deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into jdh1wcd

Browse Source
This commit is contained in:
Jeanie Decker
2019-03-28 11:45:39 -07:00
parent 5c3f4f8881 a1c08466e1
commit 8f65c86170
110 changed files with 979 additions and 645 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to add employees to the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/administrative-templates-and-ie11.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: security
description: Administrative templates and Internet Explorer 11
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

4
browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
View File

@ -6,8 +6,8 @@ ms.prod: ie11
ms.mktglfcycl: deploy
ms.pagetype: appcompat
ms.sitesec: library
author: eross-msft
ms.author: lizross
author: jdeckerms
ms.author: dougkim
ms.date: 08/14/2017
ms.localizationpriority: low
---

2
browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
View File

@ -2,7 +2,7 @@
ms.localizationpriority: low
ms.mktglfcycl: deploy
description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
title: Collect data using Enterprise Site Discovery

2
browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to create a change request within the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
description: Delete a single site from your global Enterprise Mode site list.
ms.pagetype: appcompat
ms.mktglfcycl: deploy
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
title: Enterprise Mode for Internet Explorer 11 (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
title: Enterprise Mode schema v.1 guidance (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
title: Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to remove sites from a local compatibility view list.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to remove sites from a local Enterprise Mode site list.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Search to see if a specific site already appears in your global Enterprise Mode site list.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Set up and turn on Enterprise Mode logging and data collection in your organization.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/set-up-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/turn-off-enterprise-mode.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
title: Turn off Enterprise Mode (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Turn on local user control and logging for Enterprise Mode.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
title: Turn on local control and logging for Enterprise Mode (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/using-enterprise-mode.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: security
description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

45
devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
View File

@ -15,19 +15,26 @@ ms.topic: article
---
# Deploying the latest firmware and drivers for Surface devices
Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment. If you need to install drivers and firmware separately from Windows Update, you can find the requisite files on the Microsoft Download Center. Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices.
Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment.
## Downloading MSI files
To download MSI files, refer to the following Microsoft Support page:
- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface)<br>
Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices.
## Deploying MSI files
Driver and firmware updates for Surface devices containing all required cumulative updates are available as separate MSI files packaged for specific versions of Windows 10. For example, for Surface Pro 6, there are separate MSI files for Windows 10 versions 16299, 17134, and 17763.
When deploying updates to Surface devices in your organization, you need to first determine the appropriate .MSI file for the Windows version running on your target devices.
Driver and firmware updates for Surface devices containing all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10.
In the name of each of these files you will find a Windows build number, this number indicates the minimum supported build required to install the drivers and firmware contained within. Refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information) for a list of the build numbers for each version. For example, to install the drivers contained in SurfacePro6_Win10_16299_1900307_0.msi file you must have Windows 10 Fall Creators Update version 1709, or newer installed on your Surface Pro 6.
### Naming convention for Surface MSI files
Each .MSI file is named in accordance with a formula that begins with the product and Windows release information, followed by the Windows OS floor number and version number, and ending with the revision of version number:
### Surface MSI naming convention
Each .MSI file is named in accordance with a formula that begins with the product and Windows release information, followed by the Windows build number and version number, and ending with the revision of version number. SurfacePro6_Win10_16299_1900307_0.msi is classified as follows:
**Example:**
SurfacePro6_Win10_16299_1900307_0.msi :
| Product | Windows release | OS floor | Version | Revision of version |
| Product | Windows release | Build | Version | Revision of version |
| --- | --- | --- | --- | --- |
| SurfacePro6 | Win10 | 16299 | 1900307 | 0 |
| | | | Indicates key date and sequence information | Indicates release history of the MSI file |
@ -42,31 +49,9 @@ Look to the **version** number to determine the latest files that contain the mo
The first file — SurfacePro6_Win10_16299_1900307_0.msi — is the newest because its VERSION field has the newest build in 2019; the other files are from 2018.
### Downloading MSI files
To download MSI files, refer to the following Microsoft Support page:
## Supported devices
Downloadable MSI files are available for Surface devices from Surface Pro 2 and later.
- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface)
The following MSI files are available:
- Surface Laptop 2
- Surface Pro 6
- Surface Go
- Surface Go with LTE Advanced
- Surface Book 2
- Surface Laptop
- Surface Pro
- Surface Pro with LTE Advanced
- Surface Pro 6
- Surface Studio
- Surface Studio 2
- Surface Book
- Surface Pro 4
- Surface Pro 3
- Surface 3
- Surface 3 LTE
- Surface Pro 2
[!NOTE]
There are no downloadable firmware or driver updates available for Surface devices with Windows RT, including Surface RT and Surface 2. Updates can only be applied using Windows Update.

2
devices/surface/surface-system-sku-reference.md
View File

@ -14,7 +14,7 @@ ms.date: 03/20/2019
# System SKU reference
This document provides a reference of System Model and System SKU names that you can use to quickly determine the machine state of a specific device using PowerShell, WMI,
This document provides a reference of System Model and System SKU names that you can use to quickly determine the machine state of a specific device using PowerShell or WMI.
System Model and System SKU are variables stored in System Management BIOS (SMBIOS) tables in the UEFI layer of Surface devices. The System SKU name is required to differentiate between devices with the same System Model name, such as Surface Pro and Surface Pro with LTE Advanced.

2
mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
View File

@ -60,7 +60,7 @@ UE-V will roam the Outlook 2010 signature files between devices. However, the de
### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
We recommend that you install the 64-bit version of Microsoft Office for modern computers. To determine which version you you need, [click here](https://support.office.com/article/choose-between-the-64-bit-or-32-bit-version-of-office-2dee7807-8f95-4d0c-b5fe-6c6f49b8d261?ui=en-US&rs=en-US&ad=US#32or64Bit=Newer_Versions).
We recommend that you install the 64-bit version of Microsoft Office for modern computers. To determine which version you need, [click here](https://support.office.com/article/choose-between-the-64-bit-or-32-bit-version-of-office-2dee7807-8f95-4d0c-b5fe-6c6f49b8d261?ui=en-US&rs=en-US&ad=US#32or64Bit=Newer_Versions). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
**WORKAROUND:** None

