From 86151affeb5ee7bf5470184d3f81af974493bc26 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Sun, 26 Sep 2021 19:12:44 -0700 Subject: [PATCH 01/28] Added PKCS #7 signing info to the document. --- ...-defender-application-control-against-tampering.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md index 11d3f0df1e..9820f9d011 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md @@ -29,14 +29,14 @@ ms.technology: mde > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md). -Signed WDAC policies give organizations the highest level of malware protection available in Windows. In addition to their enforced policy rules, signed policies cannot be modified or deleted by a user or administrator on the computer. These policies are designed to prevent administrative tampering and kernel mode exploit access. With this in mind, it is much more difficult to remove signed WDAC policies. Note that SecureBoot must be enabled in order to restrict users from updating or removing signed WDAC policies. +Signed WDAC policies give organizations the highest level of malware protection available in Windows—must be signed with [PKCS #7](https://datatracker.ietf.org/doc/html/rfc5652). In addition to their enforced policy rules, signed policies cannot be modified or deleted by a user or administrator on the computer. These policies are designed to prevent administrative tampering and kernel mode exploit access. With this in mind, it is much more difficult to remove signed WDAC policies. Note that SecureBoot must be enabled in order to restrict users from updating or removing signed WDAC policies. -Before you sign and deploy a signed WDAC policy, we recommend that you [audit the policy](audit-windows-defender-application-control-policies.md) to discover any blocked applications that should be allowed to run. +Before you sign with PKCS #7 and deploy a signed WDAC policy, we recommend that you [audit the policy](audit-windows-defender-application-control-policies.md) to discover any blocked applications that should be allowed to run. Signing WDAC policies by using an on-premises CA-generated certificate or a purchased code signing certificate is straightforward. If you do not currently have a code signing certificate exported in .pfx format (containing private keys, extensions, and root certificates), see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) to create one with your on-premises CA. -Before signing WDAC policies for the first time, be sure to enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath -Option 9` even if you're not sure whether the option is already enabled—if so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md). +Before PKCS #7-signing WDAC policies for the first time, be sure to enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md). To sign a WDAC policy with SignTool.exe, you need the following components: @@ -93,17 +93,16 @@ If you do not have a code signing certificate, see [Optional: Create a code sign ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin ``` -8. Sign the WDAC policy by using SignTool.exe: +8. Sign ([PKCS #7](https://datatracker.ietf.org/doc/html/rfc5652)) the WDAC policy by using SignTool.exe: ```powershell sign -v /n "ContosoDGSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin ``` - + > [!NOTE] > The *<Path to signtool.exe>* variable should be the full path to the SignTool.exe utility. **ContosoDGSigningCert** is the subject name of the certificate that will be used to sign the WDAC policy. You should import this certificate to your personal certificate store on the computer you use to sign the policy. 9. Validate the signed file. When complete, the commands should output a signed policy file called {PolicyID}.cip to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md). - > [!NOTE] > The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set. From 8b5999803e77147b8863d8580cf650dafb4e8cb9 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 18 Oct 2021 10:25:35 +0530 Subject: [PATCH 02/28] changed metadata --- .vscode/settings.json | 8 ++++++++ ...-controlling-the-health-of-windows-10-based-devices.md | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000000..ed9462b7e6 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,8 @@ +{ + "markdownlint.config": { + "MD028": false, + "MD025": { + "front_matter_title": "" + } + } +} \ No newline at end of file diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index e24bb48367..21a31de5bd 100644 --- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -13,7 +13,7 @@ ms.pagetype: security, devices author: dulcemontemayor ms.date: 10/13/2017 ms.localizationpriority: medium -ms.technology: mde +ms.technology: windows-sec --- # Control the health of Windows 10-based devices From bb8099d2479b27448089facdd94f29b65fda5934 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 18 Oct 2021 11:05:03 +0530 Subject: [PATCH 03/28] Update protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md --- ...rolling-the-health-of-windows-10-based-devices.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index 21a31de5bd..df5e3dec72 100644 --- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -80,13 +80,13 @@ An MDM solution evaluates the health assertions and, depending on the health rul Access to content is then authorized to the appropriate level of trust for whatever the health status and other conditional elements indicate. -Depending on the requirements and the sensitivity of the managed asset, device health status can be combined with user identity information when processing an access request. Access to content is then authorized to the appropriate level of trust. The Conditional Access engine may be structured to allow additional verification as needed by the sensitivity of the managed asset. For example, if access to high-value data is requested, additional security authentication may need to be established by querying the user to answer a phone call before access is granted. +Depending on the requirements and the sensitivity of the managed asset, device health status can be combined with user identity information when processing an access request. Access to content is then authorized to the appropriate level of trust. The Conditional Access engine may be structured to allow more verification as needed by the sensitivity of the managed asset. For example, if access to high-value data is requested, further security authentication may need to be established by querying the user to answer a phone call before access is granted. ### Microsoft’s security investments in Windows 10 In Windows 10, there are three pillars of investments: -- **Secure identities.** Microsoft is part of the FIDO Alliance which aims to provide an interoperable method of secure authentication by moving away from the use of passwords for authentication, both on the local system as well as for services like on-premises resources and cloud resources. +- **Secure identities.** Microsoft is part of the FIDO Alliance that aims to provide an interoperable method of secure authentication by moving away from the use of passwords for authentication, both on the local system and for services like on-premises resources and cloud resources. - **Information protection.** Microsoft is making investments to allow organizations to have better control over who has access to important data and what they can do with that data. With Windows 10, organizations can take advantage of policies that specify which applications are considered to be corporate applications and can be trusted to access secure data. - **Threat resistance.** Microsoft is helping organizations to better secure enterprise assets against the threats of malware and attacks by using security defenses relying on hardware. @@ -99,7 +99,7 @@ This section is an overview that describes different parts of the end-to-end sec | Number | Part of the solution | Description | | - | - | - | | **1** | Windows 10-based device | The first time a Windows 10-based device is powered on, the out-of-box experience (OOBE) screen is displayed. During setup, the device can be automatically registered into Azure Active Directory (AD) and enrolled in MDM.
A Windows 10-based device with TPM can report health status at any time by using the Health Attestation Service available with all editions of Windows 10.| -| **2** | Identity provider | Azure AD contains users, registered devices, and registered application of organization’s tenant. A device always belongs to a user and a user can have multiple devices. A device is represented as an object with different attributes like the compliance status of the device. A trusted MDM can update the compliance status.
Azure AD is more than a repository. Azure AD is able to authenticate users and devices and can also authorize access to managed resources. Azure AD has a conditional access control engine that leverages the identity of the user, the location of the device and also the compliance status of the device when making a trusted access decision.| +| **2** | Identity provider | Azure AD contains users, registered devices, and registered application of organization’s tenant. A device always belongs to a user and a user can have multiple devices. A device is represented as an object with different attributes like the compliance status of the device. A trusted MDM can update the compliance status.
Azure AD is more than a repository. Azure AD is able to authenticate users and devices and can also authorize access to managed resources. Azure AD has a conditional access control engine that uses the identity of the user, the location of the device and also the compliance status of the device when making a trusted access decision.| | **3**|Mobile device management| Windows 10 has MDM support that enables the device to be managed out-of-box without deploying any agent.
MDM can be Microsoft Intune or any third-party MDM solution that is compatible with Windows 10.| | **4** | Remote health attestation | The Health Attestation Service is a trusted cloud service operated by Microsoft that performs a series of health checks and reports to MDM what Windows 10 security features are enabled on the device.
Security verification includes boot state (WinPE, Safe Mode, Debug/test modes) and components that manage security and integrity of runtime operations (BitLocker, Device Guard).| | **5** | Enterprise managed asset | Enterprise managed asset is the resource to protect.
For example, the asset can be Office 365, other cloud apps, on-premises web resources published by Azure AD, or even VPN access.| @@ -121,7 +121,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware lik - **Trusted Platform Module.** A Trusted Platform Module (TPM) is a hardware component that provides unique security features. - Windows 10 leverages security characteristics of a TPM for measuring boot integrity sequence (and based on that, unlocking automatically BitLocker protected drives), for protecting credentials or for health attestation. + Windows 10 uses security characteristics of a TPM for measuring boot integrity sequence (and based on that, unlocking automatically BitLocker protected drives), for protecting credentials or for health attestation. A TPM implements controls that meet the specification described by the Trusted Computing Group (TCG). At the time of this writing, there are two versions of TPM specification produced by TCG that are not compatible with each other: @@ -161,7 +161,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware lik - **Secure Boot configuration policy.** Extends Secure Boot functionality to critical Windows 10 configuration. - Examples of protected configuration information include protecting Disable Execute bit (NX option) or ensuring that the test signing policy (code integrity) cannot be enabled. This ensures that the binaries and configuration of the computer can be trusted after the boot process has completed. + Examples of protected configuration information include protecting Disable Execute bit (NX option) or ensuring that the test signing policy (code integrity) cannot be enabled. This protective action ensures that the binaries and configuration of the computer can be trusted after the boot process has completed. Secure Boot configuration policy does this with UEFI policy. These signatures for these policies are signed in the same way that operating system binaries are signed for use with Secure Boot. The Secure Boot configuration policy must be signed by a private key that corresponds to one of the public keys stored in the Key Exchange Key (KEK) list. The Microsoft Certificate Authority (CA) will be present in the KEK list of all Windows certified Secure Boot systems. By default, a policy signed by the Microsoft KEK shall be work on all Secure Boot systems. BootMgr must verify the signature against the KEK list before applying a signed policy. With Windows 10, the default Secure Boot configuration policy is embedded in bootmgr. @@ -188,7 +188,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware lik When enabled and configured, Windows 10 can start the Hyper-V virtualization-based security services. HVCI helps protect the system core (kernel), privileged drivers, and system defenses, like antimalware solutions, by preventing malware from running early in the boot process, or after startup. - HVCI uses virtualization-based security to isolate Code Integrity, the only way kernel memory can become executable is through a Code Integrity verification. This means that kernel memory pages can never be Writable and Executable (W+X) and executable code cannot be directly modified. + HVCI uses virtualization-based security to isolate Code Integrity, the only way kernel memory can become executable is through a Code Integrity verification. This dependency on verification means that kernel memory pages can never be Writable and Executable (W+X) and executable code cannot be directly modified. > [!NOTE] > Device Guard devices that run Kernel Mode Code Integrity with virtualization-based security must have compatible drivers. For additional information, please read the [Driver compatibility with Device Guard in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=691612) blog post. From 7d0c4a98437e3a823ea0fbd0d9b3421fd06b0ce0 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 18 Oct 2021 11:17:32 +0530 Subject: [PATCH 04/28] Update protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md --- ...rolling-the-health-of-windows-10-based-devices.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index df5e3dec72..7794832d3e 100644 --- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -200,7 +200,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware lik In Windows 10, Credential Guard aims to protect domain corporate credentials from theft and reuse by malware. With Credential Guard, Windows 10 implemented an architectural change that fundamentally prevents the current forms of the pass-the-hash (PtH) attack. - This is accomplished by leveraging Hyper-V and the new virtualization-based security feature to create a protected container where trusted code and secrets are isolated from the Windows kernel. That means that even if the Windows kernel is compromised an attacker has no way to read and extract the data required to initiate a PtH attack. Credential Guard prevents this because the memory where secrets are stored is no longer accessible from the regular OS, even in kernel mode - the hypervisor controls who can access the memory. + This attack-free state is accomplished by using Hyper-V and the new virtualization-based security feature to create a protected container where trusted code and secrets are isolated from the Windows kernel. This accomplishment means that even if the Windows kernel is compromised, an attacker has no way to read and extract the data required to initiate a PtH attack. Credential Guard prevents this unauthorized access because the memory where secrets are stored is no longer accessible from the regular OS, even in kernel mode - the hypervisor controls who can access the memory. - **Health attestation.** The device’s firmware logs the boot process, and Windows 10 can send it to a trusted server that can check and assess the device’s health. @@ -208,15 +208,15 @@ Windows 10 supports features to help prevent sophisticated low-level malware lik For more information, see [Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware](/previous-versions/windows/hardware/design/dn653311(v=vs.85)). - During each subsequent boot, the same components are measured, which allows comparison of the measurements against an expected baseline. For additional security, the values measured by the TPM can be signed and transmitted to a remote server, which can then perform the comparison. This process, called *remote device health attestation*, allows the server to verify health status of the Windows device. + During each subsequent boot, the same components are measured, which allows comparison of the measurements against an expected baseline. For more security, the values measured by the TPM can be signed and transmitted to a remote server, which can then perform the comparison. This process, called *remote device health attestation*, allows the server to verify health status of the Windows device. Although Secure Boot is a proactive form of protection, health attestation is a reactive form of boot protection. Health attestation ships disabled in Windows and is enabled by an antimalware or an MDM vendor. Unlike Secure Boot, health attestation will not stop the boot process and enter remediation when a measurement does not work. But with conditional access control, health attestation will help to prevent access to high-value assets. ### Virtualization-based security -Virtualization-based security provides a new trust boundary for Windows 10. leverages Hyper-V hypervisor technology to enhance platform security. Virtualization-based security provides a secure execution environment to run specific Windows trusted code (trustlet) and to protect sensitive data. +Virtualization-based security provides a new trust boundary for Windows 10 and uses Hyper-V hypervisor technology to enhance platform security. Virtualization-based security provides a secure execution environment to run specific Windows trusted code (trustlet) and to protect sensitive data. -Virtualization-based security helps to protect against a compromised kernel or a malicious user with Administrator privileges. Note that virtualization-based security is not trying to protect against a physical attacker. +Virtualization-based security helps to protect against a compromised kernel or a malicious user with Administrator privileges. Virtualization-based security is not trying to protect against a physical attacker. The following Windows 10 services are protected with virtualization-based security: @@ -234,14 +234,14 @@ The schema below is a high-level view of Windows 10 with virtualization-based se ### Credential Guard -In Windows 10, when Credential Guard is enabled, Local Security Authority Subsystem Service (lsass.exe) runs sensitive code in an Isolated user mode to help protect data from malware that may be running in the normal user mode. This helps ensure that protected data is not stolen and reused on +In Windows 10, when Credential Guard is enabled, Local Security Authority Subsystem Service (lsass.exe) runs a sensitive code in an Isolated user mode to help protect data from malware that may be running in the normal user mode. This code execution helps ensure that protected data is not stolen and reused on remote machines, which mitigates many PtH-style attacks. Credential Guard helps protect credentials by encrypting them with either a per-boot or persistent key: - **The per-boot key** is used for any in-memory credentials that do not require persistence. An example of such a credential would be a ticket-granting ticket (TGT) session key. This key is negotiated with a Key Distribution Center (KDC) every time authentication occurs and is protected with a per-boot key. - **The persistent key**, or some derivative, is used to help protect items that are stored and reloaded after a reboot. Such protection is intended for long-term storage, and must be protected with a consistent key. -Credential Guard is activated by a registry key and then enabled by using an UEFI variable. This is done to protect against remote modifications of the configuration. The use of a UEFI variable implies that physical access is required to change the configuration. When lsass.exe detects that +Credential Guard is activated by a registry key and then enabled by using a UEFI variable. This activation is done to protect against remote modifications of the configuration. The use of a UEFI variable implies that physical access is required to change the configuration. When lsass.exe detects that credential isolation is enabled, it then spawns LsaIso.exe as an isolated process, which ensures that it runs within isolated user mode. The startup of LsaIso.exe is performed before initialization of a security support provider, which ensures that the secure mode support routines are ready before any authentication begins. ### Device Guard From 5b2e72107f323ebf8c8d430346662ad309a9b7b6 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 18 Oct 2021 11:54:43 +0530 Subject: [PATCH 05/28] updated metadata --- .../auditing/advanced-security-audit-policy-settings.md | 2 +- .../auditing/advanced-security-auditing-faq.yml | 2 +- .../threat-protection/auditing/advanced-security-auditing.md | 2 +- ...security-monitoring-recommendations-for-many-audit-events.md | 2 +- .../auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md | 2 +- .../threat-protection/auditing/audit-account-lockout.md | 2 +- .../threat-protection/auditing/audit-application-generated.md | 2 +- .../auditing/audit-application-group-management.md | 2 +- .../threat-protection/auditing/audit-audit-policy-change.md | 2 +- .../auditing/audit-authentication-policy-change.md | 2 +- .../auditing/audit-authorization-policy-change.md | 2 +- .../auditing/audit-central-access-policy-staging.md | 2 +- .../threat-protection/auditing/audit-certification-services.md | 2 +- .../auditing/audit-computer-account-management.md | 2 +- .../threat-protection/auditing/audit-credential-validation.md | 2 +- .../auditing/audit-detailed-directory-service-replication.md | 2 +- .../threat-protection/auditing/audit-detailed-file-share.md | 2 +- .../auditing/audit-directory-service-access.md | 2 +- .../auditing/audit-directory-service-changes.md | 2 +- .../auditing/audit-directory-service-replication.md | 2 +- .../auditing/audit-distribution-group-management.md | 2 +- .../security/threat-protection/auditing/audit-dpapi-activity.md | 2 +- .../threat-protection/get-support-for-security-baselines.md | 2 +- ...ride-mitigation-options-for-app-related-security-policies.md | 2 +- .../overview-of-threat-mitigations-in-windows-10.md | 2 +- .../threat-protection/security-compliance-toolkit-10.md | 2 +- ...windows-event-forwarding-to-assist-in-intrusion-detection.md | 2 +- .../threat-protection/windows-10-mobile-security-guide.md | 2 +- .../threat-protection/windows-platform-common-criteria.md | 2 +- 29 files changed, 29 insertions(+), 29 deletions(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index f45d596295..1cb4f72589 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Advanced security audit policy settings diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index 92cfb0b820..a3f1fdac56 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -16,7 +16,7 @@ metadata: ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 - ms.technology: mde + ms.technology: windows-sec title: Advanced security auditing FAQ diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md index 2e9d3a84f1..0b3fae0f35 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/6/2021 -ms.technology: mde +ms.technology: windows-sec --- # Advanced security audit policies diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md index d092d91f72..fe2879fa16 100644 --- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md +++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md @@ -11,7 +11,7 @@ ms.date: 09/06/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Appendix A: Security monitoring recommendations for many audit events diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index 331e40c490..4deca9cd3b 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Apply a basic audit policy on a file or folder diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md index 4837398076..2f8d75b174 100644 --- a/windows/security/threat-protection/auditing/audit-account-lockout.md +++ b/windows/security/threat-protection/auditing/audit-account-lockout.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Account Lockout diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md index c2f603a680..f778de2af2 100644 --- a/windows/security/threat-protection/auditing/audit-application-generated.md +++ b/windows/security/threat-protection/auditing/audit-application-generated.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Application Generated diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md index 7fefa5c73c..3cb78ff1b1 100644 --- a/windows/security/threat-protection/auditing/audit-application-group-management.md +++ b/windows/security/threat-protection/auditing/audit-application-group-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Application Group Management diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md index 3828ec83b4..ae75fb4fef 100644 --- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Audit Policy Change diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md index 07e3af496b..68c6747f77 100644 --- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Authentication Policy Change diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md index 20750fbbe9..03111b60f9 100644 --- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Authorization Policy Change diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md index ed8737a5d1..a877583e94 100644 --- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md +++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Central Access Policy Staging diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md index 655f1fbbbc..5c5e3cfccd 100644 --- a/windows/security/threat-protection/auditing/audit-certification-services.md +++ b/windows/security/threat-protection/auditing/audit-certification-services.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Certification Services diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md index 1a3c91c1a9..c544d87734 100644 --- a/windows/security/threat-protection/auditing/audit-computer-account-management.md +++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Computer Account Management diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md index 4bde8f1ddb..ad726d2c61 100644 --- a/windows/security/threat-protection/auditing/audit-credential-validation.md +++ b/windows/security/threat-protection/auditing/audit-credential-validation.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Credential Validation diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md index 593eb8718d..9af371fb40 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Detailed Directory Service Replication diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md index 92b53125a2..15e15c2540 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md +++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Detailed File Share diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md index bceb0bc1d1..927eb3b00a 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Directory Service Access diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md index a2290c487c..c012915713 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Directory Service Changes diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md index 8bbcc73020..f745f49759 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Directory Service Replication diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md index 18f52d6dea..8317bd58a5 100644 --- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md +++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Distribution Group Management diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md index ce489d62ac..ec0e0c8843 100644 --- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md +++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit DPAPI Activity diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md index 6b37a5a6a1..56c3058279 100644 --- a/windows/security/threat-protection/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/get-support-for-security-baselines.md @@ -13,7 +13,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/25/2018 ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Get Support diff --git a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md index c2a1d31b98..33712bcefa 100644 --- a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md +++ b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.sitesec: library author: dulcemontemayor ms.localizationpriority: medium -ms.technology: mde +ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 0a9058b91d..e783eedfcd 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -10,7 +10,7 @@ author: dansimp ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Mitigate threats by using Windows 10 security features diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index 164d2ee773..a2c720f8da 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -13,7 +13,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 11/21/2019 ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Microsoft Security Compliance Toolkit 1.0 diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index a8362c5bda..fc9376dadb 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -12,7 +12,7 @@ ms.pagetype: security author: dulcemontemayor ms.date: 02/28/2019 ms.localizationpriority: medium -ms.technology: mde +ms.technology: windows-sec --- # Use Windows Event Forwarding to help with intrusion detection diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md index 11b4c1a58b..4ee9598673 100644 --- a/windows/security/threat-protection/windows-10-mobile-security-guide.md +++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md @@ -13,7 +13,7 @@ ms.pagetype: security, mobile ms.localizationpriority: medium author: dulcemontemayor ms.date: 10/13/2017 -ms.technology: mde +ms.technology: windows-sec --- # Windows 10 Mobile security guide diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index 6b859eac3c..d87f9d1dcc 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -11,7 +11,7 @@ ms.topic: article ms.localizationpriority: medium ms.date: 3/20/2019 ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Common Criteria Certifications From 99019d533fba3851fb2f4a93202b026a345c12ab Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 18 Oct 2021 12:28:10 +0530 Subject: [PATCH 06/28] fixed Acrolinx errors --- .../advanced-security-auditing-faq.yml | 20 +++++++++---------- ...g-recommendations-for-many-audit-events.md | 2 +- ...-basic-audit-policy-on-a-file-or-folder.md | 8 ++++---- .../auditing/audit-account-lockout.md | 6 +++--- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index a3f1fdac56..fb3c698887 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -77,16 +77,16 @@ sections: > **Important**  Whether you apply advanced audit policies by using Group Policy or by using logon scripts, do not use both the basic audit policy settings under **Local Policies\\Audit Policy** and the advanced settings under **Security Settings\\Advanced Audit Policy Configuration**. Using both advanced and basic audit policy settings can cause unexpected results in audit reporting. - If you use Advanced Audit Policy Configuration settings or use logon scripts to apply advanced audit policies, be sure to enable the **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings** policy setting under **Local Policies\\Security Options**. This will prevent conflicts between similar settings by forcing basic security auditing to be ignored. + If you use Advanced Audit Policy Configuration settings or use logon scripts to apply advanced audit policies, be sure to enable the **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings** policy setting under **Local Policies\\Security Options**. This setting prevents conflicts between similar settings by forcing basic security auditing to be ignored.   - question: | How are audit settings merged by Group Policy? answer: | By default, policy options that are set in GPOs and linked to higher levels of Active Directory sites, domains, and OUs are inherited by all OUs at lower levels. However, an inherited policy can be overridden by a GPO that is linked at a lower level. - For example, you might use a domain GPO to assign an organization-wide group of audit settings, but want a certain OU to get a defined group of additional settings. To accomplish this, you can link a second GPO to that specific lower-level OU. Therefore, a logon audit setting that is applied at the OU level will override a conflicting logon audit setting that is applied at the domain level (unless you have taken special steps to apply Group Policy loopback processing). + For example, you might use a domain GPO to assign an organization-wide group of audit settings, but want a certain OU to get a defined group of extra settings. To accomplish this customization, you can link a second GPO to that specific lower-level OU. Therefore, a logon audit setting that is applied at the OU level will override a conflicting logon audit setting that is applied at the domain level (unless you have taken special steps to apply Group Policy loopback processing). - The rules that govern how Group Policy settings are applied propagate to the subcategory level of audit policy settings. This means that audit policy settings configured in different GPOs will be merged if no policy settings configured at a lower level exist. The following table illustrates this behavior. + The rules that govern how Group Policy settings are applied propagate to the subcategory level of audit policy settings. This coverage means that audit policy settings configured in different GPOs will be merged if no policy settings configured at a lower level exist. The following table illustrates this behavior. | Auditing subcategory | Setting configured in an OU GPO (higher priority) | Setting configured in a domain GPO (lower priority) | Resulting policy for the target computer | @@ -105,7 +105,7 @@ sections: The access control model that is used in Windows is administered at the object level by setting different levels of access, or permissions, to objects. If permissions are configured for an object, its security descriptor contains a DACL with security identifiers (SIDs) for the users and groups that are allowed or denied access. - If auditing is configured for the object, its security descriptor also contains a SACL that controls how the security subsystem audits attempts to access the object. However, auditing is not completely configured unless a SACL has been configured for an object and a corresponding **Object Access** audit policy setting has been configured and applied. + If auditing is configured for the object, its security descriptor also contains a SACL that controls how the security subsystem audits attempts to access the object. However, auditing is not configured entirely unless a SACL has been configured for an object and a corresponding **Object Access** audit policy setting has been configured and applied. - question: | Why are audit policies applied on a per-computer basis rather than per user? @@ -114,7 +114,7 @@ sections: In addition, because audit policy capabilities can vary between computers running different versions of Windows, the best way to ensure that the audit policy is applied correctly is to base these settings on the computer instead of the user. - However, in cases where you want audit settings to apply only to specified groups of users, you can accomplish this by configuring SACLs on the relevant objects to enable auditing for a security group that contains only the users you specify. For example, you can configure a SACL for a folder called Payroll Data on Accounting Server 1. This can audit attempts by members of the Payroll Processors OU to delete objects from this folder. The **Object Access\\Audit File System** audit policy setting applies to Accounting Server 1, but because it requires a corresponding resource SACL, only actions by members of the Payroll Processors OU on the Payroll Data folder generates audit events. + However, when you want audit settings to apply only to specified groups of users, you can accomplish this customization by configuring SACLs on the relevant objects to enable auditing for a security group that contains only the users you specify. For example, you can configure a SACL for a folder called Payroll Data on Accounting Server 1. This configuration results in an audit of attempts by members of the Payroll Processors OU to delete objects from this folder. The **Object Access\\Audit File System** audit policy setting applies to Accounting Server 1, but because it requires a corresponding resource SACL, only actions by members of the Payroll Processors OU on the Payroll Data folder generates audit events. - question: | What are the differences in auditing functionality between versions of Windows? @@ -133,13 +133,13 @@ sections: A failure audit event is triggered when a defined action, such as a user logon, is not completed successfully. - The appearance of failure audit events in the event log does not necessarily mean that something is wrong with your system. For example, if you configure Audit Logon events, a failure event may simply mean that a user mistyped his or her password. + The appearance of failure audit events in the event log does not necessarily mean that something is wrong with your system. For example, if you configure Audit Logon events, a failure event may mean that a user mistyped the password. - question: | How can I set an audit policy that affects all objects on a computer? answer: | - System administrators and auditors increasingly want to verify that an auditing policy is applied to all objects on a system. This has been difficult to accomplish because the system access control lists (SACLs) that govern auditing are applied on a per-object basis. Thus, to verify that an audit policy has been applied to all objects, you would have to check every object to be sure that no changes have been made—even temporarily to a single SACL. - Introduced in Windows Server 2008 R2 and Windows 7, security auditing allows administrators to define global object access auditing policies for the entire file system or for the registry on a computer. The specified SACL is then automatically applied to every object of that type. This can be useful for verifying that all critical files, folders, and registry settings on a computer are protected, and for identifying when an issue with a system resource occurs. If a file or folder SACL and a global object access auditing policy (or a single registry setting SACL and a global object access auditing policy) are configured on a computer, the effective SACL is derived from combining the file or folder SACL and the global object access auditing policy. This means that an audit event is generated if an activity matches either the file or folder SACL or the global object access auditing policy. + System administrators and auditors increasingly want to verify that an auditing policy is applied to all objects on a system. This requirement has been difficult to accomplish because the system access control lists (SACLs) that govern auditing are applied on a per-object basis. Thus, to verify that an audit policy has been applied to all objects, you would have to check every object to be sure that no changes have been made—even temporarily to a single SACL. + Introduced in Windows Server 2008 R2 and Windows 7, security auditing allows administrators to define global object access auditing policies for the entire file system or for the registry on a computer. The specified SACL is then automatically applied to every object of that type. This application of SACL can be useful for verifying that all critical files, folders, and registry settings on a computer are protected, and for identifying when an issue with a system resource occurs. If a file or folder SACL and a global object access auditing policy (or a single registry setting SACL and a global object access auditing policy) are configured on a computer, the effective SACL is derived from combining the file or folder SACL and the global object access auditing policy. This resultant SACL from the combination means that an audit event is generated if an activity matches either the file or folder SACL or the global object access auditing policy. - question: | How do I figure out why someone was able to access a resource? @@ -159,7 +159,7 @@ sections: - question: | How can I roll back security audit policies from the advanced audit policy to the basic audit policy? answer: | - Applying advanced audit policy settings replaces any comparable basic security audit policy settings. If you subsequently change the advanced audit policy setting to **Not configured**, you need to complete the following steps to restore the original basic security audit policy settings: + Applying advanced audit policy settings replaces any comparable basic security audit policy settings. If you later change the advanced audit policy setting to **Not configured**, you need to complete the following steps to restore the original basic security audit policy settings: 1. Set all Advanced Audit Policy subcategories to **Not configured**. 2. Delete all audit.csv files from the %SYSVOL% folder on the domain controller. @@ -189,7 +189,7 @@ sections: What are the best tools to model and manage audit policies? answer: | The integration of advanced audit policy settings with domain Group Policy, introduced in Windows 7 and Windows Server 2008 R2, is designed to simplify the management and implementation of security audit policies in an organization's network. As such, tools used to plan and deploy Group Policy Objects for a domain can also be used to plan and deploy security audit policies. - On an individual computer, the Auditpol command-line tool can be used to complete a number of important audit policy–related management tasks. + On an individual computer, the Auditpol command-line tool can be used to complete many important audit policy–related management tasks. In addition, there are a number of computer management products, such as the Audit Collection Services in the Microsoft System Center Operations Manager products, which can be used to collect and filter event data. diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md index fe2879fa16..258ea0a79b 100644 --- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md +++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md @@ -24,7 +24,7 @@ This document, the [Advanced security audit policy settings](advanced-security-a | **High-value accounts**: You might have high-value domain or local accounts for which you need to monitor each action.
Examples of high-value accounts are database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts and so on. | Monitor relevant events for the **“Subject\\Security ID”** that corresponds to the high-value account or accounts. | | **Anomalies or malicious actions**: You might have specific requirements for detecting anomalies or monitoring potential malicious actions. For example, you might need to monitor for use of an account outside of working hours. | When you monitor for anomalies or malicious actions, use the **“Subject\\Security ID”** (with other information) to monitor how or when a particular account is being used. | | **Non-active accounts**: You might have non-active, disabled, or guest accounts, or other accounts that should never be used. | Monitor relevant events for the **“Subject\\Security ID”** that corresponds to the accounts that should never be used. | -| **Account allow list**: You might have a specific allow list of accounts that are the only ones allowed to perform actions corresponding to particular events. | Monitor the relevant events for **“Subject\\Security ID”** accounts that are outside the allow list of accounts. | +| **Account allowlist**: You might have a specific allowlist of accounts that are the only ones allowed to perform actions corresponding to particular events. | Monitor the relevant events for **“Subject\\Security ID”** accounts that are outside the allowlist of accounts. | | **Accounts of different types**: You might want to ensure that certain actions are performed only by certain account types, for example, local or domain account, machine or user account, vendor or employee account, and so on. | Identify events that correspond to the actions you want to monitor, and for those events, review the **“Subject\\Security ID”** to see whether the account type is as expected. | | **External accounts**: You might be monitoring accounts from another domain, or “external” accounts that are not allowed to perform certain actions (represented by certain specific events). | Monitor the specific events for the **“Subject\\Account Domain”** corresponding to accounts from another domain or “external” accounts. | | **Restricted-use computers or devices**: You might have certain computers, machines, or devices on which certain people (accounts) should not typically perform any actions. | Monitor the target **Computer:** (or other target device) for actions performed by the **“Subject\\Security ID”** that you are concerned about. | diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index 4deca9cd3b..7cc6b35da0 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -29,7 +29,7 @@ To complete this procedure, you must be signed in as a member of the built-in Ad 1. Select and hold (or right-click) the file or folder that you want to audit, select **Properties**, and then select the **Security** tab. 2. Select **Advanced**. 3. In the **Advanced Security Settings** dialog box, select the **Auditing** tab, and then select **Continue**. -4. Do one of the following: +4. Do one of the following tasks: - To set up auditing for a new user or group, select **Add**. Select **Select a principal**, type the name of the user or group that you want, and then select **OK**. - To remove auditing for an existing group or user, select the group or user name, select **Remove**, select **OK**, and then skip the rest of this procedure. - To view or change auditing for an existing group or user, select its name, and then select **Edit.** @@ -40,7 +40,7 @@ To complete this procedure, you must be signed in as a member of the built-in Ad -6. In the **Applies to** box, select the object(s) to which the audit of events will apply. These include: +6. In the **Applies to** box, select the object(s) to which the audit of events will apply. These objects include: - **This folder only** - **This folder, subfolders and files** @@ -62,9 +62,9 @@ To complete this procedure, you must be signed in as a member of the built-in Ad > [!IMPORTANT] > Before you set up auditing for files and folders, you must enable [object access auditing](basic-audit-object-access.md). To do this, define auditing policy settings for the object access event category. If you don't enable object access auditing, you'll receive an error message when you set up auditing for files and folders, and no files or folders will be audited.   -## Additional considerations +## More considerations -- After you turn on object access auditing, view the security log in Event Viewer to review the results of your changes. +- After you turn on object access auditing, view the security login Event Viewer to review the results of your changes. - You can set up file and folder auditing only on NTFS drives. - Because the security log is limited in size, carefully select the files and folders to be audited. Also, consider the amount of disk space that you want to devote to the security log. The maximum size for the security log is defined in Event Viewer.   diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md index 2f8d75b174..2d936555a6 100644 --- a/windows/security/threat-protection/auditing/audit-account-lockout.md +++ b/windows/security/threat-protection/auditing/audit-account-lockout.md @@ -29,9 +29,9 @@ This subcategory failure logon attempts, when account was already locked out. | Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments | |-------------------|-----------------|-----------------|------------------|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Domain Controller | No | Yes | No | Yes | We recommend tracking account lockouts, especially for high value domain or local accounts (database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts, and so on).
This subcategory doesn’t have Success events, so there is no recommendation to enable Success auditing for this subcategory. | -| Member Server | No | Yes | No | Yes | We recommend tracking account lockouts, especially for high value domain or local accounts (database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts, and so on).
This subcategory doesn’t have Success events, so there is no recommendation to enable Success auditing for this subcategory. | -| Workstation | No | Yes | No | Yes | We recommend tracking account lockouts, especially for high value domain or local accounts (database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts, and so on).
This subcategory doesn’t have Success events, so there is no recommendation to enable Success auditing for this subcategory. | +| Domain Controller | No | Yes | No | Yes | We recommend tracking account lockouts, especially for high value domain or for local accounts (database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts, and so on).
This subcategory doesn’t have Success events, so there is no recommendation to enable Success auditing for this subcategory. | +| Member Server | No | Yes | No | Yes | We recommend tracking account lockouts, especially for high value domain or for local accounts (database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts, and so on).
This subcategory doesn’t have Success events, so there is no recommendation to enable Success auditing for this subcategory. | +| Workstation | No | Yes | No | Yes | We recommend tracking account lockouts, especially for high value domain or for local accounts (database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts, and so on).
This subcategory doesn’t have Success events, so there is no recommendation to enable Success auditing for this subcategory. | **Events List:** From c79eb017de37b1e685adc4c0dd2b917e106edb31 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 18 Oct 2021 12:46:49 +0530 Subject: [PATCH 07/28] fixed Acrolinx errors --- .../advanced-security-audit-policy-settings.md | 4 +++- .../auditing/advanced-security-auditing-faq.yml | 10 +++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index 1cb4f72589..86105add3c 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -20,7 +20,9 @@ ms.technology: windows-sec # Advanced security audit policy settings -This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate. +This reference for IT professionals provides information about: +- The advanced audit policy settings available in Windows +- The audit events that these settings generate. The security audit policy settings under **Security Settings\\Advanced Audit Policy Configuration** can help your organization audit compliance with important business-related and security-related rules by tracking precisely defined activities, such as: diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index fb3c698887..308159df61 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -24,9 +24,9 @@ title: Advanced security auditing FAQ This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies. - - [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-) - - [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-) - - [What is the interaction between basic audit policy settings and advanced audit policy settings?](#what-is-the-interaction-between-basic-audit-policy-settings-and-advanced-audit-policy-settings-) + - [What is Windows security auditing and benefits of its usage?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-) + - [What is the difference between audit policies located in Local Policies\\Audit Policy and in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-) + - [What is the interaction between audit policy settings' basic and advanced versions?](#what-is-the-interaction-between-basic-audit-policy-settings-and-advanced-audit-policy-settings-) - [How are audit settings merged by Group Policy?](#how-are-audit-settings-merged-by-group-policy-) - [What is the difference between an object DACL and an object SACL?](#what-is-the-difference-between-an-object-dacl-and-an-object-sacl-) - [Why are audit policies applied on a per-computer basis rather than per user?](#why-are-audit-policies-applied-on-a-per-computer-basis-rather-than-per-user-) @@ -34,7 +34,7 @@ title: Advanced security auditing FAQ - [Can I use advanced audit policy from a domain controller running Windows Server 2003 or Windows 2000 Server?](#can-i-use-advanced-audit-policies-from-a-domain-controller-running-windows-server-2003-or-windows-2000-server-) - [What is the difference between success and failure events? Is something wrong if I get a failure audit?](#what-is-the-difference-between-success-and-failure-events--is-something-wrong-if-i-get-a-failure-audit-) - [How can I set an audit policy that affects all objects on a computer?](#how-can-i-set-an-audit-policy-that-affects-all-objects-on-a-computer-) - - [How do I figure out why someone was able to access a resource?](#how-do-i-figure-out-why-someone-was-able-to-access-a-resource-) + - [How do I ascertain the purpose for accessing a resource?](#how-do-i-figure-out-why-someone-was-able-to-access-a-resource-) - [How do I know when changes are made to access control settings, by whom, and what the changes were?](#how-do-i-know-when-changes-are-made-to-access-control-settings--by-whom--and-what-the-changes-were-) - [How can I roll back security audit policies from the advanced audit policy to the basic audit policy?](#how-can-i-roll-back-security-audit-policies-from-the-advanced-audit-policy-to-the-basic-audit-policy-) - [How can I monitor if changes are made to audit policy settings?](#how-can-i-monitor-if-changes-are-made-to-audit-policy-settings-) @@ -50,7 +50,7 @@ sections: - question: | What is Windows security auditing and why might I want to use it? answer: | - Security auditing is a methodical examination and review of activities that may affect the security of a system. In the Windows operating systems, security auditing is more narrowly defined as the features and services that enable an administrator to log and review events for specified security-related activities. + Security auditing is a methodical examination and review of activities that may affect the security of a system. In the Windows operating systems, security auditing is the features and services for an administrator to log and review events for specified security-related activities. Hundreds of events occur as the Windows operating system and the applications that run on it perform their tasks. Monitoring these events can provide valuable information to help administrators troubleshoot and investigate security-related activities. From 4f2cd54fe0fb2793f0d3a5f3bcdc21ecda605bf0 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 18 Oct 2021 13:20:17 +0530 Subject: [PATCH 08/28] Update advanced-security-audit-policy-settings.md --- ...advanced-security-audit-policy-settings.md | 35 ++++++++++++++----- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index 86105add3c..f0bcbcb179 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -28,16 +28,23 @@ The security audit policy settings under **Security Settings\\Advanced Audit Pol - A group administrator has modified settings or data on servers that contain finance information. - An employee within a defined group has accessed an important file. -- The correct system access control list (SACL) is applied to every file and folder or registry key on a computer or file share as a verifiable safeguard against undetected access. +- The correct system access control list (SACL) - as a verifiable safeguard against undetected access - is applied to either of the following: + - every file and folder + - registry key on a computer + - file share. You can access these audit policy settings through the Local Security Policy snap-in (secpol.msc) on the local computer or by using Group Policy. -These advanced audit policy settings allow you to select only the behaviors that you want to monitor. You can exclude audit results for behaviors that are of little or no concern to you, or behaviors that create an excessive number of log entries. In addition, because security audit policies can be applied by using domain Group Policy Objects, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity. +These advanced audit policy settings allow you to select only the behaviors that you want to monitor. You can exclude audit results for the following types of behaviors: +- That are of little or no concern to you +- That create an excessive number of log entries. + +In addition, because security audit policies can be applied by using domain Group Policy Objects, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity. Audit policy settings under **Security Settings\\Advanced Audit Policy Configuration** are available in the following categories: ## Account Logon -Configuring policy settings in this category can help you document attempts to authenticate account data on a domain controller or on a local Security Accounts Manager (SAM). Unlike Logon and Logoff policy settings and events, which track attempts to access a particular computer, settings and events in this category focus on the account database that is used. This category includes the following subcategories: +Configuring policy settings in this category can help you document attempts to authenticate account data on a domain controller or on a local Security Accounts Manager (SAM). Unlike Logon and Logoff policy settings and events, Account Logon settings and events focus on the account database that is used. This category includes the following subcategories: - [Audit Credential Validation](audit-credential-validation.md) - [Audit Kerberos Authentication Service](audit-kerberos-authentication-service.md) @@ -57,7 +64,11 @@ The security audit policy settings in this category can be used to monitor chang ## Detailed Tracking -Detailed Tracking security policy settings and audit events can be used to monitor the activities of individual applications and users on that computer, and to understand how a computer is being used. This category includes the following subcategories: +Detailed Tracking security policy settings and audit events can be used for the following purposes: +- To monitor the activities of individual applications and users on that computer +- To understand how a computer is being used. + +This category includes the following subcategories: - [Audit DPAPI Activity](audit-dpapi-activity.md) - [Audit PNP activity](audit-pnp-activity.md) @@ -93,7 +104,7 @@ Logon/Logoff security policy settings and audit events allow you to track attemp ## Object Access -Object Access policy settings and audit events allow you to track attempts to access specific objects or types of objects on a network or computer. To audit attempts to access a file, directory, registry key, or any other object, you must enable the appropriate Object Access auditing subcategory for success and/or failure events. For example, the file system subcategory needs to be enabled to audit file operations, and the Registry subcategory needs to be enabled to audit registry accesses. +Object Access policy settings and audit events allow you to track attempts to access specific objects or types of objects on a network or computer. To audit attempts to access a file, directory, registry key, or any other object, enable the appropriate Object Access auditing subcategory for success and/or failure events. For example, the file system subcategory needs to be enabled to audit file operations; the Registry subcategory needs to be enabled to audit registry accesses. Proving that these audit policies are in effect to an external auditor is more difficult. There is no easy way to verify that the proper SACLs are set on all inherited objects. To address this issue, see [Global Object Access Auditing](#global-object-access-auditing). @@ -116,7 +127,7 @@ This category includes the following subcategories: ## Policy Change -Policy Change audit events allow you to track changes to important security policies on a local system or network. Because policies are typically established by administrators to help secure network resources, monitoring changes or attempts to change these policies can be an important aspect of security management for a network. This category includes the following subcategories: +Policy Change audit events allow you to track changes to important security policies on a local system or network. Because policies are typically established by administrators to help secure network resources, tracking changes (or its attempts) to these policies is an important aspect of security management for a network. This category includes the following subcategories: - [Audit Audit Policy Change](audit-audit-policy-change.md) - [Audit Authentication Policy Change](audit-authentication-policy-change.md) @@ -135,7 +146,11 @@ Permissions on a network are granted for users or computers to complete defined ## System -System security policy settings and audit events allow you to track system-level changes to a computer that are not included in other categories and that have potential security implications. This category includes the following subcategories: +System security policy settings and audit events allow you to track the following types of system-level changes to a computer: +- Not included in other categories +- Have potential security implications. + +This category includes the following subcategories: - [Audit IPsec Driver](audit-ipsec-driver.md) - [Audit Other System Events](audit-other-system-events.md) @@ -146,9 +161,11 @@ System security policy settings and audit events allow you to track system-level ## Global Object Access Auditing Global Object Access Auditing policy settings allow administrators to define computer system access control lists (SACLs) per object type for the file system or for the registry. The specified SACL is then automatically applied to every object of that type. -Auditors will be able to prove that every resource in the system is protected by an audit policy by viewing the contents of the Global Object Access Auditing policy settings. For example, if auditors see a policy setting called "Track all changes made by group administrators," they know that this policy is in effect. +Auditors can prove that every resource in the system is protected by an audit policy. They can do this task by viewing the contents of the Global Object Access Auditing policy settings. For example, if auditors see a policy setting called "Track all changes made by group administrators," they know that this policy is in effect. -Resource SACLs are also useful for diagnostic scenarios. For example, setting the Global Object Access Auditing policy to log all the activity for a specific user and enabling the policy to track "Access denied" events for the file system or registry can help administrators quickly identify which object in a system is denying a user access. +Resource SACLs are also useful for diagnostic scenarios. For example, administrators quickly identify which object in a system is denying a user access by: +- Setting the Global Object Access Auditing policy to log all the activities for a specific user +- Enabling the policy to track "Access denied" events for the file system or registry can help > [!NOTE] > If a file or folder SACL and a Global Object Access Auditing policy setting (or a single registry setting SACL and a Global Object Access Auditing policy setting) are configured on a computer, the effective SACL is derived from combining the file or folder SACL and the Global Object Access Auditing policy. This means that an audit event is generated if an activity matches the file or folder SACL or the Global Object Access Auditing policy. From a0769a2e9294aa085f5f5cf2424518b720c3b974 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 18 Oct 2021 14:45:20 +0530 Subject: [PATCH 09/28] Update use-windows-event-forwarding-to-assist-in-intrusion-detection.md --- ...arding-to-assist-in-intrusion-detection.md | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index fc9376dadb..877251cbc7 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -25,7 +25,7 @@ Learn about an approach to collect events from devices in your organization. Thi Windows Event Forwarding (WEF) reads any operational or administrative event log on a device in your organization and forwards the events you choose to a Windows Event Collector (WEC) server. -To accomplish this, there are two different subscriptions published to client devices - the Baseline subscription and the suspect subscription. The Baseline subscription enrolls all devices in your organization, and a Suspect subscription only includes devices that have been added by you. The Suspect subscription collects additional events to help build context for system activity and can quickly be updated to accommodate new events and/or scenarios as needed without impacting baseline operations. +To accomplish this functionality, there are two different subscriptions published to client devices - the Baseline subscription and the suspect subscription. The Baseline subscription enrolls all devices in your organization, and a Suspect subscription only includes devices that have been added by you. The Suspect subscription collects more events to help build context for system activity and can quickly be updated to accommodate new events and/or scenarios as needed without impacting baseline operations. This implementation helps differentiate where events are ultimately stored. Baseline events can be sent to devices with online analytical capability, such as Security Event Manager (SEM), while also sending events to a MapReduce system, such as HDInsight or Hadoop, for long-term storage and deeper analysis. Events from the Suspect subscription are sent directly to a MapReduce system due to volume and lower signal/noise ratio, they are largely used for host forensic analysis. @@ -41,7 +41,7 @@ Here's an approximate scaling guide for WEF events: | 5,000 - 50,000 | SEM | | 50,000+ | Hadoop/HDInsight/Data Lake | -Event generation on a device must be enabled either separately or as part of the GPO for the baseline WEF implementation, including enabling of disabled event logs and setting channel permissions. For more info, see [Appendix C - Event channel settings (enable and channel access) methods](#bkmk-appendixc). This is because WEF is a passive system regarding the event log. It cannot change the size of event log files, enable disabled event channels, change channel permissions, or adjust a security audit policy. WEF only queries event channels for existing events. Additionally, having event generation already occurring on a device allows for more complete event collection building a complete history of system activity. Otherwise, you'll be limited to the speed of GPO and WEF subscription refresh cycles to make changes to what is being generated on the device. On modern devices, enabling additional event channels and expanding the size of event log files has not resulted in noticeable performance differences. +Event generation on a device must be enabled either separately or as part of the GPO for the baseline WEF implementation, including enabling of disabled event logs and setting channel permissions. For more info, see [Appendix C - Event channel settings (enable and channel access) methods](#bkmk-appendixc). This condition is because WEF is a passive system regarding the event log. It cannot change the size of event log files, enable disabled event channels, change channel permissions, or adjust a security audit policy. WEF only queries event channels for existing events. Additionally, having event generation already occurring on a device allows for more complete event collection building a complete history of system activity. Otherwise, you'll be limited to the speed of GPO and WEF subscription refresh cycles to make changes to what is being generated on the device. On modern devices, enabling more event channels and expanding the size of event log files has not resulted in noticeable performance differences. For the minimum recommended audit policy and registry system ACL settings, see [Appendix A - Minimum recommended minimum audit policy](#bkmk-appendixa) and [Appendix B - Recommended minimum registry system ACL policy](#bkmk-appendixb). @@ -49,14 +49,14 @@ For the minimum recommended audit policy and registry system ACL settings, see [ From a WEF subscription management perspective, the event queries provided should be used in two separate subscriptions for ease of maintenance; only machines meeting specific criteria would be allowed access to the targeted subscription, this access would be determined by an algorithm or an analysts’ direction. All devices should have access to the Baseline subscription. -This means you would create two base subscriptions: +This system of dual subscription means you would create two base subscriptions: -- **Baseline WEF subscription**. Events collected from all hosts, this includes some role-specific events, which will only be emitted by those machines. +- **Baseline WEF subscription**. Events collected from all hosts; these events include some role-specific events, which will only be emitted by those machines. - **Targeted WEF subscription**. Events collected from a limited set of hosts due to unusual activity and/or heightened awareness for those systems. -Each using the respective event query below. Note that for the Targeted subscription enabling the “read existing events” option should be set to true to allow collection of existing events from systems. By default, WEF subscriptions will only forward events generated after the WEF subscription was received by the client. +Each using the respective event query below. For the Targeted subscription enabling the “read existing events” option should be set to true to allow collection of existing events from systems. By default, WEF subscriptions will only forward events generated after the WEF subscription was received by the client. -In [Appendix E – Annotated Baseline Subscription Event Query](#bkmk-appendixe) and [Appendix F – Annotated Suspect Subscription Event Query](#bkmk-appendixf), the event query XML is included when creating WEF subscriptions. These are annotated for query purpose and clarity. Individual <Query> element can be removed or edited without affecting the rest of the query. +In [Appendix E – Annotated Baseline Subscription Event Query](#bkmk-appendixe) and [Appendix F – Annotated Suspect Subscription Event Query](#bkmk-appendixf), the event query XML is included when creating WEF subscriptions. These subscriptions are annotated for query purpose and clarity. Individual <Query> element can be removed or edited without affecting the rest of the query. ### Common WEF questions @@ -70,7 +70,7 @@ The longer answer is: The **Eventlog-forwardingPlugin/Operational** event channe ### Is WEF Push or Pull? -A WEF subscription can be configured to be push or pull, but not both. The simplest, most flexible IT deployment with the greatest scalability can be achieved by using a push, or source initiated, subscription. WEF clients are configured by using a GPO and the built-in forwarding client is activated. For pull, collector initiated, the subscription on the WEC server is pre-configured with the names of the WEF Client devices from which events are to be selected. Those clients also have to be configured ahead of time to allow the credentials used in the subscription to access their event logs remotely (normally by adding the credential to the **Event Log Readers** built-in local security group.) A useful scenario: closely monitoring a specific set of machines. +A WEF subscription can be configured to be push or pull, but not both. The simplest, most flexible IT deployment with the greatest scalability can be achieved by using a push, or source initiated, subscription. WEF clients are configured by using a GPO and the built-in forwarding client is activated. For pull, collector initiated, the subscription on the WEC server is pre-configured with the names of the WEF Client devices from which events are to be selected. Those clients are to be configured ahead of time to allow the credentials used in the subscription to access their event logs remotely (normally by adding the credential to the **Event Log Readers** built-in local security group.) A useful scenario: closely monitoring a specific set of machines. ### Will WEF work over VPN or RAS? @@ -78,7 +78,7 @@ WEF handles VPN, RAS, and DirectAccess scenarios well and will reconnect and sen ### How is client progress tracked? -The WEC server maintains in its registry the bookmark information and last heartbeat time for each event source for each WEF subscription. When an event source re-connects to a WEC server, the last bookmark position is sent to the device to use as a starting point to resume forwarding events. If a +The WEC server maintains in its registry the bookmark information and last heartbeat time for each event source for each WEF subscription. When an event source reconnects to a WEC server, the last bookmark position is sent to the device to use as a starting point to resume forwarding events. If a WEF client has no events to send, the WEF client will connect periodically to send a Heartbeat to the WEC server to indicate it is active. This heartbeat value can be individually configured for each subscription. ### Will WEF work in an IPv4, IPv6, or mixed IPv4/IPv6 environment? @@ -188,7 +188,7 @@ The annotated event query can be found in the following. For more info, see [App - Registry modification events. For more info, see [Appendix B – Recommended minimum Registry System ACL Policy](#bkmk-appendixb). - OS startup and shutdown - - Startup event include operating system version, service pack level, QFE version, and boot mode. + - Startup events include operating system version, service pack level, QFE version, and boot mode. - Service install @@ -216,13 +216,13 @@ The annotated event query can be found in the following. For more info, see [App - Find out what initiated the restart of a device. - User initiated interactive logoff event -- Remote Desktop Services session connect, reconnect, or disconnect. +- Remote Desktop Services sessions connect, reconnect, or disconnect. - EMET events, if EMET is installed. - Event forwarding plugin events - For monitoring WEF subscription operations, particularly Partial Success events. This is useful for diagnosing deployment issues. -- Network share create and delete +- Network share creation and deletion - Enables detection of unauthorized share creation. >**Note:** All shares are re-created when the device starts. @@ -232,7 +232,7 @@ The annotated event query can be found in the following. For more info, see [App - Logon success for interactive (local and Remote Interactive/Remote Desktop) - Logon success for services for non-built-in accounts, such as LocalSystem, LocalNetwork, and so on. - Logon success for batch sessions - - Logon session close, which are logoff events for non-network sessions. + - Logon session close, which is logoff events for non-network sessions. - Windows Error Reporting (Application crash events only) @@ -244,7 +244,7 @@ The annotated event query can be found in the following. For more info, see [App - Event log cleared (including the Security Event Log) - - This could indicate an intruder that are covering their tracks. + - This could indicate an intruder that is covering their tracks. - Special privileges assigned to new logon @@ -271,7 +271,7 @@ The annotated event query can be found in the following. For more info, see [App - Logon with explicit credentials - - Detect credential use changes by intruders to access additional resources. + - Detect credential use changes by intruders to access more resources. - Smartcard card holder verification events @@ -296,7 +296,7 @@ This adds some possible intruder-related activity to help analyst further refine - Groups assigned to local logon - - Gives visibility to groups which enable account wide access + - Gives visibility to groups which enable account-wide access - Allows better planning for remediation efforts - Excludes well known, built-in system accounts. @@ -337,7 +337,7 @@ This adds some possible intruder-related activity to help analyst further refine ## Appendix A - Minimum recommended minimum audit policy -If your organizational audit policy enables additional auditing to meet its needs, that is fine. The policy below is the minimum audit policy settings needed to enable events collected by both baseline and targeted subscriptions. +If your organizational audit policy enables more auditing to meet its needs, that is fine. The policy below is the minimum audit policy settings needed to enable events collected by both baseline and targeted subscriptions. | Category | Subcategory | Audit settings | |--------------------|---------------------------------|---------------------| @@ -388,7 +388,7 @@ Use the following figures to see how you can configure those registry keys. Some channels are disabled by default and have to be enabled. Others, such as Microsoft-Windows-CAPI2/Operational must have the channel access modified to allow the Event Log Readers built-in security group to read from it. -The recommended and most effective way to do this is to configure the baseline GPO to run a scheduled task to configure the event channels (enable, set maximum size, and adjust channel access.) This will take effect at the next GPO refresh cycle and has minimal impact on the client device. +The recommended and most effective way to do this is configuring the baseline GPO to run a scheduled task to configure the event channels (enable, set maximum size, and adjust channel access.) This will take effect at the next GPO refresh cycle and has minimal impact on the client device. The following GPO snippet performs the following: From d82cfa6d84b82b83c96dabe5d5d8161c88c415b4 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 18 Oct 2021 14:51:53 +0530 Subject: [PATCH 10/28] resolved suggestions --- .../auditing/advanced-security-audit-policy-settings.md | 2 +- .../threat-protection/get-support-for-security-baselines.md | 2 +- .../threat-protection/security-compliance-toolkit-10.