deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/rs3' into jd3csp

Browse Source
This commit is contained in:
jdeckerMS 2017-09-21 06:47:00 -07:00
commit 8bd26697d3
25 changed files with 340 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
browsers/edge/Index.md
View File

@ -23,7 +23,7 @@ Microsoft Edge is the new, default web browser for Windows 10, helping you to e
Microsoft Edge lets you stay up-to-date through the Windows Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools.
>[!Note]
>For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892).
>For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956). For a detailed report that provides you with a framework to evaluate the potential financial impact of adopting Microsoft Edge within your organization, you can download the full study here: [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847).
>Also, if you've arrived here looking for Internet Explorer 11 content, you'll need to go to the [Internet Explorer 11 (IE11)](https://docs.microsoft.com/en-us/internet-explorer/) area.
@ -59,7 +59,9 @@ You'll need to keep running them using IE11. If you don't have IE11 installed an
## Related topics
- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956)
- [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847)
- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)

7
browsers/edge/change-history-for-microsoft-edge.md
View File

@ -12,6 +12,11 @@ This topic lists new and updated topics in the Microsoft Edge documentation for
For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/microsoft-edge/platform/changelog/).
## September 2017
|New or changed topic | Description |
|---------------------|-------------|
|[Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros](microsoft-edge-faq.md) | New |
## February 2017
|New or changed topic | Description |
|----------------------|-------------|
@ -47,4 +52,4 @@ For a detailed feature list of what's in the current Microsoft Edge releases, th
|New or changed topic | Description |
|----------------------|-------------|
|[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. |
|[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. |

1
browsers/edge/microsoft-edge-faq.md
View File

@ -7,6 +7,7 @@ ms.prod: edge
ms.mktglfcycl: general
ms.sitesec: library
ms.localizationpriority: high
ms.date: 09/07/2017
---
# Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros

6
windows/access-protection/hello-for-business/hello-planning-guide.md
View File

@ -160,9 +160,9 @@ If your organization does not have cloud resources, write **On-Premises** in box
Choose a trust type that is best suited for your organizations. Remember, the trust type determines two things. Whether you issue authentication certificates to your users and if your deployment needs Windows Server 2016 domain controllers.
One trust model is not more secure than the other. The major difference is based on the organization comfort with deploying Windows Server 2016 domain controllers and not enrolling users with end enetity certificates (key-trust) against using existing domain controllers (Windows Server 2008R2 or later) and needing to enroll certificates for all their users (certificate trust).
One trust model is not more secure than the other. The major difference is based on the organization comfort with deploying Windows Server 2016 domain controllers and not enrolling users with end entity certificates (key-trust) against using existing domain controllers (Windows Server 2008R2 or later) and needing to enroll certificates for all their users (certificate trust).
Because the certificate trust tyoes issues certificates, there is more configuration and infrastrucutre needed to accomodate user certificate enrollment, which could also be a factor to consider in your decision. Additional infrastructure needed for certificatat-trust deployements includes a certificate registration authority. Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates.
Because the certificate trust types issues certificates, there is more configuration and infrastructure needed to accomodate user certificate enrollment, which could also be a factor to consider in your decision. Additional infrastructure needed for certificate-trust deployements includes a certificate registration authority. Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates.
If your organization wants to use the key trust type, write **key trust** in box **1b** on your planning worksheet. Write **Windows Server 2016** in box **4d**. Write **N/A** in box **5b**.
@ -320,4 +320,4 @@ If boxes **2a** or **2b** read **modern management** and you want devices to aut
## Congratulations, Youre Done
Your Windows Hello for Business planning worksheet should be complete. This guide provided understanding of the components used in the Windows Hello for Business infrastructure and rationalization of why they are used. The worksheet gives you an overview of the requirements needed to continue the next phase of the deployment. With this worksheet, youll be able to identify key elements of your Windows Hello for Business deployment.
Your Windows Hello for Business planning worksheet should be complete. This guide provided understanding of the components used in the Windows Hello for Business infrastructure and rationalization of why they are used. The worksheet gives you an overview of the requirements needed to continue the next phase of the deployment. With this worksheet, youll be able to identify key elements of your Windows Hello for Business deployment.