2
windows/application-management/app-v/appv-about-appv.md
View File

@ -1,7 +1,7 @@
---
title: What's new in App-V for Windows 10, version 1703 and earlier (Windows 10)
description: Information about what's new in App-V for Windows 10, version 1703 and earlier.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-auto-batch-sequencing.md
View File

@ -1,7 +1,7 @@
---
title: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
description: How to automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer).
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-auto-batch-updating.md
View File

@ -1,7 +1,7 @@
---
title: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
description: How to automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer).
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
View File

@ -1,7 +1,7 @@
---
title: Automatically clean up unpublished packages on the App-V client (Windows 10)
description: How to automatically clean up any unpublished packages on your App-V client devices.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-auto-provision-a-vm.md
View File

@ -1,7 +1,7 @@
---
title: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
description: How to automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) PowerShell cmdlet or the user interface.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-available-mdm-settings.md
View File

@ -1,7 +1,7 @@
---
title: Available Mobile Device Management (MDM) settings for App-V (Windows 10)
description: A list of the available MDM settings for App-V on Windows 10.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-create-and-use-a-project-template.md
View File

@ -1,7 +1,7 @@
---
title: Create and apply an App-V project template to a sequenced App-V package (Windows 10)
description: Steps for how to create and apply an App-V project template (.appvt) to a sequenced App-V package.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
View File

@ -1,7 +1,7 @@
---
title: Release Notes for App-V for Windows 10, version 1703 (Windows 10)
description: A list of known issues and workarounds for App-V running on Windows 10, version 1703.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
View File

@ -1,7 +1,7 @@
---
title: Release Notes for App-V for Windows 10, version 1607 (Windows 10)
description: A list of known issues and workarounds for App-V running on Windows 10, version 1607.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-sequence-a-new-application.md
View File

@ -1,7 +1,7 @@
---
title: Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
description: How to manually sequence a new app using the App-V Sequencer
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

4
windows/client-management/mdm/firewall-csp.md
View File

@ -277,6 +277,7 @@ Sample syncxml to provision the firewall settings to evaluate
</ul>
<p style="margin-left: 20px">If not specified, the default is All.</p>
<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
<p style="margin-left: 20px">The tokens "Intranet", "RmtIntranet", "Internet" and "Ply2Renders" are supported on Windows 10, version 1809, and later.</p>
<a href="" id="description"></a>**FirewallRules/_FirewallRuleName_/Description**
<p style="margin-left: 20px">Specifies the description of the rule.</p>
@ -306,7 +307,7 @@ Sample syncxml to provision the firewall settings to evaluate
<p style="margin-left: 20px">Value type is integer. Supported operations are Get and Replace.</p>
<a href="" id="direction"></a>**FirewallRules/_FirewallRuleName_/Direction**
<p style="margin-left: 20px">Comma separated list. The rule is enabled based on the traffic direction as following. Supported values:</p>
<p style="margin-left: 20px">The rule is enabled based on the traffic direction as following. Supported values:</p>
<ul>
<li>IN - the rule applies to inbound traffic.</li>
<li>OUT - the rule applies to outbound traffic.</li>
@ -320,7 +321,6 @@ Sample syncxml to provision the firewall settings to evaluate
<li>RemoteAccess</li>
<li>Wireless</li>
<li>Lan</li>
<li>MobileBroadband</li>
</ul>
<p style="margin-left: 20px">If not specified, the default is All.</p>
<p style="margin-left: 20px">Value type is string. Supported operations are Get and Replace.</p>

2
windows/client-management/mdm/policy-csp-authentication.md
View File

@ -296,6 +296,8 @@ Added in Windows 10, version 1607. Allows secondary authentication devices to w
The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premises only environment, cloud domain-joined in a hybrid environment, and BYOD).
In the next major release of Windows 10, the default for this policy for consumer devices will be changed to off. This will only affect users that have not already set up a secondary authentication device.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:

16
windows/client-management/mdm/policy-csp-restrictedgroups.md
View File

@ -113,9 +113,15 @@ Here is an example:
```
<groupmembership>
<accessgroup desc="Group SID for Administrators">
<member name = "S-188-5-5666-5-688"/>
</accessgroup>
<accessgroup desc="Administrators">
<member name="AzureAD\CSPTest@contoso.com" />
<member name="CSPTest22306\administrator" />
<member name = "AzureAD\patlewis@contoso.com" />
</accessgroup>
<accessgroup desc = "testcsplocal">
<member name = "CSPTEST22306\patlewis" />
<member name = "AzureAD\CSPTest@contoso.com" />
</accessgroup>
</groupmembership>
```
<!--/Example-->
@ -125,6 +131,10 @@ Here is an example:
<!--/Policy-->
<hr/>
Take note:
* You must include the local administrator in the administrators group or the policy will fail
* Include the entire UPN after AzureAD
Footnote:
- 1 - Added in Windows 10, version 1607.

4
windows/configuration/cortana-at-work/cortana-at-work-crm.md
View File

@ -4,9 +4,9 @@ description: How to set up Cortana to help your salespeople get proactive insigh
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-feedback.md
View File

@ -4,9 +4,9 @@ description: How to send feedback to Microsoft about Cortana at work.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-o365.md
View File

@ -4,9 +4,9 @@ description: How to connect Cortana to Office 365 so your employees are notified
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
View File

@ -4,9 +4,9 @@ description: The list of Group Policy and mobile device management (MDM) policy
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
View File

@ -4,9 +4,9 @@ description: How to integrate Cortana with Power BI to help your employees get a
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
View File

@ -4,9 +4,9 @@ description: A test scenario walking you through signing in and managing the not
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
View File

@ -4,9 +4,9 @@ description: A test scenario about how to perform a quick search with Cortana at
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
View File

@ -4,9 +4,9 @@ description: A test scenario about how to set a location-based reminder using Co
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
View File

@ -4,9 +4,9 @@ description: A test scenario about how to use Cortana at work to find your upcom
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
View File

@ -4,9 +4,9 @@ description: A test scenario about how to use Cortana at work to send email to a
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
View File

@ -4,9 +4,9 @@ description: A test scenario about how to use Cortana with the Suggested reminde
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
View File

@ -4,9 +4,9 @@ description: An optional test scenario about how to use Cortana at work with Win
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
View File

@ -4,9 +4,9 @@ description: A list of suggested testing scenarios that you can use to test Cort
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
View File

@ -4,9 +4,9 @@ description: How to create voice commands that use Cortana to perform voice-enab
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

2
windows/configuration/manage-wifi-sense-in-enterprise.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: mobile
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.date: 05/02/2018
ms.topic: article

2
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -187,7 +187,7 @@ On a desktop computer, navigate to **Settings** &gt; **Accounts** &gt; **Work ac
## Guidance for accounts on shared PCs
* We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account managment happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will also be deleted automatically at sign out.
* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account managment happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out.
* On a Windows PC joined to Azure Active Directory:
* By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
* With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.