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index f0bcbcb179..076b555055 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -18,7 +18,7 @@ ms.date: 09/06/2021 ms.technology: windows-sec --- -# Advanced security audit policy settings +# Advanced security audit policy settings (Windows 10) This reference for IT professionals provides information about: - The advanced audit policy settings available in Windows diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md index 56c3058279..5d606c7889 100644 --- a/windows/security/threat-protection/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/get-support-for-security-baselines.md @@ -16,7 +16,7 @@ ms.reviewer: ms.technology: windows-sec --- -# Get Support +# Get Support for Windows baselines **What is the Microsoft Security Compliance Manager (SCM)?** diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index a2c720f8da..f1504a61e6 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -1,6 +1,6 @@ --- title: Microsoft Security Compliance Toolkit 1.0 -description: This article describes how to use the Security Compliance Toolkit in your organization +description: This article describes how to use the Microsoft Security Compliance Toolkit in your organization keywords: virtualization, security, malware ms.prod: m365-security ms.mktglfcycl: deploy @@ -16,7 +16,7 @@ ms.reviewer: ms.technology: windows-sec --- -# Microsoft Security Compliance Toolkit 1.0 +# Microsoft Security Compliance Toolkit 1.0 - Usage ## What is the Security Compliance Toolkit (SCT)? From c34b5a85ced6db487943e9eae94377ba6395e750 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 19 Oct 2021 09:47:15 +0530 Subject: [PATCH 11/28] Updated metadata --- .vscode/settings.json | 8 ++++++++ .../auditing/advanced-security-audit-policy-settings.md | 2 +- .../auditing/advanced-security-auditing-faq.yml | 2 +- .../auditing/advanced-security-auditing.md | 2 +- ...ty-monitoring-recommendations-for-many-audit-events.md | 2 +- .../apply-a-basic-audit-policy-on-a-file-or-folder.md | 2 +- .../threat-protection/auditing/audit-account-lockout.md | 2 +- .../auditing/audit-application-generated.md | 2 +- .../auditing/audit-application-group-management.md | 2 +- .../auditing/audit-audit-policy-change.md | 2 +- .../auditing/audit-authentication-policy-change.md | 2 +- .../auditing/audit-authorization-policy-change.md | 2 +- .../auditing/audit-central-access-policy-staging.md | 2 +- .../auditing/audit-certification-services.md | 2 +- .../auditing/audit-computer-account-management.md | 2 +- .../auditing/audit-credential-validation.md | 2 +- .../audit-detailed-directory-service-replication.md | 2 +- .../auditing/audit-detailed-file-share.md | 2 +- .../auditing/audit-directory-service-access.md | 2 +- .../auditing/audit-directory-service-changes.md | 2 +- .../auditing/audit-directory-service-replication.md | 2 +- .../auditing/audit-distribution-group-management.md | 2 +- .../threat-protection/auditing/audit-dpapi-activity.md | 2 +- .../threat-protection/auditing/audit-file-share.md | 2 +- .../threat-protection/auditing/audit-file-system.md | 2 +- .../auditing/audit-filtering-platform-connection.md | 2 +- .../auditing/audit-filtering-platform-packet-drop.md | 2 +- .../auditing/audit-filtering-platform-policy-change.md | 2 +- .../threat-protection/auditing/audit-group-membership.md | 2 +- .../auditing/audit-handle-manipulation.md | 2 +- .../threat-protection/auditing/audit-ipsec-driver.md | 2 +- .../auditing/audit-ipsec-extended-mode.md | 2 +- .../threat-protection/auditing/audit-ipsec-main-mode.md | 2 +- .../threat-protection/auditing/audit-ipsec-quick-mode.md | 2 +- .../auditing/audit-kerberos-authentication-service.md | 2 +- .../auditing/audit-kerberos-service-ticket-operations.md | 2 +- .../threat-protection/auditing/audit-kernel-object.md | 2 +- .../security/threat-protection/auditing/audit-logoff.md | 2 +- .../security/threat-protection/auditing/audit-logon.md | 2 +- .../auditing/audit-mpssvc-rule-level-policy-change.md | 2 +- .../auditing/audit-network-policy-server.md | 2 +- .../auditing/audit-non-sensitive-privilege-use.md | 2 +- .../auditing/audit-other-account-logon-events.md | 2 +- .../auditing/audit-other-account-management-events.md | 2 +- .../auditing/audit-other-logonlogoff-events.md | 2 +- .../auditing/audit-other-object-access-events.md | 2 +- .../auditing/audit-other-policy-change-events.md | 2 +- .../auditing/audit-other-privilege-use-events.md | 2 +- .../auditing/audit-other-system-events.md | 2 +- .../threat-protection/auditing/audit-pnp-activity.md | 2 +- .../threat-protection/auditing/audit-process-creation.md | 2 +- .../auditing/audit-process-termination.md | 2 +- .../security/threat-protection/auditing/audit-registry.md | 2 +- .../threat-protection/auditing/audit-removable-storage.md | 2 +- .../threat-protection/auditing/audit-rpc-events.md | 2 +- windows/security/threat-protection/auditing/audit-sam.md | 2 +- .../auditing/audit-security-group-management.md | 2 +- .../auditing/audit-security-state-change.md | 2 +- .../auditing/audit-security-system-extension.md | 2 +- .../auditing/audit-sensitive-privilege-use.md | 2 +- .../threat-protection/auditing/audit-special-logon.md | 2 +- .../threat-protection/auditing/audit-system-integrity.md | 2 +- .../auditing/audit-token-right-adjusted.md | 2 +- .../auditing/audit-user-account-management.md | 2 +- .../auditing/audit-user-device-claims.md | 2 +- .../auditing/basic-audit-account-logon-events.md | 2 +- .../auditing/basic-audit-account-management.md | 2 +- .../auditing/basic-audit-directory-service-access.md | 2 +- .../auditing/basic-audit-logon-events.md | 2 +- .../auditing/basic-audit-object-access.md | 2 +- .../auditing/basic-audit-policy-change.md | 2 +- .../auditing/basic-audit-privilege-use.md | 2 +- .../auditing/basic-audit-process-tracking.md | 2 +- .../auditing/basic-audit-system-events.md | 2 +- .../auditing/basic-security-audit-policies.md | 2 +- .../auditing/basic-security-audit-policy-settings.md | 2 +- ...a-basic-audit-policy-settings-for-an-event-category.md | 2 +- windows/security/threat-protection/auditing/event-1100.md | 2 +- windows/security/threat-protection/auditing/event-1102.md | 2 +- windows/security/threat-protection/auditing/event-1104.md | 2 +- windows/security/threat-protection/auditing/event-1105.md | 2 +- windows/security/threat-protection/auditing/event-1108.md | 2 +- windows/security/threat-protection/auditing/event-4608.md | 2 +- windows/security/threat-protection/auditing/event-4610.md | 2 +- windows/security/threat-protection/auditing/event-4611.md | 2 +- windows/security/threat-protection/auditing/event-4612.md | 2 +- windows/security/threat-protection/auditing/event-4614.md | 2 +- windows/security/threat-protection/auditing/event-4615.md | 2 +- windows/security/threat-protection/auditing/event-4616.md | 2 +- windows/security/threat-protection/auditing/event-4618.md | 2 +- windows/security/threat-protection/auditing/event-4621.md | 2 +- windows/security/threat-protection/auditing/event-4622.md | 2 +- windows/security/threat-protection/auditing/event-4624.md | 2 +- windows/security/threat-protection/auditing/event-4625.md | 2 +- windows/security/threat-protection/auditing/event-4626.md | 2 +- windows/security/threat-protection/auditing/event-4627.md | 2 +- windows/security/threat-protection/auditing/event-4634.md | 2 +- windows/security/threat-protection/auditing/event-4647.md | 2 +- windows/security/threat-protection/auditing/event-4648.md | 2 +- windows/security/threat-protection/auditing/event-4649.md | 2 +- windows/security/threat-protection/auditing/event-4656.md | 2 +- windows/security/threat-protection/auditing/event-4657.md | 2 +- windows/security/threat-protection/auditing/event-4658.md | 2 +- windows/security/threat-protection/auditing/event-4660.md | 2 +- windows/security/threat-protection/auditing/event-4661.md | 2 +- windows/security/threat-protection/auditing/event-4662.md | 2 +- windows/security/threat-protection/auditing/event-4663.md | 2 +- windows/security/threat-protection/auditing/event-4664.md | 2 +- windows/security/threat-protection/auditing/event-4670.md | 2 +- windows/security/threat-protection/auditing/event-4671.md | 2 +- windows/security/threat-protection/auditing/event-4672.md | 2 +- windows/security/threat-protection/auditing/event-4673.md | 2 +- windows/security/threat-protection/auditing/event-4674.md | 2 +- windows/security/threat-protection/auditing/event-4675.md | 2 +- windows/security/threat-protection/auditing/event-4688.md | 2 +- windows/security/threat-protection/auditing/event-4689.md | 2 +- windows/security/threat-protection/auditing/event-4690.md | 2 +- windows/security/threat-protection/auditing/event-4691.md | 2 +- windows/security/threat-protection/auditing/event-4692.md | 2 +- windows/security/threat-protection/auditing/event-4693.md | 2 +- windows/security/threat-protection/auditing/event-4694.md | 2 +- windows/security/threat-protection/auditing/event-4695.md | 2 +- windows/security/threat-protection/auditing/event-4696.md | 2 +- windows/security/threat-protection/auditing/event-4697.md | 2 +- windows/security/threat-protection/auditing/event-4698.md | 2 +- windows/security/threat-protection/auditing/event-4699.md | 2 +- windows/security/threat-protection/auditing/event-4700.md | 2 +- windows/security/threat-protection/auditing/event-4701.md | 2 +- windows/security/threat-protection/auditing/event-4702.md | 2 +- windows/security/threat-protection/auditing/event-4703.md | 2 +- windows/security/threat-protection/auditing/event-4704.md | 2 +- windows/security/threat-protection/auditing/event-4705.md | 2 +- windows/security/threat-protection/auditing/event-4706.md | 2 +- windows/security/threat-protection/auditing/event-4707.md | 2 +- windows/security/threat-protection/auditing/event-4713.md | 2 +- windows/security/threat-protection/auditing/event-4714.md | 2 +- windows/security/threat-protection/auditing/event-4715.md | 2 +- windows/security/threat-protection/auditing/event-4716.md | 2 +- windows/security/threat-protection/auditing/event-4717.md | 2 +- windows/security/threat-protection/auditing/event-4718.md | 2 +- windows/security/threat-protection/auditing/event-4719.md | 2 +- windows/security/threat-protection/auditing/event-4720.md | 2 +- windows/security/threat-protection/auditing/event-4722.md | 2 +- windows/security/threat-protection/auditing/event-4723.md | 2 +- windows/security/threat-protection/auditing/event-4724.md | 2 +- windows/security/threat-protection/auditing/event-4725.md | 2 +- windows/security/threat-protection/auditing/event-4726.md | 2 +- windows/security/threat-protection/auditing/event-4731.md | 2 +- windows/security/threat-protection/auditing/event-4732.md | 2 +- windows/security/threat-protection/auditing/event-4733.md | 2 +- windows/security/threat-protection/auditing/event-4734.md | 2 +- windows/security/threat-protection/auditing/event-4735.md | 2 +- windows/security/threat-protection/auditing/event-4738.md | 2 +- windows/security/threat-protection/auditing/event-4739.md | 2 +- windows/security/threat-protection/auditing/event-4740.md | 2 +- windows/security/threat-protection/auditing/event-4741.md | 2 +- windows/security/threat-protection/auditing/event-4742.md | 2 +- windows/security/threat-protection/auditing/event-4743.md | 2 +- windows/security/threat-protection/auditing/event-4749.md | 2 +- windows/security/threat-protection/auditing/event-4750.md | 2 +- windows/security/threat-protection/auditing/event-4751.md | 2 +- windows/security/threat-protection/auditing/event-4752.md | 2 +- windows/security/threat-protection/auditing/event-4753.md | 2 +- windows/security/threat-protection/auditing/event-4764.md | 2 +- windows/security/threat-protection/auditing/event-4765.md | 2 +- windows/security/threat-protection/auditing/event-4766.md | 2 +- windows/security/threat-protection/auditing/event-4767.md | 2 +- windows/security/threat-protection/auditing/event-4768.md | 2 +- windows/security/threat-protection/auditing/event-4769.md | 2 +- windows/security/threat-protection/auditing/event-4770.md | 2 +- windows/security/threat-protection/auditing/event-4771.md | 2 +- windows/security/threat-protection/auditing/event-4772.md | 2 +- windows/security/threat-protection/auditing/event-4773.md | 2 +- windows/security/threat-protection/auditing/event-4774.md | 2 +- windows/security/threat-protection/auditing/event-4775.md | 2 +- windows/security/threat-protection/auditing/event-4776.md | 2 +- windows/security/threat-protection/auditing/event-4777.md | 2 +- windows/security/threat-protection/auditing/event-4778.md | 2 +- windows/security/threat-protection/auditing/event-4779.md | 2 +- windows/security/threat-protection/auditing/event-4780.md | 2 +- windows/security/threat-protection/auditing/event-4781.md | 2 +- windows/security/threat-protection/auditing/event-4782.md | 2 +- windows/security/threat-protection/auditing/event-4793.md | 2 +- windows/security/threat-protection/auditing/event-4794.md | 2 +- windows/security/threat-protection/auditing/event-4798.md | 2 +- windows/security/threat-protection/auditing/event-4799.md | 2 +- windows/security/threat-protection/auditing/event-4800.md | 2 +- windows/security/threat-protection/auditing/event-4801.md | 2 +- windows/security/threat-protection/auditing/event-4802.md | 2 +- windows/security/threat-protection/auditing/event-4803.md | 2 +- windows/security/threat-protection/auditing/event-4816.md | 2 +- windows/security/threat-protection/auditing/event-4817.md | 2 +- windows/security/threat-protection/auditing/event-4818.md | 2 +- windows/security/threat-protection/auditing/event-4819.md | 2 +- windows/security/threat-protection/auditing/event-4826.md | 2 +- windows/security/threat-protection/auditing/event-4864.md | 2 +- windows/security/threat-protection/auditing/event-4865.md | 2 +- windows/security/threat-protection/auditing/event-4866.md | 2 +- windows/security/threat-protection/auditing/event-4867.md | 2 +- windows/security/threat-protection/auditing/event-4902.md | 2 +- windows/security/threat-protection/auditing/event-4904.md | 2 +- windows/security/threat-protection/auditing/event-4905.md | 2 +- windows/security/threat-protection/auditing/event-4906.md | 2 +- windows/security/threat-protection/auditing/event-4907.md | 2 +- windows/security/threat-protection/auditing/event-4908.md | 2 +- windows/security/threat-protection/auditing/event-4909.md | 2 +- windows/security/threat-protection/auditing/event-4910.md | 2 +- windows/security/threat-protection/auditing/event-4911.md | 2 +- windows/security/threat-protection/auditing/event-4912.md | 2 +- windows/security/threat-protection/auditing/event-4913.md | 2 +- windows/security/threat-protection/auditing/event-4928.md | 2 +- windows/security/threat-protection/auditing/event-4929.md | 2 +- windows/security/threat-protection/auditing/event-4930.md | 2 +- windows/security/threat-protection/auditing/event-4931.md | 2 +- windows/security/threat-protection/auditing/event-4932.md | 2 +- windows/security/threat-protection/auditing/event-4933.md | 2 +- windows/security/threat-protection/auditing/event-4934.md | 2 +- windows/security/threat-protection/auditing/event-4935.md | 2 +- windows/security/threat-protection/auditing/event-4936.md | 2 +- windows/security/threat-protection/auditing/event-4937.md | 2 +- windows/security/threat-protection/auditing/event-4944.md | 2 +- windows/security/threat-protection/auditing/event-4945.md | 2 +- windows/security/threat-protection/auditing/event-4946.md | 2 +- windows/security/threat-protection/auditing/event-4947.md | 2 +- windows/security/threat-protection/auditing/event-4948.md | 2 +- windows/security/threat-protection/auditing/event-4949.md | 2 +- windows/security/threat-protection/auditing/event-4950.md | 2 +- windows/security/threat-protection/auditing/event-4951.md | 2 +- windows/security/threat-protection/auditing/event-4952.md | 2 +- windows/security/threat-protection/auditing/event-4953.md | 2 +- windows/security/threat-protection/auditing/event-4954.md | 2 +- windows/security/threat-protection/auditing/event-4956.md | 2 +- windows/security/threat-protection/auditing/event-4957.md | 2 +- windows/security/threat-protection/auditing/event-4958.md | 2 +- windows/security/threat-protection/auditing/event-4964.md | 2 +- windows/security/threat-protection/auditing/event-4985.md | 2 +- windows/security/threat-protection/auditing/event-5024.md | 2 +- windows/security/threat-protection/auditing/event-5025.md | 2 +- windows/security/threat-protection/auditing/event-5027.md | 2 +- windows/security/threat-protection/auditing/event-5028.md | 2 +- windows/security/threat-protection/auditing/event-5029.md | 2 +- windows/security/threat-protection/auditing/event-5030.md | 2 +- windows/security/threat-protection/auditing/event-5031.md | 2 +- windows/security/threat-protection/auditing/event-5032.md | 2 +- windows/security/threat-protection/auditing/event-5033.md | 2 +- windows/security/threat-protection/auditing/event-5034.md | 2 +- windows/security/threat-protection/auditing/event-5035.md | 2 +- windows/security/threat-protection/auditing/event-5037.md | 2 +- windows/security/threat-protection/auditing/event-5038.md | 2 +- windows/security/threat-protection/auditing/event-5039.md | 2 +- windows/security/threat-protection/auditing/event-5051.md | 2 +- windows/security/threat-protection/auditing/event-5056.md | 2 +- windows/security/threat-protection/auditing/event-5057.md | 2 +- windows/security/threat-protection/auditing/event-5058.md | 2 +- windows/security/threat-protection/auditing/event-5059.md | 2 +- windows/security/threat-protection/auditing/event-5060.md | 2 +- windows/security/threat-protection/auditing/event-5061.md | 2 +- windows/security/threat-protection/auditing/event-5062.md | 2 +- windows/security/threat-protection/auditing/event-5063.md | 2 +- windows/security/threat-protection/auditing/event-5064.md | 2 +- windows/security/threat-protection/auditing/event-5065.md | 2 +- windows/security/threat-protection/auditing/event-5066.md | 2 +- windows/security/threat-protection/auditing/event-5067.md | 2 +- windows/security/threat-protection/auditing/event-5068.md | 2 +- windows/security/threat-protection/auditing/event-5069.md | 2 +- windows/security/threat-protection/auditing/event-5070.md | 2 +- windows/security/threat-protection/auditing/event-5136.md | 2 +- windows/security/threat-protection/auditing/event-5137.md | 2 +- windows/security/threat-protection/auditing/event-5138.md | 2 +- windows/security/threat-protection/auditing/event-5139.md | 2 +- windows/security/threat-protection/auditing/event-5140.md | 2 +- windows/security/threat-protection/auditing/event-5141.md | 2 +- windows/security/threat-protection/auditing/event-5142.md | 2 +- windows/security/threat-protection/auditing/event-5143.md | 2 +- windows/security/threat-protection/auditing/event-5144.md | 2 +- windows/security/threat-protection/auditing/event-5145.md | 2 +- windows/security/threat-protection/auditing/event-5148.md | 2 +- windows/security/threat-protection/auditing/event-5149.md | 2 +- windows/security/threat-protection/auditing/event-5150.md | 2 +- windows/security/threat-protection/auditing/event-5151.md | 2 +- windows/security/threat-protection/auditing/event-5152.md | 2 +- windows/security/threat-protection/auditing/event-5153.md | 2 +- windows/security/threat-protection/auditing/event-5154.md | 2 +- windows/security/threat-protection/auditing/event-5155.md | 2 +- windows/security/threat-protection/auditing/event-5156.md | 2 +- windows/security/threat-protection/auditing/event-5157.md | 2 +- windows/security/threat-protection/auditing/event-5158.md | 2 +- windows/security/threat-protection/auditing/event-5159.md | 2 +- windows/security/threat-protection/auditing/event-5168.md | 2 +- windows/security/threat-protection/auditing/event-5376.md | 2 +- windows/security/threat-protection/auditing/event-5377.md | 2 +- windows/security/threat-protection/auditing/event-5378.md | 2 +- windows/security/threat-protection/auditing/event-5447.md | 2 +- windows/security/threat-protection/auditing/event-5632.md | 2 +- windows/security/threat-protection/auditing/event-5633.md | 2 +- windows/security/threat-protection/auditing/event-5712.md | 2 +- windows/security/threat-protection/auditing/event-5888.md | 2 +- windows/security/threat-protection/auditing/event-5889.md | 2 +- windows/security/threat-protection/auditing/event-5890.md | 2 +- windows/security/threat-protection/auditing/event-6144.md | 2 +- windows/security/threat-protection/auditing/event-6145.md | 2 +- windows/security/threat-protection/auditing/event-6281.md | 2 +- windows/security/threat-protection/auditing/event-6400.md | 2 +- windows/security/threat-protection/auditing/event-6401.md | 2 +- windows/security/threat-protection/auditing/event-6402.md | 2 +- windows/security/threat-protection/auditing/event-6403.md | 2 +- windows/security/threat-protection/auditing/event-6404.md | 2 +- windows/security/threat-protection/auditing/event-6405.md | 2 +- windows/security/threat-protection/auditing/event-6406.md | 2 +- windows/security/threat-protection/auditing/event-6407.md | 2 +- windows/security/threat-protection/auditing/event-6408.md | 2 +- windows/security/threat-protection/auditing/event-6409.md | 2 +- windows/security/threat-protection/auditing/event-6410.md | 2 +- windows/security/threat-protection/auditing/event-6416.md | 2 +- windows/security/threat-protection/auditing/event-6419.md | 2 +- windows/security/threat-protection/auditing/event-6420.md | 2 +- windows/security/threat-protection/auditing/event-6421.md | 2 +- windows/security/threat-protection/auditing/event-6422.md | 2 +- windows/security/threat-protection/auditing/event-6423.md | 2 +- windows/security/threat-protection/auditing/event-6424.md | 2 +- .../auditing/file-system-global-object-access-auditing.md | 2 +- .../auditing/how-to-list-xml-elements-in-eventdata.md | 2 +- .../monitor-central-access-policy-and-rule-definitions.md | 2 +- .../threat-protection/auditing/monitor-claim-types.md | 2 +- .../auditing/monitor-resource-attribute-definitions.md | 2 +- ...l-access-policies-associated-with-files-and-folders.md | 2 +- ...central-access-policies-that-apply-on-a-file-server.md | 2 +- ...onitor-the-resource-attributes-on-files-and-folders.md | 2 +- .../monitor-the-use-of-removable-storage-devices.md | 2 +- .../monitor-user-and-device-claims-during-sign-in.md | 2 +- .../security/threat-protection/auditing/other-events.md | 2 +- ...ning-and-deploying-advanced-security-audit-policies.md | 2 +- .../auditing/registry-global-object-access-auditing.md | 2 +- .../auditing/security-auditing-overview.md | 2 +- ...g-options-to-monitor-dynamic-access-control-objects.md | 2 +- .../auditing/view-the-security-event-log.md | 2 +- ...windows-support-advanced-audit-policy-configuration.md | 2 +- ...e-virtualization-based-protection-of-code-integrity.md | 2 +- ...d-security-and-windows-defender-application-control.md | 2 +- ...r-virtualization-based-protection-of-code-integrity.md | 2 +- .../get-support-for-security-baselines.md | 2 +- .../threat-protection/intelligence/coinminer-malware.md | 2 +- .../intelligence/coordinated-malware-eradication.md | 2 +- .../security/threat-protection/intelligence/criteria.md | 2 +- .../intelligence/cybersecurity-industry-partners.md | 2 +- .../threat-protection/intelligence/developer-faq.yml | 2 +- .../threat-protection/intelligence/developer-resources.md | 2 +- .../threat-protection/intelligence/exploits-malware.md | 2 +- .../threat-protection/intelligence/fileless-threats.md | 2 +- windows/security/threat-protection/intelligence/index.md | 2 +- .../threat-protection/intelligence/macro-malware.md | 2 +- .../threat-protection/intelligence/malware-naming.md | 2 +- .../threat-protection/intelligence/phishing-trends.md | 2 +- .../security/threat-protection/intelligence/phishing.md | 2 +- .../intelligence/portal-submission-troubleshooting.md | 2 +- .../intelligence/prevent-malware-infection.md | 2 +- .../threat-protection/intelligence/rootkits-malware.md | 2 +- .../intelligence/safety-scanner-download.md | 2 +- .../threat-protection/intelligence/submission-guide.md | 2 +- .../intelligence/supply-chain-malware.md | 2 +- .../threat-protection/intelligence/support-scams.md | 2 +- .../threat-protection/intelligence/trojans-malware.md | 2 +- .../intelligence/understanding-malware.md | 2 +- .../threat-protection/intelligence/unwanted-software.md | 2 +- .../intelligence/virus-information-alliance-criteria.md | 2 +- .../intelligence/virus-initiative-criteria.md | 2 +- .../threat-protection/intelligence/worms-malware.md | 2 +- .../configure-md-app-guard.md | 2 +- .../faq-md-app-guard.yml | 2 +- .../install-md-app-guard.md | 2 +- .../md-app-guard-browser-extension.md | 2 +- .../md-app-guard-overview.md | 2 +- .../reqs-md-app-guard.md | 2 +- .../test-scenarios-md-app-guard.md | 2 +- .../microsoft-defender-smartscreen-available-settings.md | 2 +- .../microsoft-defender-smartscreen-overview.md | 2 +- ...icrosoft-defender-smartscreen-set-individual-device.md | 2 +- ...itigation-options-for-app-related-security-policies.md | 2 +- .../overview-of-threat-mitigations-in-windows-10.md | 2 +- ...-controlling-the-health-of-windows-10-based-devices.md | 2 +- .../threat-protection/security-compliance-toolkit-10.md | 2 +- .../access-credential-manager-as-a-trusted-caller.md | 2 +- .../access-this-computer-from-the-network.md | 2 +- .../security-policy-settings/account-lockout-duration.md | 2 +- .../security-policy-settings/account-lockout-policy.md | 2 +- .../security-policy-settings/account-lockout-threshold.md | 2 +- .../security-policy-settings/account-policies.md | 2 +- .../accounts-administrator-account-status.md | 2 +- .../accounts-block-microsoft-accounts.md | 2 +- .../accounts-guest-account-status.md | 2 +- ...ccount-use-of-blank-passwords-to-console-logon-only.md | 2 +- .../accounts-rename-administrator-account.md | 2 +- .../accounts-rename-guest-account.md | 2 +- .../act-as-part-of-the-operating-system.md | 2 +- .../add-workstations-to-domain.md | 2 +- .../adjust-memory-quotas-for-a-process.md | 2 +- .../administer-security-policy-settings.md | 2 +- .../security-policy-settings/allow-log-on-locally.md | 2 +- .../allow-log-on-through-remote-desktop-services.md | 2 +- .../audit-audit-the-access-of-global-system-objects.md | 2 +- ...audit-audit-the-use-of-backup-and-restore-privilege.md | 2 +- ...force-audit-policy-subcategory-settings-to-override.md | 2 +- .../security-policy-settings/audit-policy.md | 2 +- ...system-immediately-if-unable-to-log-security-audits.md | 2 +- .../back-up-files-and-directories.md | 2 +- .../security-policy-settings/bypass-traverse-checking.md | 2 +- .../security-policy-settings/change-the-system-time.md | 2 +- .../security-policy-settings/change-the-time-zone.md | 2 +- .../security-policy-settings/create-a-pagefile.md | 2 +- .../security-policy-settings/create-a-token-object.md | 2 +- .../security-policy-settings/create-global-objects.md | 2 +- .../create-permanent-shared-objects.md | 2 +- .../security-policy-settings/create-symbolic-links.md | 2 +- ...security-descriptor-definition-language-sddl-syntax.md | 2 +- ...security-descriptor-definition-language-sddl-syntax.md | 2 +- .../security-policy-settings/debug-programs.md | 2 +- .../deny-access-to-this-computer-from-the-network.md | 2 +- .../deny-log-on-as-a-batch-job.md | 2 +- .../security-policy-settings/deny-log-on-as-a-service.md | 2 +- .../security-policy-settings/deny-log-on-locally.md | 2 +- .../deny-log-on-through-remote-desktop-services.md | 2 +- .../devices-allow-undock-without-having-to-log-on.md | 2 +- ...devices-allowed-to-format-and-eject-removable-media.md | 2 +- ...vices-prevent-users-from-installing-printer-drivers.md | 2 +- ...strict-cd-rom-access-to-locally-logged-on-user-only.md | 2 +- ...strict-floppy-access-to-locally-logged-on-user-only.md | 2 +- ...controller-allow-server-operators-to-schedule-tasks.md | 2 +- .../domain-controller-ldap-server-signing-requirements.md | 2 +- ...-controller-refuse-machine-account-password-changes.md | 2 +- ...igitally-encrypt-or-sign-secure-channel-data-always.md | 2 +- ...digitally-encrypt-secure-channel-data-when-possible.md | 2 +- ...er-digitally-sign-secure-channel-data-when-possible.md | 2 +- ...ain-member-disable-machine-account-password-changes.md | 2 +- .../domain-member-maximum-machine-account-password-age.md | 2 +- ...er-require-strong-windows-2000-or-later-session-key.md | 2 +- ...uter-and-user-accounts-to-be-trusted-for-delegation.md | 2 +- .../security-policy-settings/enforce-password-history.md | 2 +- .../enforce-user-logon-restrictions.md | 2 +- .../force-shutdown-from-a-remote-system.md | 2 +- .../security-policy-settings/generate-security-audits.md | 2 +- .../how-to-configure-security-policy-settings.md | 2 +- .../impersonate-a-client-after-authentication.md | 2 +- .../increase-a-process-working-set.md | 2 +- .../increase-scheduling-priority.md | 2 +- ...display-user-information-when-the-session-is-locked.md | 2 +- .../interactive-logon-do-not-display-last-user-name.md | 2 +- .../interactive-logon-do-not-require-ctrl-alt-del.md | 2 +- .../interactive-logon-dont-display-username-at-sign-in.md | 2 +- ...interactive-logon-machine-account-lockout-threshold.md | 2 +- .../interactive-logon-machine-inactivity-limit.md | 2 +- ...e-logon-message-text-for-users-attempting-to-log-on.md | 2 +- ...-logon-message-title-for-users-attempting-to-log-on.md | 2 +- ...to-cache-in-case-domain-controller-is-not-available.md | 2 +- ...on-prompt-user-to-change-password-before-expiration.md | 2 +- ...ain-controller-authentication-to-unlock-workstation.md | 2 +- .../interactive-logon-require-smart-card.md | 2 +- .../interactive-logon-smart-card-removal-behavior.md | 2 +- .../security-policy-settings/kerberos-policy.md | 2 +- .../load-and-unload-device-drivers.md | 2 +- .../security-policy-settings/lock-pages-in-memory.md | 2 +- .../security-policy-settings/log-on-as-a-batch-job.md | 2 +- .../security-policy-settings/log-on-as-a-service.md | 2 +- .../manage-auditing-and-security-log.md | 2 +- .../maximum-lifetime-for-service-ticket.md | 2 +- .../maximum-lifetime-for-user-ticket-renewal.md | 2 +- .../maximum-lifetime-for-user-ticket.md | 2 +- .../security-policy-settings/maximum-password-age.md | 2 +- ...aximum-tolerance-for-computer-clock-synchronization.md | 2 +- ...network-client-digitally-sign-communications-always.md | 2 +- ...end-unencrypted-password-to-third-party-smb-servers.md | 2 +- ...unt-of-idle-time-required-before-suspending-session.md | 2 +- ...server-attempt-s4u2self-to-obtain-claim-information.md | 2 +- ...network-server-digitally-sign-communications-always.md | 2 +- ...k-server-disconnect-clients-when-logon-hours-expire.md | 2 +- ...work-server-server-spn-target-name-validation-level.md | 2 +- .../security-policy-settings/minimum-password-age.md | 2 +- .../security-policy-settings/minimum-password-length.md | 2 +- .../security-policy-settings/modify-an-object-label.md | 2 +- .../modify-firmware-environment-values.md | 2 +- .../network-access-allow-anonymous-sidname-translation.md | 2 +- ...ow-anonymous-enumeration-of-sam-accounts-and-shares.md | 2 +- ...-do-not-allow-anonymous-enumeration-of-sam-accounts.md | 2 +- ...asswords-and-credentials-for-network-authentication.md | 2 +- ...s-let-everyone-permissions-apply-to-anonymous-users.md | 2 +- ...access-named-pipes-that-can-be-accessed-anonymously.md | 2 +- ...ess-remotely-accessible-registry-paths-and-subpaths.md | 2 +- .../network-access-remotely-accessible-registry-paths.md | 2 +- ...restrict-anonymous-access-to-named-pipes-and-shares.md | 2 +- ...s-restrict-clients-allowed-to-make-remote-sam-calls.md | 2 +- ...work-access-shares-that-can-be-accessed-anonymously.md | 2 +- ...ccess-sharing-and-security-model-for-local-accounts.md | 2 +- .../network-list-manager-policies.md | 2 +- ...llow-local-system-to-use-computer-identity-for-ntlm.md | 2 +- ...rk-security-allow-localsystem-null-session-fallback.md | 2 +- ...-requests-to-this-computer-to-use-online-identities.md | 2 +- ...ity-configure-encryption-types-allowed-for-kerberos.md | 2 +- ...tore-lan-manager-hash-value-on-next-password-change.md | 2 +- ...twork-security-force-logoff-when-logon-hours-expire.md | 2 +- .../network-security-lan-manager-authentication-level.md | 2 +- .../network-security-ldap-client-signing-requirements.md | 2 +- ...ity-for-ntlm-ssp-based-including-secure-rpc-clients.md | 2 +- ...ity-for-ntlm-ssp-based-including-secure-rpc-servers.md | 2 +- ...dd-remote-server-exceptions-for-ntlm-authentication.md | 2 +- ...-restrict-ntlm-add-server-exceptions-in-this-domain.md | 2 +- ...-security-restrict-ntlm-audit-incoming-ntlm-traffic.md | 2 +- ...trict-ntlm-audit-ntlm-authentication-in-this-domain.md | 2 +- ...etwork-security-restrict-ntlm-incoming-ntlm-traffic.md | 2 +- ...ty-restrict-ntlm-ntlm-authentication-in-this-domain.md | 2 +- ...strict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md | 2 +- .../password-must-meet-complexity-requirements.md | 2 +- .../security-policy-settings/password-policy.md | 2 +- .../perform-volume-maintenance-tasks.md | 2 +- .../security-policy-settings/profile-single-process.md | 2 +- .../profile-system-performance.md | 2 +- ...covery-console-allow-automatic-administrative-logon.md | 2 +- ...ow-floppy-copy-and-access-to-all-drives-and-folders.md | 2 +- .../remove-computer-from-docking-station.md | 2 +- .../replace-a-process-level-token.md | 2 +- .../reset-account-lockout-counter-after.md | 2 +- .../restore-files-and-directories.md | 2 +- .../secpol-advanced-security-audit-policy-settings.md | 2 +- .../security-policy-settings/security-options.md | 2 +- .../security-policy-settings-reference.md | 2 +- .../security-policy-settings/security-policy-settings.md | 2 +- .../security-policy-settings/shut-down-the-system.md | 2 +- ...low-system-to-be-shut-down-without-having-to-log-on.md | 2 +- .../shutdown-clear-virtual-memory-pagefile.md | 2 +- ...network-client-digitally-sign-communications-always.md | 2 +- ...ient-digitally-sign-communications-if-server-agrees.md | 2 +- ...network-server-digitally-sign-communications-always.md | 2 +- ...rver-digitally-sign-communications-if-client-agrees.md | 2 +- .../store-passwords-using-reversible-encryption.md | 2 +- .../synchronize-directory-service-data.md | 2 +- ...key-protection-for-user-keys-stored-on-the-computer.md | 2 +- ...liant-algorithms-for-encryption-hashing-and-signing.md | 2 +- ...quire-case-insensitivity-for-non-windows-subsystems.md | 2 +- ...then-default-permissions-of-internal-system-objects.md | 2 +- .../system-settings-optional-subsystems.md | 2 +- ...ndows-executables-for-software-restriction-policies.md | 2 +- .../take-ownership-of-files-or-other-objects.md | 2 +- ...pproval-mode-for-the-built-in-administrator-account.md | 2 +- ...ompt-for-elevation-without-using-the-secure-desktop.md | 2 +- ...on-prompt-for-administrators-in-admin-approval-mode.md | 2 +- ...behavior-of-the-elevation-prompt-for-standard-users.md | 2 +- ...-application-installations-and-prompt-for-elevation.md | 2 +- ...y-elevate-executables-that-are-signed-and-validated.md | 2 +- ...applications-that-are-installed-in-secure-locations.md | 2 +- ...ntrol-run-all-administrators-in-admin-approval-mode.md | 2 +- ...-to-the-secure-desktop-when-prompting-for-elevation.md | 2 +- ...e-and-registry-write-failures-to-per-user-locations.md | 2 +- .../security-policy-settings/user-rights-assignment.md | 2 +- ...s-event-forwarding-to-assist-in-intrusion-detection.md | 2 +- .../threat-protection/windows-10-mobile-security-guide.md | 2 +- .../LOB-win32-apps-on-s.md | 2 +- ...tion-in-windows-defender-application-control-policy.md | 2 +- ...es-for-packaged-apps-to-existing-applocker-rule-set.md | 2 +- .../applocker/administer-applocker.md | 2 +- .../applocker/applocker-architecture-and-components.md | 2 +- .../applocker/applocker-functions.md | 2 +- .../applocker/applocker-overview.md | 2 +- .../applocker/applocker-policies-deployment-guide.md | 2 +- .../applocker/applocker-policies-design-guide.md | 2 +- .../applocker/applocker-policy-use-scenarios.md | 2 +- .../applocker/applocker-processes-and-interactions.md | 2 +- .../applocker/applocker-settings.md | 2 +- .../applocker/applocker-technical-reference.md | 2 +- .../configure-an-applocker-policy-for-audit-only.md | 2 +- .../configure-an-applocker-policy-for-enforce-rules.md | 2 +- .../configure-exceptions-for-an-applocker-rule.md | 2 +- .../applocker/configure-the-appLocker-reference-device.md | 2 +- .../configure-the-application-identity-service.md | 2 +- .../applocker/create-a-rule-for-packaged-apps.md | 2 +- .../create-a-rule-that-uses-a-file-hash-condition.md | 2 +- .../applocker/create-a-rule-that-uses-a-path-condition.md | 2 +- .../create-a-rule-that-uses-a-publisher-condition.md | 2 +- .../applocker/create-applocker-default-rules.md | 2 +- ...ist-of-applications-deployed-to-each-business-group.md | 2 +- .../applocker/create-your-applocker-policies.md | 2 +- .../applocker/create-your-applocker-rules.md | 2 +- .../applocker/delete-an-applocker-rule.md | 2 +- ...plocker-policies-by-using-the-enforce-rules-setting.md | 2 +- .../deploy-the-applocker-policy-into-production.md | 2 +- ...termine-group-policy-structure-and-rule-enforcement.md | 2 +- ...ations-are-digitally-signed-on-a-reference-computer.md | 2 +- .../determine-your-application-control-objectives.md | 2 +- ...message-when-users-try-to-run-a-blocked-application.md | 2 +- .../applocker/dll-rules-in-applocker.md | 2 +- ...oup-policy-structure-and-applocker-rule-enforcement.md | 2 +- .../applocker/document-your-application-list.md | 2 +- .../applocker/document-your-applocker-rules.md | 2 +- .../applocker/edit-an-applocker-policy.md | 2 +- .../applocker/edit-applocker-rules.md | 2 +- .../applocker/enable-the-dll-rule-collection.md | 2 +- .../applocker/enforce-applocker-rules.md | 2 +- .../applocker/executable-rules-in-applocker.md | 2 +- .../applocker/export-an-applocker-policy-from-a-gpo.md | 2 +- .../export-an-applocker-policy-to-an-xml-file.md | 2 +- .../applocker/how-applocker-works-techref.md | 2 +- .../import-an-applocker-policy-from-another-computer.md | 2 +- .../applocker/import-an-applocker-policy-into-a-gpo.md | 2 +- .../applocker/maintain-applocker-policies.md | 2 +- .../applocker/manage-packaged-apps-with-applocker.md | 2 +- ...rge-applocker-policies-by-using-set-applockerpolicy.md | 2 +- .../applocker/merge-applocker-policies-manually.md | 2 +- .../applocker/monitor-application-usage-with-applocker.md | 2 +- .../applocker/optimize-applocker-performance.md | 2 +- ...-apps-and-packaged-app-installer-rules-in-applocker.md | 2 +- .../applocker/plan-for-applocker-policy-management.md | 2 +- .../applocker/refresh-an-applocker-policy.md | 2 +- .../requirements-for-deploying-applocker-policies.md | 2 +- .../applocker/requirements-to-use-applocker.md | 2 +- .../run-the-automatically-generate-rules-wizard.md | 2 +- .../applocker/script-rules-in-applocker.md | 2 +- .../applocker/security-considerations-for-applocker.md | 2 +- .../applocker/select-types-of-rules-to-create.md | 2 +- ...t-an-applocker-policy-by-using-test-applockerpolicy.md | 2 +- .../applocker/test-and-update-an-applocker-policy.md | 2 +- .../applocker/tools-to-use-with-applocker.md | 2 +- .../understand-applocker-enforcement-settings.md | 2 +- .../understand-applocker-policy-design-decisions.md | 2 +- ...and-enforcement-setting-inheritance-in-group-policy.md | 2 +- .../understand-the-applocker-policy-deployment-process.md | 2 +- ...rstanding-applocker-allow-and-deny-actions-on-rules.md | 2 +- .../applocker/understanding-applocker-default-rules.md | 2 +- .../applocker/understanding-applocker-rule-behavior.md | 2 +- .../applocker/understanding-applocker-rule-collections.md | 2 +- .../understanding-applocker-rule-condition-types.md | 2 +- .../applocker/understanding-applocker-rule-exceptions.md | 2 +- ...rstanding-the-file-hash-rule-condition-in-applocker.md | 2 +- .../understanding-the-path-rule-condition-in-applocker.md | 2 +- ...rstanding-the-publisher-rule-condition-in-applocker.md | 2 +- ...-computer-to-create-and-maintain-applocker-policies.md | 2 +- ...nd-software-restriction-policies-in-the-same-domain.md | 2 +- .../use-the-applocker-windows-powershell-cmdlets.md | 2 +- .../applocker/using-event-viewer-with-applocker.md | 2 +- ...oftware-restriction-policies-and-applocker-policies.md | 2 +- .../applocker/what-is-applocker.md | 2 +- .../applocker/windows-installer-rules-in-applocker.md | 2 +- .../applocker/working-with-applocker-policies.md | 2 +- .../applocker/working-with-applocker-rules.md | 2 +- ...force-windows-defender-application-control-policies.md | 2 +- ...audit-windows-defender-application-control-policies.md | 2 +- ...e-authorized-apps-deployed-with-a-managed-installer.md | 2 +- .../configure-wdac-managed-installer.md | 2 +- ...gning-cert-for-windows-defender-application-control.md | 2 +- .../create-initial-default-policy.md | 2 +- .../create-wdac-policy-for-fully-managed-devices.md | 2 +- .../create-wdac-policy-for-lightly-managed-devices.md | 2 +- ...les-to-support-windows-defender-application-control.md | 2 +- ...tiple-windows-defender-application-control-policies.md | 2 +- ...der-application-control-policies-using-group-policy.md | 2 +- ...-defender-application-control-policies-using-intune.md | 2 +- .../deployment/deploy-wdac-policies-with-memcm.md | 2 +- .../deployment/deploy-wdac-policies-with-script.md | 2 +- ...sable-windows-defender-application-control-policies.md | 2 +- ...force-windows-defender-application-control-policies.md | 2 +- .../event-id-explanations.md | 2 +- .../event-tag-explanations.md | 2 +- .../example-wdac-base-policies.md | 2 +- .../feature-availability.md | 2 +- ...aged-apps-with-windows-defender-application-control.md | 2 +- ...merge-windows-defender-application-control-policies.md | 2 +- .../microsoft-recommended-block-rules.md | 2 +- .../operations/known-issues.md | 2 +- ...lan-windows-defender-application-control-management.md | 2 +- ...ion-control-events-centrally-using-advanced-hunting.md | 2 +- .../select-types-of-rules-to-create.md | 2 +- .../types-of-devices.md | 2 +- ...efender-application-control-policy-design-decisions.md | 2 +- ...pplication-control-for-classic-windows-applications.md | 2 +- ...uard-signing-portal-in-microsoft-store-for-business.md | 2 +- ...dows-defender-application-control-against-tampering.md | 2 +- ...cy-to-control-specific-plug-ins-add-ins-and-modules.md | 2 +- ...nder-application-control-with-dynamic-code-security.md | 2 +- ...application-control-with-intelligent-security-graph.md | 2 +- .../wdac-and-applocker-overview.md | 2 +- .../wdac-wizard-create-base-policy.md | 2 +- .../wdac-wizard-create-supplemental-policy.md | 2 +- .../wdac-wizard-editing-policy.md | 2 +- .../wdac-wizard-merging-policies.md | 2 +- .../windows-defender-application-control/wdac-wizard.md | 2 +- ...ndows-defender-application-control-deployment-guide.md | 2 +- .../windows-defender-application-control-design-guide.md | 2 +- ...dows-defender-application-control-operational-guide.md | 2 +- .../windows-defender-application-control.md | 2 +- .../wdsc-windows-10-in-s-mode.md | 2 +- ...-hardware-based-root-of-trust-helps-protect-windows.md | 2 +- .../system-guard-secure-launch-and-smm-protection.md | 2 +- ...oduction-devices-to-the-membership-group-for-a-zone.md | 2 +- ...add-test-devices-to-the-membership-group-for-a-zone.md | 2 +- ...-gpo-template-files-for-settings-used-in-this-guide.md | 2 +- .../assign-security-group-filters-to-the-gpo.md | 2 +- .../windows-firewall/basic-firewall-policy-design.md | 2 +- .../windows-firewall/best-practices-configuring.md | 2 +- .../windows-firewall/boundary-zone-gpos.md | 2 +- .../threat-protection/windows-firewall/boundary-zone.md | 2 +- .../certificate-based-isolation-policy-design-example.md | 2 +- .../certificate-based-isolation-policy-design.md | 2 +- .../change-rules-from-request-to-require-mode.md | 2 +- .../checklist-configuring-basic-firewall-settings.md | 2 +- ...klist-configuring-rules-for-an-isolated-server-zone.md | 2 +- ...es-for-servers-in-a-standalone-isolated-server-zone.md | 2 +- .../checklist-configuring-rules-for-the-boundary-zone.md | 2 +- ...checklist-configuring-rules-for-the-encryption-zone.md | 2 +- ...checklist-configuring-rules-for-the-isolated-domain.md | 2 +- .../checklist-creating-group-policy-objects.md | 2 +- .../checklist-creating-inbound-firewall-rules.md | 2 +- .../checklist-creating-outbound-firewall-rules.md | 2 +- ...es-for-clients-of-a-standalone-isolated-server-zone.md | 2 +- ...ecklist-implementing-a-basic-firewall-policy-design.md | 2 +- ...menting-a-certificate-based-isolation-policy-design.md | 2 +- ...klist-implementing-a-domain-isolation-policy-design.md | 2 +- ...menting-a-standalone-server-isolation-policy-design.md | 2 +- .../windows-firewall/configure-authentication-methods.md | 2 +- .../configure-data-protection-quick-mode-settings.md | 2 +- ...-group-policy-to-autoenroll-and-deploy-certificates.md | 2 +- .../configure-key-exchange-main-mode-settings.md | 2 +- .../configure-the-rules-to-require-encryption.md | 2 +- .../configure-the-windows-firewall-log.md | 2 +- ...the-workstation-authentication-certificate-template.md | 2 +- ...to-suppress-notifications-when-a-program-is-blocked.md | 2 +- .../confirm-that-certificates-are-deployed-correctly.md | 2 +- .../windows-firewall/copy-a-gpo-to-create-a-new-gpo.md | 2 +- .../create-a-group-account-in-active-directory.md | 2 +- .../windows-firewall/create-a-group-policy-object.md | 2 +- .../create-an-authentication-exemption-list-rule.md | 2 +- .../create-an-authentication-request-rule.md | 2 +- .../windows-firewall/create-an-inbound-icmp-rule.md | 2 +- .../windows-firewall/create-an-inbound-port-rule.md | 2 +- .../create-an-inbound-program-or-service-rule.md | 2 +- .../windows-firewall/create-an-outbound-port-rule.md | 2 +- .../create-an-outbound-program-or-service-rule.md | 2 +- .../create-inbound-rules-to-support-rpc.md | 2 +- .../create-windows-firewall-rules-in-intune.md | 2 +- .../windows-firewall/create-wmi-filters-for-the-gpo.md | 2 +- ...-a-windows-firewall-with-advanced-security-strategy.md | 2 +- .../determining-the-trusted-state-of-your-devices.md | 2 +- .../windows-firewall/documenting-the-zones.md | 2 +- .../domain-isolation-policy-design-example.md | 2 +- .../windows-firewall/domain-isolation-policy-design.md | 2 +- .../windows-firewall/enable-predefined-inbound-rules.md | 2 +- .../windows-firewall/enable-predefined-outbound-rules.md | 2 +- .../windows-firewall/encryption-zone-gpos.md | 2 +- .../threat-protection/windows-firewall/encryption-zone.md | 2 +- ...ows-firewall-with-advanced-security-design-examples.md | 2 +- .../windows-firewall/exempt-icmp-from-authentication.md | 2 +- .../threat-protection/windows-firewall/exemption-list.md | 2 +- .../windows-firewall/filter-origin-documentation.md | 2 +- .../threat-protection/windows-firewall/firewall-gpos.md | 2 +- .../windows-firewall/firewall-policy-design-example.md | 2 +- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 2 +- ...-information-about-your-active-directory-deployment.md | 2 +- ...formation-about-your-current-network-infrastructure.md | 2 +- .../gathering-information-about-your-devices.md | 2 +- .../gathering-other-relevant-information.md | 2 +- .../gathering-the-information-you-need.md | 2 +- .../windows-firewall/gpo-domiso-boundary.md | 2 +- .../windows-firewall/gpo-domiso-encryption.md | 2 +- .../windows-firewall/gpo-domiso-firewall.md | 2 +- .../windows-firewall/gpo-domiso-isolateddomain-clients.md | 2 +- .../windows-firewall/gpo-domiso-isolateddomain-servers.md | 2 +- ...ws-firewall-with-advanced-security-deployment-goals.md | 2 +- ...windows-firewall-with-advanced-security-design-plan.md | 2 +- .../windows-firewall/isolated-domain-gpos.md | 2 +- .../threat-protection/windows-firewall/isolated-domain.md | 2 +- .../windows-firewall/isolating-apps-on-your-network.md | 2 +- .../windows-firewall/link-the-gpo-to-the-domain.md | 2 +- ...to-a-windows-firewall-with-advanced-security-design.md | 2 +- ...-to-apply-to-a-different-zone-or-version-of-windows.md | 2 +- ...p-policy-management-console-to-ip-security-policies.md | 2 +- ...-console-to-windows-firewall-with-advanced-security.md | 2 +- ...group-policy-management-console-to-windows-firewall.md | 2 +- .../open-windows-firewall-with-advanced-security.md | 2 +- .../planning-certificate-based-authentication.md | 2 +- .../windows-firewall/planning-domain-isolation-zones.md | 2 +- .../windows-firewall/planning-gpo-deployment.md | 2 +- ...ng-group-policy-deployment-for-your-isolation-zones.md | 2 +- .../planning-isolation-groups-for-the-zones.md | 2 +- .../windows-firewall/planning-network-access-groups.md | 2 +- .../windows-firewall/planning-server-isolation-zones.md | 2 +- .../planning-settings-for-a-basic-firewall-policy.md | 2 +- .../windows-firewall/planning-the-gpos.md | 2 +- ...g-to-deploy-windows-firewall-with-advanced-security.md | 2 +- ...your-windows-firewall-with-advanced-security-design.md | 2 +- .../windows-firewall/procedures-used-in-this-guide.md | 2 +- .../protect-devices-from-unwanted-network-traffic.md | 2 +- .../threat-protection/windows-firewall/quarantine.md | 2 +- ...cryption-when-accessing-sensitive-network-resources.md | 2 +- .../restrict-access-to-only-specified-users-or-devices.md | 2 +- .../restrict-access-to-only-trusted-devices.md | 2 +- .../restrict-server-access-to-members-of-a-group-only.md | 2 +- ...ecuring-end-to-end-ipsec-connections-by-using-ikev2.md | 2 +- .../windows-firewall/server-isolation-gpos.md | 2 +- .../server-isolation-policy-design-example.md | 2 +- .../windows-firewall/server-isolation-policy-design.md | 2 +- .../windows-firewall/troubleshooting-uwp-firewall.md | 2 +- ...-on-windows-firewall-and-configure-default-behavior.md | 2 +- ...dows-firewall-with-advanced-security-design-process.md | 2 +- .../verify-that-network-traffic-is-authenticated.md | 2 +- ...ced-security-administration-with-windows-powershell.md | 2 +- ...ws-firewall-with-advanced-security-deployment-guide.md | 2 +- ...indows-firewall-with-advanced-security-design-guide.md | 2 +- .../windows-firewall-with-advanced-security.md | 2 +- .../threat-protection/windows-platform-common-criteria.md | 2 +- .../windows-sandbox/windows-sandbox-architecture.md | 2 +- .../windows-sandbox-configure-using-wsb-file.md | 2 +- .../windows-sandbox/windows-sandbox-overview.md | 2 +- .../get-support-for-security-baselines.md | 2 +- .../security-compliance-toolkit-10.md | 2 +- .../windows-security-baselines.md | 2 +- 810 files changed, 817 insertions(+), 809 deletions(-) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000000..ed9462b7e6 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,8 @@ +{ + "markdownlint.config": { + "MD028": false, + "MD025": { + "front_matter_title": "" + } + } +} \ No newline at end of file diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index f45d596295..1cb4f72589 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Advanced security audit policy settings diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index 92cfb0b820..a3f1fdac56 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -16,7 +16,7 @@ metadata: ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 - ms.technology: mde + ms.technology: windows-sec title: Advanced security auditing FAQ diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md index 2e9d3a84f1..0b3fae0f35 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/6/2021 -ms.technology: mde +ms.technology: windows-sec --- # Advanced security audit policies diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md index d092d91f72..fe2879fa16 100644 --- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md +++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md @@ -11,7 +11,7 @@ ms.date: 09/06/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Appendix A: Security monitoring recommendations for many audit events diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index 331e40c490..4deca9cd3b 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Apply a basic audit policy on a file or folder diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md index 4837398076..2f8d75b174 100644 --- a/windows/security/threat-protection/auditing/audit-account-lockout.md +++ b/windows/security/threat-protection/auditing/audit-account-lockout.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Account Lockout diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md index c2f603a680..f778de2af2 100644 --- a/windows/security/threat-protection/auditing/audit-application-generated.md +++ b/windows/security/threat-protection/auditing/audit-application-generated.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Application Generated diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md index 7fefa5c73c..3cb78ff1b1 100644 --- a/windows/security/threat-protection/auditing/audit-application-group-management.md +++ b/windows/security/threat-protection/auditing/audit-application-group-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Application Group Management diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md index 3828ec83b4..ae75fb4fef 100644 --- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Audit Policy Change diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md index 07e3af496b..68c6747f77 100644 --- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Authentication Policy Change diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md index 20750fbbe9..03111b60f9 100644 --- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Authorization Policy Change diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md index ed8737a5d1..a877583e94 100644 --- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md +++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Central Access Policy Staging diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md index 655f1fbbbc..5c5e3cfccd 100644 --- a/windows/security/threat-protection/auditing/audit-certification-services.md +++ b/windows/security/threat-protection/auditing/audit-certification-services.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Certification Services diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md index 1a3c91c1a9..c544d87734 100644 --- a/windows/security/threat-protection/auditing/audit-computer-account-management.md +++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Computer Account Management diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md index 4bde8f1ddb..ad726d2c61 100644 --- a/windows/security/threat-protection/auditing/audit-credential-validation.md +++ b/windows/security/threat-protection/auditing/audit-credential-validation.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Credential Validation diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md index 593eb8718d..9af371fb40 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Detailed Directory Service Replication diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md index 92b53125a2..15e15c2540 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md +++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Detailed File Share diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md index bceb0bc1d1..927eb3b00a 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Directory Service Access diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md index a2290c487c..c012915713 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Directory Service Changes diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md index 8bbcc73020..f745f49759 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Directory Service Replication diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md index 18f52d6dea..8317bd58a5 100644 --- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md +++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Distribution Group Management diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md index ce489d62ac..ec0e0c8843 100644 --- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md +++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit DPAPI Activity diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md index 97c2332179..7d9f3c613e 100644 --- a/windows/security/threat-protection/auditing/audit-file-share.md +++ b/windows/security/threat-protection/auditing/audit-file-share.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit File Share diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md index 17787cf470..1d2aa49bd8 100644 --- a/windows/security/threat-protection/auditing/audit-file-system.md +++ b/windows/security/threat-protection/auditing/audit-file-system.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit File System diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md index 7e0478f79f..16b00b3889 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Filtering Platform Connection diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md index dae76cc66f..40a667e051 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Filtering Platform Packet Drop diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md index 8a77aee208..ffefdd58cb 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Filtering Platform Policy Change diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md index 904bc669cb..97bb5b57e1 100644 --- a/windows/security/threat-protection/auditing/audit-group-membership.md +++ b/windows/security/threat-protection/auditing/audit-group-membership.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Group Membership diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md index 1003455f12..b64ddae053 100644 --- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md +++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Handle Manipulation diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md index 108d9f2155..1cdb6f9140 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit IPsec Driver diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md index 502f29b57d..7e372d5a0e 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit IPsec Extended Mode diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md index c3f71a182d..675299ef05 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit IPsec Main Mode diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md index 0424935c98..982e294c4c 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit IPsec Quick Mode diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md index ac184cba5f..c4245be658 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Kerberos Authentication Service diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md index 788a0eccd6..71f4e995c9 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Kerberos Service Ticket Operations diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md index f0329f57a4..7262c46dd7 100644 --- a/windows/security/threat-protection/auditing/audit-kernel-object.md +++ b/windows/security/threat-protection/auditing/audit-kernel-object.