16
windows/deployment/update/update-compliance-get-started.md
View File

@ -25,14 +25,18 @@ Update Compliance has the following requirements:
2. The solution requires that Windows 10 telemetry is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) enabled. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization).
3. The telemetry of your organizations Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint:
Service | Endpoint
--- | ---
Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com<BR>settings-win.data.microsoft.com
Windows Error Reporting | watson.telemetry.microsoft.com
Online Crash Analysis | oca.telemetry.microsoft.com
Service | Endpoint
--- | ---
Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com<BR>settings-win.data.microsoft.com
Windows Error Reporting | watson.telemetry.microsoft.com
Online Crash Analysis | oca.telemetry.microsoft.com
4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV.
4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Troublehsoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md) topic for help on ensuring the configuration is correct.
For endpoints running Windows 10, version 1607 or earlier, [Windows telemetry must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level).
See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV.
## Add Update Compliance to Microsoft Operations Management Suite

5
windows/deployment/update/update-compliance-using.md
View File

@ -147,7 +147,10 @@ Devices are evaluated by OS Version (e.g., 1607) and the count of how many are C
You'll notice some new tiles in the Overview blade which provide a summary of Windows Defender AV-related issues, highlighted in the following screenshot.
![verview blade showing a summary of key Windows Defender Antivirus issues](images/update-compliance-wdav-overview.png)
![Overview blade showing a summary of key Windows Defender Antivirus issues](images/update-compliance-wdav-overview.png)
>[!IMPORTANT]
>If your devices are not showing up in the Windows Defender AV assessment section, check the [Troublshoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting) topic for help.
The **AV Signature** chart shows the number of devices that either have up-to-date [protection updates (also known as signatures or definitions)](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus), while the **Windows Defender AV Status** tile indicates the percentage of all assessed devices that are not updated and do not have real-time protection enabled. The Windows Defender Antivirus Assessment section provides more information that lets you investigate potential issues.

2
windows/deployment/update/waas-delivery-optimization.md
View File

@ -21,7 +21,7 @@ ms.date: 07/27/2017
Delivery Optimization is a self-organizing distributed cache solution for businesses looking to reduce bandwidth consumption for operating system updates, operating system upgrades, and applications by allowing clients to download those elements from alternate sources (such as other peers on the network) in addition to the traditional Internet-based Windows Update servers. You can use Delivery Optimization in conjunction with stand-alone Windows Update, Windows Server Update Services (WSUS), and Windows Update for Business. This functionality is similar to BranchCache in other systems, such as System Center Configuration Manager.
Delivery Optimization is a cloud managed solution. Having access to the Delivery Optimization cloud services, is a requirement for it to be enabled. This mean that in order to utilize the peer-to-peer functionality of Delivery Optimization, machines need to have access to the internet.
Delivery Optimization is a cloud managed solution. Having access to the Delivery Optimization cloud services, is a requirement for it to be enabled. This means that in order to utilize the peer-to-peer functionality of Delivery Optimization, machines need to have access to the internet.
For more details, see [Download mode](#download-mode).

6
windows/deployment/upgrade/upgrade-readiness-get-started.md
View File

@ -84,9 +84,9 @@ To enable data sharing, whitelist the following endpoints. Note that you may nee
| **Endpoint** | **Function** |
|---------------------------------------------------------|-----------|
| `https://v10.vortex-win.data.microsoft.com/collect/v1`<br>`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. |
| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. |
| `https://go.microsoft.com/fwlink/?LinkID=544713`<br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for Windows 10 computers. User computers send data to Microsoft through this endpoint.
| `https://Vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for operating systems older than Windows 10
| `https://settings.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. |
Note: The compatibility update KB runs under the computers system account.

1
windows/threat-protection/TOC.md
View File

@ -143,6 +143,7 @@
#### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
#### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
##### [Troublehsoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
#### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
##### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
##### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)

77
windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md Normal file
View File