2
windows/deployment/planning/act-technical-reference.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: plan
ms.pagetype: appcompat
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.date: 04/19/2017
ms.topic: article
---

18
windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
View File

@ -42,6 +42,8 @@ If you've followed the steps in the [Enrolling devices in Windows Analytics](win
[Device names not appearing for Windows 10 devices](#device-names-not-appearing-for-windows-10-devices)
[Custom log queries using the AbnormalShutdownCount field of Device Health show zero or lower than expected results](#custom-log-queries-using-the-abnormalshutdowncount-field-of-device-health-show-zero-or-lower-than-expected-results)
[Disable Upgrade Readiness](#disable-upgrade-readiness)
[Exporting large data sets](#exporting-large-data-sets)
@ -54,7 +56,7 @@ In Log Analytics, go to **Settings > Connected sources > Windows telemetry** and
Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices with a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/) on the Windows Analytics blog.
>[!NOTE]
> If you generate the status report and get an error message saying "Sorry! Were not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** and unsubscribe, wait a minute and then re-subscribe to Upgrade Readiness.
> If you generate the status report and get an error message saying "Sorry! Were not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** remove the Upgrade Readiness solution, and then re-add it.
If devices are not showing up as expected, find a representative device and follow these steps to run the latest pilot version of the Upgrade Readiness deployment script on it to troubleshoot issues:
@ -201,6 +203,20 @@ Finally, Upgrade Readiness only collects IE site discovery data on devices that
### Device names not appearing for Windows 10 devices
Starting with Windows 10, version 1803, the device name is no longer collected by default and requires a separate opt-in. For more information, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). Allowing device names to be collected can make it easier for you to identify individual devices that report problems. Without the device name, Windows Analytics can only label devices by a GUID that it generates.
### Custom log queries using the AbnormalShutdownCount field of Device Health show zero or lower than expected results
This issue affects custom queries of the Device Health data by using the **Logs > Search page** or API. It does not impact any of the built-in tiles or reports of the Device Health solution. The **AbnormalShutdownCount** field of the **DHOSReliability** data table represents abnormal shutdowns other than crashes, such as sudden power loss or holding down the power button.
We have identified an incompatibility between AbnormalShutdownCount and the Limited Enhanced diagnostic data level on Windows 10, versions 1709, 1803, and 1809. Such devices do not send the abnormal shutdown signal to Microsoft. You should not rely on AbnormalShutdownCount in your custom queries unless you use any one of the following workarounds:
- Upgrade devices to Windows 10, version 1903 when available. Participants in the Windows Insider program can preview this change using Windows Insider builds.
- Change the diagnostic data setting from devices running Windows 10, versions 1709, 1803, and 1809 normal Enhanced level instead of Limited Enhanced.
- Use alternative data from devices to track abnormal shutdowns. For example, you can forward abnormal shutdown events from the Windows Event Log to your Log Analytics workspace by using the Log Analytics agent. Suggested events to forward include:
- Log: System, ID: 41, Source: Kernel-Power
- Log System, ID: 6008, Source: EventLog
### Disable Upgrade Readiness
If you want to stop using Upgrade Readiness and stop sending diagnostic data to Microsoft, follow these steps:

3
windows/deployment/update/windows-analytics-overview.md
View File

@ -52,3 +52,6 @@ Use Upgrade Readiness to get:
- Data export to commonly used software deployment tools, including System Center Configuration Manager
To get started with any of these solutions, visit the links for instructions to add it to Azure Portal.
>[!NOTE]
> For details about licensing requirements and costs associated with using Windows Analytics solutions, see [What are the requirements and costs for Windows Analytics solutions?](windows-analytics-FAQ-troubleshooting.md#what-are-the-requirements-and-costs-for-windows-analytics-solutions).

2
windows/deployment/windows-10-enterprise-subscription-activation.md
View File

@ -9,6 +9,8 @@ ms.sitesec: library
ms.pagetype: mdt
author: greg-lindsay
ms.collection: M365-modern-desktop
search.appverid:
- MET150
ms.topic: article
---