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Kernel Object diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md index eadeed6ed8..92a4bed8a5 100644 --- a/windows/security/threat-protection/auditing/audit-logoff.md +++ b/windows/security/threat-protection/auditing/audit-logoff.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Logoff diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md index b6b71c23f6..f3450fc499 100644 --- a/windows/security/threat-protection/auditing/audit-logon.md +++ b/windows/security/threat-protection/auditing/audit-logon.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Logon diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md index ff61afa77f..aac15f25fa 100644 --- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit MPSSVC Rule-Level Policy Change diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md index 016e6d53d7..97911ece3f 100644 --- a/windows/security/threat-protection/auditing/audit-network-policy-server.md +++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Network Policy Server diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md index 7ef4be2fc3..67ef50a903 100644 --- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Non-Sensitive Privilege Use diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md index 774bedd202..fa4413dbb7 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other Account Logon Events diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md index bab6689283..dfa2678034 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other Account Management Events diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md index 032d65589e..9314db237d 100644 --- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md +++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other Logon/Logoff Events diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md index 1a82bd54e1..9131eff82e 100644 --- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md +++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other Object Access Events diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md index 61ed449132..9119efbc58 100644 --- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md +++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other Policy Change Events diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md index ed0e6fde50..46f053cae3 100644 --- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md +++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other Privilege Use Events diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md index 8762fb22fc..5d7042e1dc 100644 --- a/windows/security/threat-protection/auditing/audit-other-system-events.md +++ b/windows/security/threat-protection/auditing/audit-other-system-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other System Events diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md index 23779f6a95..fa29bfac6d 100644 --- a/windows/security/threat-protection/auditing/audit-pnp-activity.md +++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit PNP Activity diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md index 1e0c857ede..b61b00d478 100644 --- a/windows/security/threat-protection/auditing/audit-process-creation.md +++ b/windows/security/threat-protection/auditing/audit-process-creation.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Process Creation diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md index 7206647a67..72e92a74e0 100644 --- a/windows/security/threat-protection/auditing/audit-process-termination.md +++ b/windows/security/threat-protection/auditing/audit-process-termination.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Process Termination diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index b942488455..3c6407d9f5 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Registry diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md index 9a0d27b1c2..1b527f37be 100644 --- a/windows/security/threat-protection/auditing/audit-removable-storage.md +++ b/windows/security/threat-protection/auditing/audit-removable-storage.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Removable Storage diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md index 6be5c9a222..087ff6ed52 100644 --- a/windows/security/threat-protection/auditing/audit-rpc-events.md +++ b/windows/security/threat-protection/auditing/audit-rpc-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit RPC Events diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md index 020c87b6c0..df74e9eb71 100644 --- a/windows/security/threat-protection/auditing/audit-sam.md +++ b/windows/security/threat-protection/auditing/audit-sam.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit SAM diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index 045ce6d2cd..db3bc5689b 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Security Group Management diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md index 81d52226a4..88a21e9a8b 100644 --- a/windows/security/threat-protection/auditing/audit-security-state-change.md +++ b/windows/security/threat-protection/auditing/audit-security-state-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Security State Change diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md index 06a62bc211..057d504bc1 100644 --- a/windows/security/threat-protection/auditing/audit-security-system-extension.md +++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Security System Extension diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md index d2929dbc8b..e54927afd1 100644 --- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Sensitive Privilege Use diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md index a2c7e6fe4c..7cf389f177 100644 --- a/windows/security/threat-protection/auditing/audit-special-logon.md +++ b/windows/security/threat-protection/auditing/audit-special-logon.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Special Logon diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md index d88432587a..e4b357fa00 100644 --- a/windows/security/threat-protection/auditing/audit-system-integrity.md +++ b/windows/security/threat-protection/auditing/audit-system-integrity.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit System Integrity diff --git a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md index 51362e65a8..3d85c00f81 100644 --- a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md +++ b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md @@ -6,7 +6,7 @@ author: dansimp ms.author: dansimp ms.pagetype: security ms.prod: m365-security -ms.technology: mde +ms.technology: windows-sec --- # Audit Token Right Adjusted diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md index 97b551d31a..e958273064 100644 --- a/windows/security/threat-protection/auditing/audit-user-account-management.md +++ b/windows/security/threat-protection/auditing/audit-user-account-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit User Account Management diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md index f5b3b71fa8..9b92a3022e 100644 --- a/windows/security/threat-protection/auditing/audit-user-device-claims.md +++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit User/Device Claims diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md index 9e83b22f8e..e8f37ef2fc 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit account logon events diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md index e438366e30..1656e7f0eb 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-management.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit account management diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md index fb18731a64..37ea6c6cb7 100644 --- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit directory service access diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md index 569a8335dd..01b1068234 100644 --- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit logon events diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md index 3cc432b64b..713700f0c2 100644 --- a/windows/security/threat-protection/auditing/basic-audit-object-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit object access diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md index 3e7cc6a8ea..ab4eb9ba52 100644 --- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit policy change diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md index ff6e5dff98..9949cfab8d 100644 --- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md +++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit privilege use diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md index a7f08b9c20..a1234e42c5 100644 --- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md +++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit process tracking diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md index 4201c2447f..0f97e6acd1 100644 --- a/windows/security/threat-protection/auditing/basic-audit-system-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit system events diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md index 012b98550f..252459caae 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Basic security audit policies diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md index 0b56e07522..37f8dddc0f 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Basic security audit policy settings diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md index 054ff9b595..45befb2420 100644 --- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md +++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create a basic audit policy for an event category diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md index c8ac91b393..1a67e3d958 100644 --- a/windows/security/threat-protection/auditing/event-1100.md +++ b/windows/security/threat-protection/auditing/event-1100.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 1100(S): The event logging service has shut down. diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md index 02ac9384e5..51ff35f0c9 100644 --- a/windows/security/threat-protection/auditing/event-1102.md +++ b/windows/security/threat-protection/auditing/event-1102.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 1102(S): The audit log was cleared. diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md index 0c5e2917af..53c67d234b 100644 --- a/windows/security/threat-protection/auditing/event-1104.md +++ b/windows/security/threat-protection/auditing/event-1104.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 1104(S): The security log is now full. diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md index 1aeaa58c8e..ae939ee4ca 100644 --- a/windows/security/threat-protection/auditing/event-1105.md +++ b/windows/security/threat-protection/auditing/event-1105.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 1105(S): Event log automatic backup diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md index 1a7f0cbd1e..7e9e4a1dd4 100644 --- a/windows/security/threat-protection/auditing/event-1108.md +++ b/windows/security/threat-protection/auditing/event-1108.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 1108(S): The event logging service encountered an error while processing an incoming event published from %1. diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md index 255036037d..955c45883a 100644 --- a/windows/security/threat-protection/auditing/event-4608.md +++ b/windows/security/threat-protection/auditing/event-4608.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4608(S): Windows is starting up. diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md index 2249612819..4248720724 100644 --- a/windows/security/threat-protection/auditing/event-4610.md +++ b/windows/security/threat-protection/auditing/event-4610.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4610(S): An authentication package has been loaded by the Local Security Authority. diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md index b4ce0a9d8d..fe6ba0faa7 100644 --- a/windows/security/threat-protection/auditing/event-4611.md +++ b/windows/security/threat-protection/auditing/event-4611.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4611(S): A trusted logon process has been registered with the Local Security Authority. diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md index aa8b9ecc61..151c9f9d71 100644 --- a/windows/security/threat-protection/auditing/event-4612.md +++ b/windows/security/threat-protection/auditing/event-4612.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md index 959ef959e9..9b4a55bf5e 100644 --- a/windows/security/threat-protection/auditing/event-4614.md +++ b/windows/security/threat-protection/auditing/event-4614.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4614(S): A notification package has been loaded by the Security Account Manager. diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md index 82dbd7d648..ffcc91a1f2 100644 --- a/windows/security/threat-protection/auditing/event-4615.md +++ b/windows/security/threat-protection/auditing/event-4615.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4615(S): Invalid use of LPC port. diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index 2fc4b43b2c..4e13fb8824 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4616(S): The system time was changed. diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md index baa0727774..f67334d36a 100644 --- a/windows/security/threat-protection/auditing/event-4618.md +++ b/windows/security/threat-protection/auditing/event-4618.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4618(S): A monitored security event pattern has occurred. diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md index d3475dbb08..e4188be9df 100644 --- a/windows/security/threat-protection/auditing/event-4621.md +++ b/windows/security/threat-protection/auditing/event-4621.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4621(S): Administrator recovered system from CrashOnAuditFail. diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md index 5404c4491b..150ef448af 100644 --- a/windows/security/threat-protection/auditing/event-4622.md +++ b/windows/security/threat-protection/auditing/event-4622.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4622(S): A security package has been loaded by the Local Security Authority. diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index 6a36fda6d7..985c5b0e59 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4624(S): An account was successfully logged on. diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index ec92960ecc..380cc917cd 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4625(F): An account failed to log on. diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md index 1aba2f1f3b..be7bf13b02 100644 --- a/windows/security/threat-protection/auditing/event-4626.md +++ b/windows/security/threat-protection/auditing/event-4626.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4626(S): User/Device claims information. diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md index 8ad79efcb2..b484de7d2d 100644 --- a/windows/security/threat-protection/auditing/event-4627.md +++ b/windows/security/threat-protection/auditing/event-4627.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4627(S): Group membership information. diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md index 16bf3e049d..71887eccc4 100644 --- a/windows/security/threat-protection/auditing/event-4634.md +++ b/windows/security/threat-protection/auditing/event-4634.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4634(S): An account was logged off. diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md index 01428dba45..b30de5ea3f 100644 --- a/windows/security/threat-protection/auditing/event-4647.md +++ b/windows/security/threat-protection/auditing/event-4647.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4647(S): User initiated logoff. diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md index 8d81d41573..7f4517f3d0 100644 --- a/windows/security/threat-protection/auditing/event-4648.md +++ b/windows/security/threat-protection/auditing/event-4648.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4648(S): A logon was attempted using explicit credentials. diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md index 75f1bf3c96..f3b32117be 100644 --- a/windows/security/threat-protection/auditing/event-4649.md +++ b/windows/security/threat-protection/auditing/event-4649.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4649(S): A replay attack was detected. diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md index 7aee847e93..4da92be0ed 100644 --- a/windows/security/threat-protection/auditing/event-4656.md +++ b/windows/security/threat-protection/auditing/event-4656.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4656(S, F): A handle to an object was requested. diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md index 39cb4e6052..9e788eb845 100644 --- a/windows/security/threat-protection/auditing/event-4657.md +++ b/windows/security/threat-protection/auditing/event-4657.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4657(S): A registry value was modified. diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md index 0acb8a0b2f..8f88502248 100644 --- a/windows/security/threat-protection/auditing/event-4658.md +++ b/windows/security/threat-protection/auditing/event-4658.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4658(S): The handle to an object was closed. diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md index 871435d568..0be89f17f1 100644 --- a/windows/security/threat-protection/auditing/event-4660.md +++ b/windows/security/threat-protection/auditing/event-4660.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4660(S): An object was deleted. diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md index 77da9a1780..2485aae2b6 100644 --- a/windows/security/threat-protection/auditing/event-4661.md +++ b/windows/security/threat-protection/auditing/event-4661.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4661(S, F): A handle to an object was requested. diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md index 7950f49912..5e9f6832a9 100644 --- a/windows/security/threat-protection/auditing/event-4662.md +++ b/windows/security/threat-protection/auditing/event-4662.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4662(S, F): An operation was performed on an object. diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md index d85a14bddf..8001bded3b 100644 --- a/windows/security/threat-protection/auditing/event-4663.md +++ b/windows/security/threat-protection/auditing/event-4663.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4663(S): An attempt was made to access an object. diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md index 36c3d8aa08..e998b508ce 100644 --- a/windows/security/threat-protection/auditing/event-4664.md +++ b/windows/security/threat-protection/auditing/event-4664.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4664(S): An attempt was made to create a hard link. diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md index 0f070cd8f8..059fde7e55 100644 --- a/windows/security/threat-protection/auditing/event-4670.md +++ b/windows/security/threat-protection/auditing/event-4670.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4670(S): Permissions on an object were changed. diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md index cc53508b8f..c1374cae22 100644 --- a/windows/security/threat-protection/auditing/event-4671.md +++ b/windows/security/threat-protection/auditing/event-4671.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4671(-): An application attempted to access a blocked ordinal through the TBS. diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md index 3e563025ba..af47315a26 100644 --- a/windows/security/threat-protection/auditing/event-4672.md +++ b/windows/security/threat-protection/auditing/event-4672.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4672(S): Special privileges assigned to new logon. diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md index 82e7ac1332..6252059b6d 100644 --- a/windows/security/threat-protection/auditing/event-4673.md +++ b/windows/security/threat-protection/auditing/event-4673.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4673(S, F): A privileged service was called. diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md index 7a4b1a3654..9f1b9914da 100644 --- a/windows/security/threat-protection/auditing/event-4674.md +++ b/windows/security/threat-protection/auditing/event-4674.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4674(S, F): An operation was attempted on a privileged object. diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md index f2a5d0c97e..47a81b9444 100644 --- a/windows/security/threat-protection/auditing/event-4675.md +++ b/windows/security/threat-protection/auditing/event-4675.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4675(S): SIDs were filtered. diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index 12b9206a7f..fd44f24170 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4688(S): A new process has been created. diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md index 49ec3f5924..74412386d9 100644 --- a/windows/security/threat-protection/auditing/event-4689.md +++ b/windows/security/threat-protection/auditing/event-4689.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4689(S): A process has exited. diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md index 14d2dcb02d..f588b637ce 100644 --- a/windows/security/threat-protection/auditing/event-4690.md +++ b/windows/security/threat-protection/auditing/event-4690.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4690(S): An attempt was made to duplicate a handle to an object. diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md index 30a869d7fc..45e0209fc6 100644 --- a/windows/security/threat-protection/auditing/event-4691.md +++ b/windows/security/threat-protection/auditing/event-4691.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4691(S): Indirect access to an object was requested. diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md index 7e1e0b5ab9..f68457c377 100644 --- a/windows/security/threat-protection/auditing/event-4692.md +++ b/windows/security/threat-protection/auditing/event-4692.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4692(S, F): Backup of data protection master key was attempted. diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md index 1bf4eef838..21e769eae0 100644 --- a/windows/security/threat-protection/auditing/event-4693.md +++ b/windows/security/threat-protection/auditing/event-4693.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4693(S, F): Recovery of data protection master key was attempted. diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md index c6e3ca0a8c..1f64dc3491 100644 --- a/windows/security/threat-protection/auditing/event-4694.md +++ b/windows/security/threat-protection/auditing/event-4694.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4694(S, F): Protection of auditable protected data was attempted. diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md index 55d37910f6..f4c77584c7 100644 --- a/windows/security/threat-protection/auditing/event-4695.md +++ b/windows/security/threat-protection/auditing/event-4695.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4695(S, F): Unprotection of auditable protected data was attempted. diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md index c426f2bd9e..37ca02dd04 100644 --- a/windows/security/threat-protection/auditing/event-4696.md +++ b/windows/security/threat-protection/auditing/event-4696.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4696(S): A primary token was assigned to process. diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md index 4c6103a175..16ace0c0a6 100644 --- a/windows/security/threat-protection/auditing/event-4697.md +++ b/windows/security/threat-protection/auditing/event-4697.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4697(S): A service was installed in the system. diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md index e3f0385c69..fae37ea9f2 100644 --- a/windows/security/threat-protection/auditing/event-4698.md +++ b/windows/security/threat-protection/auditing/event-4698.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4698(S): A scheduled task was created. diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md index b48820c643..dcea15f17d 100644 --- a/windows/security/threat-protection/auditing/event-4699.md +++ b/windows/security/threat-protection/auditing/event-4699.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4699(S): A scheduled task was deleted. diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md index 6c44dbfa8d..2a46c16d19 100644 --- a/windows/security/threat-protection/auditing/event-4700.md +++ b/windows/security/threat-protection/auditing/event-4700.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4700(S): A scheduled task was enabled. diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md index 0fa78f8923..e7bc488cc8 100644 --- a/windows/security/threat-protection/auditing/event-4701.md +++ b/windows/security/threat-protection/auditing/event-4701.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4701(S): A scheduled task was disabled. diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md index 2ae3e2b5e3..78fee18be6 100644 --- a/windows/security/threat-protection/auditing/event-4702.md +++ b/windows/security/threat-protection/auditing/event-4702.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4702(S): A scheduled task was updated. diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md index a2d0ea1520..938491bf3a 100644 --- a/windows/security/threat-protection/auditing/event-4703.md +++ b/windows/security/threat-protection/auditing/event-4703.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4703(S): A user right was adjusted. diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index 04357bb664..b76c240efe 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4704(S): A user right was assigned. diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index 0da39782ac..b4ecb04b99 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4705(S): A user right was removed. diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md index 5bceee43f2..5d2f62ef77 100644 --- a/windows/security/threat-protection/auditing/event-4706.md +++ b/windows/security/threat-protection/auditing/event-4706.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4706(S): A new trust was created to a domain. diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md index 66c5a3a235..be0c79ea65 100644 --- a/windows/security/threat-protection/auditing/event-4707.md +++ b/windows/security/threat-protection/auditing/event-4707.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4707(S): A trust to a domain was removed. diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md index 1fc0eda8ae..d54358f133 100644 --- a/windows/security/threat-protection/auditing/event-4713.md +++ b/windows/security/threat-protection/auditing/event-4713.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4713(S): Kerberos policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md index c95647f342..6ff804511a 100644 --- a/windows/security/threat-protection/auditing/event-4714.md +++ b/windows/security/threat-protection/auditing/event-4714.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4714(S): Encrypted data recovery policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index 54836c643a..6b6faa90fa 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4715(S): The audit policy (SACL) on an object was changed. diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md index 3b035321b0..7f058962db 100644 --- a/windows/security/threat-protection/auditing/event-4716.md +++ b/windows/security/threat-protection/auditing/event-4716.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4716(S): Trusted domain information was modified. diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index 0d79674053..33d3817929 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4717(S): System security access was granted to an account. diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index 22f9f3a64a..a7e1307af2 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4718(S): System security access was removed from an account. diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md index dc67d391cf..1a2dabdc7e 100644 --- a/windows/security/threat-protection/auditing/event-4719.md +++ b/windows/security/threat-protection/auditing/event-4719.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4719(S): System audit policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md index 1500cd23c9..7e6fc9cb68 100644 --- a/windows/security/threat-protection/auditing/event-4720.md +++ b/windows/security/threat-protection/auditing/event-4720.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4720(S): A user account was created. diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md index 6b10efb7c8..c29e7669bc 100644 --- a/windows/security/threat-protection/auditing/event-4722.md +++ b/windows/security/threat-protection/auditing/event-4722.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4722(S): A user account was enabled. diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md index 2208f2ae0e..1246930e5a 100644 --- a/windows/security/threat-protection/auditing/event-4723.md +++ b/windows/security/threat-protection/auditing/event-4723.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4723(S, F): An attempt was made to change an account's password. diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md index 104704dc32..02d75f0b1d 100644 --- a/windows/security/threat-protection/auditing/event-4724.md +++ b/windows/security/threat-protection/auditing/event-4724.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4724(S, F): An attempt was made to reset an account's password. diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md index 0b6ed0593a..f5f7dac0af 100644 --- a/windows/security/threat-protection/auditing/event-4725.md +++ b/windows/security/threat-protection/auditing/event-4725.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4725(S): A user account was disabled. diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md index 03f7cab6c8..0b050a132b 100644 --- a/windows/security/threat-protection/auditing/event-4726.md +++ b/windows/security/threat-protection/auditing/event-4726.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4726(S): A user account was deleted. diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md index ecbe498b31..b4faf3a540 100644 --- a/windows/security/threat-protection/auditing/event-4731.md +++ b/windows/security/threat-protection/auditing/event-4731.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4731(S): A security-enabled local group was created. diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md index b837e2da3a..f81e218a6c 100644 --- a/windows/security/threat-protection/auditing/event-4732.md +++ b/windows/security/threat-protection/auditing/event-4732.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4732(S): A member was added to a security-enabled local group. diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md index 1ff01f46dd..a0d46b343b 100644 --- a/windows/security/threat-protection/auditing/event-4733.md +++ b/windows/security/threat-protection/auditing/event-4733.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4733(S): A member was removed from a security-enabled local group. diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md index 7fc762a800..1e677a0bdc 100644 --- a/windows/security/threat-protection/auditing/event-4734.md +++ b/windows/security/threat-protection/auditing/event-4734.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4734(S): A security-enabled local group was deleted. diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md index ebd05f8b62..a545b2f85b 100644 --- a/windows/security/threat-protection/auditing/event-4735.md +++ b/windows/security/threat-protection/auditing/event-4735.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4735(S): A security-enabled local group was changed. diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index 1beea8a564..d78373e561 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4738(S): A user account was changed. diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md index d8417cef87..23b0cf6823 100644 --- a/windows/security/threat-protection/auditing/event-4739.md +++ b/windows/security/threat-protection/auditing/event-4739.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4739(S): Domain Policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md index 095b90641e..834f4b9ed5 100644 --- a/windows/security/threat-protection/auditing/event-4740.md +++ b/windows/security/threat-protection/auditing/event-4740.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4740(S): A user account was locked out. diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md index c09ba86137..b35fb7facd 100644 --- a/windows/security/threat-protection/auditing/event-4741.md +++ b/windows/security/threat-protection/auditing/event-4741.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4741(S): A computer account was created. diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index b838e77a00..1f1d3bee7a 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4742(S): A computer account was changed. diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md index 064855d936..76be20055b 100644 --- a/windows/security/threat-protection/auditing/event-4743.md +++ b/windows/security/threat-protection/auditing/event-4743.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4743(S): A computer account was deleted. diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md index e1990c4f1e..71f28544ca 100644 --- a/windows/security/threat-protection/auditing/event-4749.md +++ b/windows/security/threat-protection/auditing/event-4749.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4749(S): A security-disabled global group was created. diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md index 9ebd361c00..28a17fc94c 100644 --- a/windows/security/threat-protection/auditing/event-4750.md +++ b/windows/security/threat-protection/auditing/event-4750.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4750(S): A security-disabled global group was changed. diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md index c187c0da6a..d698721321 100644 --- a/windows/security/threat-protection/auditing/event-4751.md +++ b/windows/security/threat-protection/auditing/event-4751.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4751(S): A member was added to a security-disabled global group. diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md index 642eb6b948..2aa9dcd01a 100644 --- a/windows/security/threat-protection/auditing/event-4752.md +++ b/windows/security/threat-protection/auditing/event-4752.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4752(S): A member was removed from a security-disabled global group. diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md index cf4ada677c..d8bb64a34a 100644 --- a/windows/security/threat-protection/auditing/event-4753.md +++ b/windows/security/threat-protection/auditing/event-4753.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4753(S): A security-disabled global group was deleted. diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md index 073049f2bf..2cd0957d10 100644 --- a/windows/security/threat-protection/auditing/event-4764.md +++ b/windows/security/threat-protection/auditing/event-4764.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4764(S): A group’s type was changed. diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md index 472f9a92d0..f171b29603 100644 --- a/windows/security/threat-protection/auditing/event-4765.md +++ b/windows/security/threat-protection/auditing/event-4765.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4765(S): SID History was added to an account. diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md index bf5820689e..9b0d0db5fe 100644 --- a/windows/security/threat-protection/auditing/event-4766.md +++ b/windows/security/threat-protection/auditing/event-4766.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4766(F): An attempt to add SID History to an account failed. diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md index 4b580f7dc0..a7b6929712 100644 --- a/windows/security/threat-protection/auditing/event-4767.md +++ b/windows/security/threat-protection/auditing/event-4767.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4767(S): A user account was unlocked. diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 9509c1486b..a85b739253 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4768(S, F): A Kerberos authentication ticket (TGT) was requested. diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md index 1790274e2c..c3ad787f9e 100644 --- a/windows/security/threat-protection/auditing/event-4769.md +++ b/windows/security/threat-protection/auditing/event-4769.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4769(S, F): A Kerberos service ticket was requested. diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md index 6a1627d7df..40f752135e 100644 --- a/windows/security/threat-protection/auditing/event-4770.md +++ b/windows/security/threat-protection/auditing/event-4770.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4770(S): A Kerberos service ticket was renewed. diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md index 9891a617a0..e2b66d8905 100644 --- a/windows/security/threat-protection/auditing/event-4771.md +++ b/windows/security/threat-protection/auditing/event-4771.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4771(F): Kerberos pre-authentication failed. diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md index c93994b2ed..384ea2a5e0 100644 --- a/windows/security/threat-protection/auditing/event-4772.md +++ b/windows/security/threat-protection/auditing/event-4772.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4772(F): A Kerberos authentication ticket request failed. diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md index 3d4e1fe09b..35ad7f2c6e 100644 --- a/windows/security/threat-protection/auditing/event-4773.md +++ b/windows/security/threat-protection/auditing/event-4773.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4773(F): A Kerberos service ticket request failed. diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md index 4c01962461..d7e73812a8 100644 --- a/windows/security/threat-protection/auditing/event-4774.md +++ b/windows/security/threat-protection/auditing/event-4774.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4774(S, F): An account was mapped for logon. diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md index c9e4a319e8..b635329953 100644 --- a/windows/security/threat-protection/auditing/event-4775.md +++ b/windows/security/threat-protection/auditing/event-4775.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4775(F): An account could not be mapped for logon. diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md index 4fde7cba9b..06430da291 100644 --- a/windows/security/threat-protection/auditing/event-4776.md +++ b/windows/security/threat-protection/auditing/event-4776.md @@ -11,7 +11,7 @@ ms.date: 09/13/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4776(S, F): The computer attempted to validate the credentials for an account. diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md index f5b01ce6aa..74b68ee4d4 100644 --- a/windows/security/threat-protection/auditing/event-4777.md +++ b/windows/security/threat-protection/auditing/event-4777.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4777(F): The domain controller failed to validate the credentials for an account. diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md index f7278c0017..085731bdc1 100644 --- a/windows/security/threat-protection/auditing/event-4778.md +++ b/windows/security/threat-protection/auditing/event-4778.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4778(S): A session was reconnected to a Window Station. diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md index 3f34f106e4..ab9e18736c 100644 --- a/windows/security/threat-protection/auditing/event-4779.md +++ b/windows/security/threat-protection/auditing/event-4779.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4779(S): A session was disconnected from a Window Station. diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md index 94b8733eab..eb96a39284 100644 --- a/windows/security/threat-protection/auditing/event-4780.md +++ b/windows/security/threat-protection/auditing/event-4780.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4780(S): The ACL was set on accounts which are members of administrators groups. diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md index 0e7051d0c0..9cea675049 100644 --- a/windows/security/threat-protection/auditing/event-4781.md +++ b/windows/security/threat-protection/auditing/event-4781.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4781(S): The name of an account was changed. diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md index 0d7d285e29..1079ddc301 100644 --- a/windows/security/threat-protection/auditing/event-4782.md +++ b/windows/security/threat-protection/auditing/event-4782.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4782(S): The password hash of an account was accessed. diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md index d471201647..13abde059c 100644 --- a/windows/security/threat-protection/auditing/event-4793.md +++ b/windows/security/threat-protection/auditing/event-4793.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4793(S): The Password Policy Checking API was called. diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md index 6901d09cbe..a96c2d8aa5 100644 --- a/windows/security/threat-protection/auditing/event-4794.md +++ b/windows/security/threat-protection/auditing/event-4794.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password. diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md index 15a1328384..d3885f4283 100644 --- a/windows/security/threat-protection/auditing/event-4798.md +++ b/windows/security/threat-protection/auditing/event-4798.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4798(S): A user's local group membership was enumerated. diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md index 92441ae64b..1bdc01b928 100644 --- a/windows/security/threat-protection/auditing/event-4799.md +++ b/windows/security/threat-protection/auditing/event-4799.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4799(S): A security-enabled local group membership was enumerated. diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md index 2e468c9d92..205a90c987 100644 --- a/windows/security/threat-protection/auditing/event-4800.md +++ b/windows/security/threat-protection/auditing/event-4800.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4800(S): The workstation was locked. diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md index 7da15cbbe7..0bfcfb1278 100644 --- a/windows/security/threat-protection/auditing/event-4801.md +++ b/windows/security/threat-protection/auditing/event-4801.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4801(S): The workstation was unlocked. diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md index 7ea6add001..78cf0e5d14 100644 --- a/windows/security/threat-protection/auditing/event-4802.md +++ b/windows/security/threat-protection/auditing/event-4802.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4802(S): The screen saver was invoked. diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md index 4971789fd3..94aed424ab 100644 --- a/windows/security/threat-protection/auditing/event-4803.md +++ b/windows/security/threat-protection/auditing/event-4803.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4803(S): The screen saver was dismissed. diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md index a2c127435d..93576951c1 100644 --- a/windows/security/threat-protection/auditing/event-4816.md +++ b/windows/security/threat-protection/auditing/event-4816.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4816(S): RPC detected an integrity violation while decrypting an incoming message. diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md index 3744b68704..dc9c07fb24 100644 --- a/windows/security/threat-protection/auditing/event-4817.md +++ b/windows/security/threat-protection/auditing/event-4817.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4817(S): Auditing settings on object were changed. diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md index c71a145e05..5ced098023 100644 --- a/windows/security/threat-protection/auditing/event-4818.md +++ b/windows/security/threat-protection/auditing/event-4818.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy. diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md index f3acc685b2..882622efa4 100644 --- a/windows/security/threat-protection/auditing/event-4819.md +++ b/windows/security/threat-protection/auditing/event-4819.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4819(S): Central Access Policies on the machine have been changed. diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md index 27f8cbeb41..136684f355 100644 --- a/windows/security/threat-protection/auditing/event-4826.md +++ b/windows/security/threat-protection/auditing/event-4826.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4826(S): Boot Configuration Data loaded. diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md index aec977eddd..ea84a736a0 100644 --- a/windows/security/threat-protection/auditing/event-4864.md +++ b/windows/security/threat-protection/auditing/event-4864.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4864(S): A namespace collision was detected. diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md index 994d2407a3..a7e2a7189e 100644 --- a/windows/security/threat-protection/auditing/event-4865.md +++ b/windows/security/threat-protection/auditing/event-4865.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4865(S): A trusted forest information entry was added. diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md index ad75bb1d68..bd5bfba999 100644 --- a/windows/security/threat-protection/auditing/event-4866.md +++ b/windows/security/threat-protection/auditing/event-4866.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4866(S): A trusted forest information entry was removed. diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md index e82918ba71..170868681f 100644 --- a/windows/security/threat-protection/auditing/event-4867.md +++ b/windows/security/threat-protection/auditing/event-4867.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4867(S): A trusted forest information entry was modified. diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md index 67d2817434..89eeb36eb6 100644 --- a/windows/security/threat-protection/auditing/event-4902.md +++ b/windows/security/threat-protection/auditing/event-4902.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4902(S): The Per-user audit policy table was created. diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md index 0a72ca6e45..02109612fd 100644 --- a/windows/security/threat-protection/auditing/event-4904.md +++ b/windows/security/threat-protection/auditing/event-4904.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4904(S): An attempt was made to register a security event source. diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md index 2bc2194af3..ead69b632a 100644 --- a/windows/security/threat-protection/auditing/event-4905.md +++ b/windows/security/threat-protection/auditing/event-4905.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4905(S): An attempt was made to unregister a security event source. diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md index 5f8556c594..676c32fbcc 100644 --- a/windows/security/threat-protection/auditing/event-4906.md +++ b/windows/security/threat-protection/auditing/event-4906.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4906(S): The CrashOnAuditFail value has changed. diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md index 54960760dd..3ae2c8793f 100644 --- a/windows/security/threat-protection/auditing/event-4907.md +++ b/windows/security/threat-protection/auditing/event-4907.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4907(S): Auditing settings on object were changed. diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index 4b00b7dc48..e59ae0559b 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4908(S): Special Groups Logon table modified. diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md index 77f5ddd123..f85c02b5ec 100644 --- a/windows/security/threat-protection/auditing/event-4909.md +++ b/windows/security/threat-protection/auditing/event-4909.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4909(-): The local policy settings for the TBS were changed. diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md index 0c3e27cbcd..0cdca35e3e 100644 --- a/windows/security/threat-protection/auditing/event-4910.md +++ b/windows/security/threat-protection/auditing/event-4910.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4910(-): The group policy settings for the TBS were changed. diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md index 34506e27c7..aeeaa0fdc0 100644 --- a/windows/security/threat-protection/auditing/event-4911.md +++ b/windows/security/threat-protection/auditing/event-4911.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4911(S): Resource attributes of the object were changed. diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md index cd13c3c6ed..614b73a93f 100644 --- a/windows/security/threat-protection/auditing/event-4912.md +++ b/windows/security/threat-protection/auditing/event-4912.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4912(S): Per User Audit Policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md index 88f5b9912c..bcc4c7eeee 100644 --- a/windows/security/threat-protection/auditing/event-4913.md +++ b/windows/security/threat-protection/auditing/event-4913.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4913(S): Central Access Policy on the object was changed. diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md index c771de77c7..2899b77a51 100644 --- a/windows/security/threat-protection/auditing/event-4928.md +++ b/windows/security/threat-protection/auditing/event-4928.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4928(S, F): An Active Directory replica source naming context was established. diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md index 8befaf8042..8d4802ca42 100644 --- a/windows/security/threat-protection/auditing/event-4929.md +++ b/windows/security/threat-protection/auditing/event-4929.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4929(S, F): An Active Directory replica source naming context was removed. diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md index 9b7133cbec..ad5d6086a1 100644 --- a/windows/security/threat-protection/auditing/event-4930.md +++ b/windows/security/threat-protection/auditing/event-4930.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4930(S, F): An Active Directory replica source naming context was modified. diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md index 9be2c0b308..39a7be5a64 100644 --- a/windows/security/threat-protection/auditing/event-4931.md +++ b/windows/security/threat-protection/auditing/event-4931.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4931(S, F): An Active Directory replica destination naming context was modified. diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md index 2fe1488145..b686a7b13c 100644 --- a/windows/security/threat-protection/auditing/event-4932.md +++ b/windows/security/threat-protection/auditing/event-4932.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4932(S): Synchronization of a replica of an Active Directory naming context has begun. diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md index 763c17876e..7fb4991241 100644 --- a/windows/security/threat-protection/auditing/event-4933.md +++ b/windows/security/threat-protection/auditing/event-4933.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4933(S, F): Synchronization of a replica of an Active Directory naming context has ended. diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md index edfe9bb645..65521bb868 100644 --- a/windows/security/threat-protection/auditing/event-4934.md +++ b/windows/security/threat-protection/auditing/event-4934.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4934(S): Attributes of an Active Directory object were replicated. diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md index 6473cffbe6..c939bc09ed 100644 --- a/windows/security/threat-protection/auditing/event-4935.md +++ b/windows/security/threat-protection/auditing/event-4935.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4935(F): Replication failure begins. diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md index e87cf4d53e..37b1c8ca83 100644 --- a/windows/security/threat-protection/auditing/event-4936.md +++ b/windows/security/threat-protection/auditing/event-4936.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4936(S): Replication failure ends. diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md index 6c1f85f0a7..f80f44586e 100644 --- a/windows/security/threat-protection/auditing/event-4937.md +++ b/windows/security/threat-protection/auditing/event-4937.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4937(S): A lingering object was removed from a replica. diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md index 046a35e163..34ca3f9e47 100644 --- a/windows/security/threat-protection/auditing/event-4944.md +++ b/windows/security/threat-protection/auditing/event-4944.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4944(S): The following policy was active when the Windows Firewall started. diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md index c76d313b14..f5581407ab 100644 --- a/windows/security/threat-protection/auditing/event-4945.md +++ b/windows/security/threat-protection/auditing/event-4945.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4945(S): A rule was listed when the Windows Firewall started. diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md index 4279a425ff..505cec18fb 100644 --- a/windows/security/threat-protection/auditing/event-4946.md +++ b/windows/security/threat-protection/auditing/event-4946.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4946(S): A change has been made to Windows Firewall exception list. A rule was added. diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md index 48613fd427..7d09cf4d23 100644 --- a/windows/security/threat-protection/auditing/event-4947.md +++ b/windows/security/threat-protection/auditing/event-4947.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4947(S): A change has been made to Windows Firewall exception list. A rule was modified. diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md index 6d0290f772..65c71e3cd4 100644 --- a/windows/security/threat-protection/auditing/event-4948.md +++ b/windows/security/threat-protection/auditing/event-4948.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4948(S): A change has been made to Windows Firewall exception list. A rule was deleted. diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md index 50b400ce2d..617b780983 100644 --- a/windows/security/threat-protection/auditing/event-4949.md +++ b/windows/security/threat-protection/auditing/event-4949.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4949(S): Windows Firewall settings were restored to the default values. diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md index 90fdd4b72d..69db4a04e2 100644 --- a/windows/security/threat-protection/auditing/event-4950.md +++ b/windows/security/threat-protection/auditing/event-4950.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4950(S): A Windows Firewall setting has changed. diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md index 65357fc8cf..060b9c4b83 100644 --- a/windows/security/threat-protection/auditing/event-4951.md +++ b/windows/security/threat-protection/auditing/event-4951.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4951(F): A rule has been ignored because its major version number was not recognized by Windows Firewall. diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md index abd1012a90..3c9322ae26 100644 --- a/windows/security/threat-protection/auditing/event-4952.md +++ b/windows/security/threat-protection/auditing/event-4952.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4952(F): Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md index d35205d2e8..2d31faae0c 100644 --- a/windows/security/threat-protection/auditing/event-4953.md +++ b/windows/security/threat-protection/auditing/event-4953.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4953(F): Windows Firewall ignored a rule because it could not be parsed. diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md index f671cef1ef..67a7f024aa 100644 --- a/windows/security/threat-protection/auditing/event-4954.md +++ b/windows/security/threat-protection/auditing/event-4954.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4954(S): Windows Firewall Group Policy settings have changed. The new settings have been applied. diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md index c56a466f9f..bc90d17945 100644 --- a/windows/security/threat-protection/auditing/event-4956.md +++ b/windows/security/threat-protection/auditing/event-4956.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4956(S): Windows Firewall has changed the active profile. diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md index a34de9e92f..b83701e32b 100644 --- a/windows/security/threat-protection/auditing/event-4957.md +++ b/windows/security/threat-protection/auditing/event-4957.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4957(F): Windows Firewall did not apply the following rule. diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md index 7bb37f579a..3fc2c85a83 100644 --- a/windows/security/threat-protection/auditing/event-4958.md +++ b/windows/security/threat-protection/auditing/event-4958.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4958(F): Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer. diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md index b83f63788a..969c9e219b 100644 --- a/windows/security/threat-protection/auditing/event-4964.md +++ b/windows/security/threat-protection/auditing/event-4964.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4964(S): Special groups have been assigned to a new logon. diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md index ee97d237fc..6af088c0bd 100644 --- a/windows/security/threat-protection/auditing/event-4985.md +++ b/windows/security/threat-protection/auditing/event-4985.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4985(S): The state of a transaction has changed. diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md index 6f42905b26..46c44da725 100644 --- a/windows/security/threat-protection/auditing/event-5024.md +++ b/windows/security/threat-protection/auditing/event-5024.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5024(S): The Windows Firewall Service has started successfully. diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md index 51c4600f15..fbc702ac8e 100644 --- a/windows/security/threat-protection/auditing/event-5025.md +++ b/windows/security/threat-protection/auditing/event-5025.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5025(S): The Windows Firewall Service has been stopped. diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md index 85afaa1f92..47a348cf77 100644 --- a/windows/security/threat-protection/auditing/event-5027.md +++ b/windows/security/threat-protection/auditing/event-5027.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5027(F): The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md index 8835c0a855..65d5204a98 100644 --- a/windows/security/threat-protection/auditing/event-5028.md +++ b/windows/security/threat-protection/auditing/event-5028.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5028(F): The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy. diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md index 6e8bfab573..89b6ca69bb 100644 --- a/windows/security/threat-protection/auditing/event-5029.md +++ b/windows/security/threat-protection/auditing/event-5029.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5029(F): The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md index 175e125235..9216275f2d 100644 --- a/windows/security/threat-protection/auditing/event-5030.md +++ b/windows/security/threat-protection/auditing/event-5030.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5030(F): The Windows Firewall Service failed to start. diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md index 8a10a69008..b54933cde7 100644 --- a/windows/security/threat-protection/auditing/event-5031.md +++ b/windows/security/threat-protection/auditing/event-5031.md @@ -11,7 +11,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # 5031(F): The Windows Firewall Service blocked an application from accepting incoming connections on the network. diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md index 235d9fd8d3..c8b0bff151 100644 --- a/windows/security/threat-protection/auditing/event-5032.md +++ b/windows/security/threat-protection/auditing/event-5032.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5032(F): Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md index e664ac846b..dfbbcae025 100644 --- a/windows/security/threat-protection/auditing/event-5033.md +++ b/windows/security/threat-protection/auditing/event-5033.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5033(S): The Windows Firewall Driver has started successfully. diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md index e447aeb0e7..e0815c5bd1 100644 --- a/windows/security/threat-protection/auditing/event-5034.md +++ b/windows/security/threat-protection/auditing/event-5034.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5034(S): The Windows Firewall Driver was stopped. diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md index 0bc400131b..c6a382c517 100644 --- a/windows/security/threat-protection/auditing/event-5035.md +++ b/windows/security/threat-protection/auditing/event-5035.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5035(F): The Windows Firewall Driver failed to start. diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md index c36c375902..d3542cd1d7 100644 --- a/windows/security/threat-protection/auditing/event-5037.md +++ b/windows/security/threat-protection/auditing/event-5037.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5037(F): The Windows Firewall Driver detected critical runtime error. Terminating. diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md index 996a74d7b5..dbb32f1459 100644 --- a/windows/security/threat-protection/auditing/event-5038.md +++ b/windows/security/threat-protection/auditing/event-5038.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md index 09baf51880..7194197d62 100644 --- a/windows/security/threat-protection/auditing/event-5039.md +++ b/windows/security/threat-protection/auditing/event-5039.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5039(-): A registry key was virtualized. diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md index e9e1bea6c6..67f25e7071 100644 --- a/windows/security/threat-protection/auditing/event-5051.md +++ b/windows/security/threat-protection/auditing/event-5051.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5051(-): A file was virtualized. diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md index 96af867108..59e64af10b 100644 --- a/windows/security/threat-protection/auditing/event-5056.md +++ b/windows/security/threat-protection/auditing/event-5056.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5056(S): A cryptographic self-test was performed. diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md index 5d686b4510..625c998826 100644 --- a/windows/security/threat-protection/auditing/event-5057.md +++ b/windows/security/threat-protection/auditing/event-5057.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5057(F): A cryptographic primitive operation failed. diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md index 319ffe99f0..7d3c14f3cc 100644 --- a/windows/security/threat-protection/auditing/event-5058.md +++ b/windows/security/threat-protection/auditing/event-5058.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5058(S, F): Key file operation. diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md index ff33eba467..3c79abb5d0 100644 --- a/windows/security/threat-protection/auditing/event-5059.md +++ b/windows/security/threat-protection/auditing/event-5059.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5059(S, F): Key migration operation. diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md index 23fa5c78d9..9497f26ebf 100644 --- a/windows/security/threat-protection/auditing/event-5060.md +++ b/windows/security/threat-protection/auditing/event-5060.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5060(F): Verification operation failed. diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md index 919d66a79c..f90e6fd02e 100644 --- a/windows/security/threat-protection/auditing/event-5061.md +++ b/windows/security/threat-protection/auditing/event-5061.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5061(S, F): Cryptographic operation. diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md index 242721afc4..3ac8412240 100644 --- a/windows/security/threat-protection/auditing/event-5062.md +++ b/windows/security/threat-protection/auditing/event-5062.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5062(S): A kernel-mode cryptographic self-test was performed. diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md index 020b7ebc4c..7fc9f07b38 100644 --- a/windows/security/threat-protection/auditing/event-5063.md +++ b/windows/security/threat-protection/auditing/event-5063.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5063(S, F): A cryptographic provider operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md index 2532a3b70b..0640bde11a 100644 --- a/windows/security/threat-protection/auditing/event-5064.md +++ b/windows/security/threat-protection/auditing/event-5064.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5064(S, F): A cryptographic context operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md index 0bbc9ae5c7..99731361a2 100644 --- a/windows/security/threat-protection/auditing/event-5065.md +++ b/windows/security/threat-protection/auditing/event-5065.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5065(S, F): A cryptographic context modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md index eebc61873d..a0faa27390 100644 --- a/windows/security/threat-protection/auditing/event-5066.md +++ b/windows/security/threat-protection/auditing/event-5066.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5066(S, F): A cryptographic function operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md index a3ca03be65..82bd2b643c 100644 --- a/windows/security/threat-protection/auditing/event-5067.md +++ b/windows/security/threat-protection/auditing/event-5067.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5067(S, F): A cryptographic function modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md index 645868eeca..54cfae4b8f 100644 --- a/windows/security/threat-protection/auditing/event-5068.md +++ b/windows/security/threat-protection/auditing/event-5068.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5068(S, F): A cryptographic function provider operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md index 50d95a9aff..6a762e71a3 100644 --- a/windows/security/threat-protection/auditing/event-5069.md +++ b/windows/security/threat-protection/auditing/event-5069.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5069(S, F): A cryptographic function property operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md index e279ab685d..2a77163002 100644 --- a/windows/security/threat-protection/auditing/event-5070.md +++ b/windows/security/threat-protection/auditing/event-5070.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5070(S, F): A cryptographic function property modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md index d83424aac5..5e7db9c0ed 100644 --- a/windows/security/threat-protection/auditing/event-5136.md +++ b/windows/security/threat-protection/auditing/event-5136.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5136(S): A directory service object was modified. diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md index 65f8370ad0..eea8bf1a17 100644 --- a/windows/security/threat-protection/auditing/event-5137.md +++ b/windows/security/threat-protection/auditing/event-5137.