From d0dfadfc0882faa806f82ca511b7d0747633a36b Mon Sep 17 00:00:00 2001 From: katoma2017 <48699113+katoma2017@users.noreply.github.com> Date: Tue, 5 Jan 2021 16:46:04 -0800 Subject: [PATCH 01/18] Update security-compliance-toolkit-10.md Add the update baseline to the security baseline toolkit --- .../threat-protection/security-compliance-toolkit-10.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index e8dd6ab29f..e8972cbc75 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -47,6 +47,9 @@ The Security Compliance Toolkit consists of: - Microsoft Edge security baseline - Version 85 + + - Windows Update security baseline + - Windows 10 20H2 and below (October 2020 Update) - Tools - Policy Analyzer tool From de8b12ba6ffa680009b12d2665fad81240a67dc0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 7 Jan 2021 08:00:54 -0800 Subject: [PATCH 02/18] Update windows/security/threat-protection/security-compliance-toolkit-10.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../threat-protection/security-compliance-toolkit-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index e8972cbc75..9aa1555aa0 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -48,7 +48,7 @@ The Security Compliance Toolkit consists of: - Microsoft Edge security baseline - Version 85 - - Windows Update security baseline +- Windows Update security baseline - Windows 10 20H2 and below (October 2020 Update) - Tools From 3609c8cf1b6aaeef7aa98a2d4eb95f261ede0a55 Mon Sep 17 00:00:00 2001 From: Elizabeth Ross Date: Mon, 11 Jan 2021 08:59:37 -0800 Subject: [PATCH 03/18] Update bitlocker-group-policy-settings.md Updated supported operating systems to include the ones from the previous file we redirected due to formatting issues. --- .../bitlocker/bitlocker-group-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index f6f72e035f..1fa0d3b9e3 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -22,7 +22,7 @@ ms.custom: bitlocker **Applies to** -- Windows 10 +- Windows 10, Windows Server 2019, Windows Server 2016, Windows 8.1, and Windows Server 2012 R2 This topic for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption. From 2c6833a08516d06aa067d0bb27ac08125d2c742e Mon Sep 17 00:00:00 2001 From: Ben Watt <13239035+wattbt@users.noreply.github.com> Date: Mon, 11 Jan 2021 17:09:53 +0000 Subject: [PATCH 04/18] Title text change to new naming The web page title was left still referring to Defender ATP, so updated for Defender for Endpoint. Not sure if other pages also are missing this change when the rest of the page was updated. --- .../microsoft-defender-atp/onboard-offline-machines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md index e3aea210fc..0d267cf0ea 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md @@ -1,5 +1,5 @@ --- -title: Onboard devices without Internet access to Microsoft Defender ATP +title: Onboard devices without Internet access to Microsoft Defender for Endpoint ms.reviewer: description: Onboard devices without Internet access so that they can send sensor data to the Microsoft Defender ATP sensor keywords: onboard, servers, vm, on-premise, oms gateway, log analytics, azure log analytics, mma From 8b0eada3f567ea5f00ae70bf40252b3b1045bc3c Mon Sep 17 00:00:00 2001 From: Caroline Gitonga Date: Mon, 11 Jan 2021 20:23:32 +0300 Subject: [PATCH 05/18] Update diagnostic data level taxonomy Sections changed: Insider Preview builds and Feedback & diagnostics --- ...ndows-operating-system-components-to-microsoft-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 4c6e0b8880..b40f5823e6 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -390,7 +390,7 @@ Windows Insider Preview builds only apply to Windows 10 and are not available fo > [!NOTE] -> If you upgrade a device that is configured to minimize connections from Windows to Microsoft services (that is, a device configured for Restricted Traffic) to a Windows Insider Preview build, the Feedback & Diagnostic setting will automatically be set to **Full**. Although the diagnostic data level may initially appear as **Basic**, a few hours after the UI is refreshed or the machine is rebooted, the setting will become **Full**. +> If you upgrade a device that is configured to minimize connections from Windows to Microsoft services (that is, a device configured for Restricted Traffic) to a Windows Insider Preview build, the Feedback & Diagnostic setting will automatically be set to **Optional (Full)**. Although the diagnostic data level may initially appear as **Required (Basic)**, a few hours after the UI is refreshed or the machine is rebooted, the setting will become **Optional (Full)**. To turn off Insider Preview builds for a released version of Windows 10: @@ -1302,7 +1302,7 @@ To change how frequently **Windows should ask for my feedback**: To change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**: -- Click either the **Basic** or **Full** options. +- Click either the **Required (Basic)** or **Optional (Full)** options. -or- From 650539f1d34c0dbb1a6800fd6279b293c4f7cb15 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 11 Jan 2021 10:23:49 -0800 Subject: [PATCH 06/18] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index a487a3c18c..9f5add4dfe 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -66,7 +66,10 @@ See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-def ## Functionality and features available in each state -The following table summarizes the functionality and features that are available in each state: +The table in this section summarizes the functionality and features that are available in each state. + +> [!IMPORTANT] +> The following table is informational, and it is designed to describe the features & capabilities that are turned on or off according to whether Microsoft Defender Antivirus is in Active mode, in Passive mode, or disabled/uninstalled. Do not turn off capabilities, such as real-time protection, if you are using Microsoft Defender Antivirus in passive mode or are using EDR in block mode. |State |[Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) | |--|--|--|--|--|--| @@ -78,7 +81,7 @@ The following table summarizes the functionality and features that are available - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself). - In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode. - When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on and Microsoft Defender Antivirus is not the primary antivirus solution, it can still detect and remediate malicious items. -- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. +- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. Disabling/uninstalling Microsoft Defender Antivirus is not recommended. ## Keep the following points in mind From 678b19d2f03169a6448b97193e61492404788766 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 11 Jan 2021 10:30:27 -0800 Subject: [PATCH 07/18] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 9f5add4dfe..066b363f5e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -87,7 +87,7 @@ The table in this section summarizes the functionality and features that are ava If you are enrolled in Microsoft Defender for Endpoint and you are using a third-party antimalware product, then passive mode is enabled. [The service requires common information sharing from Microsoft Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks. -When Microsoft Defender Antivirus is automatically disabled, it can automatically re-enabled if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. This is to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app. +When Microsoft Defender Antivirus is disabled automatically, it can be re-enabled automatically if the protection offered by a non-Microsoft antivirus product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. Automatic re-enabling helps to ensure that antivirus protection is maintained on your devices. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app. In passive mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. From a9613ad0aabbe85b8bc9c35ea8fdfe75d916b4eb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 11 Jan 2021 10:32:31 -0800 Subject: [PATCH 08/18] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 066b363f5e..f58cdac130 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -1,7 +1,7 @@ --- title: Microsoft Defender Antivirus compatibility with other security products -description: Microsoft Defender Antivirus operates in different ways depending on what other security products you have installed, and the operating system you are using. -keywords: windows defender, atp, advanced threat protection, compatibility, passive mode +description: Get an overview of what to expect from Microsoft Defender Antivirus with other security products and the operating systems you are using. +keywords: windows defender, next-generation, atp, advanced threat protection, compatibility, passive mode search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.reviewer: pahuijbr, shwjha +ms.reviewer: tewchen, pahuijbr, shwjha manager: dansimp ms.date: 01/11/2021 --- From 41aa1b595f3897f3695d45f1ad0572b1fa3f022e Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 11 Jan 2021 11:19:46 -0800 Subject: [PATCH 09/18] Release notes for 101.18.53 --- .../microsoft-defender-atp/linux-resources.md | 4 ++-- .../microsoft-defender-atp/linux-whatsnew.md | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index fa1b975d62..b8e1e244b8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -114,9 +114,9 @@ The following table lists commands for some of the most common scenarios. Run `m |Configuration |Turn off PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action off` | |Configuration |Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action