deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-27 00:03:45 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into dansimp-w10-mobile-scrub

Browse Source
This commit is contained in:
Gary Moore
2021-07-23 13:33:46 -07:00
committed by GitHub
parent 559183c2f0 22bd21d292
commit 7ecf343270
7 changed files with 205 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/client-management/mdm/defender-csp.md
View File

@ -10,7 +10,7 @@ ms.prod: w10
ms.technology: windows
author: dansimp
ms.localizationpriority: medium
ms.date: 06/23/2021
ms.date: 07/23/2021
---
# Defender CSP
@ -61,7 +61,7 @@ Defender
--------SupportLogLocation (Added in the next major release of Windows 10)
--------PlatformUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
--------EngineUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
--------SignaturesUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
--------DefinitionUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
--------DisableGradualRelease (Added with the 4.18.2106.5 Defender platform release)
----Scan
----UpdateSignature

184
windows/client-management/mdm/defender-ddf.md
View File

@ -10,11 +10,12 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/23/2021
---
# Defender DDF file
This topic shows the OMA DM device description framework (DDF) for the **Defender** configuration service provider. DDF files are used only with OMA DM provisioning XML.
This article shows the OMA DM device description framework (DDF) for the **Defender** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
@ -757,6 +758,185 @@ The XML below is the current version for this CSP.
</DFProperties>
</Node>
<Node>
<NodeName>DisableGradualRelease</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Enable this policy to disable gradual rollout of Defender updates.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<Applicability>
<OsBuildVersion>99.9.99999</OsBuildVersion>
<CspVersion>1.3</CspVersion>
</Applicability>
<AllowedValues ValueType="ENUM">
<Enum>
<Value>1</Value>
<ValueDescription>Gradual release is disabled</ValueDescription>
</Enum>
<Enum>
<Value>0</Value>
<ValueDescription>Gradual release is enabled</ValueDescription>
</Enum>
</AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>DefinitionUpdatesChannel</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Enable this policy to specify when devices receive daily Microsoft Defender definition updates during the daily gradual rollout.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<Applicability>
<OsBuildVersion>99.9.99999</OsBuildVersion>
<CspVersion>1.3</CspVersion>
</Applicability>
<AllowedValues ValueType="ENUM">
<Enum>
<Value>0</Value>
<ValueDescription>Not configured (Default). The device will stay up to date automatically during the gradual release cycle. Suitable for most devices.</ValueDescription>
</Enum>
<Enum>
<Value>4</Value>
<ValueDescription>Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).</ValueDescription>
</Enum>
<Enum>
<Value>5</Value>
<ValueDescription>Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).</ValueDescription>
</Enum>
</AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>EngineUpdatesChannel</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<Applicability>
<OsBuildVersion>99.9.99999</OsBuildVersion>
<CspVersion>1.3</CspVersion>
</Applicability>
<AllowedValues ValueType="ENUM">
<Enum>
<Value>0</Value>
<ValueDescription>Not configured (Default). The device will stay up to date automatically during the gradual release cycle. Suitable for most devices.</ValueDescription>
</Enum>
<Enum>
<Value>2</Value>
<ValueDescription>Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.</ValueDescription>
</Enum>
<Enum>
<Value>3</Value>
<ValueDescription>Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.</ValueDescription>
</Enum>
<Enum>
<Value>4</Value>
<ValueDescription>Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).</ValueDescription>
</Enum>
<Enum>
<Value>5</Value>
<ValueDescription>Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).</ValueDescription>
</Enum>
</AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>PlatformUpdatesChannel</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<Applicability>
<OsBuildVersion>99.9.99999</OsBuildVersion>
<CspVersion>1.3</CspVersion>
</Applicability>
<AllowedValues ValueType="ENUM">
<Enum>
<Value>0</Value>
<ValueDescription>Not configured (Default). The device will stay up to date automatically during the gradual release cycle. Suitable for most devices.</ValueDescription>
</Enum>
<Enum>
<Value>2</Value>
<ValueDescription>Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.</ValueDescription>
</Enum>
<Enum>
<Value>3</Value>
<ValueDescription>Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.</ValueDescription>