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5137(S): A directory service object was created. diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md index 4fa35c7f07..d9f97a7475 100644 --- a/windows/security/threat-protection/auditing/event-5138.md +++ b/windows/security/threat-protection/auditing/event-5138.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5138(S): A directory service object was undeleted. diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md index 43eacd93d9..3333139144 100644 --- a/windows/security/threat-protection/auditing/event-5139.md +++ b/windows/security/threat-protection/auditing/event-5139.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5139(S): A directory service object was moved. diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md index eb389fe767..29641fcca5 100644 --- a/windows/security/threat-protection/auditing/event-5140.md +++ b/windows/security/threat-protection/auditing/event-5140.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5140(S, F): A network share object was accessed. diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md index 8da8b7d590..11cada8ab0 100644 --- a/windows/security/threat-protection/auditing/event-5141.md +++ b/windows/security/threat-protection/auditing/event-5141.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5141(S): A directory service object was deleted. diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md index b72ef6d776..c5503ee4fa 100644 --- a/windows/security/threat-protection/auditing/event-5142.md +++ b/windows/security/threat-protection/auditing/event-5142.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5142(S): A network share object was added. diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index d173059b23..bf370fffc3 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5143(S): A network share object was modified. diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md index 937bc39ce4..6d117910a1 100644 --- a/windows/security/threat-protection/auditing/event-5144.md +++ b/windows/security/threat-protection/auditing/event-5144.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5144(S): A network share object was deleted. diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 1bf796cf9f..8584f3f782 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5145(S, F): A network share object was checked to see whether client can be granted desired access. diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md index 1946129b9b..094f91e5f3 100644 --- a/windows/security/threat-protection/auditing/event-5148.md +++ b/windows/security/threat-protection/auditing/event-5148.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md index 467c7145cc..3be32e2a0c 100644 --- a/windows/security/threat-protection/auditing/event-5149.md +++ b/windows/security/threat-protection/auditing/event-5149.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5149(F): The DoS attack has subsided and normal processing is being resumed. diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md index 9d9c830f21..fd48f85788 100644 --- a/windows/security/threat-protection/auditing/event-5150.md +++ b/windows/security/threat-protection/auditing/event-5150.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5150(-): The Windows Filtering Platform blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md index 6601b86883..ea0b6f1ba5 100644 --- a/windows/security/threat-protection/auditing/event-5151.md +++ b/windows/security/threat-protection/auditing/event-5151.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md index d4bcbf8042..1e2cec8711 100644 --- a/windows/security/threat-protection/auditing/event-5152.md +++ b/windows/security/threat-protection/auditing/event-5152.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5152(F): The Windows Filtering Platform blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md index eee4621b4d..f9e60da5a0 100644 --- a/windows/security/threat-protection/auditing/event-5153.md +++ b/windows/security/threat-protection/auditing/event-5153.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md index 6d0b939b64..4cd691deaf 100644 --- a/windows/security/threat-protection/auditing/event-5154.md +++ b/windows/security/threat-protection/auditing/event-5154.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md index 166520ef13..b4626b59c1 100644 --- a/windows/security/threat-protection/auditing/event-5155.md +++ b/windows/security/threat-protection/auditing/event-5155.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md index d0af703c34..f19c968a01 100644 --- a/windows/security/threat-protection/auditing/event-5156.md +++ b/windows/security/threat-protection/auditing/event-5156.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5156(S): The Windows Filtering Platform has permitted a connection. diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md index c20c64f670..e860f2729c 100644 --- a/windows/security/threat-protection/auditing/event-5157.md +++ b/windows/security/threat-protection/auditing/event-5157.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5157(F): The Windows Filtering Platform has blocked a connection. diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md index f35938a490..f2a088807e 100644 --- a/windows/security/threat-protection/auditing/event-5158.md +++ b/windows/security/threat-protection/auditing/event-5158.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5158(S): The Windows Filtering Platform has permitted a bind to a local port. diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md index 95ac21b41a..c66d53025f 100644 --- a/windows/security/threat-protection/auditing/event-5159.md +++ b/windows/security/threat-protection/auditing/event-5159.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5159(F): The Windows Filtering Platform has blocked a bind to a local port. diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md index 5d1e8bf0d8..2fcad0a7f5 100644 --- a/windows/security/threat-protection/auditing/event-5168.md +++ b/windows/security/threat-protection/auditing/event-5168.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5168(F): SPN check for SMB/SMB2 failed. diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md index 1b77d59d7e..bc903c2a89 100644 --- a/windows/security/threat-protection/auditing/event-5376.md +++ b/windows/security/threat-protection/auditing/event-5376.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5376(S): Credential Manager credentials were backed up. diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md index 82af29b1d7..0041df606e 100644 --- a/windows/security/threat-protection/auditing/event-5377.md +++ b/windows/security/threat-protection/auditing/event-5377.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5377(S): Credential Manager credentials were restored from a backup. diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md index 7880067fb3..10f783e194 100644 --- a/windows/security/threat-protection/auditing/event-5378.md +++ b/windows/security/threat-protection/auditing/event-5378.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5378(F): The requested credentials delegation was disallowed by policy. diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md index c7e89a3513..e20265f6c6 100644 --- a/windows/security/threat-protection/auditing/event-5447.md +++ b/windows/security/threat-protection/auditing/event-5447.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5447(S): A Windows Filtering Platform filter has been changed. diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md index fd3345a565..565ff56e44 100644 --- a/windows/security/threat-protection/auditing/event-5632.md +++ b/windows/security/threat-protection/auditing/event-5632.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5632(S, F): A request was made to authenticate to a wireless network. diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md index d72afb75da..8c8496f31b 100644 --- a/windows/security/threat-protection/auditing/event-5633.md +++ b/windows/security/threat-protection/auditing/event-5633.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5633(S, F): A request was made to authenticate to a wired network. diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md index 48363c3beb..f3b0737f54 100644 --- a/windows/security/threat-protection/auditing/event-5712.md +++ b/windows/security/threat-protection/auditing/event-5712.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5712(S): A Remote Procedure Call (RPC) was attempted. diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md index 4a22ab0013..13679d5290 100644 --- a/windows/security/threat-protection/auditing/event-5888.md +++ b/windows/security/threat-protection/auditing/event-5888.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5888(S): An object in the COM+ Catalog was modified. diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md index d0d9842512..afcf23ffbe 100644 --- a/windows/security/threat-protection/auditing/event-5889.md +++ b/windows/security/threat-protection/auditing/event-5889.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5889(S): An object was deleted from the COM+ Catalog. diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md index f7bf90b524..8bf8b1a673 100644 --- a/windows/security/threat-protection/auditing/event-5890.md +++ b/windows/security/threat-protection/auditing/event-5890.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5890(S): An object was added to the COM+ Catalog. diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md index 0ed126dc60..045943bcdf 100644 --- a/windows/security/threat-protection/auditing/event-6144.md +++ b/windows/security/threat-protection/auditing/event-6144.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6144(S): Security policy in the group policy objects has been applied successfully. diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md index ff67ad627d..17484bcaf1 100644 --- a/windows/security/threat-protection/auditing/event-6145.md +++ b/windows/security/threat-protection/auditing/event-6145.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6145(F): One or more errors occurred while processing security policy in the group policy objects. diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md index 28b9c2e509..a4404d8d5d 100644 --- a/windows/security/threat-protection/auditing/event-6281.md +++ b/windows/security/threat-protection/auditing/event-6281.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6281(F): Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md index 214d0c5b93..4579bf3a3f 100644 --- a/windows/security/threat-protection/auditing/event-6400.md +++ b/windows/security/threat-protection/auditing/event-6400.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content. diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md index 7ae7c5a3ab..b7e9be68fc 100644 --- a/windows/security/threat-protection/auditing/event-6401.md +++ b/windows/security/threat-protection/auditing/event-6401.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6401(-): BranchCache: Received invalid data from a peer. Data discarded. diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md index ca0ea21dbe..43c3c34353 100644 --- a/windows/security/threat-protection/auditing/event-6402.md +++ b/windows/security/threat-protection/auditing/event-6402.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted. diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md index dfa11c62ac..d2fdd63838 100644 --- a/windows/security/threat-protection/auditing/event-6403.md +++ b/windows/security/threat-protection/auditing/event-6403.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client. diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md index fb4bccd26f..8398476eb6 100644 --- a/windows/security/threat-protection/auditing/event-6404.md +++ b/windows/security/threat-protection/auditing/event-6404.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md index 557c8ebabe..e8efbf0ec1 100644 --- a/windows/security/threat-protection/auditing/event-6405.md +++ b/windows/security/threat-protection/auditing/event-6405.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6405(-): BranchCache: %2 instance(s) of event id %1 occurred. diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md index dbaeb0e873..5f556714d7 100644 --- a/windows/security/threat-protection/auditing/event-6406.md +++ b/windows/security/threat-protection/auditing/event-6406.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2. diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md index 28612dacba..a5d377eb0e 100644 --- a/windows/security/threat-protection/auditing/event-6407.md +++ b/windows/security/threat-protection/auditing/event-6407.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6407(-): 1%. diff --git a/windows/security/threat-protection/auditing/event-6408.md b/windows/security/threat-protection/auditing/event-6408.md index c36f520a60..24596eef2a 100644 --- a/windows/security/threat-protection/auditing/event-6408.md +++ b/windows/security/threat-protection/auditing/event-6408.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6408(-): Registered product %1 failed and Windows Firewall is now controlling the filtering for %2. diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md index 1ac08c75f1..776b12553b 100644 --- a/windows/security/threat-protection/auditing/event-6409.md +++ b/windows/security/threat-protection/auditing/event-6409.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6409(-): BranchCache: A service connection point object could not be parsed. diff --git a/windows/security/threat-protection/auditing/event-6410.md b/windows/security/threat-protection/auditing/event-6410.md index a9f5e5111f..bc2da0e57f 100644 --- a/windows/security/threat-protection/auditing/event-6410.md +++ b/windows/security/threat-protection/auditing/event-6410.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6410(F): Code integrity determined that a file does not meet the security requirements to load into a process. diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md index 337a5395be..add5982ef7 100644 --- a/windows/security/threat-protection/auditing/event-6416.md +++ b/windows/security/threat-protection/auditing/event-6416.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6416(S): A new external device was recognized by the System. diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md index 69a6f30def..0e7f44d997 100644 --- a/windows/security/threat-protection/auditing/event-6419.md +++ b/windows/security/threat-protection/auditing/event-6419.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6419(S): A request was made to disable a device. diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md index 3a2dc5c9d9..f8cccf22a7 100644 --- a/windows/security/threat-protection/auditing/event-6420.md +++ b/windows/security/threat-protection/auditing/event-6420.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6420(S): A device was disabled. diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md index 8ac5372312..5b0e22342b 100644 --- a/windows/security/threat-protection/auditing/event-6421.md +++ b/windows/security/threat-protection/auditing/event-6421.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6421(S): A request was made to enable a device. diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md index 7e577f25c3..70ba147ede 100644 --- a/windows/security/threat-protection/auditing/event-6422.md +++ b/windows/security/threat-protection/auditing/event-6422.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6422(S): A device was enabled. diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md index 5f8278b20e..10cf86de89 100644 --- a/windows/security/threat-protection/auditing/event-6423.md +++ b/windows/security/threat-protection/auditing/event-6423.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6423(S): The installation of this device is forbidden by system policy. diff --git a/windows/security/threat-protection/auditing/event-6424.md b/windows/security/threat-protection/auditing/event-6424.md index ba3fcbffe7..13af19c639 100644 --- a/windows/security/threat-protection/auditing/event-6424.md +++ b/windows/security/threat-protection/auditing/event-6424.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6424(S): The installation of this device was allowed, after having previously been forbidden by policy. diff --git a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md index 9c7941df2b..a5df9bf707 100644 --- a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # File System (Global Object Access Auditing) diff --git a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md index cc3bf79488..b8cc2220c9 100644 --- a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md +++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # How to get a list of XML data name elements in EventData diff --git a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md index c446bdec67..3dc75d64ed 100644 --- a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md +++ b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor central access policy and rule definitions diff --git a/windows/security/threat-protection/auditing/monitor-claim-types.md b/windows/security/threat-protection/auditing/monitor-claim-types.md index b9e1ea714f..643795c7e2 100644 --- a/windows/security/threat-protection/auditing/monitor-claim-types.md +++ b/windows/security/threat-protection/auditing/monitor-claim-types.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor claim types diff --git a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md index 791549bb4f..1be153db59 100644 --- a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md +++ b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor resource attribute definitions diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md index ece759aeb6..83ab6f2561 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor the central access policies associated with files and folders diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md index 2d50a5c7db..a1780808e5 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor the central access policies that apply on a file server diff --git a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md index f223b3433d..20be28d785 100644 --- a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor the resource attributes on files and folders diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index af897bbd62..ac76e18a1a 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor the use of removable storage devices diff --git a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md index 7f950dd7b1..865b1b5aaf 100644 --- a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md +++ b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor user and device claims during sign-in diff --git a/windows/security/threat-protection/auditing/other-events.md b/windows/security/threat-protection/auditing/other-events.md index a54f6a6f1c..12044634fd 100644 --- a/windows/security/threat-protection/auditing/other-events.md +++ b/windows/security/threat-protection/auditing/other-events.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Other Events diff --git a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md index d47efbedbf..4f9f9b93e8 100644 --- a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Plan and deploy advanced security audit policies diff --git a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md index a01a3a3514..cd2acc181e 100644 --- a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Registry (Global Object Access Auditing) diff --git a/windows/security/threat-protection/auditing/security-auditing-overview.md b/windows/security/threat-protection/auditing/security-auditing-overview.md index fb1184eed7..1c305a4439 100644 --- a/windows/security/threat-protection/auditing/security-auditing-overview.md +++ b/windows/security/threat-protection/auditing/security-auditing-overview.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Security auditing diff --git a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md index dd8bb6516d..fe06c5d1a4 100644 --- a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md +++ b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Using advanced security auditing options to monitor dynamic access control objects diff --git a/windows/security/threat-protection/auditing/view-the-security-event-log.md b/windows/security/threat-protection/auditing/view-the-security-event-log.md index 5b89a3802e..e934463906 100644 --- a/windows/security/threat-protection/auditing/view-the-security-event-log.md +++ b/windows/security/threat-protection/auditing/view-the-security-event-log.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # View the security event log diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md index 8e1db3e1b0..7917a249c2 100644 --- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md +++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Which editions of Windows support advanced audit policy configuration diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index a7cdb8f8e9..ea7806d09a 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -12,7 +12,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 07/30/2021 ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Enable virtualization-based protection of code integrity diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md index 0ecb7c4e45..21f2516780 100644 --- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md @@ -10,7 +10,7 @@ ms.author: deniseb ms.reviewer: manager: dansimp ms.custom: asr -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Application Control and virtualization-based protection of code integrity diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md index 3112632b29..bec34fe509 100644 --- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md @@ -13,7 +13,7 @@ ms.topic: conceptual ms.date: 10/20/2017 ms.reviewer: ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Baseline protections and additional qualifications for virtualization-based protection of code integrity diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md index 6b37a5a6a1..56c3058279 100644 --- a/windows/security/threat-protection/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/get-support-for-security-baselines.md @@ -13,7 +13,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/25/2018 ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Get Support diff --git a/windows/security/threat-protection/intelligence/coinminer-malware.md b/windows/security/threat-protection/intelligence/coinminer-malware.md index 2f9e582a64..5e3a895186 100644 --- a/windows/security/threat-protection/intelligence/coinminer-malware.md +++ b/windows/security/threat-protection/intelligence/coinminer-malware.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Coin miners diff --git a/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md index def1ec0b93..d765694f94 100644 --- a/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md +++ b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.technology: mde +ms.technology: windows-sec --- # Coordinated Malware Eradication diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 17980ae531..1f07f8975c 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -15,7 +15,7 @@ ms.collection: M365-security-compliance ms.topic: article ms.date: 10/04/2021 search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # How Microsoft identifies malware and potentially unwanted applications diff --git a/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md index 6df748d442..9ad598b76d 100644 --- a/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md +++ b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.technology: mde +ms.technology: windows-sec --- # Industry collaboration programs diff --git a/windows/security/threat-protection/intelligence/developer-faq.yml b/windows/security/threat-protection/intelligence/developer-faq.yml index 04300736d9..3a515be9fb 100644 --- a/windows/security/threat-protection/intelligence/developer-faq.yml +++ b/windows/security/threat-protection/intelligence/developer-faq.yml @@ -16,7 +16,7 @@ metadata: audience: ITPro ms.collection: M365-security-compliance ms.topic: article - ms.technology: mde + ms.technology: windows-sec title: Software developer FAQ summary: This page provides answers to common questions we receive from software developers. For general guidance about submitting malware or incorrectly detected files, read the submission guide. diff --git a/windows/security/threat-protection/intelligence/developer-resources.md b/windows/security/threat-protection/intelligence/developer-resources.md index 3b7d080b28..4f489bae80 100644 --- a/windows/security/threat-protection/intelligence/developer-resources.md +++ b/windows/security/threat-protection/intelligence/developer-resources.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.technology: mde +ms.technology: windows-sec --- # Software developer resources diff --git a/windows/security/threat-protection/intelligence/exploits-malware.md b/windows/security/threat-protection/intelligence/exploits-malware.md index 3a88ecaf55..41086f1308 100644 --- a/windows/security/threat-protection/intelligence/exploits-malware.md +++ b/windows/security/threat-protection/intelligence/exploits-malware.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Exploits and exploit kits diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md index b125773d18..7f84b0446c 100644 --- a/windows/security/threat-protection/intelligence/fileless-threats.md +++ b/windows/security/threat-protection/intelligence/fileless-threats.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Fileless threats diff --git a/windows/security/threat-protection/intelligence/index.md b/windows/security/threat-protection/intelligence/index.md index 7fce4cc28d..48b0faad6b 100644 --- a/windows/security/threat-protection/intelligence/index.md +++ b/windows/security/threat-protection/intelligence/index.md @@ -12,7 +12,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.technology: mde +ms.technology: windows-sec --- # Security intelligence diff --git a/windows/security/threat-protection/intelligence/macro-malware.md b/windows/security/threat-protection/intelligence/macro-malware.md index 5bf655b20c..4421309156 100644 --- a/windows/security/threat-protection/intelligence/macro-malware.md +++ b/windows/security/threat-protection/intelligence/macro-malware.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Macro malware diff --git a/windows/security/threat-protection/intelligence/malware-naming.md b/windows/security/threat-protection/intelligence/malware-naming.md index 3b37bdf391..d8c17ef82c 100644 --- a/windows/security/threat-protection/intelligence/malware-naming.md +++ b/windows/security/threat-protection/intelligence/malware-naming.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Malware names diff --git a/windows/security/threat-protection/intelligence/phishing-trends.md b/windows/security/threat-protection/intelligence/phishing-trends.md index 1785d95a38..097dbd3120 100644 --- a/windows/security/threat-protection/intelligence/phishing-trends.md +++ b/windows/security/threat-protection/intelligence/phishing-trends.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Phishing trends and techniques diff --git a/windows/security/threat-protection/intelligence/phishing.md b/windows/security/threat-protection/intelligence/phishing.md index 01c216b8fe..215acf8c29 100644 --- a/windows/security/threat-protection/intelligence/phishing.md +++ b/windows/security/threat-protection/intelligence/phishing.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # How to protect against phishing attacks diff --git a/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md b/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md index ae7c0e8363..ebccd09195 100644 --- a/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md +++ b/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Troubleshooting malware submission errors caused by administrator block diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 4b3b38c797..f5ee250869 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Prevent malware infection diff --git a/windows/security/threat-protection/intelligence/rootkits-malware.md b/windows/security/threat-protection/intelligence/rootkits-malware.md index 3a795c9074..0fb53bc90f 100644 --- a/windows/security/threat-protection/intelligence/rootkits-malware.md +++ b/windows/security/threat-protection/intelligence/rootkits-malware.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Rootkits diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md index 282c90bd86..b271e43bca 100644 --- a/windows/security/threat-protection/intelligence/safety-scanner-download.md +++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Microsoft Safety Scanner diff --git a/windows/security/threat-protection/intelligence/submission-guide.md b/windows/security/threat-protection/intelligence/submission-guide.md index 97dda7a1ad..44bcc3e46e 100644 --- a/windows/security/threat-protection/intelligence/submission-guide.md +++ b/windows/security/threat-protection/intelligence/submission-guide.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Submit files for analysis diff --git a/windows/security/threat-protection/intelligence/supply-chain-malware.md b/windows/security/threat-protection/intelligence/supply-chain-malware.md index edd8709cdf..69f77af00f 100644 --- a/windows/security/threat-protection/intelligence/supply-chain-malware.md +++ b/windows/security/threat-protection/intelligence/supply-chain-malware.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Supply chain attacks diff --git a/windows/security/threat-protection/intelligence/support-scams.md b/windows/security/threat-protection/intelligence/support-scams.md index ffb5104d6c..07250bbc9c 100644 --- a/windows/security/threat-protection/intelligence/support-scams.md +++ b/windows/security/threat-protection/intelligence/support-scams.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Tech support scams diff --git a/windows/security/threat-protection/intelligence/trojans-malware.md b/windows/security/threat-protection/intelligence/trojans-malware.md index f2b7fe2a80..52b3552843 100644 --- a/windows/security/threat-protection/intelligence/trojans-malware.md +++ b/windows/security/threat-protection/intelligence/trojans-malware.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Trojans diff --git a/windows/security/threat-protection/intelligence/understanding-malware.md b/windows/security/threat-protection/intelligence/understanding-malware.md index f98d44ceb7..04b637d62c 100644 --- a/windows/security/threat-protection/intelligence/understanding-malware.md +++ b/windows/security/threat-protection/intelligence/understanding-malware.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Understanding malware & other threats diff --git a/windows/security/threat-protection/intelligence/unwanted-software.md b/windows/security/threat-protection/intelligence/unwanted-software.md index 0083b9496c..9a26e42972 100644 --- a/windows/security/threat-protection/intelligence/unwanted-software.md +++ b/windows/security/threat-protection/intelligence/unwanted-software.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Unwanted software diff --git a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md index 65a11f61ab..7d7b790bde 100644 --- a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.technology: mde +ms.technology: windows-sec --- # Virus Information Alliance diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md index ccb2eb6624..0441e00ed4 100644 --- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.technology: mde +ms.technology: windows-sec --- # Microsoft Virus Initiative diff --git a/windows/security/threat-protection/intelligence/worms-malware.md b/windows/security/threat-protection/intelligence/worms-malware.md index 2aa32ed8f6..0fb215f6b9 100644 --- a/windows/security/threat-protection/intelligence/worms-malware.md +++ b/windows/security/threat-protection/intelligence/worms-malware.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article search.appverid: met150 -ms.technology: mde +ms.technology: windows-sec --- # Worms diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md index d3480738e7..725a653863 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md @@ -12,7 +12,7 @@ ms.date: 09/20/2021 ms.reviewer: manager: dansimp ms.custom: asr -ms.technology: mde +ms.technology: windows-sec --- # Configure Microsoft Defender Application Guard policy settings diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml index a34c5d900d..867be41703 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml @@ -13,7 +13,7 @@ metadata: ms.reviewer: manager: dansimp ms.custom: asr - ms.technology: mde + ms.technology: windows-sec title: Frequently asked questions - Microsoft Defender Application Guard summary: | diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index c16ce0700e..2994f3ab96 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -12,7 +12,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.custom: asr -ms.technology: mde +ms.technology: windows-sec --- # Prepare to install Microsoft Defender Application Guard diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md index 90f1d07fca..2b7a3193ab 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md @@ -12,7 +12,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.custom: asr -ms.technology: mde +ms.technology: windows-sec --- # Microsoft Defender Application Guard Extension diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 640f7eae00..879c15353b 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -12,7 +12,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.custom: asr -ms.technology: mde +ms.technology: windows-sec --- # Microsoft Defender Application Guard overview diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md index b429e0e44f..d8e91b8642 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md @@ -12,7 +12,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.custom: asr -ms.technology: mde +ms.technology: windows-sec --- # System requirements for Microsoft Defender Application Guard diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index 292813b7c0..cf455c976a 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -12,7 +12,7 @@ ms.reviewer: manager: dansimp ms.date: 09/09/2021 ms.custom: asr -ms.technology: mde +ms.technology: windows-sec --- # Application Guard testing scenarios diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md index 9229244aa8..14c78b9fa8 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md @@ -11,7 +11,7 @@ ms.date: 09/28/2020 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md index baf718b6fe..8b9946ec0d 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md @@ -11,7 +11,7 @@ audience: ITPro ms.localizationpriority: high ms.reviewer: manager: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Microsoft Defender SmartScreen diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md index 416b3ffd6e..a73abf03ff 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md @@ -11,7 +11,7 @@ ms.date: 10/13/2017 ms.reviewer: manager: dansimp ms.author: macapara -ms.technology: mde +ms.technology: windows-sec --- # Set up and use Microsoft Defender SmartScreen on individual devices diff --git a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md index c2a1d31b98..33712bcefa 100644 --- a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md +++ b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.sitesec: library author: dulcemontemayor ms.localizationpriority: medium -ms.technology: mde +ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 0a9058b91d..e783eedfcd 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -10,7 +10,7 @@ author: dansimp ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Mitigate threats by using Windows 10 security features diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index e24bb48367..21a31de5bd 100644 --- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -13,7 +13,7 @@ ms.pagetype: security, devices author: dulcemontemayor ms.date: 10/13/2017 ms.localizationpriority: medium -ms.technology: mde +ms.technology: windows-sec --- # Control the health of Windows 10-based devices diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index 164d2ee773..a2c720f8da 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -13,7 +13,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 11/21/2019 ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Microsoft Security Compliance Toolkit 1.0 diff --git a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md index 152f6711fe..3cf960a19f 100644 --- a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md +++ b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Access Credential Manager as a trusted caller diff --git a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md index 55c80b17f7..da17209420 100644 --- a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md +++ b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/11/2021 -ms.technology: mde +ms.technology: windows-sec --- # Access this computer from the network - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md index be2c2f115a..5111f06fe9 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 08/16/2021 -ms.technology: mde +ms.technology: windows-sec --- # Account lockout duration diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md index 26ba3362f0..5f8c91006d 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/11/2018 -ms.technology: mde +ms.technology: windows-sec --- # Account Lockout Policy diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index 955b5f6e6f..fdbdef8e1e 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 11/02/2018 -ms.technology: mde +ms.technology: windows-sec --- # Account lockout threshold diff --git a/windows/security/threat-protection/security-policy-settings/account-policies.md b/windows/security/threat-protection/security-policy-settings/account-policies.md index 42f0509874..d3f03a9e97 100644 --- a/windows/security/threat-protection/security-policy-settings/account-policies.md +++ b/windows/security/threat-protection/security-policy-settings/account-policies.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Account Policies diff --git a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md index 983c8abe93..132ecaa9be 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 08/01/2017 -ms.technology: mde +ms.technology: windows-sec --- # Accounts: Administrator account status diff --git a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md index 21943761e2..d390220428 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 08/10/2017 -ms.technology: mde +ms.technology: windows-sec --- # Accounts: Block Microsoft accounts diff --git a/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md index 1828f74f0d..6f785de269 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Accounts: Guest account status - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md index 88adc7aa01..b630cc0ce5 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Accounts: Limit local account use of blank passwords to console logon only diff --git a/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md b/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md index 1bf1c8e328..d865644cf8 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Accounts: Rename administrator account diff --git a/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md b/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md index 5694b75065..7ce4a682bc 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Accounts: Rename guest account - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md index dfd593bde8..4c794419c1 100644 --- a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md +++ b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Act as part of the operating system diff --git a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md index c2cfbb9858..8e6a02b8ef 100644 --- a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md +++ b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Add workstations to domain diff --git a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md index 154ecd7c75..c780868505 100644 --- a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md +++ b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Adjust memory quotas for a process diff --git a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md index fecacdacab..297de36841 100644 --- a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Administer security policy settings diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md index 3bb3d64326..62863b9009 100644 --- a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md +++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Allow log on locally - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md index 044f3c2fe5..1ad9f2883f 100644 --- a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md +++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Allow log on through Remote Desktop Services diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md index d534cb14e3..f22bcd4c5d 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md +++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Audit: Audit the access of global system objects diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md index 6c2fec1dee..39535992d7 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md +++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/01/2019 -ms.technology: mde +ms.technology: windows-sec --- # Audit: Audit the use of Backup and Restore privilege diff --git a/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md b/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md index 3c64ae947a..cc93c278b5 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md +++ b/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings diff --git a/windows/security/threat-protection/security-policy-settings/audit-policy.md b/windows/security/threat-protection/security-policy-settings/audit-policy.md index 351b357bb8..294edc4242 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-policy.md +++ b/windows/security/threat-protection/security-policy-settings/audit-policy.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Audit Policy diff --git a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md index 6b2a642f91..dc462f0224 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md +++ b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Audit: Shut down system immediately if unable to log security audits diff --git a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md index 67a1efe7b8..2ecdea12d2 100644 --- a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md +++ b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Back up files and directories - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md index 34327028f6..239a32f7b1 100644 --- a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md +++ b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Bypass traverse checking diff --git a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md index 611c4f29c6..c3d5940ecc 100644 --- a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md +++ b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Change the system time - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md index f9251b7542..ac2ad49a7c 100644 --- a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md +++ b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Change the time zone - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md index eaca0ecfbb..c5a8a0a8e1 100644 --- a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md +++ b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create a pagefile - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md index 52fb6a0e53..b506e0c131 100644 --- a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md +++ b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create a token object diff --git a/windows/security/threat-protection/security-policy-settings/create-global-objects.md b/windows/security/threat-protection/security-policy-settings/create-global-objects.md index c29a2716ee..fd0acee762 100644 --- a/windows/security/threat-protection/security-policy-settings/create-global-objects.md +++ b/windows/security/threat-protection/security-policy-settings/create-global-objects.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create global objects diff --git a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md index 33b84b4ddd..a38990fd17 100644 --- a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md +++ b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create permanent shared objects diff --git a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md index 70f390d16a..d5d9820efd 100644 --- a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md +++ b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create symbolic links diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md index 8b5c1ba80d..cfed5fd439 100644 --- a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md +++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md index 46bcee01d5..7142b1773f 100644 --- a/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md +++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax diff --git a/windows/security/threat-protection/security-policy-settings/debug-programs.md b/windows/security/threat-protection/security-policy-settings/debug-programs.md index ee678fa038..0e70455139 100644 --- a/windows/security/threat-protection/security-policy-settings/debug-programs.md +++ b/windows/security/threat-protection/security-policy-settings/debug-programs.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Debug programs diff --git a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md index 04844990fd..269c9d78ab 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md +++ b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/19/2021 -ms.technology: mde +ms.technology: windows-sec --- # Deny access to this computer from the network diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md index 33371b5594..3065d91365 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Deny log on as a batch job diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md index e93b14011b..3b48755935 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Deny log on as a service diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md index 16aac6c38f..e3663ffda4 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Deny log on locally diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md index e618426e9d..ea9ba0f63a 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Deny log on through Remote Desktop Services diff --git a/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md index 1c8ec83ad6..6f6a4ddb5f 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Devices: Allow undock without having to log on diff --git a/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md b/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md index 4a2d451bd1..fccacdc413 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md +++ b/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Devices: Allowed to format and eject removable media diff --git a/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md b/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md index 15e9f97f5d..32a0ca45f2 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md +++ b/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Devices: Prevent users from installing printer drivers diff --git a/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md b/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md index 14b745deaf..1bc52f9b73 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md +++ b/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Devices: Restrict CD-ROM access to locally logged-on user only diff --git a/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md b/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md index 0b64be01ad..2591b45b42 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md +++ b/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Devices: Restrict floppy access to locally logged-on user only diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md index 6708f52037..ad7e4030e3 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Domain controller: Allow server operators to schedule tasks diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md index ba471b4b00..3c4bd32092 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Domain controller: LDAP server signing requirements diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md index 31325347d6..d0b2f91db5 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.technology: mde +ms.technology: windows-sec --- # Domain controller: Refuse machine account password changes diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md index 9c02ea6441..c48680bf77 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Domain member: Digitally encrypt or sign secure channel data (always) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md index cc788fbe2b..f07984917f 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Domain member: Digitally encrypt secure channel data (when possible) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md index 5d0ee13652..b75a8767d9 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Domain member: Digitally sign secure channel data (when possible) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md index 16e25c74bf..8c85b1ecee 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/27/2019 -ms.technology: mde +ms.technology: windows-sec --- # Domain member: Disable machine account password changes diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index ff2d29cc14..7a5f2b3e94 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/29/2020 -ms.technology: mde +ms.technology: windows-sec --- # Domain member: Maximum machine account password age diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md index 544c028497..24cdd01bd2 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Domain member: Require strong (Windows 2000 or later) session key diff --git a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md index 9dfa07237d..d60d7b9568 100644 --- a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md +++ b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Enable computer and user accounts to be trusted for delegation diff --git a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md index 796779c714..e32f558d6c 100644 --- a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md +++ b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Enforce password history diff --git a/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md b/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md index 71615ceabb..c1b6e0c09e 100644 --- a/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md +++ b/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Enforce user logon restrictions diff --git a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md index e6585a09a3..ed338300e8 100644 --- a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md +++ b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Force shutdown from a remote system diff --git a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md index 40e5ca7ef1..4f81ddbe37 100644 --- a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md +++ b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Generate security audits diff --git a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md index 7ad1fc41a6..548dfc7385 100644 --- a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Configure security policy settings diff --git a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md index 7c59f4013c..b7503031b7 100644 --- a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Impersonate a client after authentication diff --git a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md index 4473a058bb..f6eda6e23e 100644 --- a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md +++ b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Increase a process working set diff --git a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md index 8ca263ed4f..e2e776a8be 100644 --- a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md +++ b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 2/6/2020 -ms.technology: mde +ms.technology: windows-sec --- # Increase scheduling priority diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md index ce251bc758..7c5ca6c4a7 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Interactive logon: Display user information when the session is locked diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md index dc34342e33..9994a60f7e 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md @@ -14,7 +14,7 @@ ms.topic: conceptual ms.date: 04/19/2017 ms.reviewer: ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Interactive logon: Don't display last signed-in diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md index e209f6f824..4131998946 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Interactive logon: Do not require CTRL+ALT+DEL diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md index dc75f23f03..e0431252ef 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Interactive logon: Don't display username at sign-in diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md index ea490bea9a..e9a1fea0ae 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Interactive logon: Machine account lockout threshold diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md index b42c080ea0..737bfddba3 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/18/2018 -ms.technology: mde +ms.technology: windows-sec --- # Interactive logon: Machine inactivity limit diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md index 554fcc6d63..ec72b350f1 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Interactive logon: Message text for users attempting to log on diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md index 3f2be2aad0..e5f5ce5eb8 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Interactive logon: Message title for users attempting to log on diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md index 1e1a6c2d56..90773e0b18 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 08/27/2018 -ms.technology: mde +ms.technology: windows-sec --- # Interactive logon: Number of previous logons to cache (in case domain controller is not available) diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md index 0eada407ca..0194532533 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Interactive log on: Prompt the user to change passwords before expiration diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md index e08474cde8..88948dcc4f 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Interactive logon: Require Domain Controller authentication to unlock workstation diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md index 1235ce1f89..1ef1627762 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Interactive logon: Require smart card - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md index 822699cbe5..8b8a23f14d 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Interactive logon: Smart card removal behavior diff --git a/windows/security/threat-protection/security-policy-settings/kerberos-policy.md b/windows/security/threat-protection/security-policy-settings/kerberos-policy.md index 4dde3dafa0..50e612ee9a 100644 --- a/windows/security/threat-protection/security-policy-settings/kerberos-policy.md +++ b/windows/security/threat-protection/security-policy-settings/kerberos-policy.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Kerberos Policy diff --git a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md index ece23d6a1b..a0534994d0 100644 --- a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md +++ b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Load and unload device drivers diff --git a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md index 9f512271e5..17b2d7d0e6 100644 --- a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md +++ b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Lock pages in memory diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md index e4997ab361..4fb931974f 100644 --- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md +++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Log on as a batch job diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md index a170ea805c..dbcb0f1907 100644 --- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md +++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Log on as a service diff --git a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md index 057b9c3219..5da39ee708 100644 --- a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md +++ b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Manage auditing and security log diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md index 4c5b767250..e3ed6c49c4 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Maximum lifetime for service ticket diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md index 4298be4ed3..0b5fddd3cd 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Maximum lifetime for user ticket renewal diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md index c9f03e275f..b189dda660 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Maximum lifetime for user ticket diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md index 18d09c4627..546b7de4f2 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Maximum password age diff --git a/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md b/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md index 98e58336ac..fe607f246f 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Maximum tolerance for computer clock synchronization diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md index f2c0e59130..d6c198624a 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md @@ -12,7 +12,7 @@ ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.date: 06/28/2018 -ms.technology: mde +ms.technology: windows-sec --- # Microsoft network client: Digitally sign communications (always) diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md index 3fca806b68..0cc87e361e 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md index df04135ddb..abe6db2b33 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Microsoft network server: Amount of idle time required before suspending session diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md index bf80e3d066..1ef73b3a59 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Microsoft network server: Attempt S4U2Self to obtain claim information diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md index aa8327994b..afb7ddfe20 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/21/2018 -ms.technology: mde +ms.technology: windows-sec --- # Microsoft network server: Digitally sign communications (always) diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md index c63ba1fa9c..5cf58f4daf 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Microsoft network server: Disconnect clients when logon hours expire diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md index 934085e4f4..23c36d99fa 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Microsoft network server: Server SPN target name validation level diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md index a36abdd6f7..960112af64 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md @@ -12,7 +12,7 @@ ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.date: 11/13/2018 -ms.technology: mde +ms.technology: windows-sec --- # Minimum password age diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md index c14de4b2fc..7921cdcc37 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Minimum password length diff --git a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md index baa5e9c04b..b320e305b8 100644 --- a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md +++ b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Modify an object label diff --git a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md index 6858bbce7e..8d28849453 100644 --- a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md +++ b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Modify firmware environment values diff --git a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md index b78e43e706..82be9fa1ec 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network access: Allow anonymous SID/Name translation diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md index 23a4d0c815..aa56038e35 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network access: Do not allow anonymous enumeration of SAM accounts and shares diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md index 3243d8261b..1e144a682f 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network access: Do not allow anonymous enumeration of SAM accounts diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md index 8cdbdc9908..160dbb22e8 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 07/01/2021 -ms.technology: mde +ms.technology: windows-sec --- # Network access: Do not allow storage of passwords and credentials for network authentication diff --git a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md index 816f4d78b1..542bd046ed 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network access: Let Everyone permissions apply to anonymous users diff --git a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md index bb01d6c117..78c22e2c43 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network access: Named Pipes that can be accessed anonymously diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md index 078753c170..1f5a821007 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network access: Remotely accessible registry paths and subpaths diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md index ab9370f9dd..fe4a3d425e 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network access: Remotely accessible registry paths diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md index 9fea7c3077..57dc9bbbb8 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network access: Restrict anonymous access to Named Pipes and Shares diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md index 66c3926643..e6ec3878c7 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md @@ -11,7 +11,7 @@ ms.date: 09/17/2018 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Network access: Restrict clients allowed to make remote calls to SAM diff --git a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md index 125d609e61..0e8c62d1a3 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network access: Shares that can be accessed anonymously diff --git a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md index 359010211d..f4a400c044 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network access: Sharing and security model for local accounts diff --git a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md index 69ecb0c119..619b009548 100644 --- a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md +++ b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network List Manager policies diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md index 605dfd0cfd..261dd0a213 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/04/2021 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Allow Local System to use computer identity for NTLM diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md index 3f67d9dfbf..401a588948 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Allow LocalSystem NULL session fallback diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md index 671eb87720..7b4fd7fe4b 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Allow PKU2U authentication requests to this computer to use online identities diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md index d6813adc8f..034a2762ea 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Configure encryption types allowed for Kerberos diff --git a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md index 23140d7b81..ebf155ba56 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Do not store LAN Manager hash value on next password change diff --git a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md index d82ba2d356..daab389419 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Force logoff when logon hours expire diff --git a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md index 90ab68bf7a..fcd510671f 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: LAN Manager authentication level diff --git a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md index deb400f637..006e925460 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: LDAP client signing requirements diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md index 7da3832813..1ab941f6ae 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 07/27/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Minimum session security for NTLM SSP based (including secure RPC) clients diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md index fd5bcf7731..d606dc935b 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Minimum session security for NTLM SSP based (including secure RPC) servers diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md index 4f61542115..bf5804a540 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md index ad33075c6d..5fb535995e 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Restrict NTLM: Add server exceptions in this domain diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md index 466fe77336..47b963ab2a 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Restrict NTLM: Audit incoming NTLM traffic diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md index 595f2d660a..bdbf0e528d 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Restrict NTLM: Audit NTLM authentication in this domain diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md index 1c4ca789c3..cbcc2e7d66 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Restrict NTLM: Incoming NTLM traffic diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md index 947f4ab587..ccaba0be7d 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Restrict NTLM: NTLM authentication in this domain diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md index 1a547615d6..f53a1e1665 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md index 1a74bf2b3a..7928508380 100644 --- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.technology: mde +ms.technology: windows-sec --- # Password must meet complexity requirements diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md index 697b00c255..11d69785c6 100644 --- a/windows/security/threat-protection/security-policy-settings/password-policy.md +++ b/windows/security/threat-protection/security-policy-settings/password-policy.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Password Policy diff --git a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md index 44ce6c881a..514e1a9ea7 100644 --- a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md +++ b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Perform volume maintenance tasks diff --git a/windows/security/threat-protection/security-policy-settings/profile-single-process.md b/windows/security/threat-protection/security-policy-settings/profile-single-process.md index fc3af3e372..599cb50810 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-single-process.md +++ b/windows/security/threat-protection/security-policy-settings/profile-single-process.