diff --git a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png index 6c4c961a58..498ce66f47 100644 Binary files a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png and b/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png differ diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 09ea7f32d0..64077761f8 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -9,15 +9,15 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 07/20/2018 +ms.date: 09/12/2019 --- # SUPL CSP > [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -The SUPL configuration service provider is used to configure the location client, as shown in the following table. +The SUPL configuration service provider is used to configure the location client, as shown in the following table: @@ -51,7 +51,7 @@ The SUPL configuration service provider is used to configure the location client

  • MCC/MNC value pairs which are used to specify which networks' UUIC the SUPL account matches.

    • @@ -68,7 +68,7 @@ The following diagram shows the SUPL configuration service provider management o   -![supl csp (dm,cp)](images/provisioning-csp-supl-dmandcp.png) +![SUPL csp (dm,cp)](images/provisioning-csp-supl-dmandcp.png) @@ -86,7 +86,10 @@ If this value is not specified, the device infers the H-SLP address from the IMS For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. **Version** -Optional. Determines the version of the SUPL protocol to use. For SUPL 1.0, set this value to `1`. For SUPL 2.0, set this value to `2`. The default is 1. +Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0.0, set this value to 1. For SUPL 2.0.0, set this value to 2. The default is 1. Refer to FullVersion to define the minor version and the service indicator. + +**FullVersion** +Added in the next major release of Windows 10. Optional. Determines the full version (X.Y.Z where X, Y, and Z are the major version, the minor version, and the service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored. **MCCMNCPairs** Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network do not match, the device uses the default location service and does not use SUPL. @@ -295,7 +298,7 @@ Optional. Specifies the positioning method that the SUPL client will use for mob - + @@ -582,18 +585,6 @@ The following table shows the Microsoft custom elements that this configuration
      -

    • Address of the server—a mobile positioning center for non-trusted mode.

      • +

    • Address of the server — a mobile positioning center for non-trusted mode.

    • The positioning method used by the MPC for non-trusted mode.

    0

    None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection and ephemeris data) from the Microsoft Positioning Service.

    None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection, and ephemeris data) from the Microsoft Positioning Service.

    1

      - ## Related topics - -[Configuration service provider reference](configuration-service-provider-reference.md) - -  - -  - - - - - - +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index bf899e6c8e..e2b10b625a 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -15,13 +15,13 @@ ms.date: 07/20/2018 # SUPL DDF file > [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -This topic shows the OMA DM device description framework (DDF) for the **SUPL** configuration service provider. +This topic shows the OMA DM device description framework (DDF) for the **SUPL** configuration service provider (CSP). Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -The XML below is for Windows 10, version 1809. +The XML below is the DDF for the current version for this CSP. ```xml @@ -47,7 +47,7 @@ The XML below is for Windows 10, version 1809. - com.microsoft/1.1/MDM/SUPL + com.microsoft/1.2/MDM/SUPL @@ -159,7 +159,7 @@ The XML below is for Windows 10, version 1809. 1 - Optional. Determines the version of the SUPL protocol to use. For SUPL 1.0, set this value to 1. For SUPL 2.0, set this value to 2. The default is 1. + Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0.0, set this value to 1. For SUPL 2.0.0, set this value to 2. The default is 1. Refer to FullVersion to define the minor version and the service indicator. @@ -174,6 +174,29 @@ The XML below is for Windows 10, version 1809. + + FullVersion + + + + + + 1.0.0 + Optional. Determines the full version (X.Y.Z where X, Y, and Z are the major version, the minor version, and the service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored. + + + + + + + + + + + text/plain + + + MCCMNCPairs diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ce5c0230b1..70736626cc 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -303,7 +303,7 @@ ### [Microsoft Defender Advanced Threat Protection for Mac](windows-defender-antivirus/microsoft-defender-atp-mac.md) -#### [What's New in Microsoft Defender ATP for Mac] (windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md) +#### [What's New in Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md) #### [Deploy Microsoft Defender Advanced Threat Protection for Mac]() ##### [Microsoft Intune-based deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md) ##### [JAMF-based deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md b/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md index fd61b88ec1..52be77a611 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md @@ -40,19 +40,19 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP detec - Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md) - Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values: - - OAuth 2 Token refresh URL - - OAuth 2 Client ID - - OAuth 2 Client secret + - Tenant ID + - Client ID + - Client Secret + - Resource URL -- Have the refresh token that you generated from the SIEM integration feature ready. ## Configure Splunk 1. Login in to Splunk. -2. Click **Search & Reporting**, then **Settings** > **Data inputs**. +2. Go to **Settings** > **Data inputs**. -3. Click **REST** under **Local inputs**. +3. Select **Windows Defender ATP alerts** under **Local inputs**. NOTE: This input will only appear after you install the [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/). @@ -71,55 +71,30 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP detec Value - Endpoint URL + Name + Name for the Data Input + + Login URL + URL to authenticate the azure app (Default : https://login.microsoftonline.com) + + Endpoint Depending on the location of your datacenter, select any of the following URL:

    For EU: https://wdatp-alertexporter-eu.securitycenter.windows.com/api/alerts

    For US:https://wdatp-alertexporter-us.securitycenter.windows.com/api/alerts

    For UK:https://wdatp-alertexporter-uk.securitycenter.windows.com/api/alerts - HTTP Method - GET + Tenant ID + Azure Tenant ID - Authentication Type - oauth2 + Resource + Value from the SIEM integration feature page - OAuth 2 Access token - Use the value that you generated when you enabled the SIEM integration feature.

    NOTE: The access token expires after an hour. + Client ID + Value from the SIEM integration feature page - OAuth 2 Refresh Token - Use the value that you generated when you enabled the SIEM integration feature. - - - OAuth 2 Token Refresh URL - Use the value from the details file you saved when you enabled the SIEM integration feature. - - - OAuth 2 Client ID - Use the value from the details file you saved when you enabled the SIEM integration feature. - - - OAuth 2 Client Secret - Use the value from the details file you saved when you enabled the SIEM integration feature. - - - Response type - Json - - - Response Handler - JSONArrayHandler - - - Polling Interval - Number of seconds that Splunk will ping the Microsoft Defender ATP machine. Accepted values are in seconds. - - - Set sourcetype - Manual - - - Source type - _json + Client Secret + Value from the SIEM integration feature page + @@ -133,20 +108,20 @@ Use the solution explorer to view detections in Splunk. 2. Select **New**. 3. Enter the following details: - - Destination app: Select Search & Reporting (search) - - Search name: Enter a name for the query - Search: Enter a query, for example:
    - `source="rest://windows atp alerts"|spath|table*` + `sourcetype="wdatp:alerts" |spath|table*` + - App: Add-on for Windows Defender (TA_Windows-defender) Other values are optional and can be left with the default values. + 4. Click **Save**. The query is saved in the list of searches. 5. Find the query you saved in the list and click **Run**. The results are displayed based on your query. >[!TIP] -> To mininimize Detection duplications, you can use the following query: ->```source="rest://windows atp alerts" | spath | dedup _raw | table *``` +> To minimize Detection duplications, you can use the following query: +>```source="rest://wdatp:alerts" | spath | dedup _raw | table *``` ## Related topics - [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)