@ -0,0 +1,77 @@
---
title: Collect diagnostic data for Update Compliance and Windows Defender AV
description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Windows Defender AV Assessment add in
keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
ms.date: 09/06/2017
---
# Collect Update Compliance diagnostic data for Windows Defender AV Assessment
**Applies to:**
- Windows 10
**Audience**
- IT administrators
This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.
Before attempting this process, ensure you have read the [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) topic, met all require pre-requisites, and taken any other suggested troubleshooting steps.
1. On at least two endpoints that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by following this process:
1. Open an administrator-level version of the command prompt:
1. Open the **Start** menu.
2. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**.
3. Enter administrator credentials or approve the prompt.
2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example:
```Dos
cd c:\program files\windows\defender
```
3. Enter the following command and press **Enter**
```Dos
mpcmdrun -getfiles
```
4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab.
2. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
3. Send an email using the <a href="mailto:ucsupport@microsoft.com?subject=WDAV assessment issue&body=I%20am%20encountering%20the%20following%20issue%20when%20using%20Windows%20Defender%20AV%20in%20Update%20Compliance%3a%20%0d%0aI%20have%20provided%20at%20least%202%20support%20.cab%20files%20at%20the%20following%20location%3a%20%3Caccessible%20share%2c%20including%20access%20details%20such%20as%20password%3E%0d%0aMy%20OMS%20workspace%20ID%20is%3a%20%0d%0aPlease%20contact%20me%20at%3a">Update Compliance support email template</a>, and fill out the template with the following information:
```
I am encountering the following issue when using Windows Defender AV in Update Compliance:
I have provided at least 2 support .cab files at the following location: <accessible share, including access details such as password>
My OMS workspace ID is:
Please contact me at:
```
## Related topics
- [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md)

2
windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
View File

@ -147,7 +147,7 @@ After whitelisting the URLs listed above, you can test if you are connected to t
Use the following argument with the Windows Defender AV command line utility (*mpcmdrun.exe*) to verify that your network can communicate with the Windows Defender AV cloud:
```DOS
MpCmdRun - ValidateMapsConnection
MpCmdRun -ValidateMapsConnection
```
> [!NOTE]
> You need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. This command will only work on Windows 10, version 1703.

BIN
windows/threat-protection/windows-defender-antivirus/images/server-add-gui.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

70
windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md Normal file
View File

@ -0,0 +1,70 @@
---
title: Troubleshoot problems with reporting tools for Windows Defender AV
description: Identify and solve common problems when attempting to report in Windows Defender AV protection status in Update Compliance
keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
ms.date: 09/06/2017
---
# Troubleshoot Windows Defender Antivirus reporting in Update Compliance
**Applies to:**
- Windows 10
**Audience**
- IT administrators
When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues.
Typically, the most common indicators of a problem are:
- You only see a small number or subset of all the devices you were expecting to see
- You do not see any devices at all
- The reports and information you do see is outdated (older than a few days)
For common error codes and event IDs related to the Windows Defender AV service that are not related to Update Compliance, see the [Windows Defender Antivirus events](troubleshoot-windows-defender-antivirus.md) topic.
There are three steps to troubleshooting these problems:
1. Confirm that you have met all pre-requisites
2. Check your connectivity to the Windows Defender cloud-based service
3. Submit support logs
>[!IMPORTANT]
>It typically takes 3 days for devices to start appearing in Update Compliance
## Confirm pre-requisites
In order for devices to properly show up in Update Compliance, you have to meet certain pre-requisites for both the Update Compliance service and for Windows Defender AV protection:
>[!div class="checklist"]
>- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](windows-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance.
> - [Cloud-delivered protection is enabled](enable-cloud-protection-windows-defender-antivirus.md).
> - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud)
> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 telemetry must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level).
> - It has been 3 days since all requirements have been met
If the above pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us.
> [!div class="nextstepaction"]
> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance.md)
## Related topics
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)