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Profile single process diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md index 37a46be943..47f372d723 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md +++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Profile system performance diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md index 8d560cc318..c188b74c08 100644 --- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md +++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Recovery console: Allow automatic administrative logon diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md index 2d90c0a80f..c06d6f180c 100644 --- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md +++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Recovery console: Allow floppy copy and access to all drives and folders diff --git a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md index 099396d96b..4508560bdc 100644 --- a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md +++ b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Remove computer from docking station - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md index 497b00f4d5..dd1696b067 100644 --- a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md +++ b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Replace a process level token diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md index b58d2f93b4..87951d31f4 100644 --- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md +++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 11/02/2018 -ms.technology: mde +ms.technology: windows-sec --- # Reset account lockout counter after diff --git a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md index 56932252a4..08c30303cf 100644 --- a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md +++ b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Restore files and directories - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md index 58e86eb700..fe3ba96d3f 100644 --- a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Advanced security audit policy settings diff --git a/windows/security/threat-protection/security-policy-settings/security-options.md b/windows/security/threat-protection/security-policy-settings/security-options.md index b31d7a38cd..f7a90a01c0 100644 --- a/windows/security/threat-protection/security-policy-settings/security-options.md +++ b/windows/security/threat-protection/security-policy-settings/security-options.md @@ -12,7 +12,7 @@ ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.date: 06/28/2018 -ms.technology: mde +ms.technology: windows-sec --- # Security Options diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md index 690b97fddb..a1d965558b 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Security policy settings reference diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md index 7a58b942a4..a0a8270da7 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Security policy settings diff --git a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md index 1b5d5a161d..57374f2aa8 100644 --- a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md +++ b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Shut down the system - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md index 5f9aec2590..f80dd3b8cf 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Shutdown: Allow system to be shut down without having to log on diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md index b556412de2..4cada523db 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 08/01/2017 -ms.technology: mde +ms.technology: windows-sec --- # Shutdown: Clear virtual memory pagefile diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md index 996a278b07..204a5206ba 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/04/2019 -ms.technology: mde +ms.technology: windows-sec --- # SMBv1 Microsoft network client: Digitally sign communications (always) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md index 6b4331de2f..9ef171ea55 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/04/2019 -ms.technology: mde +ms.technology: windows-sec --- # SMBv1 Microsoft network client: Digitally sign communications (if server agrees) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md index 0c427716aa..ffedfe0697 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/04/2019 -ms.technology: mde +ms.technology: windows-sec --- # SMB v1 Microsoft network server: Digitally sign communications (always) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md index 032bb6d057..48bbab1f2f 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/04/2019 -ms.technology: mde +ms.technology: windows-sec --- # SMBv1 Microsoft network server: Digitally sign communications (if client agrees) diff --git a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md index fa3693209f..ea2f55d403 100644 --- a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md +++ b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Store passwords using reversible encryption diff --git a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md index 04d2c905ec..88f07c4037 100644 --- a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md +++ b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Synchronize directory service data diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md index 0ab38e9139..d5dd1f683e 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # System cryptography: Force strong key protection for user keys stored on the computer diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md index 67de664cfc..e98291ef6b 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 11/16/2018 -ms.technology: mde +ms.technology: windows-sec --- # System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md index 7d3fdb17cd..3a9ceb4840 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # System objects: Require case insensitivity for non-Windows subsystems diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md index 731ff816b1..abd9724c03 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # System objects: Strengthen default permissions of internal system objects (for example, Symbolic Links) diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md index 05dc5f7a16..a271d9f87f 100644 --- a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # System settings: Optional subsystems diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md index 85d1c3a9c8..9791d8a12d 100644 --- a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md +++ b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # System settings: Use certificate rules on Windows executables for Software Restriction Policies diff --git a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md index 45985b786a..c4781f258c 100644 --- a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md +++ b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # Take ownership of files or other objects diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md index d7900e363c..16e00a82f8 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2017 -ms.technology: mde +ms.technology: windows-sec --- # User Account Control: Admin Approval Mode for the Built-in Administrator account diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md index 09f6411652..8526a457ae 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md index 716ff6ad2d..e653550846 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2017 -ms.technology: mde +ms.technology: windows-sec --- # User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md index 688bce1b38..48f2dfa8c7 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/11/2021 -ms.technology: mde +ms.technology: windows-sec --- # User Account Control: Behavior of the elevation prompt for standard users diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md index be33709e17..431ac04a15 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # User Account Control: Detect application installations and prompt for elevation diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md index 62665872ff..242580312c 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # User Account Control: Only elevate executables that are signed and validated diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md index 06e3831a67..76a8bc97a2 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # User Account Control: Only elevate UIAccess applications that are installed in secure locations diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md index da3fbca962..1ce02f4be2 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # User Account Control: Run all administrators in Admin Approval Mode diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md index 6b34c92be1..5eb4fbd4e9 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # User Account Control: Switch to the secure desktop when prompting for elevation diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md index e8bf2f6497..dda6b18a18 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # User Account Control: Virtualize file and registry write failures to per-user locations diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md index 5efa422cb9..6760680ea6 100644 --- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md +++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: mde +ms.technology: windows-sec --- # User Rights Assignment diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index a8362c5bda..fc9376dadb 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -12,7 +12,7 @@ ms.pagetype: security author: dulcemontemayor ms.date: 02/28/2019 ms.localizationpriority: medium -ms.technology: mde +ms.technology: windows-sec --- # Use Windows Event Forwarding to help with intrusion detection diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md index 11b4c1a58b..4ee9598673 100644 --- a/windows/security/threat-protection/windows-10-mobile-security-guide.md +++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md @@ -13,7 +13,7 @@ ms.pagetype: security, mobile ms.localizationpriority: medium author: dulcemontemayor ms.date: 10/13/2017 -ms.technology: mde +ms.technology: windows-sec --- # Windows 10 Mobile security guide diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md index 1fd7837df9..bea57dd3c8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md +++ b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 10/30/2019 -ms.technology: mde +ms.technology: windows-sec --- # Allow Line-of-Business Win32 Apps on Intune-Managed S Mode Devices diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md index f200b445bc..b06aa4f091 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -14,7 +14,7 @@ author: dansimp ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Allow COM object registration in a Windows Defender Application Control policy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md index 727135ff89..d3d7b17207 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Add rules for packaged apps to existing AppLocker rule-set diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md index 9838e069b1..3c1120b48b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 -ms.technology: mde +ms.technology: windows-sec --- # Administer AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md index f11b29225e..206a7b287c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # AppLocker architecture and components diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md index a095a49531..aa517a5505 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # AppLocker functions diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md index 45cbf5c074..af1cdbd2d8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/16/2017 -ms.technology: mde +ms.technology: windows-sec --- # AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md index d5c03fc57e..8b61cc5f7c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md index d0df809923..5175d57766 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # AppLocker design guide diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md index 1314f32db2..32d003ef09 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # AppLocker policy use scenarios diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md index ccb2db435b..8460667499 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # AppLocker processes and interactions diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md index 504b6ddc8e..85ecf639ea 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # AppLocker settings diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md index 72e525eb33..7dc333ae22 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # AppLocker technical reference diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md index 0c75f461a6..8dbd16c51c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/08/2018 -ms.technology: mde +ms.technology: windows-sec --- # Configure an AppLocker policy for audit only diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md index 411f862d54..4ae757fa97 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Configure an AppLocker policy for enforce rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md index f349cab5c6..1eba7b9033 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Add exceptions for an AppLocker rule diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md index 1f654436af..0675c5fa73 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Configure the AppLocker reference device diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md index 37736b98e8..4db27c8710 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 07/01/2021 -ms.technology: mde +ms.technology: windows-sec --- # Configure the Application Identity service diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md index 6a921a1a9f..f983e81eba 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create a rule for packaged apps diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md index ae414198e7..0f78585339 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create a rule that uses a file hash condition diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md index 305a8f1f28..f935341e92 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create a rule that uses a path condition diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md index e54c7be041..60623baeae 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create a rule that uses a publisher condition diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md index 7d5cb87442..d130fe7233 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create AppLocker default rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md index ca15623e30..7daf4320eb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create a list of apps deployed to each business group diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md index 3a1109a239..961dd4e3ff 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create Your AppLocker policies diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md index bbf2bbc5f2..cdda7822da 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Create Your AppLocker rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md index a76438913f..e5b26ce22e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 11/09/2020 -ms.technology: mde +ms.technology: windows-sec --- # Delete an AppLocker rule diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md index bd37f7dbd6..76c4ee127a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Deploy AppLocker policies by using the enforce rules setting diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md index 801357a512..3c3692819b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Deploy the AppLocker policy into production diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md index 56fabec7f0..2d9fdbe7c2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Determine the Group Policy structure and rule enforcement diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md index 0f79249eb4..656ab2805e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Determine which apps are digitally signed on a reference device diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md index f1a3d2fdb0..e4bdbbc2b7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Determine your application control objectives diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md index 33e52bdb43..596ca4a50f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Display a custom URL message when users try to run a blocked app diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md index 90d0e55f8b..5c09c86d2e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # DLL rules in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md index 28c6e63bf2..252fb96ede 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md @@ -15,7 +15,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.pagetype: security ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Document the Group Policy structure and AppLocker rule enforcement diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md index 19976bf113..33ffa59ce9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Document your app list diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md index d456dd6197..2db8ca7042 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Document your AppLocker rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md index d3e0de4082..811e3ab499 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Edit an AppLocker policy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md index 4a6c308d6c..742bb76aa9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Edit AppLocker rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md index a4fda0421a..81877d328c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Enable the DLL rule collection diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md index d5979bfac8..67fa92f12c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Enforce AppLocker rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md index 6737670f69..b8a51feeed 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Executable rules in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md index 8069b0c488..aa08b6fce3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Export an AppLocker policy from a GPO diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md index 13a340752a..25c099d3c3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Export an AppLocker policy to an XML file diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md index f2f21ec59a..bcccdec697 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # How AppLocker works diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md index 2ca831ad61..eec6f18251 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Import an AppLocker policy from another computer diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md index ea0d11ab6b..9853f4b41f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Import an AppLocker policy into a GPO diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md index fbd1e8bf5b..04db4a506d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.technology: mde +ms.technology: windows-sec --- # Maintain AppLocker policies diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md index fb2455652e..6c12bd897b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Manage packaged apps with AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index a054a02bd9..7737b4399b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Merge AppLocker policies by using Set-ApplockerPolicy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md index 8e26890ee4..4063ae1e66 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Merge AppLocker policies manually diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md index 80d37a8614..a19c80618b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Monitor app usage with AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md index bda74906e4..e1bfa2e4a6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Optimize AppLocker performance diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md index ca8932c6f8..c79be76e77 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/13/2017 -ms.technology: mde +ms.technology: windows-sec --- # Packaged apps and packaged app installer rules in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md index 58c2a7e1aa..b114297f17 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Plan for AppLocker policy management diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md index 82a4c1e458..e4d36fb82e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Refresh an AppLocker policy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md index 229cfda610..85f6eb11a3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Requirements for deploying AppLocker policies diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md index 3c707b81d5..023753c944 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Requirements to use AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md index f17c70b80d..b45234c1a0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Run the Automatically Generate Rules wizard diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md index 9076c55024..48095da0ce 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Script rules in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md index 975f550c4a..3b58e12ab7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Security considerations for AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md index d550e452bd..0e46c32873 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Select the types of rules to create diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md index d75ba70771..af4f2f86cc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Test an AppLocker policy by using Test-AppLockerPolicy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md index 389120fbf6..e94dd7e02a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Test and update an AppLocker policy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md index a2e61460e0..25bb78c4e1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Tools to use with AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md index e675fb2869..9b7c321d4e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understand AppLocker enforcement settings diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md index 423a4d1362..2d5fca2ebb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/13/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understand AppLocker policy design decisions diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md index 92387a5fd9..e7a565430e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understand AppLocker rules and enforcement setting inheritance in Group Policy diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md index 799df0904c..b0c0834967 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understand the AppLocker policy deployment process diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md index 73277f9b7e..3fe3cbccdc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understanding AppLocker allow and deny actions on rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md index 5bf6447ed9..8c640a6c94 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understanding AppLocker default rules diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md index cace268255..92bd84efc4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understanding AppLocker rule behavior diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md index 70106f07bf..23dd648c32 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understanding AppLocker rule collections diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md index 5e0876bc46..b56ba6c88d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understanding AppLocker rule condition types diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md index a83a41aef9..295497d103 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understanding AppLocker rule exceptions diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md index 62751a55dd..2a8b980f8f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understanding the file hash rule condition in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md index 365ad545e5..0eb3e887ba 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understanding the path rule condition in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md index 6c68cb3be5..86cc3ed874 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Understanding the publisher rule condition in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md index 9a97cd9a36..e054f32aa9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md @@ -15,7 +15,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Use a reference device to create and maintain AppLocker policies diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md index 41241819f1..a22f94b741 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Use AppLocker and Software Restriction Policies in the same domain diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md index a27af3c553..636ea5f18b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Use the AppLocker Windows PowerShell cmdlets diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md index d0a93e2296..aa10905181 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Using Event Viewer with AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md index 142eeb4cf9..47f5faeacd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Use Software Restriction Policies and AppLocker policies diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md index 2bb5d4a07b..3629a929f5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # What Is AppLocker? diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md index c5a2d513e3..fcc0f3b253 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Windows Installer rules in AppLocker diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md index 6e13cbce6e..211cdb2e62 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: mde +ms.technology: windows-sec --- # Working with AppLocker policies diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md index f05e000e74..4379162473 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md @@ -13,7 +13,7 @@ author: dansimp ms.localizationpriority: medium msauthor: v-anbic ms.date: 08/27/2018 -ms.technology: mde +ms.technology: windows-sec --- # Working with AppLocker rules diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md index 62270b6e8e..194bee29a8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md @@ -15,7 +15,7 @@ ms.reviewer: jogeurte ms.author: dansimp manager: dansimp ms.date: 05/03/2021 -ms.technology: mde +ms.technology: windows-sec --- # Use audit events to create WDAC policy rules and Convert **base** policy from audits to enforced diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md index 0ca71721d8..ce9a82bf17 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md @@ -15,7 +15,7 @@ ms.reviewer: jogeurte ms.author: dansimp manager: dansimp ms.date: 05/03/2018 -ms.technology: mde +ms.technology: windows-sec --- # Use audit events to create WDAC policy rules diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md index 26506a422a..8bfc7934c6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 08/10/2021 -ms.technology: mde +ms.technology: windows-sec --- # Configuring authorized apps deployed by a managed installer with AppLocker and Windows Defender Application Control diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md index fb11f5cbf8..49d87c56f3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 08/14/2020 -ms.technology: mde +ms.technology: windows-sec --- # Configuring a managed installer with AppLocker and Windows Defender Application Control diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md index 7f12604edc..26a241db0e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 02/28/2018 -ms.technology: mde +ms.technology: windows-sec --- # Optional: Create a code signing cert for Windows Defender Application Control diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md index 4d96dd5039..72b3039271 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 05/03/2018 -ms.technology: mde +ms.technology: windows-sec --- # Create a WDAC policy for fixed-workload devices using a reference computer diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md index ae19d1e80f..f088c8d7f9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md @@ -16,7 +16,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 11/20/2019 -ms.technology: mde +ms.technology: windows-sec --- # Create a WDAC policy for fully managed devices diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md index 98d4991e37..a173ced569 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md @@ -16,7 +16,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 11/15/2019 -ms.technology: mde +ms.technology: windows-sec --- # Create a WDAC policy for lightly managed devices diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md index fbe13edbe5..0ea6e2d239 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 02/28/2018 -ms.technology: mde +ms.technology: windows-sec --- # Deploy catalog files to support Windows Defender Application Control diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md index 96abd74691..2738724087 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md @@ -15,7 +15,7 @@ ms.reviewer: jogeurte ms.author: dansimp manager: dansimp ms.date: 07/19/2021 -ms.technology: mde +ms.technology: windows-sec --- # Use multiple Windows Defender Application Control Policies diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md index 8482f5f1c0..73098a0cc4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md @@ -15,7 +15,7 @@ ms.reviewer: jogeurte ms.author: dansimp manager: dansimp ms.date: 02/28/2018 -ms.technology: mde +ms.technology: windows-sec --- # Deploy Windows Defender Application Control policies by using Group Policy diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 7b44dba695..3572e0f5f3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 04/29/2020 -ms.technology: mde +ms.technology: windows-sec --- # Deploy WDAC policies using Mobile Device Management (MDM) diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md index b8900a28dc..c4953d88ee 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md @@ -11,7 +11,7 @@ ms.author: jogeurte ms.manager: jsuther manager: dansimp ms.date: 07/19/2021 -ms.technology: mde +ms.technology: windows-sec ms.topic: article ms.localizationpriority: medium --- diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index 67dadf4ccd..6bef1bb3c9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -11,7 +11,7 @@ ms.author: jogeurte ms.manager: jsuther manager: dansimp ms.date: 04/14/2021 -ms.technology: mde +ms.technology: windows-sec ms.topic: article ms.localizationpriority: medium --- diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md index bff322daff..6fa1b84ec0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 05/03/2018 -ms.technology: mde +ms.technology: windows-sec --- # Disable Windows Defender Application Control policies diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md index 685ffd83a1..e3969dba90 100644 --- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md @@ -11,7 +11,7 @@ ms.author: jogeurte ms.manager: jsuther manager: dansimp ms.date: 04/22/2021 -ms.technology: mde +ms.technology: windows-sec ms.topic: article ms.localizationpriority: medium --- diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md index a87cd17fec..9acce652d1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 06/02/2021 -ms.technology: mde +ms.technology: windows-sec --- # Understanding Application Control events diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md index f5d7d82e37..e78284ae26 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 07/13/2021 -ms.technology: mde +ms.technology: windows-sec --- # Understanding Application Control event tags diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md index b12655562e..93c7ae9224 100644 --- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md @@ -16,7 +16,7 @@ ms.reviewer: jogeurte ms.author: dansimp manager: dansimp ms.date: 11/15/2019 -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Application Control (WDAC) example base policies diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md index 8e813e308b..21ff82c26f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md +++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md @@ -16,7 +16,7 @@ ms.author: deniseb manager: dansimp ms.date: 07/29/2021 ms.custom: asr -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Application Control and AppLocker feature availability diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md index 5939c67fde..8a26cf9a33 100644 --- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 05/29/2020 -ms.technology: mde +ms.technology: windows-sec --- # Manage Packaged Apps with Windows Defender Application Control diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md index 1c0bf07bd4..4bb130103f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md @@ -11,7 +11,7 @@ ms.author: jogeurte ms.manager: jsuther manager: dansimp ms.date: 04/22/2021 -ms.technology: mde +ms.technology: windows-sec ms.topic: article ms.localizationpriority: medium --- diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 53d81d3ab1..0452284705 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -4,7 +4,7 @@ description: View a list of recommended block rules, based on knowledge shared b keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security -ms.technology: mde +ms.technology: windows-sec ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index 015e6b6e50..9f46d048d2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -11,7 +11,7 @@ ms.author: jogeurte ms.manager: jsuther manager: dansimp ms.date: 04/14/2021 -ms.technology: mde +ms.technology: windows-sec ms.topic: article ms.localizationpriority: medium --- diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md index bff9aace8e..5fb7949fb1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 02/21/2018 -ms.technology: mde +ms.technology: windows-sec --- # Plan for Windows Defender Application Control lifecycle policy management diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md index 134acc8d1f..f5f01d8caa 100644 --- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md +++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 12/06/2018 -ms.technology: mde +ms.technology: windows-sec --- # Querying Application Control events centrally using Advanced hunting diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 69855b69b3..6e90081708 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 07/15/2021 -ms.technology: mde +ms.technology: windows-sec --- # Understand Windows Defender Application Control (WDAC) policy rules and file rules diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md index 024f7881f7..da525f4cf5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 03/01/2018 -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Application Control deployment in different scenarios: types of devices diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index e0abed5fef..1125c7c0ef 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -15,7 +15,7 @@ author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp ms.date: 02/08/2018 -ms.technology: mde +ms.technology: windows-sec --- # Understand Windows Defender Application Control policy design decisions diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md index 392ab9a072..2f34416393 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 05/03/2018 -ms.technology: mde +ms.technology: windows-sec --- # Use code signing to simplify application control for classic Windows applications diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md index 79b9e0a33c..7311563492 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -15,7 +15,7 @@ author: jsuther1974 ms.reviewer: isbrahm manager: dansimp ms.date: 02/19/2019 -ms.technology: mde +ms.technology: windows-sec --- # Optional: Use the Device Guard Signing Portal in the Microsoft Store for Business diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md index 224fa1dac5..b56df7608b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 05/03/2018 -ms.technology: mde +ms.technology: windows-sec --- # Use signed policies to protect Windows Defender Application Control against tampering diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index 5ce6dec509..e00de62409 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -15,7 +15,7 @@ ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm ms.date: 08/12/2021 -ms.technology: mde +ms.technology: windows-sec --- # Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md index fae9be2b42..b1ace98992 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 09/23/2021 -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Application Control and .NET hardening diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index d1f5ea9591..36aa766318 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 07/15/2021 -ms.technology: mde +ms.technology: windows-sec --- # Authorize reputable apps with the Intelligent Security Graph (ISG) diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md index 37d3a19f84..bdb1f032a7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md @@ -16,7 +16,7 @@ ms.author: deniseb manager: dansimp ms.date: 09/30/2020 ms.custom: asr -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Application Control and AppLocker Overview diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md index eb2d098d4b..fa6ef6f807 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md @@ -16,7 +16,7 @@ ms.author: dansimp manager: dansimp ms.topic: conceptual ms.date: 10/14/2020 -ms.technology: mde +ms.technology: windows-sec --- # Creating a new Base Policy with the Wizard diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md index 71046d7308..c2b91d7090 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md @@ -16,7 +16,7 @@ ms.author: dansimp manager: dansimp ms.topic: conceptual ms.date: 10/14/2020 -ms.technology: mde +ms.technology: windows-sec --- # Creating a new Supplemental Policy with the Wizard diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md index 754f399a47..6de03178f8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md @@ -16,7 +16,7 @@ ms.author: dansimp manager: dansimp ms.topic: conceptual ms.date: 10/14/2020 -ms.technology: mde +ms.technology: windows-sec --- # Editing existing base and supplemental WDAC policies with the Wizard diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md index 66ad01329f..4c286095a7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md @@ -16,7 +16,7 @@ ms.author: dansimp manager: dansimp ms.topic: conceptual ms.date: 10/14/2020 -ms.technology: mde +ms.technology: windows-sec --- # Merging existing policies with the WDAC Wizard diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md index 3143fd1d5c..8024e0f03b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md @@ -16,7 +16,7 @@ ms.author: dansimp manager: dansimp ms.topic: conceptual ms.date: 10/14/2020 -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Application Control Wizard diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md index b3d650b5e2..a247be4297 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md @@ -15,7 +15,7 @@ ms.reviewer: jogeurte ms.author: dansimp manager: dansimp ms.date: 05/16/2018 -ms.technology: mde +ms.technology: windows-sec --- # Deploying Windows Defender Application Control (WDAC) policies diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md index 6617b5581c..2d52ef271b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md @@ -16,7 +16,7 @@ ms.author: dansimp manager: dansimp ms.topic: conceptual ms.date: 02/20/2018 -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Application Control design guide diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md index 8d5d8dda4a..00ab146f0a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md @@ -15,7 +15,7 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.date: 03/16/2020 -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Application Control operational guide diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md index 9d17eb7f30..4e7a69a494 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md @@ -16,7 +16,7 @@ ms.author: deniseb manager: dansimp ms.date: 05/26/2020 ms.custom: asr -ms.technology: mde +ms.technology: windows-sec --- # Application Control for Windows diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md index 7f3ef48df0..2b298178cb 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md @@ -13,7 +13,7 @@ ms.author: dansimp ms.date: 04/30/2018 ms.reviewer: manager: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Manage Windows Security in Windows 10 in S mode diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index 848345ef8b..128243e87c 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -13,7 +13,7 @@ ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.date: 03/01/2019 -ms.technology: mde +ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index 55321967df..c234a83d1d 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -12,7 +12,7 @@ ms.date: 07/01/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # System Guard Secure Launch and SMM protection diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md index 22c00f87cc..0ffe9699ca 100644 --- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md +++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Add Production Devices to the Membership Group for a Zone diff --git a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md index 14eaf54184..e3a45c598a 100644 --- a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md +++ b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Add Test Devices to the Membership Group for a Zone diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md index 7a8c114351..1a7d5dd07e 100644 --- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md +++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Appendix A: Sample GPO Template Files for Settings Used in this Guide diff --git a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md index 2fe271c315..221490f2e9 100644 --- a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Assign Security Group Filters to the GPO diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md index 0eda99ff36..2523d0ce01 100644 --- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.technology: mde +ms.technology: windows-sec --- # Basic Firewall Policy Design diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index fde3e3850b..aa02076a04 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.technology: mde +ms.technology: windows-sec --- # Best practices for configuring Windows Defender Firewall diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md index d17a0d6cac..e867dc86b4 100644 --- a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md +++ b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Boundary Zone GPOs diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md index 9c0d1186eb..11c757ec1c 100644 --- a/windows/security/threat-protection/windows-firewall/boundary-zone.md +++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Boundary Zone diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md index be336a726b..2904f65cb4 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Certificate-based Isolation Policy Design Example diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md index a59ba99025..f134b8f1db 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Certificate-based isolation policy design diff --git a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md index eb09b78b9f..fe2aeb49e8 100644 --- a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md +++ b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Change Rules from Request to Require Mode diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md index ec2429b56d..18558ef571 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Configuring Basic Firewall Settings diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md index 5e8cd7d149..296c1e7556 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Configuring Rules for an Isolated Server Zone diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md index c464183424..4c9332aa61 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md index 2a908f4267..4fa942aac8 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Configuring Rules for the Boundary Zone diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md index fc6329d478..f543b9606f 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Configuring Rules for the Encryption Zone diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md index 2a0fe73601..e5e7186579 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Configuring Rules for the Isolated Domain diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md index b5113224e7..1796cc336e 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Creating Group Policy Objects diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md index 53822035a9..cb5f132795 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Creating Inbound Firewall Rules diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md index 445f1e1eda..cc6976169c 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Creating Outbound Firewall Rules diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md index d57f7d5a5d..62905bf49e 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md index 1d50c40f3d..c9c577bc2e 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Implementing a Basic Firewall Policy Design diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md index 1166334bca..a1183f3f52 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Implementing a Certificate-based Isolation Policy Design diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md index cf988d2a7d..6a6f01d952 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Implementing a Domain Isolation Policy Design diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md index b571f7dce4..3090ba97d5 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Checklist: Implementing a Standalone Server Isolation Policy Design diff --git a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md index 1841e7d9f5..7522322a6f 100644 --- a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md +++ b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Configure Authentication Methods diff --git a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md index 2ef49bcb9e..99a5795add 100644 --- a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md +++ b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Configure Data Protection (Quick Mode) Settings diff --git a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md index 064de062cf..ef75edf628 100644 --- a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md +++ b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Configure Group Policy to Autoenroll and Deploy Certificates diff --git a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md index 3164f07dea..6e18c1001c 100644 --- a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md +++ b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Configure Key Exchange (Main Mode) Settings diff --git a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md index e3d4f8f8b6..c7c3f8fafc 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Configure the Rules to Require Encryption diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md index a4a7b01573..c7d71a4f26 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Configure the Windows Defender Firewall with Advanced Security Log diff --git a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md index 58fdd2dd8a..f0c5bb8bdf 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md @@ -12,7 +12,7 @@ ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Configure the Workstation Authentication Certificate Template diff --git a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md index ee29ef81e8..9a23ea1f28 100644 --- a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md +++ b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program Is Blocked diff --git a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md index 6e1c2f5c0b..45aac5c3bd 100644 --- a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md +++ b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Confirm That Certificates Are Deployed Correctly diff --git a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md index ac157cc912..16fa98ba4f 100644 --- a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md +++ b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Copy a GPO to Create a New GPO diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md index 844bf1db69..7f5899e2f5 100644 --- a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md +++ b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create a Group Account in Active Directory diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md index b7b3944df5..c1f6da0c2a 100644 --- a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md +++ b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create a Group Policy Object diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md index c28612d61c..513807383f 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create an Authentication Exemption List Rule diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md index b3a12b2ba9..037a451dee 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create an Authentication Request Rule diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md index 53f49581bd..da5b7f7f20 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create an Inbound ICMP Rule diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md index 452b942ae5..93586077a2 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create an Inbound Port Rule diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md index c3db4fccfa..bb976db9c3 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create an Inbound Program or Service Rule diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md index ebce547b94..e38e364c07 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create an Outbound Port Rule diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md index d3c40f879a..15141a8aff 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create an Outbound Program or Service Rule diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md index 07e8a14728..9539084377 100644 --- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md +++ b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create Inbound Rules to Support RPC diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md index 587339f4f2..e8872fb1a3 100644 --- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md +++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.technology: mde +ms.technology: windows-sec --- # Create Windows Firewall rules in Intune diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index 725f75af51..6d9896ef84 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create WMI Filters for the GPO diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md index 52f4ad1566..bb72548e1a 100644 --- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md +++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Designing a Windows Defender Firewall with Advanced Security Strategy diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md index fe567b13bf..be0ce97138 100644 --- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Determining the Trusted State of Your Devices diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md index 990d2c4fec..6b8adafa56 100644 --- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Documenting the Zones diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md index dffc684c37..ec6e6a670b 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Domain Isolation Policy Design Example diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md index 6d6e93c035..0f112cdfa7 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Domain Isolation Policy Design diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md index e8cd903c18..cd420e5088 100644 --- a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md +++ b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Enable Predefined Inbound Rules diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md index 8a3aa2796f..0102f9ee3a 100644 --- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md +++ b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Enable Predefined Outbound Rules diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md index c57c92edcd..6d909df105 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Encryption Zone GPOs diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md index 31176e0204..fe2e9815a6 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Encryption Zone diff --git a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md index 4aea9e2010..0a1c8c3094 100644 --- a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md +++ b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Evaluating Windows Defender Firewall with Advanced Security Design Examples diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md index 2dfe9fd103..686d6ff871 100644 --- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md +++ b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Exempt ICMP from Authentication diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md index e4569e0cf8..c060789ce3 100644 --- a/windows/security/threat-protection/windows-firewall/exemption-list.md +++ b/windows/security/threat-protection/windows-firewall/exemption-list.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Exemption List diff --git a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md index 718505a9d7..ca7cb954eb 100644 --- a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md +++ b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md @@ -13,7 +13,7 @@ ms.collection: - m365-security-compliance - m365-initiative-windows-security ms.topic: troubleshooting -ms.technology: mde +ms.technology: windows-sec --- # Filter origin audit log improvements diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md index 8482ee05ce..c6815864d5 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md +++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Firewall GPOs diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md index 85ce84a2a9..e130a76c47 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Basic Firewall Policy Design Example diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index cb36df4ddd..562716bc3b 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -13,7 +13,7 @@ ms.collection: - m365-security-compliance - m365-initiative-windows-security ms.topic: troubleshooting -ms.technology: mde +ms.technology: windows-sec --- # Troubleshooting Windows Firewall settings after a Windows upgrade diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md index 07fea715ef..32c6dd328f 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Gathering Information about Your Active Directory Deployment diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md index 08f2987678..65ecfd3af8 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Gathering Information about Your Current Network Infrastructure diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md index c5f34e8ce7..0e57c0e9a9 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Gathering Information about Your Devices diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md index a34c386f5c..3a143a59c5 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md +++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Gathering Other Relevant Information diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md index aad5e33e18..8482a7cd65 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md +++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Gathering the Information You Need diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md index 3eb3e0fb2b..afa8e8f5cc 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # GPO\_DOMISO\_Boundary diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md index bf33747880..d1ca928d07 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md @@ -15,7 +15,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # GPO\_DOMISO\_Encryption\_WS2008 diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md index f625255685..662dd03f50 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # GPO\_DOMISO\_Firewall diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md index ce42bb0dd3..bed380f50e 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # GPO\_DOMISO\_IsolatedDomain\_Clients diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md index ca3da60412..fb40bad66f 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # GPO\_DOMISO\_IsolatedDomain\_Servers diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md index a3648e301a..6746a2c01c 100644 --- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md +++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Identifying Windows Defender Firewall with Advanced Security implementation goals diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md index adb0db7bd9..9f16389687 100644 --- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md +++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Implementing Your Windows Defender Firewall with Advanced Security Design Plan diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md index 72632250e3..ccaefb1de6 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Isolated Domain GPOs diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md index 037bf1f77b..af0a3cd985 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Isolated Domain diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md index 6e2fcee3e3..642c968859 100644 --- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md +++ b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md @@ -14,7 +14,7 @@ ms.topic: conceptual ms.date: 09/08/2021 ms.reviewer: ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Isolating Microsoft Store Apps on Your Network diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md index c50865a29b..472e264155 100644 --- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md +++ b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Link the GPO to the Domain diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md index 048875eafd..4d847f7055 100644 --- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Mapping your implementation goals to a Windows Firewall with Advanced Security design diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md index 037b3a66d6..e2e209ff07 100644 --- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md +++ b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Modify GPO Filters to Apply to a Different Zone or Version of Windows diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md index 43485b62d6..7b4d920b83 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Open the Group Policy Management Console to IP Security Policies diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md index 1239f18bf3..d55f5793ea 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Group Policy Management of Windows Firewall with Advanced Security diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md index a4cba8e7c3..77e7c364b3 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Group Policy Management of Windows Defender Firewall diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md index 8dda8bcf96..c46ba8f97f 100644 --- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Open Windows Defender Firewall with Advanced Security diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md index 2291806174..c5d10098c9 100644 --- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md +++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Planning Certificate-based Authentication diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md index 0a5d687d62..a5c690294e 100644 --- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Planning Domain Isolation Zones diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md index fd986acbbd..81d3ffeabe 100644 --- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md +++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Planning GPO Deployment diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md index 47d3282978..3002cef090 100644 --- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Planning Group Policy Deployment for Your Isolation Zones diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md index 6ac5c58afd..6cf3ebe60c 100644 --- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Planning Isolation Groups for the Zones diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md index d767a7db71..9a897f0089 100644 --- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md +++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Planning Network Access Groups diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md index 2a5a06d873..9e87ee9790 100644 --- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Planning Server Isolation Zones diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md index e843a202ac..ed55752803 100644 --- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md +++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Planning Settings for a Basic Firewall Policy diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md index 67f3121c36..74e85fa1a0 100644 --- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md +++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Planning the GPOs diff --git a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md index 8d60afedaf..d651e8e71b 100644 --- a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Planning to Deploy Windows Defender Firewall with Advanced Security diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md index 8459640ec7..66140941f1 100644 --- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Planning Your Windows Defender Firewall with Advanced Security Design diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md index 305d69aef6..e45fb6c5e6 100644 --- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md +++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Procedures Used in This Guide diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md index f0fc035973..c0a822af53 100644 --- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md +++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Protect devices from unwanted network traffic diff --git a/windows/security/threat-protection/windows-firewall/quarantine.md b/windows/security/threat-protection/windows-firewall/quarantine.md index 17ab51f503..83309d4b1b 100644 --- a/windows/security/threat-protection/windows-firewall/quarantine.md +++ b/windows/security/threat-protection/windows-firewall/quarantine.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Quarantine behavior diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md index a3963db1f2..5ae57cd35b 100644 --- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md +++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Require Encryption When Accessing Sensitive Network Resources diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md index e546bbf39d..4e8ca4f98b 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Restrict Access to Only Specified Users or Computers diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md index d3d0f94001..287942862c 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Restrict access to only trusted devices diff --git a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md index c0d7282746..35882149d3 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md +++ b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Restrict Server Access to Members of a Group Only diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md index aa6d7c5117..70ebf3fd75 100644 --- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md +++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md @@ -14,7 +14,7 @@ ms.topic: conceptual ms.date: 09/08/2021 ms.reviewer: ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Securing End-to-End IPsec connections by using IKEv2 diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md index 74da744d30..9ec9d59a12 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Server Isolation GPOs diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md index fd8fad7308..59eb498be0 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Server Isolation Policy Design Example diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md index 3d5d5e9694..92ff6b97db 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Server Isolation Policy Design diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md index 5e4d391f7f..3e3a5b108f 100644 --- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md +++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md @@ -13,7 +13,7 @@ ms.collection: - m365-security-compliance - m365-initiative-windows-security ms.topic: troubleshooting -ms.technology: mde +ms.technology: windows-sec --- # Troubleshooting UWP App Connectivity Issues diff --git a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md index 8f2dd62bfc..0ae4b4f8dd 100644 --- a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md +++ b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md index 6f83b6d42d..d6dbf5fd5a 100644 --- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md +++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md @@ -14,7 +14,7 @@ ms.topic: conceptual ms.date: 09/08/2021 ms.reviewer: ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Understanding the Windows Defender Firewall with Advanced Security Design Process diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md index 633bcb4aed..61ffa9d578 100644 --- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md +++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Verify That Network Traffic Is Authenticated diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md index c4e919e41a..b00b59d00e 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md @@ -14,7 +14,7 @@ ms.topic: conceptual ms.date: 09/08/2021 ms.reviewer: ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Firewall with Advanced Security Administration with Windows PowerShell diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md index 8e4af001ae..dfcf6cfc99 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Firewall with Advanced Security deployment overview diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md index 702acc0dcf..38545a3d40 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Firewall with Advanced Security design guide diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md index 7a9d7305a5..989c1be1a1 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md @@ -15,7 +15,7 @@ ms.topic: conceptual ms.date: 09/08/2021 ms.reviewer: ms.custom: asr -ms.technology: mde +ms.technology: windows-sec --- # Windows Defender Firewall with Advanced Security diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index 6b859eac3c..d87f9d1dcc 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -11,7 +11,7 @@ ms.topic: article ms.localizationpriority: medium ms.date: 3/20/2019 ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Common Criteria Certifications diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md index 40ce6c2dea..544e0ab263 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md @@ -11,7 +11,7 @@ ms.topic: article ms.localizationpriority: ms.date: ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Windows Sandbox architecture diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index 1f1a23bd49..cd5f7a2082 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -11,7 +11,7 @@ ms.topic: article ms.localizationpriority: medium ms.date: ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Windows Sandbox configuration diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md index 0fec75ee34..2a3f6d6dc3 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md @@ -11,7 +11,7 @@ ms.topic: article ms.localizationpriority: ms.date: ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Windows Sandbox diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md index d86c9170f6..4881edff29 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -13,7 +13,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/25/2018 ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Get Support diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md index 9b329ccb64..46cc0e4626 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -13,7 +13,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 11/26/2018 ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Microsoft Security Compliance Toolkit 1.0 diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md index 435be7648b..7d1c42a7bb 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md @@ -13,7 +13,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Windows security baselines From 6f8bbbb6c57fa513b964af6bbf66803567afb091 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 19 Oct 2021 11:52:08 +0530 Subject: [PATCH 12/28] Update overview-of-threat-mitigations-in-windows-10.md --- ...iew-of-threat-mitigations-in-windows-10.md | 58 +++++++++---------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index e783eedfcd..f829b6d2a9 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -60,8 +60,8 @@ Windows 10 mitigations that you can configure are listed in the following two ta | **Windows Defender SmartScreen**
helps prevent
malicious applications
from being downloaded | Windows Defender SmartScreen can check the reputation of a downloaded application by using a service that Microsoft maintains. The first time a user runs an app that originates from the Internet (even if the user copied it from another PC), SmartScreen checks to see if the app lacks a reputation or is known to be malicious, and responds accordingly.

