deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 05:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into repo_sync_working_branch

Browse Source
This commit is contained in:
Tami Fosmark 2019-09-20 11:15:07 -07:00 committed by GitHub
commit 92670890c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 67 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 54 KiB

After

Width:  |  Height:  |  Size: 92 KiB

31
windows/client-management/mdm/supl-csp.md
View File

@ -9,15 +9,15 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 07/20/2018
ms.date: 09/12/2019
---
# SUPL CSP
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
The SUPL configuration service provider is used to configure the location client, as shown in the following table.
The SUPL configuration service provider is used to configure the location client, as shown in the following table:
<table>
<colgroup>
@ -51,7 +51,7 @@ The SUPL configuration service provider is used to configure the location client
<li><p>MCC/MNC value pairs which are used to specify which networks' UUIC the SUPL account matches.</p></li>
</ul></td>
<td><ul>
<li><p>Address of the server—a mobile positioning center for non-trusted mode.</p></li>
<li><p>Address of the server a mobile positioning center for non-trusted mode.</p></li>
<li><p>The positioning method used by the MPC for non-trusted mode.</p></li>
</ul></td>
</tr>
@ -68,7 +68,7 @@ The following diagram shows the SUPL configuration service provider management o
 
![supl csp (dm,cp)](images/provisioning-csp-supl-dmandcp.png)
![SUPL csp (dm,cp)](images/provisioning-csp-supl-dmandcp.png)
@ -86,7 +86,10 @@ If this value is not specified, the device infers the H-SLP address from the IMS
For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
<a href="" id="version"></a>**Version**
Optional. Determines the version of the SUPL protocol to use. For SUPL 1.0, set this value to `1`. For SUPL 2.0, set this value to `2`. The default is 1.
Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0.0, set this value to 1. For SUPL 2.0.0, set this value to 2. The default is 1. Refer to FullVersion to define the minor version and the service indicator.
<a href="" id="fullversion"></a>**FullVersion**
Added in the next major release of Windows 10. Optional. Determines the full version (X.Y.Z where X, Y, and Z are the major version, the minor version, and the service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored.
<a href="" id="mccmncpairs"></a>**MCCMNCPairs**
Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network do not match, the device uses the default location service and does not use SUPL.
@ -295,7 +298,7 @@ Optional. Specifies the positioning method that the SUPL client will use for mob
<tbody>
<tr class="odd">
<td><p>0</p></td>
<td><p>None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection and ephemeris data) from the Microsoft Positioning Service.</p></td>
<td><p>None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection, and ephemeris data) from the Microsoft Positioning Service.</p></td>
</tr>
<tr class="even">
<td><p>1</p></td>
@ -582,18 +585,6 @@ The following table shows the Microsoft custom elements that this configuration
</table>
 
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)
 
 
[Configuration service provider reference](configuration-service-provider-reference.md)