19
windows/hub/release-information.md
View File

@ -11,24 +11,15 @@ author: lizap
ms.author: elizapo
ms.localizationpriority: high
---
# Windows 10 - Release information
# Windows 10 release information
>[!IMPORTANT]
> The URL for the release information page has changed - update your bookmark!
Feature updates for Windows 10 are released twice a year, targeting March and September, via the Semi-Annual Channel (SAC) and will be serviced with monthly quality updates for 18 months from the date of the release. We recommend that you begin deployment of each SAC release immediately to devices selected for early adoption and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
Microsoft has updated its servicing model. The Semi-Annual Channel (SAC) offers twice-per-year feature updates that release around March and September, with an 18-month servicing period for each release. Starting with Windows 10, version 1809, feature updates for Windows 10 Enterprise and Education editions with a targeted release month of September will be serviced for 30 months from their release date (more information can be found [here](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/)).
Starting with Windows 10, version 1809, feature updates for Windows 10 Enterprise and Education editions with a targeted release month of September will be serviced for 30 months from their release date. For information about servicing timelines, see the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853).
If you are not using Windows Update for Business today, “Semi-Annual Channel (Targeted)” (SAC-T) has no impact on your devices (more information can be found [here](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-and-the-disappearing-SAC-T/ba-p/199747)), and we recommend you begin deployment of each Semi-Annual Channel release right away to devices selected for early adoption and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
>[!NOTE]
>If you are not using Windows Update for Business today, the "Semi-Annual Channel (Targeted)" servicing option has no impact on when your devices will be updated. It merely reflects a milestone for the semi-annual release, the period of time during which Microsoft recommends that your IT team make the release available to specific, "targeted" devices for the purpose of validating and generating data in order to get to a broad deployment decision. For more information, see [this blog post](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523).
If you are using Windows Update for Business today, refer to the table below to understand when your device will be updated, based on which deferral period you have configured, SAC -T or SAC.
**Notice: November 13, 2018:** All editions of Windows 10 October 2018 Update, version 1809, for Windows client and server have resumed. Customers currently running Windows 10, version 1809, will receive build 17763.134 as part of our regularly scheduled Update Tuesday servicing in November. If you update to the Window 10, version 1809, feature update you will receive build 17763.107. On the next automatic scan for updates, youll be taken to the latest cumulative update (build 17763.134 or higher).
November 13 marks the revised start of the servicing timeline for the Semi-Annual Channel ("Targeted") and Long-Term Servicing Channel (LTSC) release for Windows 10, version 1809, Windows Server 2019, and Windows Server, version 1809.
For information about the re-release and updates to the support lifecycle, refer to [John Cable's blog](https://blogs.windows.com/windowsexperience/2018/10/09/updated-version-of-windows-10-october-2018-update-released-to-windows-insiders/), [Windows 10 Update History](https://support.microsoft.com/help/4464619), and the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853).
<br>
<div class="m-rich-content-block" data-grid="col-12">
<div id="winrelinfo" xmlns="http://www.w3.org/1999/xhtml"><iframe width="100%" height="866px" id="winrelinfo_iframe" src="https://winreleaseinfoprod.blob.core.windows.net/winreleaseinfoprod/en-US.html" frameborder="0" marginwidth="0" marginheight="0" scrolling="auto"></iframe></div>

12
windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
View File

@ -6,8 +6,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: aadake
ms.date: 12/20/2018
ms.topic: article
ms.author: justinha
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 03/26/2019
---
# Kernel DMA Protection for Thunderbolt™ 3
@ -98,12 +102,12 @@ No, Kernel DMA Protection only protects against drive-by DMA attacks after the O
DMA-remapping is supported for specific device drivers, and is not universally supported by all devices and drivers on a platform. To check if a specific driver is opted into DMA-remapping, check the values corresponding to the DMA Remapping Policy property in the Details tab of a device in Device Manager*. A value of 0 or 1 means that the device driver does not support DMA-remapping. A value of 2 means that the device driver supports DMA-remapping.
Please check the driver instance for the device you are testing. Some drivers may have varying values depending on the location of the device (internal vs. external).
*For Windows 10 versions 1803 and 1809, the property field in Device Manager uses a GUID, as highlighted in the image below
*For Windows 10 versions 1803 and 1809, the property field in Device Manager uses a GUID, as highlighted in the following image.
![Kernel DMA protection user experience](images/device-details-tab.png)
### What should I do if the drivers for my Thunderbolt™ 3 peripherals do not support DMA-remapping?
If the peripherals do have class drivers provided by Windows 10, please use these drivers on your systems. If there are no class drivers provided by Windows for your peripherals, please contact your peripheral vendor/driver vendor to update the driver to support this functionality. Details for driver compatibility requirements can be found here (add link to OEM documentation).
If the peripherals do have class drivers provided by Windows 10, please use these drivers on your systems. If there are no class drivers provided by Windows for your peripherals, please contact your peripheral vendor/driver vendor to update the driver to support this functionality. Details for driver compatibility requirements can be found at the [Microsoft Partner Center](https://partner.microsoft.com/dashboard/collaborate/packages/4142).
### Do Microsoft drivers support DMA-remapping?
In Windows 10 1803 and beyond, the Microsoft inbox drivers for USB XHCI (3.x) Controllers, Storage AHCI/SATA Controllers and Storage NVMe Controllers support DMA-remapping.

2
windows/security/information-protection/secure-the-windows-10-boot-process.md
View File

@ -78,7 +78,7 @@ All x86-based Certified For Windows 10 PCs must meet several requirements relat
These requirements help protect you from rootkits while allowing you to run any operating system you want. You have three options for running non-Microsoft operating systems:
- **Use an operating system with a certified bootloader.** Because all Certified For Windows 10 PCs must trust Microsofts certificate, Microsoft offers a service to analyze and sign any non-Microsoft bootloader so that it will be trusted by all Certified For Windows 10 PCs. In fact, an [open source bootloader](http://mjg59.dreamwidth.org/20303.html) capable of loading Linux is already available. To begin the process of obtaining a certificate, go to <http://sysdev.microsoft.com>.
- **Use an operating system with a certified bootloader.** Because all Certified For Windows 10 PCs must trust Microsofts certificate, Microsoft offers a service to analyze and sign any non-Microsoft bootloader so that it will be trusted by all Certified For Windows 10 PCs. In fact, an [open source bootloader](http://mjg59.dreamwidth.org/20303.html) capable of loading Linux is already available. To begin the process of obtaining a certificate, go to <http://partner.microsoft.com/dashboard>.
- **Configure UEFI to trust your custom bootloader.** All Certified For Windows 10 PCs allow you to trust a non-certified bootloader by adding a signature to the UEFI database, allowing you to run any operating system, including homemade operating systems.
- **Turn off Secure Boot.** All Certified For Windows 10 PCs allow you to turn off Secure Boot so that you can run any software. This does not help protect you from bootkits, however.