62
windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
View File

@ -1,6 +1,6 @@
---
title: Windows Defender Antivirus and Windows Defender ATP
description: Windows Defender AV and Windows Defender ATP work together to provide threat detection, remediation, and investigation.
title: Windows Defender Antivirus compatibility with other security products
description: Windows Defender AV operates in different ways depending on what other security products you have installed, and the operating system you are using.
keywords: windows defender, atp, advanced threat protection, compatibility, passive mode
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
@ -11,35 +11,75 @@ ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
ms.date: 06/13/2017
ms.date: 09/07/2017
---
# Windows Defender Antivirus and Advanced Threat Protection: Better together
# Windows Defender Antivirus and third party protection products
**Applies to:**
- Windows 10
- Windows Server 2016
**Audience**
- Enterprise security administrators
Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10.
Windows Defender Advanced Threat Protection (ATP) is an additional service beyond Windows Defender Antivirus that helps enterprises detect, investigate, and respond to advanced persistent threats on their network.
See the [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) topics for more information about the service.
However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender AV will automatically disable itself.
If you are enrolled in Windows Defender ATP, and you are not using Windows Defender AV as your real-time protection service on your endpoints, Windows Defender will automatically enter into a passive mode. On Windows Server 2016 SKUs, Windows Defender AV will not enter into the passive mode and will run alongside your other antivirus product.
If you are also using Windows Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode.
In passive mode, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware.
On Windows Server 2016, Windows Defender AV will not enter passive or disabled mode if you have also installed a third-party antivirus product. See [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) topic for key differences and management options for Windows Server installations.
You can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
The following matrix illustrates how Windows Defender AV operates when third-party antivirus products or Windows Defender ATP are also used.
If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode.
Windows version | Antimalware protection offered by | Organization enrolled in Windows Defender ATP | Windows Defender AV state
-|-|-|-
Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode
Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode
Windows 10 | Windows Defender AV | Yes | Active mode
Windows 10 | Windows Defender AV | No | Active mode
Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode
Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Active mode
Windows Server 2016 | Windows Defender AV | Yes | Active mode
Windows Server 2016 | Windows Defender AV | No | Active mode
>[!IMPORTANT]
>Windows Defender AV is only available on endpoints running Windows 10 or Windows Server 2016.
>
>In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/en-us/library/hh508760.aspx), which is managed through System Center Configuration Manager.
>
>Windows Defender is also offered for [consumer devices on Windows 8.1 and Windows Server 2012](https://technet.microsoft.com/en-us/library/dn344918#BKMK_WindowsDefender), although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations).
In the passive and automatic disabled modes, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware.
The reasons for this are twofold:
1. If you are enrolled in Windows Defender ATP, [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
2. If the protection offered by a third-party antivirus product goes out of date, is not updated, or stops providing real-time protection from viruses, malware, and other threats, then Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint.
Therefore, the Windows Defender AV service needs to update itself to ensure it has up-to-date protection coverage in case it needs to automatically enable itself.
You can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode.
>[!WARNING]
>You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender AV, Windows Defender ATP, or the Windows Defender Security Center app.
>
>This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks.
## Related topics
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
- [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md)

49
windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
ms.date: 08/25/2017
ms.date: 09/07/2017
---
@ -56,21 +56,56 @@ This topic includes the following instructions for setting up and running Window
- [Configure automatic exclusions](#BKMK_DefExclusions)
<a name="BKMK_UsingDef"></a>
## Enable the interface
By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs.
## Enable or disable the interface on Windows Server 2016
By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required.
You can enable or disable the interface by using the **Add Roles and Features Wizard** or PowerShellCmdlets, as described in the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic.
If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option.
The following PowerShell cmdlet will enable the interface:
![](images/server-add-gui.png)
See the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic for information on using the wizard.
The following PowerShell cmdlet will also enable the interface:
```PowerShell
Install-WindowsFeature -Name Windows-Defender-GUI
```
The following cmdlet will disable the interface:
To hide the interface, use the **Remove Roles and Features Wizard** and deselect the **GUI for Windows Defender** option at the **Features** step, or use the following PowerShell cmdlet:
```PowerShell
Uninstall-WindowsFeature -Name Windows-Defender-GUI
```
>[!IMPORTANT]
> Windows Defender AV will still run normally without the user interface, but the user interface cannot be enabled if you disable the core **Windows Defender** feature.
## Install or uninstall Windows Defender AV on Windows Server 2016
You can also uninstall Windows Defender AV completely with the **Remove Roles and Features Wizard** by deselecting the **Windows Defender Features** option at the **Features** step in the wizard.
>[!NOTE]
>Deselecting **Windows Defender** on its own under the **Windows Defender Features** section will automatically prompt you to remove the interface option **GUI for Windows Defender**.
The following PowerShell cmdlet will also uninstall Windows Defender AV on Windows Server 2016:
```PS
Uninstall-WindowsFeature -Name Windows-Server-Antimalware
Uninstall-WindowsFeature -Name Windows-Defender
```
To install Windows Defender AV again, use the **Add Roles and Features Wizard** and ensure the **Windows Defender** feature is selected. You can also enable the interface by selecting the **GUID for Windows Defender** option.
You can also use the following PowerShell cmdlet to install Windows Defender AV:
```PS
Install-WindowsFeature -Name Windows-Defender
```
> [!TIP]

4
windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
View File

@ -38,11 +38,11 @@ In Windows 10, version 1703 (also known as the Creators Update), the Windows Def
Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703.
> [!IMPORTANT]
> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date.
> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
> [!WARNING]
> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed.
>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
>This will significantly lower the protection of your device and could lead to malware infection.