audit` | |Diagnostics |Change the log level |`mdatp log level set --level verbose [error|warning|info|verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create` | +|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [directory]` | |Health |Check the product's health |`mdatp health` | -|Protection |Scan a path |`mdatp scan custom --path [path]` | +|Protection |Scan a path |`mdatp scan custom --path [path] [--ignore-exclusions]` | |Protection |Do a quick scan |`mdatp scan quick` | |Protection |Do a full scan |`mdatp scan full` | |Protection |Cancel an ongoing on-demand scan |`mdatp scan cancel` | diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md index 85ee3ab500..d769c548fd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -23,6 +23,16 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +## 101.18.53 + +- EDR for Linux is now [generally available](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/edr-for-linux-is-now-is-generally-available/ba-p/2048539) +- Added a new command-line switch (`--ignore-exclusions`) to ignore AV exclusions during custom scans (`mdatp scan custom`) +- Extended `mdatp diagnostic create` with a new parameter (`--path [directory]`) that allows the diagnostic logs to be saved to a different directory +- Performance improvements & bug fixes + +## 101.12.99 + +- Performance improvements & bug fixes ## 101.04.76 From 1478980db53529a8d8ae98ccaef2ab31e13faa2d Mon Sep 17 00:00:00 2001 From: Peter Smith Date: Mon, 11 Jan 2021 11:34:53 -0800 Subject: [PATCH 10/18] Removed Lockdown as a setting for VPNv2CSP Lockdown has been removed from the VPNv2CSP code; removing it also from the docs --- windows/client-management/mdm/vpnv2-csp.md | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 0325decbfc..dc6cd495a9 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -281,25 +281,6 @@ Valid values: Value type is bool. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/LockDown** (./Device only profile) -Lockdown profile. - -Valid values: - -- False (default) - this is not a LockDown profile. -- True - this is a LockDown profile. - -When the LockDown profile is turned on, it does the following things: - -- First, it automatically becomes an "always on" profile. -- Second, it can never be disconnected. -- Third, if the profile is not connected, then the user has no network. -- Fourth, no other profiles may be connected or modified. - -A Lockdown profile must be deleted before you can add, remove, or connect other profiles. - -Value type is bool. Supported operations include Get, Add, Replace, and Delete. - **VPNv2/**ProfileName**/DeviceTunnel** (./Device only profile) Device tunnel profile. From 8e59e45f291825c2eed5c019b36dfedde0a8d7a1 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 11 Jan 2021 12:38:46 -0800 Subject: [PATCH 11/18] Add note on versions out of support --- .../threat-protection/microsoft-defender-atp/linux-whatsnew.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md index d769c548fd..db4c18a233 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -23,6 +23,9 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +> [!IMPORTANT] +> Product versions 101.04.76 and older are nearing end of support. Customers running on version 101.04.76 or older must upgrade to a newer version of Microsoft Defender for Endpoint for Linux by February 1st, 2021. + ## 101.18.53 - EDR for Linux is now [generally available](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/edr-for-linux-is-now-is-generally-available/ba-p/2048539) From db5a79e110ef77e18da095687b054ef75552df0f Mon Sep 17 00:00:00 2001 From: Elizabeth Ross Date: Mon, 11 Jan 2021 12:56:01 -0800 Subject: [PATCH 12/18] Update windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../bitlocker/bitlocker-group-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 1fa0d3b9e3..2bda9b48ce 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -20,7 +20,7 @@ ms.custom: bitlocker # BitLocker Group Policy settings -**Applies to** +**Applies to:** - Windows 10, Windows Server 2019, Windows Server 2016, Windows 8.1, and Windows Server 2012 R2 From 89b2ef370b1929801d7a1645dd8d9096e496377c Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 11 Jan 2021 13:04:37 -0800 Subject: [PATCH 13/18] add windows virtual desktop support --- .../microsoft-defender-atp/minimum-requirements.md | 1 + .../whats-new-in-microsoft-defender-atp.md | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index 96515f8a95..714f80adb2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -95,6 +95,7 @@ Access to Defender for Endpoint is done through a browser, supporting the follow - Windows Server 2016 - Windows Server, version 1803 or later - Windows Server 2019 +- Windows Virtual Desktop Devices on your network must be running one of these editions. diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index 9a8ae62bdb..43382105c2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -40,6 +40,11 @@ For more information preview features, see [Preview features](https://docs.micro > https://docs.microsoft.com/api/search/rss?search=%22Microsoft+Defender+ATP+as+well+as+security+features+in+Windows+10+and+Windows+Server.%22&locale=en-us > ``` + +## January 2021 + +- [Windows Virtual Desktop](https://azure.microsoft.com/services/virtual-desktop/)