2
windows/security/information-protection/tpm/manage-tpm-lockout.md
View File

@ -83,7 +83,7 @@ For information about mitigating dictionary attacks that use the lockout setting
## Use the TPM cmdlets
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://technet.microsoft.com/library/jj603116.aspx).
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/).
## Related topics

7
windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
View File

@ -11,7 +11,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 03/15/2019
ms.date: 03/25/2019
---
# Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune
@ -68,6 +68,9 @@ Before you can create a WIP policy using Intune, you need to configure an MDM or
- [Store apps](#add-store-apps)
- [Desktop apps](#add-desktop-apps)
>[!NOTE]
>An application might return access denied errors after removing it from the list of protected apps. Rather than remove it from the list, uninstall and reinstall the application or exempt it from WIP policy.
### Add recommended apps
Select **Recommended apps** and select each app you want to access your enterprise data or select them all, and click **OK**.
@ -397,7 +400,7 @@ To define the network boundaries, click **App policy** > the name of your policy
![Microsoft Intune, Set where your apps can access enterprise data on your network](images/wip-azure-advanced-settings-network.png)
Select the type of network boundary to add from the **Boundary type** box. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the following options, and then click **OK**.
Select the type of network boundary to add from the **Boundary type** box. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the options covered in the following subsections, and then click **OK**.
### Cloud resources

13
windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
View File

@ -13,7 +13,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/26/2019
ms.date: 03/25/2019
---
# Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)
@ -38,8 +38,15 @@ This table includes the recommended URLs to add to your Enterprise Cloud Resourc
|Visual Studio Online |contoso.visualstudio.com |
|Power BI |contoso.powerbi.com |
>[!NOTE]
>You can add other work-only apps to the Cloud Resource list, or you can create a packaged app rule for the .exe file to protect every file the app creates or modifies. Depending on how the app is accessed, you might want to add both.
You can add other work-only apps to the Cloud Resource list, or you can create a packaged app rule for the .exe file to protect every file the app creates or modifies. Depending on how the app is accessed, you might want to add both.
For Office 365 endpoints, see [Office 365 URLs and IP address ranges](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges).
Office 365 endpoints are updated monthly.
Allow the domains listed in section number 46 Allow Required and add also add the apps.
Note that apps from officeapps.live.com can also store personal data.
When multiple files are selected from SharePoint Online or OneDrive, the files are aggregated and the URL can change. In this case, add a entry for a second-level domain and use a wildcard such as .svc.ms.
## Recommended Neutral Resources
We recommended adding these URLs if you use the Neutral Resources network setting with Windows Information Protection (WIP).

13
windows/security/threat-protection/TOC.md
View File

@ -127,10 +127,10 @@
### [Configure and manage capabilities](windows-defender-atp/onboard.md)
#### [Configure attack surface reduction](windows-defender-atp/configure-attack-surface-reduction.md)
####Hardware-based isolation
##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
##### [Application isolation](windows-defender-application-guard/install-wd-app-guard.md)
###### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md)
#####Hardware-based isolation
###### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
###### [Application isolation](windows-defender-application-guard/install-wd-app-guard.md)
####### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md)
##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
##### Device control
###### [Control USB devices](device-control/control-usb-devices-using-intune.md)
@ -139,7 +139,6 @@
######## [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
######## [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
##### [Exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
###### [Customize exploit protection](windows-defender-exploit-guard/customize-exploit-protection.md)
###### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
##### [Network protection](windows-defender-exploit-guard/enable-network-protection.md)
##### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
@ -388,7 +387,8 @@
#####Rules
###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md)
###### [Manage automation allowed/blocked](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
###### [Manage automation allowed/blocked lists](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
###### [Manage allowed/blocked lists](windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
@ -413,6 +413,7 @@
####Troubleshoot attack surface reduction
##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
##### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md)
##### [Collect diagnostic data for files](windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md)
#### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)

12
windows/security/threat-protection/intelligence/supply-chain-malware.md
View File

@ -48,15 +48,17 @@ To learn more about supply chain attacks, read this blog post called [attack inc
### For software vendors and developers
* Take steps to ensure your apps are not compromised.
* Maintain a secure and up-to-date infrastructure. Restrict access to critical build systems.
* Maintain a highly secure build and update infrastructure.
* Immediately apply security patches for OS and software.
* Implement mandatory integrity controls to ensure only trusted tools run.
* Require multi-factor authentication for admins.
* Build secure software update processes as part of the software development lifecycle.
* Build secure software updaters as part of the software development lifecycle.
* Require SSL for update channels and implement certificate pinning.
* Sign everything, including configuration files, scripts, XML files, and packages.
* Check for digital signatures, and dont let the software updater accept generic input and commands.
* Develop an incident response process for supply chain attacks.
* Disclose supply chain incidents and notify customers with accurate and timely information
For more general tips on protecting your systems and devices, see [prevent malware infection](prevent-malware-infection.md).

2
windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md
View File

@ -49,4 +49,4 @@ To be eligible for VIA your organization must:
3. Be willing to sign and adhere to the VIA membership agreement.
If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/en-us/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/en-us/wdsi/alliances/collaboration-inquiry).

2
windows/security/threat-protection/intelligence/virus-initiative-criteria.md
View File

@ -53,4 +53,4 @@ Your organization must meet the following eligibility requirements to qualify fo
### Apply now
If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/en-us/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/en-us/wdsi/alliances/collaboration-inquiry).

1
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
View File

@ -35,7 +35,6 @@ Microsoft Defender ATP for Mac system requirements:
- macOS version: 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra)
- Disk space during preview: 1GB
- The following URLs must be accessible from the Mac device:
- ```https://fresno.blob.core.windows.net/preview/macos/wdav.pkg ```<br>
- ```https://cdn.x.cp.wd.microsoft.com/ ```<br>
- ```https://eu-cdn.x.cp.wd.microsoft.com/ ```<br>
- ```https://wu-cdn.x.cp.wd.microsoft.com/ ``` <br>

6
windows/security/threat-protection/windows-defender-atp/TOC.md
View File

@ -136,7 +136,6 @@
####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
#### [Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
##### [Customize exploit protection](../windows-defender-exploit-guard/customize-exploit-protection.md)
##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
#### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md)
#### [Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
@ -375,7 +374,8 @@
####Rules
##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage allowed/blocked lists](manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
@ -402,5 +402,7 @@
###Troubleshoot attack surface reduction
#### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
#### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md)
#### [Collect diagnostic data for files](../windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md)
### [Troubleshoot next generation protection](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)

3
windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 11/16/2018
---
# Configure advanced features in Windows Defender ATP
@ -44,7 +43,7 @@ For tenants created on or after Windows 10, version 1809 the automated investiga
## Block file
This feature is only available if your organization uses Windows Defender Antivirus as the active antimalware solution and that the cloud-based protection feature is enabled.
This feature is only available if your organization uses Windows Defender Antivirus as the active antimalware solution and that the cloud-based protection feature is enabled, see [Block files in your network](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#block-files-in-your-network) for more details.
If your organization satisfies these conditions, the feature is enabled by default. This feature enables you to block potentially malicious files in your network. This operation will prevent it from being read, written, or executed on machines in your organization.