2
windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
View File

@ -77,7 +77,7 @@ Field numbers match the numbers in the images below.
![Image of artifact timeline with numbers](images/atp-siem-mapping3.png)
![Image of alert timeline with numbers](images/atp-siem-mapping4.png)
![Image of artifact timeline with numbers](images/atp-siem-mapping4.png)
![Image machine view](images/atp-mapping6.png)

4
windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
View File

@ -29,14 +29,14 @@ ms.date: 09/05/2017
You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints.
For example, if endpoints are not appearing in the **Machines list** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
For example, if endpoints are not appearing in the **Machines list**, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
> [!NOTE]
> It can take several days for endpoints to begin reporting to the Windows Defender ATP service.
**Open Event Viewer and find the Windows Defender ATP service event log:**
1. Click **Start**, type **Event Viewer**, and press **Enter**.
1. Click **Start** on the Windows menu, type **Event Viewer**, and press **Enter**.
2. In the log list, under **Log Summary**, scroll until you see **Microsoft-Windows-SENSE/Operational**. Double-click the item to
open the log.

14
windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
View File

@ -93,18 +93,8 @@ Use the search bar to look for specific timeline events. Harness the power of us
- Behaviors mode: displays "detections" and selected events of interest
- Verbose mode: displays all raw events without aggregation or filtering
- **Event type** - Click the drop-down button to filter by the following levels:
- Windows Defender ATP alerts
- Windows Defender AV alerts
- Response actions
- AppGuard related events
- Windows Defender Device Guard events
- Process events
- Network events
- File events
- Registry events
- Load DLL events
- Other events <br><br>
- **Event type** - Click the drop-down button to filter by events such as Windows - Windows Defender ATP alerts, Windows Defender Application Guard events, registry events, file events, and others.
Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed.
- **User account** Click the drop-down button to filter the machine timeline by the following user associated events:

26
windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
View File

@ -37,7 +37,7 @@ Use the Machines list in these main scenarios:
## Sort, filter, and download the list of machines from the Machines list
You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order.
Filter the **Machines list** by time period, **OS Platform**, **Health**, **Security state**, **Malware category alerts**, or **Groups** to focus on certain sets of machines, according to the desired criteria.
Filter the **Machines list** by **Time**, **OS Platform**, **Health**, **Security state**, **Malware category alerts**, **Groups**, or **Tags** to focus on certain sets of machines, according to the desired criteria.
You can also download the entire list in CSV format using the **Export to CSV** feature.
@ -60,25 +60,29 @@ You can use the following filters to limit the list of machines displayed during
- Mac OS
- Other
**Health**</br>
- All
- Well configure
- Requires attention - Depending on the Windows Defender security controls configured in your enterprise, you'll see various available filters.
**Sensor health state**</br>
Filter the list to view specific machines grouped together by the following machine health states:
- **Active** Machines that are actively reporting sensor data to the service.
- **Misconfigured** Machines that have impaired communications with service or are unable to send sensor data. Misconfigured machines can further be classified to:
- Impaired communications
- No sensor data
- Impaired communications
For more information on how to address issues on misconfigured machines see, [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
- **Inactive** Machines that have completely stopped sending signals for more than 7 days.
**Malware category**</br>
**Security state**</br>
Filter the list to view specific machines that are well configured or require attention based on the Windows Defender security controls that are enabled in your organization.
- **Well configured** - Machines have the Windows Defender security controls well configured.
- **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization.
For more information, see [View the Security Analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md).
**Malware category alerts**</br>
Filter the list to view specific machines grouped together by the following malware categories:
- **Ransomware** Ransomware use common methods to encrypt files using keys that are known only to attackers. As a result, victims are unable to access the contents of the encrypted files. Most ransomware display or drop a ransom note—an image or an HTML file that contains information about how to obtain the attacker-supplied decryption tool for a fee.
- **Credential theft** Spying tools, whether commercially available or solely used for unauthorized purposes, include general purpose spyware, monitoring software, hacking programs, and password stealers.
@ -88,6 +92,8 @@ Filter the list to view specific machines grouped together by the following malw
- **General malware** Malware are malicious programs that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft. Some malware can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyberattacks.
- **PUA** Unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software.
## Groups and tags
You can filter the list based on the grouping and tagging that you've added to individual machines. For more information, see [Manage machine group and tags](respond-machine-alerts-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags).
## Export machine list to CSV
You can download a full list of all the machines in your organization, in CSV format. Click the **Export to CSV** button to download the entire list as a CSV file.
@ -99,13 +105,11 @@ Exporting the list in CSV format displays the data in an unfiltered manner. The
You can sort the **Machines list** by the following columns:
- **Machine name** - Name or GUID of the machine
- **Domain** - Domain where the machine is joined in
- **OS Platform** - Indicates the OS of the machine
- **Health State** Indicates if the machine is misconfigured or is not sending sensor data
- **Last seen** - Date and time when the machine last reported sensor data
- **Internal IP** - Local internal Internet Protocol (IP) address of the machine
- **Active Alerts** - Number of alerts reported by the machine by severity
- **Active malware detections** - Number of active malware detections reported by the machine
- **Active malware alerts** - Number of active malware detections reported by the machine
> [!NOTE]
> The **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) as the active real-time protection antimalware product.