Microsoft Defender for Endpoint now adds support for Windows Virtual Desktop. + ## December 2020 - [Microsoft Defender for Endpoint for iOS](microsoft-defender-atp-ios.md)
Microsoft Defender for Endpoint now adds support for iOS. Learn how to install, configure, update, and use Microsoft Defender for Endpoint for iOS. From 4d670199bb53eff8180f0af844126af53b28b4be Mon Sep 17 00:00:00 2001 From: julihooper <65675989+julihooper@users.noreply.github.com> Date: Mon, 11 Jan 2021 13:50:05 -0800 Subject: [PATCH 14/18] Update defender-csp.md adding CSP description for DisableLocalAdminMerge config. --- windows/client-management/mdm/defender-csp.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index da9959c0a2..21e9063233 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -390,6 +390,25 @@ Intune tamper protection setting UX supports three states: When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly. +**Configuration/DisableLocalAdminMerge**
+This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. This setting applies to lists such as threats and exclusions. + +If you disable or do not configure this setting, unique items defined in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, management settings will override preference settings. + +If you enable this setting, only items defined by management will be used in the resulting effective policy. Managed settings will override preference settings configured by the local administrator. + +**Note:** Applying this setting will not remove exclusions from the device registry, it will only prevent them from being applied/used. This is reflected in Get-MpPreference. + +Supported OS versions: Windows 10 + +The data type is integer. + +Supported operations are Add, Delete, Get, Replace. + +Valid values are: +- 1 – Enable. +- 0 (default) – Disable. + **Configuration/EnableFileHashComputation** Enables or disables file hash computation feature. When this feature is enabled Windows defender will compute hashes for files it scans. From e09556520a05b088fcd23f619c8ac8794a58d3b3 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 11 Jan 2021 14:17:10 -0800 Subject: [PATCH 15/18] Revert notice pending further discussion with PM --- .../threat-protection/microsoft-defender-atp/linux-whatsnew.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md index db4c18a233..d769c548fd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -23,9 +23,6 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -> [!IMPORTANT] -> Product versions 101.04.76 and older are nearing end of support. Customers running on version 101.04.76 or older must upgrade to a newer version of Microsoft Defender for Endpoint for Linux by February 1st, 2021. - ## 101.18.53 - EDR for Linux is now [generally available](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/edr-for-linux-is-now-is-generally-available/ba-p/2048539) From 1c80371f586cc218260256c79a76499a42100f92 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 11 Jan 2021 14:46:02 -0800 Subject: [PATCH 16/18] Corrected note style --- windows/client-management/mdm/defender-csp.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 21e9063233..37205534c5 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -397,7 +397,8 @@ If you disable or do not configure this setting, unique items defined in prefere If you enable this setting, only items defined by management will be used in the resulting effective policy. Managed settings will override preference settings configured by the local administrator. -**Note:** Applying this setting will not remove exclusions from the device registry, it will only prevent them from being applied/used. This is reflected in Get-MpPreference. +> [!NOTE] +> Applying this setting will not remove exclusions from the device registry, it will only prevent them from being applied/used. This is reflected in **Get-MpPreference**. Supported OS versions: Windows 10 From 708e8a2e60fc4af35a494852c7a17546fbc8ab9f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 11 Jan 2021 15:10:26 -0800 Subject: [PATCH 17/18] last seen updates --- .../threat-protection/microsoft-defender-atp/machine.md | 2 +- .../microsoft-defender-atp/machines-view-overview.