**More information**: [Windows Defender SmartScreen](#windows-defender-smartscreen), later in this topic | | **Credential Guard**
helps keep attackers
from gaining access through
Pass-the-Hash or
Pass-the-Ticket attacks | Credential Guard uses virtualization-based security to isolate secrets, such as NTLM password hashes and Kerberos Ticket Granting Tickets, so that only privileged system software can access them.
Credential Guard is included in Windows 10 Enterprise and Windows Server 2016.

**More information**: [Protect derived domain credentials with Credential Guard](/windows/access-protection/credential-guard/credential-guard) | | **Enterprise certificate pinning**
helps prevent
man-in-the-middle attacks
that leverage PKI | Enterprise certificate pinning enables you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates. With enterprise certificate pinning, you can "pin" (associate) an X.509 certificate and its public key to its Certification Authority, either root or leaf.

**More information**: [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning) | -| **Device Guard**
helps keep a device
from running malware or
other untrusted apps | Device Guard includes a Code Integrity policy that you create; an allowlist of trusted apps—the only apps allowed to run in your organization. Device Guard also includes a powerful system mitigation called hypervisor-protected code integrity (HVCI), which leverages virtualization-based security (VBS) to protect Windows' kernel-mode code integrity validation process. HVCI has specific hardware requirements, and works with Code Integrity policies to help stop attacks even if they gain access to the kernel.
Device Guard is included in Windows 10 Enterprise and Windows Server 2016.

