deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr

Browse Source
This commit is contained in:
Jreeds001
2020-04-16 14:40:57 -07:00
parent 47eb6206b1 e123c2d461
commit 89f1e0fcc9
6 changed files with 31 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
devices/surface-hub/miracast-over-infrastructure.md
View File

@ -41,7 +41,6 @@ If you have a Surface Hub or other Windows 10 device that has been updated to Wi
- As a Miracast source, the Windows PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection.
- The DNS Hostname (device name) of the Surface Hub or device needs to be resolvable via your DNS servers. You can achieve this by either allowing your Surface Hub to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the Surface Hub's hostname.
- Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection.
- On Windows 10 PCs, the **Projecting to this PC** feature must be enabled within System Settings, and the device must have a Wi-Fi interface enabled in order to respond to discovery requests.
It is important to note that Miracast over Infrastructure is not a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and dont have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method.

32
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
View File

@ -15,7 +15,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 04/24/2018
ms.date: 04/16/2020
---
# Onboard non-persistent virtual desktop infrastructure (VDI) machines
@ -81,15 +81,15 @@ The following steps will guide you through onboarding VDI machines and will high
6. Test your solution:
a. Create a pool with one machine.
a. Create a pool with one machine.
b. Logon to machine.
b. Logon to machine.
c. Logoff from machine.
c. Logoff from machine.
d. Logon to machine with another user.
d. Logon to machine with another user.
e. **For single entry for each machine**: Check only one entry in Microsoft Defender Security Center.<br>
e. **For single entry for each machine**: Check only one entry in Microsoft Defender Security Center.<br>
**For multiple entries for each machine**: Check multiple entries in Microsoft Defender Security Center.
7. Click **Machines list** on the Navigation pane.
@ -111,22 +111,26 @@ For more information on DISM commands and offline servicing, please refer to the
- [DISM Image Management Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14)
- [Reduce the Size of the Component Store in an Offline Windows Image](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reduce-the-size-of-the-component-store-in-an-offline-windows-image)
- If offline servicing is not a viable option for your non-persistent VDI environment, then the following steps should be taken to ensure consistency and sensor health:
If offline servicing is not a viable option for your non-persistent VDI environment, the following steps should be taken to ensure consistency and sensor health:
1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft Defender ATP sensor. For more information, see [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script).
2. Ensure the sensor is off by running 'sc query sense'.
2. Ensure the sensor is stopped by running the command below in a CMD window:
```
sc query sense
```
3. Service the image as needed.
4. Run the below commands using PsExec.exe (which can be downloaded from https://download.sysinternals.com/files/PSTools.zip) to cleanup the cyber folder contents that the sensor may have accumulated since boot:
```
PsExec.exe -s cmd.exe
cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber"
del *.* /f /s /q
exit
```
```
PsExec.exe -s cmd.exe
cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber"
del *.* /f /s /q
exit
```
5. Re-seal the golden/master image as you normally would.

8
windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
View File

@ -2,7 +2,7 @@
title: Interactive logon Don't display username at sign-in (Windows 10)
description: Describes the best practices, location, values, and security considerations for the Interactive logon Don't display username at sign-in security policy setting.
ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd
ms.reviewer:
ms.reviewer:
ms.author: dansimp
ms.prod: w10
ms.mktglfcycl: deploy
@ -20,9 +20,9 @@ ms.date: 04/19/2017
# Interactive logon: Don't display username at sign-in
**Applies to**
- Windows Server 2003, Windows Vista, Windows XP, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8, Windows 10
- Windows 10, Windows Server 2019
Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting.
Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting.
## Reference
@ -56,7 +56,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
| Domain controller effective default settings | Not defined|
| Member server effective default settings | Not defined|
| Effective GPO default settings on client computers | Not defined|
## Policy management
This section describes features and tools that are available to help you manage this policy.

4
windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
View File

@ -129,9 +129,9 @@ Wildcards can be used at the beginning or end of a path rule; only one wildcard
## Windows Defender Application Control filename rules
File name rule levels provide administrators to specify the file attributes off which to base a file name rule. File name rules do not provide the same security guarantees that explicit signer rules do, as they are based on mutable access permissions. Specification of the file name level occurs when creating new policy rules. In addition, to combine file name levels found in multiple policies, you can merge multiple policies.
File name rule levels provide administrators to specify the file attributes off which to base a file name rule. File name rules provide the same security guarantees that explicit signer rules do, as they are based on non-mutable file attributes. Specification of the file name level occurs when creating new policy rules. In addition, to combine file name levels found in multiple policies, you can merge multiple policies.
Use Table 3 to select the appropriate file name level for your available administrative resources and Windows Defender Application Control deployment scenario.
Use Table 3 to select the appropriate file name level for your available administrative resources and Windows Defender Application Control deployment scenario. For instance, an LOB or production application and its binaries (eg. DLLs) may all share the same product name. This allows users to easily create targeted policies based on the Product Name filename rule level.
**Table 3. Windows Defender Application Control policy - filename levels**

1
windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
View File

@ -42,4 +42,3 @@ Your environment needs the following software to run Windows Defender Applicatio
|Operating system|Windows 10 Enterprise edition, version 1709 or higher<br>Windows 10 Professional edition, version 1803 or higher<br>Windows 10 Professional for Workstations edition, version 1803 or higher<br>Windows 10 Professional Education edition version 1803 or higher<br>Windows 10 Education edition, version 1903 or higher<br>Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with WDAG for Professional editions. |
|Browser|Microsoft Edge and Internet Explorer|
|Management system<br> (only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)<br><br>**-OR-**<br><br>[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/)<br><br>**-OR-**<br><br>[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)<br><br>**-OR-**<br><br>Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.|
|Windows Defender Exploit Protection settings|The following settings should be configured or verified in the **Windows Security** app under **App & browser control** > **Exploit protection** > **Exploit protection settings** > **System Settings**.<br><br>**Control flow guard (CFG)** must be set to **Use default (On)** or **Off by default**. If set to **On by default**, [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard) will not launch.<br><br>**Randomize memory allocations (Bottom-up ASLR)** must be set to **Use default (On)** or **Off by default**. If set to "On by default", the `Vmmem` process will have high CPU utilization while a Windows Defender Application Guard window is open.|

14
windows/security/threat-protection/windows-security-baselines.md
View File

@ -64,7 +64,7 @@ The security baselines are included in the [Security Compliance Toolkit (SCT)](s
## Community
[![Microsoft Security Guidance Blog](images/community.png)](https://blogs.technet.microsoft.com/secguide/)
[![Microsoft Security Guidance Blog](images/community.png)](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bd-p/Security-Baselines)
## Related Videos
@ -73,9 +73,9 @@ You may also be interested in this msdn channel 9 video:
## See Also
- [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager)
- [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite)
- [Configuration Management for Nano Server](https://blogs.technet.microsoft.com/grouppolicy/2016/05/09/configuration-management-on-servers/)
- [Microsoft Security Guidance Blog](https://blogs.technet.microsoft.com/secguide/)
- [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319)
- [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319)
- [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager)
- [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite)
- [Configuration Management for Nano Server](https://docs.microsoft.com/archive/blogs/grouppolicy/configuration-management-on-servers/)
- [Microsoft Security Guidance Blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines)
- [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319)
- [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319)