2
windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md
View File

@ -66,7 +66,7 @@ Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "s
Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress "reader@Contoso.onmicrosoft.com"
```
For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups).
For more information see, [Add or remove group memberships](https://technet.microsoft.com/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups).
## Assign user access using the Azure portal
For more information, see [Assign administrator and non-administrator roles to uses with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal).

6
windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
View File

@ -48,7 +48,7 @@ ms.date: 04/24/2018
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the machine. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*.
3. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
3. Open the [Group Policy Management Console](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
4. In the **Group Policy Management Editor**, go to **Computer configuration**, then **Preferences**, and then **Control panel settings**.
@ -78,7 +78,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
b. Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_
2. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the GPO you want to configure and click **Edit**.
2. Open the [Group Policy Management Console](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11), right-click the GPO you want to configure and click **Edit**.
3. In the **Group Policy Management Editor**, go to **Computer configuration**.
@ -110,7 +110,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the machine. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
3. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
3. Open the [Group Policy Management Console](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
4. In the **Group Policy Management Editor**, go to **Computer configuration,** then **Preferences**, and then **Control panel settings**.

8
windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
View File

@ -61,7 +61,7 @@ You can use existing System Center Configuration Manager functionality to create
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
3. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic.
3. Deploy the package by following the steps in the [Packages and Programs in Configuration Manager](https://docs.microsoft.com/en-us/sccm/apps/deploy-use/packages-and-programs) topic.
a. Choose a predefined device collection to deploy the package to.
@ -92,7 +92,7 @@ Possible values are:
The default value in case the registry key doesnt exist is 1.
For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx).
For more information about System Center Configuration Manager Compliance see [Get started with compliance settings in System Center Configuration Manager](https://docs.microsoft.com/sccm/compliance/get-started/get-started-with-compliance-settings).
@ -115,7 +115,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
3. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic.
3. Deploy the package by following the steps in the [Packages and Programs in Configuration Manager](https://docs.microsoft.com/en-us/sccm/apps/deploy-use/packages-and-programs) topic.
a. Choose a predefined device collection to deploy the package to.
@ -155,7 +155,7 @@ Path: “HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status”
Name: “OnboardingState”
Value: “1”
```
For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx).
For more information about System Center Configuration Manager Compliance see [Get started with compliance settings in System Center Configuration Manager](https://docs.microsoft.com/sccm/compliance/get-started/get-started-with-compliance-settings).
## Related topics
- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)

24
windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
View File

@ -14,7 +14,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 12/14/2018
---
# Onboard servers to the Windows Defender ATP service
@ -45,7 +44,22 @@ For a practical guidance on what needs to be in place for licensing and infrastr
## Windows Server 2012 R2 and Windows Server 2016
To onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP, youll need to:
There are two options to onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP:
- **Option 1**: Onboard through Azure Security Center
- **Option 2**: Onboard through Windows Defender Security Center
### Option 1: Onboard servers through Azure Security Center
1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
2. Select Windows Server 2012 R2 and 2016 as the operating system.
3. Click **Onboard Servers in Azure Security Center**.
4. Follow the onboarding instructions in [Windows Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
### Option 2: Onboard servers through Windows Defender Security Center
You'll need to tak the following steps if you choose to onboard servers through Windows Defender Security Center.
- For Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
@ -53,7 +67,7 @@ To onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender AT
>This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
- Turn on server monitoring from Windows Defender Security Center.
- If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through [Multi Homing support](https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/). Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below.
- If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through Multi Homing support. Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below.
>[!TIP]
> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
@ -73,7 +87,7 @@ The following steps are required to enable this integration:
1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
2. Select Windows Server 2012R2 and 2016 as the operating system.
2. Select Windows Server 2012 R2 and 2016 as the operating system.
3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
@ -201,7 +215,7 @@ To offboard the server, you can use either of the following methods:
1. Get your Workspace ID:
a. In the navigation pane, select **Settings** > **Onboarding**.
b. Select **Windows Server 2012R2 and 2016** as the operating system and get your Workspace ID:
b. Select **Windows Server 2012 R2 and 2016** as the operating system and get your Workspace ID:
![Image of server onboarding](images/atp-server-offboarding-workspaceid.png)

5
windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
View File

@ -44,6 +44,11 @@ A reinstalled or renamed machine will generate a new machine entity in Windows D
**Machine was offboarded**</br>
If the machine was offboarded it will still appear in machines list. After 7 days, the machine health state should change to inactive.
**Machine is not sending signals**
If the machine is not sending any signals for more than 7 days to any of the Windows Defender ATP channels for any reason including conditions that fall under misconfigured machines classification, a machine can be considered inactive.
Do you expect a machine to be in Active status? [Open a support ticket ticket](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).
## Misconfigured machines

BIN
windows/security/threat-protection/windows-defender-atp/images/creating-account.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 53 KiB

BIN
windows/security/threat-protection/windows-defender-atp/images/setup-preferences.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 86 KiB

BIN
windows/security/threat-protection/windows-defender-atp/images/setup-preferences2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 101 KiB

BIN
windows/security/threat-protection/windows-defender-atp/images/welcome1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