</Enum>
<Enum>
<Value>4</Value>
<ValueDescription>Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).</ValueDescription>
</Enum>
<Enum>
<Value>5</Value>
<ValueDescription>Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).</ValueDescription>
</Enum>
</AllowedValues>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Scan</NodeName>
@ -825,7 +1005,7 @@ The XML below is the current version for this CSP.
</MgmtTree>
```
## Related topics
## See also
[Defender configuration service provider](defender-csp.md)

2
windows/deployment/update/update-compliance-configuration-mem.md
View File

@ -37,7 +37,7 @@ Take the following steps to create a configuration profile that will set require
5. You are now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
6. On the **Configuration settings** page, you will be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md).
1. If you don't already have it, get your Commercial ID. For steps, see [Get your CommmercialID](update-compliance-get-started.md#get-your-commercialid).
2. Add a setting for **Commercial ID** ) with the following values:
2. Add a setting for **Commercial ID** with the following values:
- **Name**: Commercial ID
- **Description**: Sets the Commercial ID that corresponds to the Update Compliance Log Analytics workspace.
- **OMA-URI**: `./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID`

2
windows/deployment/update/waas-quick-start.md
View File

@ -5,7 +5,7 @@ keywords: updates, servicing, current, deployment, semi-annual channel, feature,
ms.prod: w10
ms.mktglfcycl: manage
author: jaimeo
ms.localizationpriority: medium
ms.localizationpriority: high
ms.author: jaimeo
ms.reviewer:
manager: laurawi

2
windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
View File

@ -105,7 +105,7 @@ Three approaches are documented here:
1. Update the certificate template by executing the following command:
certutil - dsaddtemplate \<TemplateName\>.txt
certutil -dsaddtemplate \<TemplateName\>.txt
1. In the Certificate Authority console, right-click **Certificate Templates**, select **New**, and select **Certificate Template to Issue**

1
windows/security/threat-protection/auditing/event-4768.md
View File

@ -282,6 +282,7 @@ The most common values:
| 2 | PA-ENC-TIMESTAMP | This is a normal type for standard password authentication. |
| 11 | PA-ETYPE-INFO | The ETYPE-INFO pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value.<br>Never saw this Pre-Authentication Type in Microsoft Active Directory environment. |
| 15 | PA-PK-AS-REP\_OLD | Used for Smart Card logon authentication. |
| 16 | PA-PK-AS-REQ | Request sent to KDC in Smart Card authentication scenarios. |
| 17 | PA-PK-AS-REP | This type should also be used for Smart Card authentication, but in certain Active Directory environments, it is never seen. |
| 19 | PA-ETYPE-INFO2 | The ETYPE-INFO2 pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value.<br>Never saw this Pre-Authentication Type in Microsoft Active Directory environment. |
| 20 | PA-SVR-REFERRAL-INFO | Used in KDC Referrals tickets. |

4
windows/security/threat-protection/windows-firewall/best-practices-configuring.md
View File

@ -119,7 +119,7 @@ In either of the scenarios above, once these rules are added they must be delete
When designing a set of firewall policies for your network, it is a best practice to configure allow rules for any networked applications deployed on the host. Having these rules in place before the user first launches the application will help ensure a seamless experience.
The absence of these staged rules does not necessarily mean that in the end an application will be unable to communicate on the network. However, the behaviors involved in the automatic creation of application rules at runtime requires user interaction.
The absence of these staged rules does not necessarily mean that in the end an application will be unable to communicate on the network. However, the behaviors involved in the automatic creation of application rules at runtime require user interaction and administrative privilege. If the device is expected to be used by non-administrative users, you should follow best practices and provide these rules before the application's first launch to avoid unexpected networking issues.
To determine why some applications are blocked from communicating in the network, check for the following:
@ -129,6 +129,8 @@ To determine why some applications are blocked from communicating in the network
3. Local Policy Merge is disabled, preventing the application or network service from creating local rules.
Creation of application rules at runtime can also be prohibited by administrators using the Settings app or Group Policy.
![Windows Firewall prompt](images/fw04-userquery.png)
*Figure 4: Dialog box to allow access*