4
windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
View File

@ -30,7 +30,7 @@ Enterprise security teams can use the Windows Defender ATP portal to monitor and
You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to:
- View, sort, and triage alerts from your endpoints
- Search for more information on observed indicators such as files and IP Addresses
- Change Windows Defender ATP settings, including time zone and licensing information.
- Change Windows Defender ATP settings, including time zone and review licensing information.
## Windows Defender ATP portal
When you open the portal, youll see the main areas of the application:
@ -54,7 +54,7 @@ Area | Description
**Alerts queue** | Enables you to view separate queues of new, in progress, resolved alerts, alerts assigned to you, and suppression rules.
**Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features.
**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, enable or turn off advanced features, and build Power BI reports.
**Endpoint management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding.
(3) Main portal| Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list.

8
windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
View File

@ -1,7 +1,7 @@
---
title: Check the Windows Defender ATP service health
description: Check Windows Defender ATP service health, see if the service is experiencing issues and review previous issues that have been resolved.
keywords: dashboard, service, issues, service health, current issues, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time
keywords: dashboard, service, issues, service health, current status, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@ -33,11 +33,11 @@ You can view details on the service health by clicking the tile from the **Secur
The **Service health** details page has the following tabs:
- **Current issues**
- **Current status**
- **Status history**
## Current issues
The **Current issues** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue:
## Current status
The **Current status** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue:
- Date and time for when the issue was detected
- A short description of the issue

4
windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
View File

@ -1,7 +1,7 @@
---
title: Windows Defender Advanced Threat Protection settings
description: Use the menu to configure the time zone, suppression rules, and view license information.
keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license, suppression rules
description: Use the menu to configure the time zone and view license information.
keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
View File

@ -101,7 +101,7 @@ Topic | Description
[Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) | Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI.
[Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service.
[Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings, suppression rules, and view license information.
[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings and view license information.
[Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md) | Verify that the service health is running properly or if there are current issues.
[Troubleshoot Windows Defender Advanced Threat Protection](troubleshoot-windows-defender-advanced-threat-protection.md) | This topic contains information to help IT Pros find workarounds for the known issues and troubleshoot issues in Windows Defender ATP.
[Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)| Review events and errors associated with event IDs to determine if further troubleshooting steps are required.