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index ab02cb5c21..53bdfe131c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -54,7 +54,7 @@ Property | Type | Description id | String | [machine](machine.md) identity. computerDnsName | String | [machine](machine.md) fully qualified name. firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Microsoft Defender for Endpoint. -lastSeen | DateTimeOffset | Last date and time where the [machine](machine.md) was observed by Microsoft Defender for Endpoint. +lastSeen | DateTimeOffset |Time and date of the last received full device report. A device typically sends a full report every 24 hours. osPlatform | String | Operating system platform. version | String | Operating system Version. osBuild | Nullable long | Operating system build number. diff --git a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md index fae0dfc00e..efae39c258 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md @@ -28,7 +28,7 @@ ms.topic: article >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-machinesview-abovefoldlink) -The **Devices list** shows a list of the devices in your network where alerts were generated. By default, the queue displays devices with alerts seen in the last 30 days. +The **Devices list** shows a list of the devices in your network where alerts were generated. By default, the queue displays devices seen in the last 30 days. At a glance you'll see information such as domain, risk level, OS platform, and other details for easy identification of devices most at risk. From 7a7450e0f652a6f5ee5a6246139b4612e03dd664 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 11 Jan 2021 15:39:05 -0800 Subject: [PATCH 18/18] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index f58cdac130..d1fbec7602 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -85,16 +85,16 @@ The table in this section summarizes the functionality and features that are ava ## Keep the following points in mind -If you are enrolled in Microsoft Defender for Endpoint and you are using a third-party antimalware product, then passive mode is enabled. [The service requires common information sharing from Microsoft Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks. +- If you are enrolled in Microsoft Defender for Endpoint and you are using a third-party antimalware product, then passive mode is enabled. [The service requires common information sharing from Microsoft Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks. -When Microsoft Defender Antivirus is disabled automatically, it can be re-enabled automatically if the protection offered by a non-Microsoft antivirus product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. Automatic re-enabling helps to ensure that antivirus protection is maintained on your devices. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app. +- When Microsoft Defender Antivirus is disabled automatically, it can be re-enabled automatically if the protection offered by a non-Microsoft antivirus product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. Automatic re-enabling helps to ensure that antivirus protection is maintained on your devices. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app. -In passive mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. +- When Microsoft Defender Antivirus is in passive mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into active mode if your devices have an up-to-date, non-Microsoft antivirus product providing real-time protection from malware. -If you uninstall the other product, and choose to use Microsoft Defender Antivirus to provide protection to your endpoints, Microsoft Defender Antivirus will automatically return to its normal active mode. + If you uninstall the non-Microsoft antivirus product, and use Microsoft Defender Antivirus to provide protection to your devices, Microsoft Defender Antivirus will return to its normal active mode automatically. > [!WARNING] -> You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender for Endpoint, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md). +> Do not disable, stop, or modify any of the associated services that are used by Microsoft Defender Antivirus, Microsoft Defender for Endpoint, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and processes. Manually modifying these services can cause severe instability on your devices and can make your network vulnerable. Disabling, stopping, or modifying those services can also cause problems when using non-Microsoft antivirus solutions and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md). ## See also @@ -103,5 +103,4 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir - [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) - [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) - [Configure Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure) -- [Configure Endpoint Protection on a standalone client](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure-standalone-client) - [Learn about Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about)