55
windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
View File

@ -63,61 +63,50 @@ When accessing [Windows Defender Security Center](https://SecurityCenter.Windows
2. The **Welcome** screen will provide some details as to what is about to occur during the set up wizard.
![Image of Welcome screen for portal set up](images\atp-portal-welcome-screen.png)
![Image of Welcome screen for portal set up](images\welcome1.png)
You will need to set up your preferences for Windows Defender Security Center.
3. When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
3. Set up preferences
> [!WARNING]
> This option cannot be changed without completely offboarding from Windows Defender ATP and completing a new enrollment process.
![Image of geographic location in set up](images\setup-preferences.png)
![Image of geographic location in set up](images\atp-geographic-location-setup.png)
1. **Select data storage location** <br> When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the United States, the European Union, or the United Kingdom. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
4. Windows Defender ATP will store data up to a period of 6 months in your cloud instance, however, you have the option to set the data retention period for a shorter timeframe during this step of the set up process.
> [!WARNING]
> This option cannot be changed without completely offboarding from Windows Defender ATP and completing a new enrollment process.
> [!NOTE]
> This option can be changed at a later time.
2. **Select the data retention policy** <br> Windows Defender ATP will store data up to a period of 6 months in your cloud instance, however, you have the option to set the data retention period for a shorter timeframe during this step of the set up process.
![Image of data retention set up](images\atp-data-retention-policy.png)
> [!NOTE]
> This option can be changed at a later time.
5. You will need to indicate the size of your organization based on an estimate of the number of employees currently employed.
3. **Select the size of your organization** <br> You will need to indicate the size of your organization based on an estimate of the number of employees currently employed.
> [!NOTE]
> The **organization size** question is not related to how many licenses were purchased for your organization. It is used by the service to optimize the creation of the data cluster for your organization.
> [!NOTE]
> The **organization size** question is not related to how many licenses were purchased for your organization. It is used by the service to optimize the creation of the data cluster for your organization.
![Image of organization size](images\atp-organization-size.png)
4. **Turn on preview features** <br> Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on **Preview features**.
6. The customer industry information is helpful in collecting data for the Windows Security Team, and while optional, would be useful if completed.
> [!NOTE]
> This option can be changed at a later time.
![Image of industry information](images\atp-industry-information.png)
7. Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on **Preview features**.
You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
- Toggle the setting between On and Off to choose **Preview features**.
> [!NOTE]
> This option can be changed at a later time.
> [!NOTE]
> This option can be changed at a later time.
![Image of preview experience](images\atp-preview-experience.png)
8. You will receive a warning notifying you that you won't be able to change some of your preferences once you click **Continue**.
4. You will receive a warning notifying you that you won't be able to change some of your preferences once you click **Continue**.
> [!NOTE]
> Some of these options can be changed at a later time in Windows Defender Security Center.
![Image of final preference set up](images\atp-final-preference-setup.png)
![Image of final preference set up](images\setup-preferences2.png)
9. A dedicated cloud instance of Windows Defender Security Center is being created at this time. This step will take an average of 5 minutes to complete.
5. A dedicated cloud instance of Windows Defender Security Center is being created at this time. This step will take an average of 5 minutes to complete.
![Image of Windows Defender ATP cloud instance](images\atp-windows-cloud-instance-creation.png)
![Image of Windows Defender ATP cloud instance](images\creating-account.png)
10. You are almost done. Before you can start using Windows Defender ATP you'll need to:
6. You are almost done. Before you can start using Windows Defender ATP you'll need to:
- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
@ -129,7 +118,7 @@ When accessing [Windows Defender Security Center](https://SecurityCenter.Windows
> If you click **Start using Windows Defender ATP** before onboarding machines you will receive the following notification:
>![Image of setup imcomplete](images\atp-setup-incomplete.png)
11. After onboarding machines you can click **Start using Windows Defender ATP**. You will now launch Windows Defender ATP for the first time.
7. After onboarding machines you can click **Start using Windows Defender ATP**. You will now launch Windows Defender ATP for the first time.
![Image of onboard machines](images\atp-onboard-endpoints-WDATP-portal.png)

82
windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,82 @@
---
title: Manage allowed/blocked lists
description: Create indicators for a file hash, IP address, URLs or domains that define the detection, prevention, and exclusion of entities.
keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Manage allowed/blocked lists
**Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to.
On the top navigation you can:
- Import a list
- Add an indicator
- Customize columns to add or remove columns
- Export the entire list in CSV format
- Select the items to show per page
- Navigate between pages
- Apply filters
## Create an indicator
1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities:
- File hash
- IP address
- URLs/Domains
3. Click **Add indicator**.
4. For each attribute specify the following details:
- Indicator - Specify the entity details and define the expiration of the indicator.
- Action - Specify the action to be taken and provide a description.
- Scope - Define the scope of the machine group.
5. Review the details in the Summary tab, then click **Save**.
>[!NOTE]
>Blocking IPs, domains, or URLs is currently available on limited preview only. This requires sending your custom list to [network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection) to be enforeced. While the option is not yet generally available, it will only be used when identified during an investigation.
## Manage indicators
1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
2. Select the tab of the entity type you'd like to manage.
3. Update the details of the indicator and click **Save** or click the **Delete** button if you'd like to remove the entity from the list.
## Import a list
You can also choose to upload a CSV file that defines the attributes of indicators, the action to be taken, and other details.
Download the sample CSV to know the supported column attributes.
## Related topics
- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)

4
windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md
View File

@ -15,14 +15,11 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 06/14/2018
---
# Manage automation allowed/blocked lists
**Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
@ -70,4 +67,5 @@ You can define the conditions for when entities are identified as malicious or s
## Related topics
- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
- [Manage allowed/blocked lists](manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)

6
windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
View File

@ -1,7 +1,7 @@
---
title: Minimum requirements for Windows Defender ATP
description: Minimum network and data storage configuration, machine hardware and software requirements, and deployment channel requirements for Windows Defender ATP.
keywords: minimum requirements, Windows Defender Advanced Threat Protection minimum requirements, network and data storage, machine configuration, deployment channel
description: Understand the licensing requirements and requirements for onboarding machines to the sercvie
keywords: minimum requirements, licensing, comparison table
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 11/20/2018
---
# Minimum requirements for Windows Defender ATP
@ -43,6 +42,7 @@ For more information on the array of features in Windows 10 editions, see [Compa
For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://go.microsoft.com/fwlink/p/?linkid=2069559).
For more information about licensing requirements for Windows Defender ATP platform on Windows Server, see [Protecting Windows Servers with Windows Defender ATP](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114).
## Related topic

2
windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
View File

@ -66,7 +66,7 @@ Review the following details to verify minimum system requirements:
- Install either [.NET framework 4.5](https://www.microsoft.com/en-us/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
>[NOTE]
>[!NOTE]
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
>Don't install .NET framework 4.0.x, since it will negate the above installation.

2
windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
View File

@ -44,7 +44,7 @@ When you open the portal, youll see the main areas of the application:
- (3) Search, Community center, Time settings, Help and support, Feedback
> [!NOTE]
> Malware related detections will only appear if your machines are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
> Malware related detections will only appear if your machines are using Windows Defender Antivirus as the default real-time protection antimalware product.
You can navigate through the portal using the menu options available in all sections. Refer to the following table for a description of each section.