33
windows/client-management/mdm/supl-ddf-file.md
View File

@ -15,13 +15,13 @@ ms.date: 07/20/2018
# SUPL DDF file
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **SUPL** configuration service provider.
This topic shows the OMA DM device description framework (DDF) for the **SUPL** configuration service provider (CSP).
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
The XML below is for Windows 10, version 1809.
The XML below is the DDF for the current version for this CSP.
```xml
<?xml version="1.0" encoding="UTF-8"?>
@ -47,7 +47,7 @@ The XML below is for Windows 10, version 1809.
<Permanent />
</Scope>
<DFType>
<MIME>com.microsoft/1.1/MDM/SUPL</MIME>
<MIME>com.microsoft/1.2/MDM/SUPL</MIME>
</DFType>
</DFProperties>
<Node>
@ -159,7 +159,7 @@ The XML below is for Windows 10, version 1809.
<Replace />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>Optional. Determines the version of the SUPL protocol to use. For SUPL 1.0, set this value to 1. For SUPL 2.0, set this value to 2. The default is 1.</Description>
<Description>Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0.0, set this value to 1. For SUPL 2.0.0, set this value to 2. The default is 1. Refer to FullVersion to define the minor version and the service indicator.</Description>
<DFFormat>
<int />
</DFFormat>
@ -174,6 +174,29 @@ The XML below is for Windows 10, version 1809.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>FullVersion</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DefaultValue>1.0.0</DefaultValue>
<Description>Optional. Determines the full version (X.Y.Z where X, Y, and Z are the major version, the minor version, and the service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>MCCMNCPairs</NodeName>
<DFProperties>

2
windows/security/threat-protection/TOC.md
View File

@ -303,7 +303,7 @@
### [Microsoft Defender Advanced Threat Protection for Mac](windows-defender-antivirus/microsoft-defender-atp-mac.md)
#### [What's New in Microsoft Defender ATP for Mac] (windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md)
#### [What's New in Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md)
#### [Deploy Microsoft Defender Advanced Threat Protection for Mac]()
##### [Microsoft Intune-based deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md)
##### [JAMF-based deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md)

79
windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md
View File

@ -40,19 +40,19 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP detec
- Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
- Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values:
- OAuth 2 Token refresh URL
- OAuth 2 Client ID
- OAuth 2 Client secret
- Tenant ID
- Client ID
- Client Secret
- Resource URL
- Have the refresh token that you generated from the SIEM integration feature ready.
## Configure Splunk
1. Login in to Splunk.
2. Click **Search & Reporting**, then **Settings** > **Data inputs**.
2. Go to **Settings** > **Data inputs**.
3. Click **REST** under **Local inputs**.
3. Select **Windows Defender ATP alerts** under **Local inputs**.
NOTE:
This input will only appear after you install the [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/).
@ -71,55 +71,30 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP detec
<th>Value</th>
</tr>
<tr>
<td>Endpoint URL</td>
<td>Name</td>
<td>Name for the Data Input</td>
</tr>
<td>Login URL</td>
<td>URL to authenticate the azure app (Default : https://login.microsoftonline.com)</td>
</tr>
<td>Endpoint</td>
<td>Depending on the location of your datacenter, select any of the following URL: </br></br> <strong>For EU</strong>: <code>https://wdatp-alertexporter-eu.securitycenter.windows.com/api/alerts</code><br></br><strong>For US:</strong><code>https://wdatp-alertexporter-us.securitycenter.windows.com/api/alerts</code> <br><br> <strong>For UK:</strong><code>https://wdatp-alertexporter-uk.securitycenter.windows.com/api/alerts</code>
</tr>
<tr>
<td>HTTP Method</td>
<td>GET</td>
<td>Tenant ID</td>
<td>Azure Tenant ID</td>
</tr>
<td>Authentication Type</td>
<td>oauth2</td>
<td>Resource</td>
<td>Value from the SIEM integration feature page</td>
<tr>
<td>OAuth 2 Access token</td>
<td>Use the value that you generated when you enabled the SIEM integration feature. </br></br> NOTE: The access token expires after an hour. </td>
<td>Client ID</td>
<td>Value from the SIEM integration feature page</td>
</tr>
<tr>
<td>OAuth 2 Refresh Token</td>
<td>Use the value that you generated when you enabled the <strong>SIEM integration</strong> feature.</td>
</tr>
<tr>
<td>OAuth 2 Token Refresh URL</td>
<td>Use the value from the details file you saved when you enabled the <strong>SIEM integration</strong> feature.</td>
</tr>
<tr>
<td>OAuth 2 Client ID</td>
<td>Use the value from the details file you saved when you enabled the <strong>SIEM integration</strong> feature.</td>
</tr>
<tr>
<td>OAuth 2 Client Secret</td>
<td>Use the value from the details file you saved when you enabled the <strong>SIEM integration</strong> feature.</td>
</tr>
<tr>
<td>Response type</td>
<td>Json</td>
</tr>
<tr>
<td>Response Handler</td>
<td>JSONArrayHandler</td>
</tr>
<tr>
<td>Polling Interval</td>
<td>Number of seconds that Splunk will ping the Microsoft Defender ATP machine. Accepted values are in seconds.</td>
</tr>
<tr>
<td>Set sourcetype</td>
<td>Manual</td>
</tr>
<tr>
<td>Source type</td>
<td>_json</td>
<td>Client Secret</td>
<td>Value from the SIEM integration feature page</td>
</tr>
</tr>
</table>
@ -133,20 +108,20 @@ Use the solution explorer to view detections in Splunk.
2. Select **New**.
3. Enter the following details:
- Destination app: Select Search & Reporting (search)
- Search name: Enter a name for the query
- Search: Enter a query, for example:</br>
`source="rest://windows atp alerts"|spath|table*`
`sourcetype="wdatp:alerts" |spath|table*`
- App: Add-on for Windows Defender (TA_Windows-defender)
Other values are optional and can be left with the default values.
4. Click **Save**. The query is saved in the list of searches.
5. Find the query you saved in the list and click **Run**. The results are displayed based on your query.
>[!TIP]
> To mininimize Detection duplications, you can use the following query:
>```source="rest://windows atp alerts" | spath | dedup _raw | table *```
> To minimize Detection duplications, you can use the following query:
>```source="rest://wdatp:alerts" | spath | dedup _raw | table *```
## Related topics
- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)