**More information**: [Introduction to Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) | -| **Microsoft Defender Antivirus**,
which helps keep devices
free of viruses and other
malware | Windows 10 includes Microsoft Defender Antivirus, a robust inbox antimalware solution. Microsoft Defender Antivirus has been significantly improved since it was introduced in Windows 8.

**More information**: [Microsoft Defender Antivirus](#microsoft-defender-antivirus), later in this topic | +| **Device Guard**
helps keep a device
from running malware or
other untrusted apps | Device Guard includes a Code Integrity policy that you create; an allowlist of trusted apps—the only apps allowed to run in your organization. Device Guard also includes a powerful system mitigation called hypervisor-protected code integrity (HVCI), which uses virtualization-based security (VBS) to protect Windows' kernel-mode code integrity validation process. HVCI has specific hardware requirements, and works with Code Integrity policies to help stop attacks even if they gain access to the kernel.
Device Guard is included in Windows 10 Enterprise and Windows Server 2016.

**More information**: [Introduction to Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) | +| **Microsoft Defender Antivirus**,
which helps keep devices
free of viruses and other
malware | Windows 10 includes Microsoft Defender Antivirus, a robust inbox antimalware solution. Microsoft Defender Antivirus has been improved to a considerable extent since it was introduced in Windows 8.

**More information**: [Microsoft Defender Antivirus](#microsoft-defender-antivirus), later in this topic | | **Blocking of untrusted fonts**
helps prevent fonts
from being used in
elevation-of-privilege attacks | Block Untrusted Fonts is a setting that allows you to prevent users from loading fonts that are "untrusted" onto your network, which can mitigate elevation-of-privilege attacks associated with the parsing of font files. However, as of Windows 10, version 1703, this mitigation is less important, because font parsing is isolated in an [AppContainer sandbox](/windows/win32/secauthz/appcontainer-isolation) (for a list describing this and other kernel pool protections, see [Kernel pool protections](#kernel-pool-protections), later in this topic).

**More information**: [Block untrusted fonts in an enterprise](/windows/threat-protection/block-untrusted-fonts-in-enterprise) | | **Memory protections**
help prevent malware
from using memory manipulation
techniques such as buffer
overruns | These mitigations, listed in [Table 2](#table-2), help to protect against memory-based attacks, where malware or other code manipulates memory to gain control of a system (for example, malware that attempts to use buffer overruns to inject malicious executable code into memory. Note:
A subset of apps will not be able to run if some of these mitigations are set to their most restrictive settings. Testing can help you maximize protection while still allowing these apps to run.

**More information**: [Table 2](#table-2), later in this topic | | **UEFI Secure Boot**
helps protect
the platform from
boot kits and rootkits | Unified Extensible Firmware Interface (UEFI) Secure Boot is a security standard for firmware built in to PCs by manufacturers beginning with Windows 8. It helps to protect the boot process and firmware against tampering, such as from a physically present attacker or from forms of malware that run early in the boot process or in kernel after startup.

**More information**: [UEFI and Secure Boot](/windows/device-security/bitlocker/bitlocker-countermeasures#uefi-and-secure-boot) | @@ -70,15 +70,15 @@ Windows 10 mitigations that you can configure are listed in the following two ta Configurable Windows 10 mitigations designed to help protect against memory manipulation require in-depth understanding of these threats and mitigations and knowledge about how the operating system and applications handle memory. The standard process for maximizing these types of mitigations is to work in a test lab to discover whether a given setting interferes with any applications that you use so that you can deploy settings that maximize protection while still allowing apps to run correctly. -As an IT professional, you can ask application developers and software vendors to deliver applications that include an additional protection called Control Flow Guard (CFG). No configuration is needed in the operating system—the protection is compiled into applications. More information can be found in [Control Flow Guard](#control-flow-guard). +As an IT professional, you can ask application developers and software vendors to deliver applications that include an extra protection called Control Flow Guard (CFG). No configuration is needed in the operating system—the protection is compiled into applications. More information can be found in [Control Flow Guard](#control-flow-guard). ### Table 2  Configurable Windows 10 mitigations designed to help protect against memory exploits | Mitigation and corresponding threat | Description | |---|---| -| **Data Execution Prevention (DEP)**
helps prevent
exploitation of buffer overruns | **Data Execution Prevention (DEP)** is a system-level memory protection feature available in Windows operating systems. DEP enables the operating system to mark one or more pages of memory as non-executable, which prevents code from being run from that region of memory, to help prevent exploitation of buffer overruns.
DEP helps prevent code from being run from data pages such as the default heap, stacks, and memory pools. Although some applications have compatibility problems with DEP, the vast majority of applications do not.
**More information**: [Data Execution Prevention](#data-execution-prevention), later in this topic.

**Group Policy settings**: DEP is on by default for 64-bit applications, but you can configure additional DEP protections by using the Group Policy settings described in [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md). | -| **SEHOP**
helps prevent
overwrites of the
Structured Exception Handler | **Structured Exception Handling Overwrite Protection (SEHOP)** is designed to help block exploits that use the Structured Exception Handler (SEH) overwrite technique. Because this protection mechanism is provided at run-time, it helps to protect apps regardless of whether they have been compiled with the latest improvements. A few applications have compatibility problems with SEHOP, so be sure to test for your environment.
**More information**: [Structured Exception Handling Overwrite Protection](#structured-exception-handling-overwrite-protection), later in this topic.

**Group Policy setting**: SEHOP is on by default for 64-bit applications, but you can configure additional SEHOP protections by using the Group Policy setting described in [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md). | -| **ASLR**
helps mitigate malware
attacks based on
expected memory locations | **Address Space Layout Randomization (ASLR)** loads DLLs into random memory addresses at boot time. This helps mitigate malware that's designed to attack specific memory locations, where specific DLLs are expected to be loaded.
**More information**: [Address Space Layout Randomization](#address-space-layout-randomization), later in this topic.

**Group Policy settings**: ASLR is on by default for 64-bit applications, but you can configure additional ASLR protections by using the Group Policy settings described in [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md). | +| **Data Execution Prevention (DEP)**
helps prevent
exploitation of buffer overruns | **Data Execution Prevention (DEP)** is a system-level memory protection feature available in Windows operating systems. DEP enables the operating system to mark one or more pages of memory as non-executable, which prevents code from being run from that region of memory, to help prevent exploitation of buffer overruns.
DEP helps prevent code from being run from data pages such as the default heap, stacks, and memory pools. Although some applications have compatibility problems with DEP, most applications do not.
**More information**: [Data Execution Prevention](#data-execution-prevention), later in this topic.

**Group Policy settings**: DEP is on by default for 64-bit applications, but you can configure more DEP protections by using the Group Policy settings described in [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md). | +| **SEHOP**
helps prevent
overwrites of the
Structured Exception Handler | **Structured Exception Handling Overwrite Protection (SEHOP)** is designed to help block exploits that use the Structured Exception Handler (SEH) overwrite technique. Because this protection mechanism is provided at run-time, it helps to protect apps regardless of whether they have been compiled with the latest improvements. A few applications have compatibility problems with SEHOP, so be sure to test for your environment.
**More information**: [Structured Exception Handling Overwrite Protection](#structured-exception-handling-overwrite-protection), later in this topic.

**Group Policy setting**: SEHOP is on by default for 64-bit applications, but you can configure more SEHOP protections by using the Group Policy setting described in [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md). | +| **ASLR**
helps mitigate malware
attacks based on
expected memory locations | **Address Space Layout Randomization (ASLR)** loads DLLs into random memory addresses at boot time. This loading - of specific DLLs -helps mitigate malware that's designed to attack specific memory locations.
**More information**: [Address Space Layout Randomization](#address-space-layout-randomization), later in this topic.

**Group Policy settings**: ASLR is on by default for 64-bit applications, but you can configure more ASLR protections by using the Group Policy settings described in [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md). | ### Windows Defender SmartScreen @@ -96,7 +96,7 @@ Microsoft Defender Antivirus in Windows 10 uses a multi-pronged approach to impr - **Rich local context** improves how malware is identified. Windows 10 informs Microsoft Defender Antivirus not only about content like files and processes but also where the content came from, where it has been stored, and more. The information about source and history enables Microsoft Defender Antivirus to apply different levels of scrutiny to different content. -- **Extensive global sensors** help keep Microsoft Defender Antivirus current and aware of even the newest malware. This is accomplished in two ways: by collecting the rich local context data from end points and by centrally analyzing that data. +- **Extensive global sensors** help keep Microsoft Defender Antivirus current and aware of even the newest malware. This up-to-date status is accomplished in two ways: by collecting the rich local context data from end points and by centrally analyzing that data. - **Tamper proofing** helps guard Microsoft Defender Antivirus itself against malware attacks. For example, Microsoft Defender Antivirus uses Protected Processes, which prevents untrusted processes from attempting to tamper with Microsoft Defender Antivirus components, its registry keys, and so on. ([Protected Processes](#protected-processes) is described later in this topic.) @@ -112,7 +112,7 @@ For information about Microsoft Defender for Endpoint, a service that helps ente Malware depends on its ability to insert a malicious payload into memory with the hope that it will be executed later. Wouldn't it be great if you could prevent malware from running if it wrote to an area that has been allocated solely for the storage of information? -Data Execution Prevention (DEP) does exactly that, by substantially reducing the range of memory that malicious code can use for its benefit. DEP uses the No eXecute bit on modern CPUs to mark blocks of memory as read-only so that those blocks can't be used to execute malicious code that may be inserted by means of a vulnerability exploit. +Data Execution Prevention (DEP) does exactly that, by substantially reducing the range of memory that malicious code can use for its benefit. DEP uses the No eXecute bit on modern CPUs to mark blocks of memory as read-only so that those blocks can't be used to execute malicious code that may be inserted through a vulnerability exploit. **To use Task Manager to see apps that use DEP** @@ -164,7 +164,7 @@ You can use the Group Policy setting called **Process Mitigation Options** to co ### Address Space Layout Randomization -One of the most common techniques used to gain access to a system is to find a vulnerability in a privileged process that is already running, guess or find a location in memory where important system code and data have been placed, and then overwrite that information with a malicious payload. Any malware that could write directly to the system memory could simply overwrite it in well-known and predictable locations. +One of the most common techniques used to gain access to a system is to find a vulnerability in a privileged process that is already running, guess or find a location in memory where important system code and data have been placed, and then overwrite that information with a malicious payload. Any malware that could write directly to the system memory could overwrite it in well-known and predictable locations. Address Space Layout Randomization (ASLR) makes that type of attack much more difficult because it randomizes how and where important data is stored in memory. With ASLR, it is more difficult for malware to find the specific location it needs to attack. Figure 3 illustrates how ASLR works by showing how the locations of different critical Windows components can change in memory between restarts. @@ -180,18 +180,18 @@ You can use the Group Policy setting called **Process Mitigation Options** to co Windows 10 provides many threat mitigations to protect against exploits that are built into the operating system and need no configuration within the operating system. The table that follows describes some of these mitigations. -Control Flow Guard (CFG) is a mitigation that does not need configuration within the operating system, but does require that an application developer configure the mitigation into the application when it's compiled. CFG is built into Microsoft Edge, IE11, and other areas in Windows 10, and can be built into many other applications when they are compiled. +Control Flow Guard (CFG) is a mitigation that does not need configuration within the operating system, but does require an application developer to configure the mitigation into the application when it's compiled. CFG is built into Microsoft Edge, IE11, and other areas in Windows 10, and can be built into many other applications when they are compiled. ### Table 3   Windows 10 mitigations to protect against memory exploits – no configuration needed | Mitigation and corresponding threat | Description | |---|---| | **SMB hardening for SYSVOL and NETLOGON shares**
helps mitigate
man-in-the-middle attacks | Client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers now require SMB signing and mutual authentication (such as Kerberos).

**More information**: [SMB hardening improvements for SYSVOL and NETLOGON shares](#smb-hardening-improvements-for-sysvol-and-netlogon-shares), later in this topic. | -| **Protected Processes**
help prevent one process
from tampering with another
process | With the Protected Processes feature, Windows 10 prevents untrusted processes from interacting or tampering with those that have been specially signed.

**More information**: [Protected Processes](#protected-processes), later in this topic. | +| **Protected Processes**
help prevent one process
from tampering with another
process | With the Protected Processes feature, Windows 10 prevents untrusted processes from interacting or tampering with those processes that have been specially signed.

**More information**: [Protected Processes](#protected-processes), later in this topic. | | **Universal Windows apps protections**
screen downloadable
apps and run them in
an AppContainer sandbox | Universal Windows apps are carefully screened before being made available, and they run in an AppContainer sandbox with limited privileges and capabilities.

**More information**: [Universal Windows apps protections](#universal-windows-apps-protections), later in this topic. | -| **Heap protections**
help prevent
exploitation of the heap | Windows 10 includes protections for the heap, such as the use of internal data structures which help protect against corruption of memory used by the heap.

**More information**: [Windows heap protections](#windows-heap-protections), later in this topic. | +| **Heap protections**
help prevent
exploitation of the heap | Windows 10 includes protections for the heap, such as the use of internal data structures that help protect against corruption of memory used by the heap.

**More information**: [Windows heap protections](#windows-heap-protections), later in this topic. | | **Kernel pool protections**
help prevent
exploitation of pool memory
used by the kernel | Windows 10 includes protections for the pool of memory used by the kernel. For example, safe unlinking protects against pool overruns that are combined with unlinking operations that can be used to create an attack.

**More information**: [Kernel pool protections](#kernel-pool-protections), later in this topic. | -| **Control Flow Guard**
helps mitigate exploits
that are based on
flow between code locations
in memory | Control Flow Guard (CFG) is a mitigation that requires no configuration within the operating system, but instead is built into software when it's compiled. It is built into Microsoft Edge, IE11, and other areas in Windows 10. CFG can be built into applications written in C or C++, or applications compiled using Visual Studio 2015.
For such an application, CFG can detect an attacker's attempt to change the intended flow of code. If this occurs, CFG terminates the application. You can request software vendors to deliver Windows applications compiled with CFG enabled.

**More information**: [Control Flow Guard](#control-flow-guard), later in this topic. | +| **Control Flow Guard**
helps mitigate exploits
based on
flow between code locations
in memory | Control Flow Guard (CFG) is a mitigation that requires no configuration within the operating system, but instead is built into software when it's compiled. It is built into Microsoft Edge, IE11, and other areas in Windows 10. CFG can be built into applications written in C or C++, or applications compiled using Visual Studio 2015.
For such an application, CFG can detect an attacker's attempt to change the intended flow of code. If this attempt occurs, CFG terminates the application. You can request software vendors to deliver Windows applications compiled with CFG enabled.

**More information**: [Control Flow Guard](#control-flow-guard), later in this topic. | | **Protections built into Microsoft Edge** (the browser)
helps mitigate multiple
threats | Windows 10 includes an entirely new browser, Microsoft Edge, designed with multiple security improvements.

**More information**: [Microsoft Edge and Internet Explorer 11](#microsoft-edge-and-internet-explorer11), later in this topic. | ### SMB hardening improvements for SYSVOL and NETLOGON shares @@ -229,7 +229,7 @@ Windows 10 has several important improvements to the security of the heap: ### Kernel pool protections -The operating system kernel in Windows sets aside two pools of memory, one which remains in physical memory ("nonpaged pool") and one which can be paged in and out of physical memory ("paged pool"). There are many mitigations that have been added over time, such as process quota pointer encoding; lookaside, delay free, and pool page cookies; and PoolIndex bounds checks. Windows 10 adds multiple "pool hardening" protections, such as integrity checks, that help protect the kernel pool against more advanced attacks. +The operating system kernel in Windows sets aside two pools of memory, one which remains in physical memory ("nonpaged pool") and one that can be paged in and out of physical memory ("paged pool"). There are many mitigations that have been added over time, such as process quota pointer encoding; lookaside, delay free, and pool page cookies; and PoolIndex bounds checks. Windows 10 adds multiple "pool hardening" protections, such as integrity checks, that help protect the kernel pool against more advanced attacks. In addition to pool hardening, Windows 10 includes other kernel hardening features: @@ -239,27 +239,27 @@ In addition to pool hardening, Windows 10 includes other kernel hardening featur - **Disabling of NT Virtual DOS Machine (NTVDM)**: The old NTVDM kernel module (for running 16-bit applications) is disabled by default, which neutralizes the associated vulnerabilities. (Enabling NTVDM decreases protection against Null dereference and other exploits.) -- **Supervisor Mode Execution Prevention (SMEP)**: Helps prevent the kernel (the "supervisor") from executing code in user pages, a common technique used by attackers for local kernel elevation of privilege (EOP). This requires processor support found in Intel Ivy Bridge or later processors, or ARM with PXN support. +- **Supervisor Mode Execution Prevention (SMEP)**: Helps prevent the kernel (the "supervisor") from executing code in user pages, a common technique used by attackers for local kernel elevation of privilege (EOP). This configuration requires processor support found in Intel Ivy Bridge or later processors, or ARM with PXN support. - **Safe unlinking:** Helps protect against pool overruns that are combined with unlinking operations to create an attack. Windows 10 includes global safe unlinking, which extends heap and kernel pool safe unlinking to all usage of LIST\_ENTRY and includes the "FastFail" mechanism to enable rapid and safe process termination. -- **Memory reservations**: The lowest 64 KB of process memory is reserved for the system. Apps are not allowed to allocate that portion of the memory. This makes it more difficult for malware to use techniques such as "NULL dereference" to overwrite critical system data structures in memory. +- **Memory reservations**: The lowest 64 KB of process memory is reserved for the system. Apps are not allowed to allocate that portion of the memory. This allocation for the system makes it more difficult for malware to use techniques such as "NULL dereference" to overwrite critical system data structures in memory. ### Control Flow Guard -When applications are loaded into memory, they are allocated space based on the size of the code, requested memory, and other factors. When an application begins to execute code, it calls additional code located in other memory addresses. The relationships between the code locations are well known—they are written in the code itself—but previous to Windows 10, the flow between these locations was not enforced, which gave attackers the opportunity to change the flow to meet their needs. +When applications are loaded into memory, they are allocated space based on the size of the code, requested memory, and other factors. When an application begins to execute code, it calls the other code located in other memory addresses. The relationships between the code locations are well known—they are written in the code itself—but previous to Windows 10, the flow between these locations was not enforced, which gave attackers the opportunity to change the flow to meet their needs. This kind of threat is mitigated in Windows 10 through the Control Flow Guard (CFG) feature. When a trusted application that was compiled to use CFG calls code, CFG verifies that the code location called is trusted for execution. If the location is not trusted, the application is immediately terminated as a potential security risk. An administrator cannot configure CFG; rather, an application developer can take advantage of CFG by configuring it when the application is compiled. Consider asking application developers and software vendors to deliver trustworthy Windows applications compiled with CFG enabled. For example, it can be enabled for applications written in C or C++, or applications compiled using Visual Studio 2015. For information about enabling CFG for a Visual Studio 2015 project, see [Control Flow Guard](/windows/win32/secbp/control-flow-guard). -Of course, browsers are a key entry point for attacks, so Microsoft Edge, IE, and other Windows features take full advantage of CFG. +Browsers are a key entry point for attacks, so Microsoft Edge, IE, and other Windows features take full advantage of CFG. ### Microsoft Edge and Internet Explorer 11 -Browser security is a critical component of any security strategy, and for good reason: the browser is the user's interface to the Internet, an environment with many malicious sites and content waiting to attack. Most users cannot perform at least part of their job without a browser, and many users are completely reliant on one. This reality has made the browser the common pathway from which malicious hackers initiate their attacks. +Browser security is a critical component of any security strategy, and for good reason: the browser is the user's interface to the Internet, an environment with many malicious sites and content waiting to attack. Most users cannot perform at least part of their job without a browser, and many users are reliant on one. This reality has made the browser the common pathway from which malicious hackers initiate their attacks. -All browsers enable some amount of extensibility to do things beyond the original scope of the browser. Two common examples of this are Flash and Java extensions that enable their respective applications to run inside a browser. Keeping Windows 10 secure for web browsing and applications, especially for these two content types, is a priority. +All browsers enable some amount of extensibility to do things beyond the original scope of the browser. Two common examples are Flash and Java extensions that enable their respective applications to run inside a browser. Keeping Windows 10 secure for web browsing and applications, especially for these two content types, is a priority. Windows 10 includes an entirely new browser, Microsoft Edge. Microsoft Edge is more secure in multiple ways, especially: @@ -267,15 +267,15 @@ Windows 10 includes an entirely new browser, Microsoft Edge. Microsoft Edge is m - **Runs 64-bit processes.** A 64-bit PC running an older version of Windows often runs in 32-bit compatibility mode to support older and less secure extensions. When Microsoft Edge runs on a 64-bit PC, it runs only 64-bit processes, which are much more secure against exploits. -- **Includes Memory Garbage Collection (MemGC)**. This helps protect against use-after-free (UAF) issues. +- **Includes Memory Garbage Collection (MemGC)**. This feature helps protect against use-after-free (UAF) issues. - **Designed as a Universal Windows app.** Microsoft Edge is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps. IE11 on Windows 10 can also take advantage of the same AppContainer technology through Enhanced Protect Mode. However, because IE11 can run ActiveX and BHOs, the browser and sandbox are susceptible to a much broader range of attacks than Microsoft Edge. - **Simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, there are fewer required security settings. In addition, Microsoft Edge default settings align with security best practices, which makes it more secure by default. -In addition to Microsoft Edge, Microsoft includes IE11 in Windows 10, primarily for backwards-compatibility with websites and with binary extensions that do not work with Microsoft Edge. It should not be configured as the primary browser but rather as an optional or automatic switchover. We recommend using Microsoft Edge as the primary web browser because it provides compatibility with the modern web and the best possible security. +In addition to Microsoft Edge, Microsoft includes IE11 in Windows 10, primarily for backwards-compatibility with websites and with binary extensions that do not work with Microsoft Edge. It must not be configured as the primary browser but rather as an optional or automatic switchover. We recommend using Microsoft Edge as the primary web browser because it provides compatibility with the modern web and the best possible security. -For sites that require IE11 compatibility, including those that require binary extensions and plug-ins, enable Enterprise mode and use the Enterprise Mode Site List to define which sites have the dependency. With this configuration, when Microsoft Edge identifies a site that requires IE11, users will automatically be switched to IE11. +For sites that require IE11 compatibility, including those sites that require binary extensions and plug-ins, enable Enterprise mode and use the Enterprise Mode Site List to define which sites have the dependency. With this configuration, when Microsoft Edge identifies a site that requires IE11, users will automatically be switched to IE11. ### Functions that software vendors can use to build mitigations into apps @@ -293,16 +293,16 @@ Some of the protections available in Windows 10 are provided through functions t | Child Process Restriction to restrict the ability to create child processes | [UpdateProcThreadAttribute function](/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute)
\[PROC\_THREAD\_ATTRIBUTE\_CHILD\_PROCESS\_POLICY\] | | Code Integrity Restriction to restrict image loading | [SetProcessMitigationPolicy function](/windows/win32/api/processthreadsapi/nf-processthreadsapi-setprocessmitigationpolicy)
\[ProcessSignaturePolicy\] | | Win32k System Call Disable Restriction to restrict ability to use NTUser and GDI | [SetProcessMitigationPolicy function](/windows/win32/api/processthreadsapi/nf-processthreadsapi-setprocessmitigationpolicy)
\[ProcessSystemCallDisablePolicy\] | -| High Entropy ASLR for up to 1TB of variance in memory allocations | [UpdateProcThreadAttribute function](/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute)
\[PROCESS\_CREATION\_MITIGATION\_POLICY\_HIGH\_ENTROPY\_ASLR\_ALWAYS\_ON\] | +| High Entropy ASLR for up to 1 TB of variance in memory allocations | [UpdateProcThreadAttribute function](/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute)
\[PROCESS\_CREATION\_MITIGATION\_POLICY\_HIGH\_ENTROPY\_ASLR\_ALWAYS\_ON\] | | Strict handle checks to raise immediate exception upon bad handle reference | [UpdateProcThreadAttribute function](/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute)
\[PROCESS\_CREATION\_MITIGATION\_POLICY\_STRICT\_HANDLE\_CHECKS\_ALWAYS\_ON\] | | Extension point disable to block the use of certain third-party extension points | [UpdateProcThreadAttribute function](/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute)
\[PROCESS\_CREATION\_MITIGATION\_POLICY\_EXTENSION\_POINT\_DISABLE\_ALWAYS\_ON\] | | Heap terminate on corruption to protect the system against a corrupted heap | [UpdateProcThreadAttribute function](/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute)
\[PROCESS\_CREATION\_MITIGATION\_POLICY\_HEAP\_TERMINATE\_ALWAYS\_ON\] | ## Understanding Windows 10 in relation to the Enhanced Mitigation Experience Toolkit -You might already be familiar with the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/kb/2458544), which has since 2009 offered a variety of exploit mitigations, and an interface for configuring those mitigations. You can use this section to understand how EMET mitigations relate to those in Windows 10. Many of EMET's mitigations have been built into Windows 10, some with additional improvements. However, some EMET mitigations carry high performance cost, or appear to be relatively ineffective against modern threats, and therefore have not been brought into Windows 10. +You might already be familiar with the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/kb/2458544), which has since 2009 offered various exploit mitigations, and an interface for configuring those mitigations. You can use this section to understand how EMET mitigations relate to those mitigations in Windows 10. Many of EMET's mitigations have been built into Windows 10, some with extra improvements. However, some EMET mitigations carry high performance cost, or appear to be relatively ineffective against modern threats, and therefore have not been brought into Windows 10. -Because many of EMET's mitigations and security mechanisms already exist in Windows 10 and have been improved, particularly those assessed to have high effectiveness at mitigating known bypasses, version 5.5*x* has been announced as the final major version release for EMET (see [Enhanced Mitigation Experience Toolkit](https://web.archive.org/web/20170928073955/https://technet.microsoft.com/en-US/security/jj653751)). +Because many of EMET's mitigations and security mechanisms already exist in Windows 10 and have been improved, particularly the ones assessed to have high effectiveness at mitigating known bypasses, version 5.5*x* has been announced as the final major version release for EMET (see [Enhanced Mitigation Experience Toolkit](https://web.archive.org/web/20170928073955/https://technet.microsoft.com/en-US/security/jj653751)). The following table lists EMET features in relation to Windows 10 features. @@ -323,7 +323,7 @@ to Windows 10 features

  • SEHOP

  • ASLR (Force ASLR, Bottom-up ASLR)

    • -

    DEP, SEHOP and ASLR are included in Windows 10 as configurable features. See Table 2, earlier in this topic.

    +

    DEP, SEHOP, and ASLR are included in Windows 10 as configurable features. See Table 2, earlier in this topic.

    You can install the ProcessMitigations PowerShell module to convert your EMET settings for these features into policies that you can apply to Windows 10.

    @@ -429,13 +429,13 @@ Examples: ConvertTo-ProcessMitigationPolicy -EMETFilePath policy.xml -OutputFilePath result.xml ``` -- **Audit and modify the converted settings (the output file)**: Additional cmdlets let you apply, enumerate, enable, disable, and save settings in the output file. For example, this cmdlet enables SEHOP and disables MandatoryASLR and DEPATL registry settings for Notepad: +- **Audit and modify the converted settings (the output file)**: More cmdlets let you apply, enumerate, enable, disable, and save settings in the output file. For example, this cmdlet enables SEHOP and disables MandatoryASLR and DEPATL registry settings for Notepad: ```powershell Set-ProcessMitigation -Name notepad.exe -Enable SEHOP -Disable MandatoryASLR,DEPATL ``` -- **Convert Attack surface reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMET's Attack surface reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy, as described in [Deploy Device Guard: deploy code integrity policies](/windows/device-security/device-guard/deploy-windows-defender-application-control). This will enable protections on Windows 10 equivalent to EMET's ASR protections. +- **Convert Attack surface reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMET's Attack surface reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy, as described in [Deploy Device Guard: deploy code integrity policies](/windows/device-security/device-guard/deploy-windows-defender-application-control). This completion will enable protections on Windows 10 equivalent to EMET's ASR protections. - **Convert Certificate Trust settings to enterprise certificate pinning rules**: If you have an EMET "Certificate Trust" XML file (pinning rules file), you can also use ConvertTo-ProcessMitigationPolicy to convert the pinning rules file into an enterprise certificate pinning rules file. Then you can finish enabling that file as described in [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning). For example: From 766fb21d18cea0e269f8e258380fe389a7694f9a Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 19 Oct 2021 12:03:00 +0530 Subject: [PATCH 13/28] Update overview-of-threat-mitigations-in-windows-10.md --- .../overview-of-threat-mitigations-in-windows-10.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index f829b6d2a9..a2174e8105 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -59,7 +59,7 @@ Windows 10 mitigations that you can configure are listed in the following two ta |---|---| | **Windows Defender SmartScreen**
    helps prevent
    malicious applications
    from being downloaded | Windows Defender SmartScreen can check the reputation of a downloaded application by using a service that Microsoft maintains. The first time a user runs an app that originates from the Internet (even if the user copied it from another PC), SmartScreen checks to see if the app lacks a reputation or is known to be malicious, and responds accordingly.

    **More information**: [Windows Defender SmartScreen](#windows-defender-smartscreen), later in this topic | | **Credential Guard**
    helps keep attackers
    from gaining access through
    Pass-the-Hash or
    Pass-the-Ticket attacks | Credential Guard uses virtualization-based security to isolate secrets, such as NTLM password hashes and Kerberos Ticket Granting Tickets, so that only privileged system software can access them.
    Credential Guard is included in Windows 10 Enterprise and Windows Server 2016.

    **More information**: [Protect derived domain credentials with Credential Guard](/windows/access-protection/credential-guard/credential-guard) | -| **Enterprise certificate pinning**
    helps prevent
    man-in-the-middle attacks
    that leverage PKI | Enterprise certificate pinning enables you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates. With enterprise certificate pinning, you can "pin" (associate) an X.509 certificate and its public key to its Certification Authority, either root or leaf.

    **More information**: [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning) | +| **Enterprise certificate pinning**
    helps prevent
    man-in-the-middle attacks
    that use PKI | Enterprise certificate pinning enables you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates. With enterprise certificate pinning, you can "pin" (associate) an X.509 certificate and its public key to its Certification Authority, either root or leaf.

    **More information**: [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning) | | **Device Guard**
    helps keep a device
    from running malware or
    other untrusted apps | Device Guard includes a Code Integrity policy that you create; an allowlist of trusted apps—the only apps allowed to run in your organization. Device Guard also includes a powerful system mitigation called hypervisor-protected code integrity (HVCI), which uses virtualization-based security (VBS) to protect Windows' kernel-mode code integrity validation process. HVCI has specific hardware requirements, and works with Code Integrity policies to help stop attacks even if they gain access to the kernel.
    Device Guard is included in Windows 10 Enterprise and Windows Server 2016.

    **More information**: [Introduction to Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) | | **Microsoft Defender Antivirus**,
    which helps keep devices
    free of viruses and other
    malware | Windows 10 includes Microsoft Defender Antivirus, a robust inbox antimalware solution. Microsoft Defender Antivirus has been improved to a considerable extent since it was introduced in Windows 8.

    **More information**: [Microsoft Defender Antivirus](#microsoft-defender-antivirus), later in this topic | | **Blocking of untrusted fonts**
    helps prevent fonts
    from being used in
    elevation-of-privilege attacks | Block Untrusted Fonts is a setting that allows you to prevent users from loading fonts that are "untrusted" onto your network, which can mitigate elevation-of-privilege attacks associated with the parsing of font files. However, as of Windows 10, version 1703, this mitigation is less important, because font parsing is isolated in an [AppContainer sandbox](/windows/win32/secauthz/appcontainer-isolation) (for a list describing this and other kernel pool protections, see [Kernel pool protections](#kernel-pool-protections), later in this topic).

    **More information**: [Block untrusted fonts in an enterprise](/windows/threat-protection/block-untrusted-fonts-in-enterprise) | @@ -196,7 +196,7 @@ Control Flow Guard (CFG) is a mitigation that does not need configuration within ### SMB hardening improvements for SYSVOL and NETLOGON shares -In Windows 10 and Windows Server 2016, client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers require Server Message Block (SMB) signing and mutual authentication (such as Kerberos). This reduces the likelihood of man-in-the-middle attacks. If SMB signing and mutual authentication are unavailable, a computer running Windows 10 or Windows Server 2016 won't process domain-based Group Policy and scripts. +In Windows 10 and Windows Server 2016, client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers require Server Message Block (SMB) signing and mutual authentication (such as Kerberos). This requirement reduces the likelihood of man-in-the-middle attacks. If SMB signing and mutual authentication are unavailable, a computer running Windows 10 or Windows Server 2016 won't process domain-based Group Policy and scripts. > [!NOTE] > The registry values for these settings aren't present by default, but the hardening rules still apply until overridden by Group Policy or other registry values. For more information on these security improvements, (also referred to as UNC hardening), see [Microsoft Knowledge Base article 3000483](https://support.microsoft.com/help/3000483/ms15-011-vulnerability-in-group-policy-could-allow-remote-code-execution-february-10,-2015) and [MS15-011 & MS15-014: Hardening Group Policy](https://msrc-blog.microsoft.com/2015/02/10/ms15-011-ms15-014-hardening-group-policy/). @@ -205,7 +205,7 @@ In Windows 10 and Windows Server 2016, client connections to the Active Director Most security controls are designed to prevent the initial infection point. However, despite all the best preventative controls, malware might eventually find a way to infect the system. So, some protections are built to place limits on malware that gets on the device. Protected Processes creates limits of this type. -With Protected Processes, Windows 10 prevents untrusted processes from interacting or tampering with those that have been specially signed. Protected Processes defines levels of trust for processes. Less trusted processes are prevented from interacting with and therefore attacking more trusted processes. Windows 10 uses Protected Processes more broadly across the operating system, and as in Windows 8.1, implements them in a way that can be used by 3rd party anti-malware vendors, as described in [Protecting Anti-Malware Services](/windows/win32/services/protecting-anti-malware-services-). This helps make the system and antimalware solutions less susceptible to tampering by malware that does manage to get on the system. +With Protected Processes, Windows 10 prevents untrusted processes from interacting or tampering with those processes that have been specially signed. Protected Processes defines levels of trust for processes. Less trusted processes are prevented from interacting with and therefore attacking more trusted processes. Windows 10 uses Protected Processes more broadly across the operating system, and as in Windows 8.1, implements them in a way that can be used by third-party anti-malware vendors, as described in [Protecting Anti-Malware Services](/windows/win32/services/protecting-anti-malware-services-). This helps make the system and antimalware solutions less susceptible to tampering by malware that does manage to get on the system. ### Universal Windows apps protections @@ -223,7 +223,7 @@ Windows 10 has several important improvements to the security of the heap: - **Heap metadata hardening** for internal data structures that the heap uses, to improve protections against memory corruption. -- **Heap allocation randomization**, that is, the use of randomized locations and sizes for heap memory allocations, which makes it more difficult for an attacker to predict the location of critical memory to overwrite. Specifically, Windows 10 adds a random offset to the address of a newly allocated heap, which makes the allocation much less predictable. +- **Heap allocation randomization**, that is, the use of randomized locations and sizes for heap memory allocations, making it more difficult for an attacker to predict the location of critical memory to overwrite. Specifically, Windows 10 adds a random offset to the address of a newly allocated heap, which makes the allocation much less predictable. - **Heap guard pages** before and after blocks of memory, which work as trip wires. If an attacker attempts to write past a block of memory (a common technique known as a buffer overflow), the attacker will have to overwrite a guard page. Any attempt to modify a guard page is considered a memory corruption, and Windows 10 responds by instantly terminating the app. @@ -271,7 +271,7 @@ Windows 10 includes an entirely new browser, Microsoft Edge. Microsoft Edge is m - **Designed as a Universal Windows app.** Microsoft Edge is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps. IE11 on Windows 10 can also take advantage of the same AppContainer technology through Enhanced Protect Mode. However, because IE11 can run ActiveX and BHOs, the browser and sandbox are susceptible to a much broader range of attacks than Microsoft Edge. -- **Simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, there are fewer required security settings. In addition, Microsoft Edge default settings align with security best practices, which makes it more secure by default. +- **Simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, there are fewer required security settings. In addition, Microsoft Edge default settings align with security best practices, making it more secure by default. In addition to Microsoft Edge, Microsoft includes IE11 in Windows 10, primarily for backwards-compatibility with websites and with binary extensions that do not work with Microsoft Edge. It must not be configured as the primary browser but rather as an optional or automatic switchover. We recommend using Microsoft Edge as the primary web browser because it provides compatibility with the modern web and the best possible security. @@ -300,7 +300,7 @@ Some of the protections available in Windows 10 are provided through functions t ## Understanding Windows 10 in relation to the Enhanced Mitigation Experience Toolkit -You might already be familiar with the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/kb/2458544), which has since 2009 offered various exploit mitigations, and an interface for configuring those mitigations. You can use this section to understand how EMET mitigations relate to those mitigations in Windows 10. Many of EMET's mitigations have been built into Windows 10, some with extra improvements. However, some EMET mitigations carry high performance cost, or appear to be relatively ineffective against modern threats, and therefore have not been brought into Windows 10. +You might already be familiar with the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/kb/2458544), which has since 2009 offered various exploit mitigations, and an interface for configuring those mitigations. You can use this section to understand how EMET mitigations relate to those mitigations in Windows 10. Many of EMET's mitigations have been built into Windows 10, some with extra improvements. However, some EMET mitigations carry high-performance cost, or appear to be relatively ineffective against modern threats, and therefore have not been brought into Windows 10. Because many of EMET's mitigations and security mechanisms already exist in Windows 10 and have been improved, particularly the ones assessed to have high effectiveness at mitigating known bypasses, version 5.5*x* has been announced as the final major version release for EMET (see [Enhanced Mitigation Experience Toolkit](https://web.archive.org/web/20170928073955/https://technet.microsoft.com/en-US/security/jj653751)). From 0574806397f9e6a7cffc1cb8baeaa67543ec8eb6 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 19 Oct 2021 12:07:27 +0530 Subject: [PATCH 14/28] Update overview-of-threat-mitigations-in-windows-10.md --- .../overview-of-threat-mitigations-in-windows-10.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index a2174e8105..6430ee693b 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -205,7 +205,7 @@ In Windows 10 and Windows Server 2016, client connections to the Active Director Most security controls are designed to prevent the initial infection point. However, despite all the best preventative controls, malware might eventually find a way to infect the system. So, some protections are built to place limits on malware that gets on the device. Protected Processes creates limits of this type. -With Protected Processes, Windows 10 prevents untrusted processes from interacting or tampering with those processes that have been specially signed. Protected Processes defines levels of trust for processes. Less trusted processes are prevented from interacting with and therefore attacking more trusted processes. Windows 10 uses Protected Processes more broadly across the operating system, and as in Windows 8.1, implements them in a way that can be used by third-party anti-malware vendors, as described in [Protecting Anti-Malware Services](/windows/win32/services/protecting-anti-malware-services-). This helps make the system and antimalware solutions less susceptible to tampering by malware that does manage to get on the system. +With Protected Processes, Windows 10 prevents untrusted processes from interacting or tampering with those processes that have been specially signed. Protected Processes defines levels of trust for processes. Less trusted processes are prevented from interacting with and therefore attacking more trusted processes. Windows 10 uses Protected Processes more broadly across the operating system, and, as in Windows 8.1, implements them in a way that can be used by third-party anti-malware vendors, as described in [Protecting Anti-Malware Services](/windows/win32/services/protecting-anti-malware-services-). This ease in use helps make the system and antimalware solutions less susceptible to tampering by malware that does manage to get on the system. ### Universal Windows apps protections @@ -273,7 +273,7 @@ Windows 10 includes an entirely new browser, Microsoft Edge. Microsoft Edge is m - **Simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, there are fewer required security settings. In addition, Microsoft Edge default settings align with security best practices, making it more secure by default. -In addition to Microsoft Edge, Microsoft includes IE11 in Windows 10, primarily for backwards-compatibility with websites and with binary extensions that do not work with Microsoft Edge. It must not be configured as the primary browser but rather as an optional or automatic switchover. We recommend using Microsoft Edge as the primary web browser because it provides compatibility with the modern web and the best possible security. +In addition to Microsoft Edge, Microsoft includes IE11 in Windows 10, primarily for backwards-compatibility with websites and with binary extensions that do not work with Microsoft Edge. You cannot configure it as the primary browser but rather as an optional or automatic switchover. We recommend using Microsoft Edge as the primary web browser because it provides compatibility with the modern web and the best possible security. For sites that require IE11 compatibility, including those sites that require binary extensions and plug-ins, enable Enterprise mode and use the Enterprise Mode Site List to define which sites have the dependency. With this configuration, when Microsoft Edge identifies a site that requires IE11, users will automatically be switched to IE11. From bfcc277cf98f57bb64463d645785673338bed00b Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 19 Oct 2021 12:10:26 +0530 Subject: [PATCH 15/28] Update overview-of-threat-mitigations-in-windows-10.md --- .../overview-of-threat-mitigations-in-windows-10.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 6430ee693b..fdd4c1c7d4 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -61,11 +61,11 @@ Windows 10 mitigations that you can configure are listed in the following two ta | **Credential Guard**
    helps keep attackers
    from gaining access through
    Pass-the-Hash or
    Pass-the-Ticket attacks | Credential Guard uses virtualization-based security to isolate secrets, such as NTLM password hashes and Kerberos Ticket Granting Tickets, so that only privileged system software can access them.
    Credential Guard is included in Windows 10 Enterprise and Windows Server 2016.

