
- [Windows 10 Administrative Templates for Windows 10 November 2019 Update 1909](https://www.microsoft.com/download/details.aspx?id=100591)
|
||||
- [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495)
|
||||
- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
description: Use this article to learn more about what required Windows diagnostic data is gathered.
|
||||
description: Learn what required Windows diagnostic data is gathered.
|
||||
title: Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required diagnostic events and fields (Windows 10)
|
||||
keywords: privacy, telemetry
|
||||
ms.prod: w10
|
||||
@ -4130,7 +4130,7 @@ The following fields are available:
|
||||
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
|
||||
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
|
||||
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full.
|
||||
- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy.
|
||||
- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [experimentationandconfigurationservicecontrol](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
|
||||
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
|
||||
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
|
||||
- **installSourceName** A string representation of the installation source.
|
||||
@ -4162,7 +4162,7 @@ The following fields are available:
|
||||
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
|
||||
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
|
||||
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
|
||||
- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy.
|
||||
- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [experimentationandconfigurationservicecontrol](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
|
||||
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
|
||||
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
|
||||
- **installSourceName** A string representation of the installation source.
|
||||
@ -4195,7 +4195,7 @@ The following fields are available:
|
||||
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
|
||||
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
|
||||
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
|
||||
- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy.
|
||||
- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See (experimentationandconfigurationservicecontrol)[/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol] for more details on this policy.
|
||||
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
|
||||
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
|
||||
- **installSourceName** A string representation of the installation source.
|
||||
@ -4228,7 +4228,7 @@ The following fields are available:
|
||||
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
|
||||
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
|
||||
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
|
||||
- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy.
|
||||
- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [#experimentationandconfigurationservicecontrol](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
|
||||
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
|
||||
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
|
||||
- **installSourceName** A string representation of the installation source.
|
||||
@ -4342,7 +4342,7 @@ The following fields are available:
|
||||
- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
|
||||
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
|
||||
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
|
||||
- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy.
|
||||
- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [experimentationandconfigurationservicecontrol](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
|
||||
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
|
||||
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
|
||||
- **installSourceName** A string representation of the installation source.
|
||||
@ -6355,7 +6355,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.WERVertical.OSCrash
|
||||
|
||||
This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
|
||||
This event sends binary data from the collected dump file whenever a bug check occurs, to help keep Windows up to date. This is the OneCore version of this event.
|
||||
|
||||
The following fields are available:
|
||||
|
||||
|
||||
@ -74,6 +74,9 @@ The two directories used in hybrid deployments must be synchronized. You need A
|
||||
|
||||
Organizations using older directory synchronization technology, such as DirSync or Azure AD sync, need to upgrade to Azure AD Connect. In case the schema of your local AD DS was changed since the last directory synchronization, you may need to [refresh directory schema](/azure/active-directory/hybrid/how-to-connect-installation-wizard#refresh-directory-schema).
|
||||
|
||||
> [!NOTE]
|
||||
> User accounts enrolling for Windows Hello for Business in a Hybrid Certificate Trust scenario must have a UPN matching a verified domain name in Azure AD. For more details, see [Troubleshoot Post-Join issues](/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current#troubleshoot-post-join-issues).
|
||||
|
||||
> [!NOTE]
|
||||
> Windows Hello for Business is tied between a user and a device. Both the user and device need to be synchronized between Azure Active Directory and Active Directory.
|
||||
|
||||
@ -152,4 +155,4 @@ If your environment is already federated and supports Azure device registration,
|
||||
3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
|
||||
4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
|
||||
5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
|
||||
6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)
|
||||
6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)
|
||||
|
||||
@ -74,17 +74,18 @@ This section describes how an attacker might exploit a feature or its configurat
|
||||
|
||||
### Vulnerability
|
||||
|
||||
Enabling this policy setting allows a user’s account on one computer to be associated with an online identity, such as Microsoft account. That account can then log on to a peer device (if the peer device is likewise configured) without the use of a Windows logon account (domain or local). This setup is beneficial for workgroups or home groups. But in a domain-joined environment, it might circumvent established security policies.
|
||||
Enabling this policy setting allows a user’s account on one computer to be associated with an online identity, such as Microsoft account or an Azure AD account. That account can then log on to a peer device (if the peer device is likewise configured) without the use of a Windows logon account (domain or local). This setup is not only beneficial, but required for Azure AD joined devices, where they are signed in with an online identity and are issued certificates by Azure AD. This policy may not be relevant for an *on-premises only* environment and might circumvent established security policies. However, it does not pose any threats in a hybrid environment where Azure AD is used as it relies on the user's online identity and Azure AD to authenticate.
|
||||
|
||||
### Countermeasure
|
||||
|
||||
Set this policy to *Disabled* or don't configure this security policy for domain-joined devices.
|
||||
Set this policy to *Disabled* or don't configure this security policy for *on-premises only* environments.
|
||||
|
||||
### Potential impact
|
||||
|
||||
If you don't set or you disable this policy, the PKU2U protocol won't be used to authenticate between peer devices, which forces users to follow domain-defined access control policies. If you enable this policy, you allow your users to authenticate by using local certificates between systems that aren't part of a domain that uses PKU2U. This configuration allows users to share resources between devices.
|
||||
If you don't set or you disable this policy, the PKU2U protocol won't be used to authenticate between peer devices, which forces users to follow domain-defined access control policies. This is a valid configuration in *on-premises only* environments. Please be aware that some roles/features (such as Failover Clustering) do not utilize a domain account for its PKU2U authentication and will cease to function properly when disabling this policy.
|
||||
|
||||
If you enable this policy in a hybrid environment, you allow your users to authenticate by using certificates issued by Azure AD and their online identity between the corresponding devices. This configuration allows users to share resources between such devices. Without enabling this policy, remote connections to an Azure AD joined device will not work.
|
||||
|
||||
Please be aware that some roles/features (such as Failover Clustering) do not utilize a domain account for its PKU2U authentication and will cease to function properly when disabling this policy.
|
||||
|
||||
## Related topics
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user