59
windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md
View File

@ -1,6 +1,6 @@
---
title: Windows Defender Security Center
description: The Windows Defender Security Center brings together common Windows security features into one place
description: The Windows Defender Security Center app brings together common Windows security features into one place
keywords: wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
@ -22,17 +22,17 @@ ms.date: 08/25/2017
**Applies to**
- Windows 10, version 1703
- Windows 10, version 1709
In Windows 10, version 1703 we introduced the new Windows Defender Security Center, which brings together common Windows security features into one, easy-to-use app.
In Windows 10, version 1703 we introduced the new Windows Defender Security Center app, which brings together common Windows security features into one easy-to-use app.
![Screen shot of the Windows Defender Security Center showing that the device is protected and five icons for each of the features](images/security-center-home.png)
![Screen shot of the Windows Defender Security Center app showing that the device is protected and five icons for each of the features](images/security-center-home.png)
@ -41,60 +41,71 @@ Many settings that were previously part of the individual features and main Wind
The app includes the settings and status for the following security features:
- Virus & threat protection, including settings for Windows Defender Antivirus
- Virus & threat protection, including settings for Windows Defender Antivirus and Controlled folder access
- Device performance & health, which includes information about drivers, storage space, and general Windows Update issues
- Firewall & network protection, including Windows Firewall
- App & browser control, covering Windows Defender SmartScreen settings
- App & browser control, covering Windows Defender SmartScreen settings and Exploit protection mitigations
- Family options, which include a number of parental controls along with tips and information for keeping kids safe online
The Windows Defender Security Center uses the [Windows Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on 3rd party antivirus and firewall products that are installed on the device.
The Windows Defender Security Center app uses the [Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on third-party antivirus and firewall products that are installed on the device.
> [!IMPORTANT]
> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date.
>[!IMPORTANT]
>Windows Defender AV and the Windows Defender Security Center app use similarly named services for specific purposes.
>
>The Windows Defender Security Center app uses the Windows Defender Security Center Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Firewall, and other security protection.
>
>These services do not affect the state of Windows Defender AV. Disabling or modifying these services will not disable Windows Defender AV, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product.
>
>Windows Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
>
>Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security).
> [!WARNING]
> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed.
>This will significantly lower the protection of your device and could lead to malware infection.
> If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
>
>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
>
>This will significantly lower the protection of your device and could lead to malware infection.
## Open the Windows Defender Security Center
## Open the Windows Defender Security Center app
- Right-click the icon in the notification area on the taskbar and click **Open**.
![Screen shot of the Shield icon for the Windows Defender Security Center in the bottom Windows task bar](images/security-center-taskbar.png)
![Screen shot of the icon for the Windows Defender Security Center app on the Windows task bar](images/security-center-taskbar.png)
- Search the Start menu for **Windows Defender Security Center**.
![Screen shot of the Start menu showing the results of a search for Windows Defender Security Center, the first option with a large shield symbol is selected](images/security-center-start-menu.png)
![Screen shot of the Start menu showing the results of a search for the Windows Defender Security Center app, the first option with a large shield symbol is selected](images/security-center-start-menu.png)
> [!NOTE]
> Settings configured with management tools, such as Group Policy, Microsoft Intune, or System Center Configuration Manager, will generally take precedence over the settings in the Windows Defender Security Center. Review the settings for each feature in its appropriate library. Links for both home user and enterprise or commercial audiences are listed below.
## How the Windows Defender Security Center works with Windows security features
## How the Windows Defender Security Center app works with Windows security features
The Windows Defender Security Center operates as a separate app or process from each of the individual features, and will display notifications through the Action Center.
The Windows Defender Security Center app operates as a separate app or process from each of the individual features, and will display notifications through the Action Center.
It acts as a collector or single place to see the status and perform some configuration for each of the features.
Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center. The Windows Defender Security Center itself will still run and show status for the other security features.
Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center app. The Windows Defender Security Center app itself will still run and show status for the other security features.
> [!IMPORTANT]
> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center itself.
> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center app.
For example, [using a 3rd party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall.
For example, [using a third-party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall.
The presence of the 3rd party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center.
The presence of the third-party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center app.
## More information
See the following links for more information on the features in the Windows Defender Security Center:
See the following links for more information on the features in the Windows Defender Security Center app:
- Windows Defender Antivirus
- IT administrators and IT pros can get configuration guidance from the [Windows Defender Antivirus in the Windows Defender Security Center topic](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) and the [Windows Defender Antivirus documentation library](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
- Home users can learn more at the [Virus & threat protection in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4012987/windows-10-virus-threat-protection-windows-defender-security-center)