    **More information**: [Protect derived domain credentials with Credential Guard](/windows/access-protection/credential-guard/credential-guard) | | **Enterprise certificate pinning**
    helps prevent
    man-in-the-middle attacks
    that use PKI | Enterprise certificate pinning enables you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates. With enterprise certificate pinning, you can "pin" (associate) an X.509 certificate and its public key to its Certification Authority, either root or leaf.

    **More information**: [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning) | | **Device Guard**
    helps keep a device
    from running malware or
    other untrusted apps | Device Guard includes a Code Integrity policy that you create; an allowlist of trusted apps—the only apps allowed to run in your organization. Device Guard also includes a powerful system mitigation called hypervisor-protected code integrity (HVCI), which uses virtualization-based security (VBS) to protect Windows' kernel-mode code integrity validation process. HVCI has specific hardware requirements, and works with Code Integrity policies to help stop attacks even if they gain access to the kernel.
    Device Guard is included in Windows 10 Enterprise and Windows Server 2016.

    **More information**: [Introduction to Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) | -| **Microsoft Defender Antivirus**,
    which helps keep devices
    free of viruses and other
    malware | Windows 10 includes Microsoft Defender Antivirus, a robust inbox antimalware solution. Microsoft Defender Antivirus has been improved to a considerable extent since it was introduced in Windows 8.

    **More information**: [Microsoft Defender Antivirus](#microsoft-defender-antivirus), later in this topic | +| **Microsoft Defender Antivirus**,
    which helps keep devices
    free of viruses and other
    malware | Windows 10 includes Microsoft Defender Antivirus, a robust inbox anti-malware solution. Microsoft Defender Antivirus has been improved to a considerable extent since it was introduced in Windows 8.

    **More information**: [Microsoft Defender Antivirus](#microsoft-defender-antivirus), later in this topic | | **Blocking of untrusted fonts**
    helps prevent fonts
    from being used in
    elevation-of-privilege attacks | Block Untrusted Fonts is a setting that allows you to prevent users from loading fonts that are "untrusted" onto your network, which can mitigate elevation-of-privilege attacks associated with the parsing of font files. However, as of Windows 10, version 1703, this mitigation is less important, because font parsing is isolated in an [AppContainer sandbox](/windows/win32/secauthz/appcontainer-isolation) (for a list describing this and other kernel pool protections, see [Kernel pool protections](#kernel-pool-protections), later in this topic).

    **More information**: [Block untrusted fonts in an enterprise](/windows/threat-protection/block-untrusted-fonts-in-enterprise) | | **Memory protections**
    help prevent malware
    from using memory manipulation
    techniques such as buffer
    overruns | These mitigations, listed in [Table 2](#table-2), help to protect against memory-based attacks, where malware or other code manipulates memory to gain control of a system (for example, malware that attempts to use buffer overruns to inject malicious executable code into memory. Note:
    A subset of apps will not be able to run if some of these mitigations are set to their most restrictive settings. Testing can help you maximize protection while still allowing these apps to run.

    **More information**: [Table 2](#table-2), later in this topic | | **UEFI Secure Boot**
    helps protect
    the platform from
    boot kits and rootkits | Unified Extensible Firmware Interface (UEFI) Secure Boot is a security standard for firmware built in to PCs by manufacturers beginning with Windows 8. It helps to protect the boot process and firmware against tampering, such as from a physically present attacker or from forms of malware that run early in the boot process or in kernel after startup.

    **More information**: [UEFI and Secure Boot](/windows/device-security/bitlocker/bitlocker-countermeasures#uefi-and-secure-boot) | -| **Early Launch Antimalware (ELAM)**
    helps protect
    the platform from
    rootkits disguised as drivers | Early Launch Antimalware (ELAM) is designed to enable the antimalware solution to start before all non-Microsoft drivers and apps. If malware modifies a boot-related driver, ELAM will detect the change, and Windows will prevent the driver from starting, thus blocking driver-based rootkits.

    **More information**: [Early Launch Antimalware](/windows/device-security/bitlocker/bitlocker-countermeasures#protection-during-startup) | +| **Early Launch Antimalware (ELAM)**
    helps protect
    the platform from
    rootkits disguised as drivers | Early Launch Antimalware (ELAM) is designed to enable the anti-malware solution to start before all non-Microsoft drivers and apps. If malware modifies a boot-related driver, ELAM will detect the change, and Windows will prevent the driver from starting, thus blocking driver-based rootkits.

    **More information**: [Early Launch Antimalware](/windows/device-security/bitlocker/bitlocker-countermeasures#protection-during-startup) | | **Device Health Attestation**
    helps prevent
    compromised devices from
    accessing an organization's
    assets | Device Health Attestation (DHA) provides a way to confirm that devices attempting to connect to an organization's network are in a healthy state, not compromised with malware. When DHA has been configured, a device's actual boot data measurements can be checked against the expected "healthy" boot data. If the check indicates a device is unhealthy, the device can be prevented from accessing the network.

    **More information**: [Control the health of Windows 10-based devices](/windows/device-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices) and [Device Health Attestation](/windows-server/security/device-health-attestation) | Configurable Windows 10 mitigations designed to help protect against memory manipulation require in-depth understanding of these threats and mitigations and knowledge about how the operating system and applications handle memory. The standard process for maximizing these types of mitigations is to work in a test lab to discover whether a given setting interferes with any applications that you use so that you can deploy settings that maximize protection while still allowing apps to run correctly. @@ -90,7 +90,7 @@ For more information, see [Microsoft Defender SmartScreen overview](microsoft-de ### Microsoft Defender Antivirus -Microsoft Defender Antivirus in Windows 10 uses a multi-pronged approach to improve antimalware: +Microsoft Defender Antivirus in Windows 10 uses a multi-pronged approach to improve anti-malware: - **Cloud-delivered protection** helps detect and block new malware within seconds, even if the malware has never been seen before. The service, available as of Windows 10, version 1703, uses distributed resources and machine learning to deliver protection to endpoints at a rate that is far faster than traditional signature updates. @@ -100,7 +100,7 @@ Microsoft Defender Antivirus in Windows 10 uses a multi-pronged approach to impr - **Tamper proofing** helps guard Microsoft Defender Antivirus itself against malware attacks. For example, Microsoft Defender Antivirus uses Protected Processes, which prevents untrusted processes from attempting to tamper with Microsoft Defender Antivirus components, its registry keys, and so on. ([Protected Processes](#protected-processes) is described later in this topic.) -- **Enterprise-level features** give IT pros the tools and configuration options necessary to make Microsoft Defender Antivirus an enterprise-class antimalware solution. +- **Enterprise-level features** give IT pros the tools and configuration options necessary to make Microsoft Defender Antivirus an enterprise-class anti-malware solution. @@ -205,7 +205,7 @@ In Windows 10 and Windows Server 2016, client connections to the Active Director Most security controls are designed to prevent the initial infection point. However, despite all the best preventative controls, malware might eventually find a way to infect the system. So, some protections are built to place limits on malware that gets on the device. Protected Processes creates limits of this type. -With Protected Processes, Windows 10 prevents untrusted processes from interacting or tampering with those processes that have been specially signed. Protected Processes defines levels of trust for processes. Less trusted processes are prevented from interacting with and therefore attacking more trusted processes. Windows 10 uses Protected Processes more broadly across the operating system, and, as in Windows 8.1, implements them in a way that can be used by third-party anti-malware vendors, as described in [Protecting Anti-Malware Services](/windows/win32/services/protecting-anti-malware-services-). This ease in use helps make the system and antimalware solutions less susceptible to tampering by malware that does manage to get on the system. +With Protected Processes, Windows 10 prevents untrusted processes from interacting or tampering with those processes that have been specially signed. Protected Processes defines levels of trust for processes. Less trusted processes are prevented from interacting with and therefore attacking more trusted processes. Windows 10 uses Protected Processes more broadly across the operating system, and, as in Windows 8.1, implements them in a way that can be used by third-party anti-malware vendors, as described in [Protecting Anti-Malware Services](/windows/win32/services/protecting-anti-malware-services-). This ease in use helps make the system and anti-malware solutions less susceptible to tampering by malware that does manage to get on the system. ### Universal Windows apps protections From 29efd80b24af078a2a67e68e65b80bddb8ae484b Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 19 Oct 2021 12:28:26 +0530 Subject: [PATCH 16/28] resolved suggestions --- .../auditing/advanced-security-audit-policy-settings.md | 2 +- .../threat-protection/get-support-for-security-baselines.md | 2 +- .../threat-protection/security-compliance-toolkit-10.md | 4 ++-- .../secpol-advanced-security-audit-policy-settings.md | 2 +- .../security-compliance-toolkit-10.md | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index 1cb4f72589..425fdc6748 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -18,7 +18,7 @@ ms.date: 09/06/2021 ms.technology: windows-sec --- -# Advanced security audit policy settings +# Advanced security audit policy settings (Windows 10) This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate. diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md index 56c3058279..5d606c7889 100644 --- a/windows/security/threat-protection/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/get-support-for-security-baselines.md @@ -16,7 +16,7 @@ ms.reviewer: ms.technology: windows-sec --- -# Get Support +# Get Support for Windows baselines **What is the Microsoft Security Compliance Manager (SCM)?** diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index a2c720f8da..6a7500bd6d 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -1,6 +1,6 @@ --- title: Microsoft Security Compliance Toolkit 1.0 -description: This article describes how to use the Security Compliance Toolkit in your organization +description: This article describes how to use the Security Compliance Toolkit 1.0 in your organization keywords: virtualization, security, malware ms.prod: m365-security ms.mktglfcycl: deploy @@ -16,7 +16,7 @@ ms.reviewer: ms.technology: windows-sec --- -# Microsoft Security Compliance Toolkit 1.0 +# Microsoft Security Compliance Toolkit 1.0 - Usage ## What is the Security Compliance Toolkit (SCT)? diff --git a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md index fe3ba96d3f..9d439eb3b6 100644 --- a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md @@ -18,7 +18,7 @@ ms.date: 04/19/2017 ms.technology: windows-sec --- -# Advanced security audit policy settings +# Advanced security audit policy settings for Windows 10 **Applies to** - Windows 10 diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md index 46cc0e4626..b73f8ecef6 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -1,6 +1,6 @@ --- title: Microsoft Security Compliance Toolkit 1.0 Guide -description: This article describes how to use the Security Compliance Toolkit in your organization +description: This article describes how to use Security Compliance Toolkit 1.0 in your organization keywords: virtualization, security, malware ms.prod: m365-security ms.mktglfcycl: deploy @@ -16,7 +16,7 @@ ms.reviewer: ms.technology: windows-sec --- -# Microsoft Security Compliance Toolkit 1.0 +# Microsoft Security Compliance Toolkit 1.0 - Usage ## What is the Security Compliance Toolkit (SCT)? From 92a43fa953c326b44386c51338980e3b8a15de21 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 19 Oct 2021 12:38:11 +0530 Subject: [PATCH 17/28] resolved suggestions --- .../threat-protection/security-compliance-toolkit-10.md | 2 +- .../security-compliance-toolkit-10.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index 6a7500bd6d..c56d9a43c6 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -16,7 +16,7 @@ ms.reviewer: ms.technology: windows-sec --- -# Microsoft Security Compliance Toolkit 1.0 - Usage +# Microsoft Security Compliance Toolkit 1.0 Usage ## What is the Security Compliance Toolkit (SCT)? diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md index b73f8ecef6..2d66169700 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -16,7 +16,7 @@ ms.reviewer: ms.technology: windows-sec --- -# Microsoft Security Compliance Toolkit 1.0 - Usage +# Microsoft Security Compliance Toolkit 1.0 - How to use ## What is the Security Compliance Toolkit (SCT)? From 04a685e47c7c9951f92f5bacbe1cb8023979d0c3 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 20 Oct 2021 10:24:48 +0530 Subject: [PATCH 18/28] Update configure-authorized-apps-deployed-with-a-managed-installer.md --- ...onfigure-authorized-apps-deployed-with-a-managed-installer.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md index a9a11a1d50..986fc5644a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -13,6 +13,7 @@ ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp +author: dansimp manager: dansimp ms.date: 10/19/2021 ms.technology: windows-sec From 776760e8803855402a4e8d85a57524a675843b26 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 20 Oct 2021 10:27:42 +0530 Subject: [PATCH 19/28] Update configure-authorized-apps-deployed-with-a-managed-installer.md --- ...figure-authorized-apps-deployed-with-a-managed-installer.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md index 986fc5644a..ae15be54f4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -17,8 +17,7 @@ author: dansimp manager: dansimp ms.date: 10/19/2021 ms.technology: windows-sec - - +--- # Configuring authorized apps deployed by a managed installer with AppLocker and Windows Defender Application Control **Applies to:** From 2906660932b1998150c09cd3299cc155239e2eef Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 20 Oct 2021 10:30:54 +0530 Subject: [PATCH 20/28] Update configure-authorized-apps-deployed-with-a-managed-installer.md --- ...onfigure-authorized-apps-deployed-with-a-managed-installer.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md index ae15be54f4..0b8842ad6d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -13,7 +13,6 @@ ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp -author: dansimp manager: dansimp ms.date: 10/19/2021 ms.technology: windows-sec From fd76f7c23fc2c4ca0df806e598bf8247ca37ffc4 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 1 Nov 2021 10:48:06 +0530 Subject: [PATCH 21/28] Delete settings.json --- .vscode/settings.json | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index ed9462b7e6..0000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "markdownlint.config": { - "MD028": false, - "MD025": { - "front_matter_title": "" - } - } -} \ No newline at end of file From 37c76c3968602c4079e641202476a8ddb7c33ebc Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 1 Nov 2021 11:00:44 +0530 Subject: [PATCH 22/28] Delete settings.json --- .vscode/settings.json | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index ed9462b7e6..0000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "markdownlint.config": { - "MD028": false, - "MD025": { - "front_matter_title": "" - } - } -} \ No newline at end of file From 31339ca21370c3df70f49c939410bdef3551e7ea Mon Sep 17 00:00:00 2001 From: Jordan Geurten Date: Mon, 8 Nov 2021 11:01:17 -0800 Subject: [PATCH 23/28] Update microsoft-recommended-driver-block-rules.md Updated the recommended blocklist with the latest Retliften hashes, the Saasame leaked certificate, corrected signer rules, HP's vulnerable driver, Cheat Engine's signer --- ...icrosoft-recommended-driver-block-rules.md | 71 ++++++++++++++++--- 1 file changed, 61 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index 4e5251d27d..608da5aa98 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -46,14 +46,14 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- ```xml - 10.0.19565.0 + 10.0.22493.0 {D2BDA982-CCF6-4344-AC5B-0B44427B6816} {2E07F7E4-194C-4D20-B7C9-6F44A6C5A234} - + @@ -173,6 +173,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + + + @@ -242,6 +246,9 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + + @@ -311,10 +318,16 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + + + + + @@ -335,15 +348,20 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + - + - + + + + @@ -405,6 +423,8 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + @@ -415,6 +435,12 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + + + + + @@ -452,7 +478,6 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- - @@ -468,6 +493,12 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + + + + + @@ -485,6 +516,9 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + + @@ -501,10 +535,12 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- - + + + @@ -522,8 +558,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + - + @@ -633,6 +671,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + + + @@ -702,6 +744,9 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + + @@ -771,11 +816,17 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + + - - + + + + + @@ -794,7 +845,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- - 10.0.22417.0 + 10.0.22493.0 From d5bcee1290720bae00d904360ed15dd01ba389d5 Mon Sep 17 00:00:00 2001 From: Jordan Geurten Date: Wed, 10 Nov 2021 08:52:58 -0800 Subject: [PATCH 24/28] Added deny rule for IntuneWindowsAgent version 1.46.204.0 and below per vulnerability reported --- .../microsoft-recommended-block-rules.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 0452284705..71779ec0d3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -89,6 +89,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you | `Brock Mammen`| | | `Casey Smith` | `@subTee` | | `Jimmy Bayne` | `@bohops` | +| `Kim Oppalfens` | `@thewmiguy` | | `Lasse Trolle Borup` | `Langkjaer Cyber Defence` | | `Lee Christensen` | `@tifkin_` | | `Matt Graeber` | `@mattifestation` | @@ -164,6 +165,7 @@ Select the correct version of each .dll for the Windows release you plan to supp + @@ -905,6 +907,7 @@ Select the correct version of each .dll for the Windows release you plan to supp + From d3a162ae7d4050fec63088262b2eee235f71615d Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 15 Nov 2021 11:05:11 -0800 Subject: [PATCH 25/28] Made punctuation edits as well as reworked a couple of wordy sentences in the following files. - windows-defender-application-control-design-guide.md - plan-windows-defender-application-control-management.md - understand-windows-defender-application-control-policy-design-decisions.md - select-types-of-rules-to-create.md - configure-authorized-apps-deployed-with-a-managed-installer --- ...-apps-deployed-with-a-managed-installer.md | 2 +- ...defender-application-control-management.md | 2 +- .../select-types-of-rules-to-create.md | 50 +++++++++---------- ...ication-control-policy-design-decisions.md | 10 ++-- ...fender-application-control-design-guide.md | 10 ++-- 5 files changed, 37 insertions(+), 37 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md index 70e5a3a31d..8b898dfcb6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -29,7 +29,7 @@ ms.technology: mde >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md). -Windows 10, version 1703 introduced a new option for Windows Defender Application Control (WDAC), called _managed installer_, that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution such as Microsoft Endpoint Configuration Manager. +Windows 10 (version 1703) introduced a new option for Windows Defender Application Control (WDAC), called _managed installer_, that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution such as Microsoft Endpoint Configuration Manager. ## How does a managed installer work? diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md index 0c319af7e6..34df65fdf9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md @@ -33,7 +33,7 @@ This topic describes the decisions you need to make to establish the processes f ## Policy XML lifecycle management -The first step in implementing application control is to consider how your policies will be managed and maintained over time. Developing a process for managing WDAC policies helps assure that WDAC continues to effectively control how applications are allowed to run in your organization. +The first step in implementing application control is to consider how your policies will be managed and maintained over time. Developing a process for managing WDAC policies helps ensure that WDAC continues to effectively control how applications are allowed to run in your organization. Most WDAC policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include: diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 403aab58d8..ebd5c64dd6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -29,23 +29,23 @@ ms.technology: mde >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md). -Windows Defender Application Control (WDAC) can control what runs on Windows 10 and Windows 11 by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how applications are identified and trusted. +Windows Defender Application Control (WDAC) can control what runs on Windows 10 and Windows 11, by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how applications are identified and trusted. ## Windows Defender Application Control policy rules To modify the policy rule options of an existing WDAC policy XML, use [Set-RuleOption](/powershell/module/configci/set-ruleoption). The following examples show how to use this cmdlet to add and remove a rule option on an existing WDAC policy: -- To ensure that UMCI is enabled for a WDAC policy that was created with the `-UserPEs` (user mode) option, add rule option 0 to an existing policy by running the following command: +- To ensure that UMCI is enabled for a WDAC policy that was created with the `-UserPEs` (user mode) option, add rule option 0 to an existing policy, by running the following command: `Set-RuleOption -FilePath -Option 0` - A policy created without the `-UserPEs` option has no rules for user mode code. If you enable UMCI (Option 0) for such a policy, WDAC will block all applications and even critical Windows user session code. In audit mode, WDAC simply logs an event, but when enforced, all user mode code will be blocked. To create a policy that includes user mode executables (applications), run `New-CIPolicy` with the `-UserPEs` option. + A policy created without the `-UserPEs` option has no rules for user mode code. If you enable UMCI (Option 0) for such a policy, WDAC will block all applications, and even critical Windows user session code. In audit mode, WDAC simply logs an event, but when enforced, all user mode code will be blocked. To create a policy that includes user mode executables (applications), run `New-CIPolicy` with the `-UserPEs` option. - To disable UMCI on an existing WDAC policy, delete rule option 0 by running the following command: `Set-RuleOption -FilePath -Option 0 -Delete` -You can set several rule options within a WDAC policy. Table 1 describes each rule option and whether they have supplemental policies. However, option 5 is not implemented as it is reserved for future work, and option 7 is not supported. +You can set several rule options within a WDAC policy. Table 1 describes each rule option, and whether they have supplemental policies. However, option 5 is not implemented as it is reserved for future work, and option 7 is not supported. > [!NOTE] > We recommend that you use **Enabled:Audit Mode** initially because it allows you to test new WDAC policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. To allow these applications, you can capture the policy information from the event log, and then merge that information into the existing policy. When the **Enabled:Audit Mode** is deleted, the policy runs in enforced mode. @@ -57,28 +57,28 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru | **0 Enabled:UMCI** | WDAC policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. | No | | **1 Enabled:Boot Menu Protection** | This option is not currently supported. | No | | **2 Required:WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Kernel drivers built for Windows 10 should be WHQL certified. | No | -| **3 Enabled:Audit Mode (Default)** | Instructs WDAC to log information about applications, binaries, and scripts that would have been blocked if the policy was enforced. You can use this option to identify the potential impact of your WDAC policy, and use the audit events to refine the policy before enforcement. To enforce a WDAC policy, delete this option. | No | +| **3 Enabled:Audit Mode (Default)** | Instructs WDAC to log information about applications, binaries, and scripts that would have been blocked, if the policy was enforced. You can use this option to identify the potential impact of your WDAC policy, and use the audit events to refine the policy before enforcement. To enforce a WDAC policy, delete this option. | No | | **4 Disabled:Flight Signing** | If enabled, WDAC policies will not trust flightroot-signed binaries. This option would be used by organizations that only want to run released binaries, not pre-release Windows builds. | No | | **5 Enabled:Inherit Default Policy** | This option is reserved for future use and currently has no effect. | Yes | -| **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and the certificates that are trusted for future policy updates must be identified in the UpdatePolicySigners section. | Yes | +| **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed. The certificates that are trusted for future policy updates must be identified in the UpdatePolicySigners section. | Yes | | **7 Allowed:Debug Policy Augmented** | This option is not currently supported. | Yes | -| **8 Required:EV Signers** | This rule requires that drivers must be WHQL signed and have been submitted by a partner with an Extended Verification (EV) certificate. All Windows 10 and Windows 11 drivers will meet this requirement. | No | +| **8 Required:EV Signers** | This rule requires that drivers must be WHQL signed, and have been submitted by a partner with an Extended Verification (EV) certificate. All Windows 10 and Windows 11 drivers will meet this requirement. | No | | **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | No | | **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. | No | -| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is required to run HTA files, and is supported on 1709, 1803, and 1809 builds with the 2019 10C LCU or higher, and on devices with the Windows 10 May 2019 Update (1903) and higher. Using it on versions of Windows without the proper update may have unintended results. | No | +| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes).
    NOTE: This option is required to run HTA files, and is supported on 1709, 1803, and 1809 builds with the 2019 10C LCU or higher, and on devices with the Windows 10 May 2019 Update (1903) and higher. Using it on versions of Windows without the proper update may have unintended results. | No | | **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. | No | | **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a managed installer. For more information, see [Authorize apps deployed with a WDAC managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) | Yes | | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). | Yes | | **15 Enabled:Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically revalidate the reputation for files that were authorized by the ISG.| No | -| **16 Enabled:Update Policy No Reboot** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. NOTE: This option is only supported on Windows 10, version 1709, and above.| No | -| **17 Enabled:Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. NOTE: This option is only supported on Windows 10, version 1903, and above. | No | -| **18 Disabled:Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. NOTE: This option is only supported on Windows 10, version 1903, and above. | Yes | -| **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries. NOTE: This option is only supported on Windows 10, version 1803, and above. | No | -| **20 Enabled:Revoked Expired As Unsigned** | Use this option to treat binaries signed with expired and/or revoked certificates as "Unsigned binaries" for user-mode process/components under enterprise signing scenarios. | No | +| **16 Enabled:Update Policy No Reboot** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot.
    NOTE: This option is only supported on Windows 10, version 1709 and above.| No | +| **17 Enabled:Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it.
    NOTE: This option is only supported on Windows 10, version 1903 and above. | No | +| **18 Disabled:Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator.
    NOTE: This option is only supported on Windows 10, version 1903 and above. | Yes | +| **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries.
    NOTE: This option is only supported on Windows 10, version 1803 and above. | No | +| **20 Enabled:Revoked Expired As Unsigned** | Use this option to treat binaries signed with expired and/or revoked certificates as "Unsigned binaries" for user-mode process/components, under enterprise signing scenarios. | No | ## Windows Defender Application Control file rule levels -File rule levels allow administrators to specify the level at which they want to trust their applications. This level of trust could be as granular as the hash of each binary or as general as a CA certificate. You specify file rule levels when using WDAC PowerShell cmdlets to create and modify policies. +File rule levels allow administrators to specify the level at which they want to trust their applications. This level of trust could be as granular as the hash of each binary, or as general as a CA certificate. You specify file rule levels when using WDAC PowerShell cmdlets to create and modify policies. Each file rule level has its benefit and disadvantage. Use Table 2 to select the appropriate protection level for your available administrative resources and Windows Defender Application Control deployment scenario. @@ -86,21 +86,21 @@ Each file rule level has its benefit and disadvantage. Use Table 2 to select the | Rule level | Description | |----------- | ----------- | -| **Hash** | Specifies individual hash values for each discovered binary. This is the most specific level and requires additional effort to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. | -| **FileName** | Specifies the original filename for each binary. Although the hash values for an application are modified when updated, the file names are typically not. This level offers less specific security than the hash level but does not typically require a policy update when any binary is modified. | +| **Hash** | Specifies individual hash values for each discovered binary. This is the most specific level, and requires additional effort to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. | +| **FileName** | Specifies the original filename for each binary. Although the hash values for an application are modified when updated, the file names are typically not. This level offers less specific security than the hash level, but it does not typically require a policy update when any binary is modified. | | **FilePath** | Beginning with Windows 10 version 1903, this level allows binaries to run from specific file path locations. Additional information about FilePath level rules can be found below. | -| **SignedVersion** | This level combines the publisher rule with a version number and allows anything to run from the specified publisher with a version at or above the specified version number. | +| **SignedVersion** | This level combines the publisher rule with a version number. It allows anything to run from the specified publisher with a version at or above the specified version number. | | **Publisher** | This level combines the PcaCertificate level (typically one certificate below the root) and the common name (CN) of the leaf certificate. You can use this rule level to trust a certificate issued by a particular CA and issued to a specific company you trust (such as Intel, for device drivers). | | **FilePublisher** | This level combines the “FileName” attribute of the signed file, plus “Publisher” (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. | | **LeafCertificate** | Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product will have different hash values but typically the same signing certificate. Using this level, no policy update would be needed to run the new version of the application. However, leaf certificates have much shorter validity periods than other certificate levels, so the WDAC policy must be updated whenever these certificates change. | -| **PcaCertificate** | Adds the highest available certificate in the provided certificate chain to signers. This level is typically one certificate below the root certificate, because the scan does not validate anything beyond the certificates included in the provided signature (it does not go online or check local root stores). | +| **PcaCertificate** | Adds the highest available certificate in the provided certificate chain to signers. This level is typically one certificate below the root certificate because the scan does not validate anything beyond the certificates included in the provided signature (it does not go online or check local root stores). | | **RootCertificate** | Currently unsupported. | | **WHQL** | Trusts binaries if they have been validated and signed by WHQL. This level is primarily for kernel binaries. | -| **WHQLPublisher** | This level combines the WHQL level and the CN on the leaf certificate and is primarily for kernel binaries. | +| **WHQLPublisher** | This level combines the WHQL level and the CN on the leaf certificate, and is primarily for kernel binaries. | | **WHQLFilePublisher** | Specifies that the binaries are validated and signed by WHQL, with a specific publisher (WHQLPublisher), and that the binary is the specified version or newer. This level is primarily for kernel binaries. | > [!NOTE] -> When you create WDAC policies with [New-CIPolicy](/powershell/module/configci/new-cipolicy), you can specify a primary file rule level by including the **-Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **-Fallback** parameter. For example, if the primary file rule level is PCACertificate but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate. +> When you create WDAC policies with [New-CIPolicy](/powershell/module/configci/new-cipolicy), you can specify a primary file rule level, by including the **-Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **-Fallback** parameter. For example, if the primary file rule level is PCACertificate, but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate. > [!NOTE] > - WDAC only supports signer rules for RSA certificate signing keys with a maximum of 4096 bits. @@ -120,17 +120,17 @@ WDAC has a built-in file rule conflict logic that translates to precedence order ## More information about filepath rules -Filepath rules do not provide the same security guarantees that explicit signer rules do, as they are based on mutable access permissions. Filepath rules are best suited for environments where most users are running as standard rather than admin. Path rules are best suited to allow paths that you expect will remain admin-writeable only. You may want to avoid path rules for directories where standard users can modify ACLs on the folder. +Filepath rules do not provide the same security guarantees that explicit signer rules do, since they are based on mutable access permissions. Filepath rules are best suited for environments where most users are running as standard rather than admin. Path rules are best suited to allow paths that you expect will remain admin-writeable only. You may want to avoid path rules for directories where standard users can modify ACLs on the folder. By default, WDAC performs a user-writeability check at runtime that ensures that the current permissions on the specified filepath and its parent directories (recursively) do not allow standard users write access. -There is a defined list of SIDs which WDAC recognizes as admins. If a filepath allows write permissions for any SID not in this list, the filepath is considered to be user-writeable even if the SID is associated to a custom admin user. To handle these special cases, you can override WDAC's runtime admin-writeable check with the **Disabled:Runtime FilePath Rule Protection** option described above. +There is a defined list of SIDs that WDAC recognizes as admins. If a filepath allows write permissions for any SID not in this list, the filepath is considered to be user-writeable, even if the SID is associated to a custom admin user. To handle these special cases, you can override WDAC's runtime admin-writeable check with the **Disabled:Runtime FilePath Rule Protection** option described above. WDAC's list of well-known admin SIDs are: S-1-3-0; S-1-5-18; S-1-5-19; S-1-5-20; S-1-5-32-544; S-1-5-32-549; S-1-5-32-550; S-1-5-32-551; S-1-5-32-577; S-1-5-32-559; S-1-5-32-568; S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394; S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523. -When generating filepath rules using [New-CIPolicy](/powershell/module/configci/new-cipolicy), a unique, fully qualified path rule is generated for every file discovered in the scanned path(s). To create rules that instead allow all files under a specified folder path, use [New-CIPolicyRule](/powershell/module/configci/new-cipolicyrule) to define rules containing wildcards using the [-FilePathRules](/powershell/module/configci/new-cipolicyrule#parameters) switch. +When generating filepath rules using [New-CIPolicy](/powershell/module/configci/new-cipolicy), a unique, fully qualified path rule is generated for every file discovered in the scanned path(s). To create rules that instead allow all files under a specified folder path, use [New-CIPolicyRule](/powershell/module/configci/new-cipolicyrule) to define rules containing wildcards, using the [-FilePathRules](/powershell/module/configci/new-cipolicyrule#parameters) switch. Wildcards can be used at the beginning or end of a path rule; only one wildcard is allowed per path rule. Wildcards placed at the end of a path authorize all files in that path and its subdirectories recursively (ex. `C:\*` would include `C:\foo\*` ). Wildcards placed at the beginning of a path will allow the exact specified filename under any path (ex. `*\bar.exe` would allow `C:\bar.exe` and `C:\foo\bar.exe`). Wildcards in the middle of a path are not supported (ex. `C:\*\foo.exe`). Without a wildcard, the rule will allow only a specific file (ex. `C:\foo\bar.exe`). @@ -144,13 +144,13 @@ You can also use the following macros when the exact volume may vary: `%OSDRIVE% ### Why does scan create four hash rules per XML file? The PowerShell cmdlet will produce an Authenticode Sha1 Hash, Sha256 Hash, Sha1 Page Hash, Sha256 Page Hash. -During validation CI will choose which hashes to calculate depending on how the file is signed. For example, if the file is page-hash signed the entire file would not get paged in to do a full sha256 authenticode and we would just match using the first page hash. +During validation CI will choose which hashes to calculate, depending on how the file is signed. For example, if the file is page-hash signed the entire file would not get paged in to do a full sha256 authenticode, and we would just match using the first page hash. In the cmdlets, rather than try to predict which hash CI will use, we pre-calculate and use the four hashes (sha1/sha2 authenticode, and sha1/sha2 of first page). This is also resilient, if the signing status of the file changes and necessary for deny rules to ensure that changing/stripping the signature doesn’t result in a different hash than what was in the policy being used by CI. ### Why does scan create eight hash rules for certain XML files? -Separate rules are created for UMCI and KMCI. In some cases, files which are purely user-mode or purely kernel-mode may still generate both sets, as CI cannot always precisely determine what is purely user vs. kernel mode and errs on the side of caution. +Separate rules are created for UMCI and KMCI. In some cases, files that are purely user-mode or purely kernel-mode may still generate both sets, since CI cannot always precisely determine what is purely user vs. kernel mode, and errs on the side of caution. ## Windows Defender Application Control filename rules diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index ce15020a22..b88bf43f44 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -29,7 +29,7 @@ ms.technology: mde > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md). -This topic is for the IT professional and lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using Windows Defender Application Control (WDAC) within a Windows operating system environment. +This topic is for the IT professional. It lists the design questions, possible answers, and ramifications for decisions made, when planning application control policies deployment using Windows Defender Application Control (WDAC), within a Windows operating system environment. When you begin the design and planning process, you should consider the ramifications of your design choices. The resulting decisions will affect your policy deployment scheme and subsequent application control policy maintenance. @@ -46,24 +46,24 @@ You should consider using WDAC as part of your organization's application contro Beginning with Windows 10, version 1903, WDAC allows [multiple simultaneous policies](deploy-multiple-windows-defender-application-control-policies.md) to be applied to each device. This opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create. -The first step is to define the desired "circle-of-trust" for your WDAC policies. By "circle-of-trust", we mean a description of the business intent of the policy expressed in natural language. This "circle-of-trust" definition will guide you as you create the actual policy rules for your policy XML. +The first step is to define the desired "circle-of-trust" for your WDAC policies. By "circle-of-trust," we mean a description of the business intent of the policy expressed in natural language. This "circle-of-trust" definition will guide you as you create the actual policy rules for your policy XML. For example, the DefaultWindows policy, which can be found under %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies, establishes a "circle-of-trust" that allows Windows, 3rd-party hardware and software kernel drivers, and applications from the Microsoft Store. Microsoft Endpoint Configuration Manager, previously known as System Center Configuration Manager, uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator, which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for Configuration Manager's native WDAC integration. -The following questions can help you plan your WDAC deployment and determine the right "circle-of-trust" for your policies. They are not in priority or sequential order and are not meant to be an exhaustive set of design considerations. +The following questions can help you plan your WDAC deployment and determine the right "circle-of-trust" for your policies. They are not in priority or sequential order, and are not meant to be an exhaustive set of design considerations. ## WDAC design considerations ### How are apps managed and deployed in your organization? -Organizations with well-defined, centrally managed app management and deployment processes can create more restrictive, more secure policies. Other organizations may be able to deploy WDAC with more relaxed rules or may choose to deploy WDAC in audit mode to gain better visibility to the apps being used in their organization. +Organizations with well-defined, centrally managed app management and deployment processes can create more restrictive, more secure policies. Other organizations may be able to deploy WDAC with more relaxed rules, or may choose to deploy WDAC in audit mode to gain better visibility to the apps being used in their organization. | Possible answers | Design considerations| | - | - | | All apps are centrally managed and deployed using endpoint management tools like [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. WDAC options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | -| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide WDAC policy. Alternatively, teams can use managed installers to install their team-specific apps or admin-only file path rules can be used to allow apps installed by admin users. | +| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide WDAC policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. | | Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | WDAC can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | | Users and teams are free to download and install apps without restriction. | WDAC policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.| diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md index 57db67bee8..13a6120369 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md @@ -34,10 +34,10 @@ This guide covers design and planning for Windows Defender Application Control ( ## Plan for success -A common refrain you may hear about application control is that it is "too hard". While it is true that application control is not as simple as flipping a switch, organizations can be successful if they take a methodical approach and carefully plan their approach. In reality, the issues that lead to failure with application control often arise from business issues rather than technology challenges. Organizations that have successfully deployed application control have ensured the following before starting their planning: +A common refrain you may hear about application control is that it is "too hard." While it is true that application control is not as simple as flipping a switch, organizations can be successful, if they're methodical when carefully planning their approach. In reality, the issues that lead to failure with application control often arise from business issues rather than technology challenges. Organizations that have successfully deployed application control have ensured the following before starting their planning: - Executive sponsorship and organizational buy-in is in place. -- There is a clear **business** objective for using application control and it is not being planned as a purely technical problem from IT. +- There is a clear **business** objective for using application control, and it is not being planned as a purely technical problem from IT. - The organization has a plan to handle potential helpdesk support requests for users who are blocked from running some apps. - The organization has considered where application control can be most useful (for example, securing sensitive workloads or business functions) and also where it may be difficult to achieve (for example, developer workstations). @@ -48,9 +48,9 @@ Once these business factors are in place, you are ready to begin planning your W | Topic | Description | | - | - | | [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. | -| [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies. | +| [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of application control policies. | | [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. | -| [Policy creation for common WDAC usage scenarios](types-of-devices.md) | This set of topics outlines common use case scenarios and helps you begin to develop a plan for deploying WDAC in your organization. | +| [Policy creation for common WDAC usage scenarios](types-of-devices.md) | This set of topics outlines common use case scenarios, and helps you begin to develop a plan for deploying WDAC in your organization. | | [Policy creation using the WDAC Wizard tool](wdac-wizard.md) | This set of topics describes how to use the WDAC Wizard desktop app to easily create, edit, and merge WDAC policies. | -After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md) covers the creation and testing of policies, deploying the enforcement setting, and managing and maintaining the policies. +After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md) covers creating and testing policies, deploying the enforcement setting, and managing and maintaining policies. From fce7ae8719cd11320074bc0ea995737acc9dcab2 Mon Sep 17 00:00:00 2001 From: PaulaTomasG <94612518+PaulaTomasG@users.noreply.github.com> Date: Tue, 23 Nov 2021 11:05:22 +0100 Subject: [PATCH 26/28] Update policy-csp-userrights.md Adding a Caution message for ChangeSystemTime User right as failing to include Local Service account results in failure to apply the CSP. --- windows/client-management/mdm/policy-csp-userrights.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index be84a95bca..0a2b3f03a4 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -567,6 +567,13 @@ GP Info: This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. +> [!CAUTION] +> Configuring user rights replaces existing users or groups previously assigned those user rights. The system requires that Local Service account (SID S-1-5-19) always has the ChangeSystemTime right. Therefore, Local Service must always be specified in addition to any other accounts being configured in this policy. +> +> Not including the Local Service account will result in failure with the following error: +> | Error Code | Symbolic Name | Error Description | Header | +> |----------|----------|----------|----------| +> | 0x80070032 (Hex)|ERROR_NOT_SUPPORTED|The request is not supported.| winerror.h | From 61d7436e4c4e54e748677eeaf2e621cb3932f49a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 24 Nov 2021 08:30:43 -0800 Subject: [PATCH 27/28] Update policy-csp-userrights.md --- windows/client-management/mdm/policy-csp-userrights.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 0a2b3f03a4..32d20f4176 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 11/11/2021 +ms.date: 11/24/2021 ms.reviewer: manager: dansimp --- From f803aa2e592a87afd1dd7e0af0b9c35a218762f9 Mon Sep 17 00:00:00 2001 From: Jeff Borsecnik <36546697+jborsecnik@users.noreply.github.com> Date: Wed, 24 Nov 2021 09:27:25 -0800 Subject: [PATCH 28/28] Update policy-csp-userrights.md fix format of new table --- windows/client-management/mdm/policy-csp-userrights.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 32d20f4176..606e5b3100 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -571,7 +571,8 @@ This user right determines which users and groups can change the time and date o > Configuring user rights replaces existing users or groups previously assigned those user rights. The system requires that Local Service account (SID S-1-5-19) always has the ChangeSystemTime right. Therefore, Local Service must always be specified in addition to any other accounts being configured in this policy. > > Not including the Local Service account will result in failure with the following error: -> | Error Code | Symbolic Name | Error Description | Header | +> +> | Error code | Symbolic name | Error description | Header | > |----------|----------|----------|----------| > | 0x80070032 (Hex)|ERROR_NOT_SUPPORTED|The request is not supported.| winerror.h |