19
windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: troubleshooting
ms.date: 09/07/2018
---
# Troubleshoot Windows Defender Advanced Threat Protection onboarding issues
@ -37,7 +36,7 @@ Deployment with Group Policy is done by running the onboarding script on the mac
If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, you can check the output of the script on the machines. For more information, see [Troubleshoot onboarding when deploying with a script](#troubleshoot-onboarding-when-deploying-with-a-script).
If the script completes successfully, see [Troubleshoot onboarding issues](#troubleshoot-onboarding-issues) for additional errors that might occur.
If the script completes successfully, see [Troubleshoot onboarding issues on the machines](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur.
## Troubleshoot onboarding issues when deploying with System Center Configuration Manager
When onboarding machines using the following versions of System Center Configuration Manager:
@ -51,7 +50,7 @@ Deployment with the above-mentioned versions of System Center Configuration Mana
If the deployment fails, you can check the output of the script on the machines.
If the onboarding completed successfully but the machines are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues](#troubleshoot-onboarding-issues) for additional errors that might occur.
If the onboarding completed successfully but the machines are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues on the machine](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur.
## Troubleshoot onboarding when deploying with a script
@ -95,9 +94,9 @@ If none of the event logs and troubleshooting steps work, download the Local scr
Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps
:---|:---|:---|:---|:---
0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding <br> Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields. <br><br> **Troubleshooting steps:** <br> Check the event IDs in the [View agent onboarding errors in the machine event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section. <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding <br> Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields. <br><br> **Troubleshooting steps:** <br> Check the event IDs in the [View agent onboarding errors in the machine event log](#view-agent-onboarding-errors-in-the-machine-event-log) section. <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
| | | | Onboarding <br> Offboarding <br> SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it. <br><br> **Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection``` <br> <br> If it doesn't exist, open an elevated command and add the key.
| | | | SenseIsRunning <br> OnboardingState <br> OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed. <br><br> **Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues). <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
| | | | SenseIsRunning <br> OnboardingState <br> OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed. <br><br> **Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot onboarding issues on the machine](#troubleshoot-onboarding-issues-on-the-machine). <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
|| | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms: Enterprise, Education, and Professional. <br> Server is not supported.
0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms: Enterprise, Education, and Professional.
@ -127,10 +126,10 @@ ID | Severity | Event description | Troubleshooting steps
## Troubleshoot onboarding issues on the machine
If the deployment tools used does not indicate an error in the onboarding process, but machines are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent:
- [View agent onboarding errors in the machine event log](#view-agent-onboarding-errors-in-the-endpoint-event-log)
- [View agent onboarding errors in the machine event log](#view-agent-onboarding-errors-in-the-machine-event-log)
- [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled)
- [Ensure the service is set to start](#ensure-the-service-is-set-to-start)
- [Ensure the machine has an Internet connection](#ensure-the-endpoint-has-an-internet-connection)
- [Ensure the machine has an Internet connection](#ensure-the-machine-has-an-internet-connection)
- [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)
@ -155,12 +154,12 @@ If the deployment tools used does not indicate an error in the onboarding proces
Event ID | Message | Resolution steps
:---|:---|:---
5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the machine has Internet access](#ensure-the-endpoint-has-an-internet-connection).
5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the machine has Internet access](#ensure-the-machine-has-an-internet-connection).
6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md).
7 | Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the machine has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again.
7 | Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the machine has Internet access](#ensure-the-machine-has-an-internet-connection), then run the entire onboarding process again.
9 | Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md). <br><br>If the event happened during offboarding, contact support.
10 | Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md). <br><br>If the problem persists, contact support.
15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the machine has Internet access](#ensure-the-endpoint-has-an-internet-connection).
15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the machine has Internet access](#ensure-the-machine-has-an-internet-connection).
17 | Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md). If the problem persists, contact support.
25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support.
27 | Failed to enable Windows Defender Advanced Threat Protection mode in Windows Defender. Onboarding process failed. Failure code: variable | Contact support.

11
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -11,6 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 03/26/2018
---
# Reduce attack surfaces with attack surface reduction rules
@ -235,6 +236,16 @@ SCCM name: Not applicable
GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
## Review attack surface reduction events in Windows Event Viewer
You can review the Windows event log to see events that are created when attack surface rules block (or audit) an app:
Event ID | Description
5007 | Event when settings are changed
1121 | Event when an attack surface reduction rule fires in audit mode
1122 | Event when an attack surface reduction rule fires in block mode
## Related topics
- [Enable attack surface reduction rules](enable-attack-surface-reduction.md)

8
windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
View File

@ -40,10 +40,10 @@ You can use Group Policy, PowerShell, and configuration service providers (CSPs)
Audit options | How to enable audit mode | How to view events
- | - | -
Audit applies to all events | [Enable controlled folder access](enable-controlled-folders-exploit-guard.md#enable-and-audit-controlled-folder-access) | [Controlled folder access events](controlled-folders-exploit-guard.md#review-controlled-folder-access-events-in-windows-event-viewer)
Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](attack-surface-reduction-exploit-guard.md)
Audit applies to all events | [Enable network protection](enable-network-protection.md#enable-and-audit-network-protection) | [Network protection events](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer)
Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md#enable-and-audit-exploit-protection) | [Exploit protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer)
Audit applies to all events | [Enable controlled folder access](enable-controlled-folders-exploit-guard.md) | [Controlled folder access events](evaluate-controlled-folder-access.md#review-controlled-folder-access-events-in-windows-event-viewer)
Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer)
Audit applies to all events | [Enable network protection](enable-network-protection.md) | [Network protection events](evaluate-network-protection.md#review-network-protection-events-in-windows-event-viewer)
Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md) | [Exploit protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer)
You can also use the a custom PowerShell script that enables the features in audit mode automatically:

4
windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md
View File

@ -42,13 +42,13 @@ Before attempting this process, ensure you have met all required pre-requisites
2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example:
```Dos
```console
cd c:\program files\windows defender
```
3. Enter the following command and press **Enter**
```Dos
```console
mpcmdrun -getfiles
```

Some files were not shown because too many files have changed in this diff Show More