Merge branch 'master' into 4649520

2025-05-18 16:27:22 +00:00 · 2020-11-19 11:19:21 -08:00 · 2020-11-19 11:19:21 -08:00 · 943fd855de
commit 943fd855de
parent ed85432e02 2c98cfacef
13 changed files with 249 additions and 55 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -84,6 +84,11 @@
      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md",
      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy",
      "redirect_document_id": true
    },
 	{
      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md",
      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md",
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@ -251,7 +251,7 @@ If the physical computer is still running in a frozen state, follow these steps
 Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag.   
-Learn [how to use Pool Monitor](https://support.microsoft.com/help/177415) and how to [use the data to troubleshoot pool leaks](https://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx). 
+Learn [how to use Memory Pool Monitor to troubleshoot kernel mode memory leaks](https://support.microsoft.com/office/how-to-use-memory-pool-monitor-poolmon-exe-to-troubleshoot-kernel-mode-memory-leaks-4f4a05c2-ef8a-fca4-3ae0-670b940af398). 
 ### Use memory dump to collect data for the virtual machine that's running in a frozen state 
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@ -44,9 +44,12 @@ Prepare the Active Directory Federation Services deployment by installing and up
 > 1. Launch AD FS management console. Brose to "Services > Scope Descriptions".
 > 2. Right click "Scope Descriptions" and select "Add Scope Description".
 > 3. Under name type "ugs" and Click Apply > OK.
-> 4. Launch Powershell as Administrator.
+> 4. Launch PowerShell as an administrator.
-> 5. Execute the command "Get-AdfsApplicationPermission". Look for the ScopeNames :{openid, aza} that has the ClientRoleIdentifier Make a note of the ObjectIdentifier.
+> 5. Get the ObjectIdentifier of the application permission with the ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b":
-> 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'.
+> ```PowerShell
 > (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier
 > ```
 > 6. Execute the command `Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'`.
 > 7. Restart the ADFS service.
 > 8. On the client: Restart the client. User should be prompted to provision WHFB.
 > 9. If the provisioning window does not pop up then need to collect NGC trace logs and further troubleshoot.
--- a/windows/security/identity-protection/hello-for-business/hello-faq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.md
@ -144,7 +144,7 @@ Beginning with Windows 10, version 1709, Windows Hello for Business used as a sm
 The smart card emulation feature of Windows Hello for Business verifies the PIN and then discards the PIN in exchange for a ticket.  The process does not receive the PIN, but rather the ticket that grants them private key operations.  Windows 10 does not provide any Group Policy settings to adjust this caching.
 ## Can I disable the PIN while using Windows Hello for Business?
-No. The movement away from passwords is accomplished by gradually reducing the use of the password.  In the occurrence where you cannot authenticate with biometrics, you need a fall back mechanism that is not a password.  The PIN is the fall back mechanism.  Disabling or hiding the PIN credential provider disabled the use of biometrics.
+No. The movement away from passwords is accomplished by gradually reducing the use of the password.  In the occurrence where you cannot authenticate with biometrics, you need a fallback mechanism that is not a password.  The PIN is the fallback mechanism.  Disabling or hiding the PIN credential provider will disable the use of biometrics.
 ## How are keys protected?
 Wherever possible, Windows Hello for Business takes advantage of trusted platform module (TPM) 2.0 hardware to generate and protect keys. However, Windows Hello and Windows Hello for Business does not require a TPM. Administrators can choose to allow key operations in software.
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@ -506,7 +506,7 @@ The following script helps you with the creation of the issuance transform rules
 #### Configure Device Authentication in AD FS  
 Using an elevated PowerShell command window, configure AD FS policy by executing the following command  
-`PS C:>Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod All` 
+`PS C:>Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod SignedToken` 
 #### Check your configuration  
 For your reference, below is a comprehensive list of the AD DS devices, containers and permissions required for device write-back and authentication to work
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@ -67,7 +67,7 @@ Key trust deployments do not need client issued certificates for on-premises aut
 The minimum required Enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party Enterprise certification authority. The requirements for the domain controller certificate are shown below. For more details, see [Requirements for domain controller certificates from a third-party CA](https://support.microsoft.com/help/291010/requirements-for-domain-controller-certificates-from-a-third-party-ca).
-* The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL.
+* The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL, or an Authority Information Access (AIA) extension that points to an Online Certificate Status Protocol (OCSP) responder.
 * The certificate Subject section should contain the directory path of the server object (the distinguished name).
 * The certificate Key Usage section must contain Digital Signature and Key Encipherment.
 * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None].
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@ -8,7 +8,6 @@
 ### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
 ### [Overview of Microsoft Defender Security Center](microsoft-defender-atp/use.md)
 ### [Portal overview](microsoft-defender-atp/portal-overview.md)
 ### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/gov.md)
 ### [Microsoft Defender ATP for non-Windows platforms](microsoft-defender-atp/non-windows.md)
 ## [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md)
@ -278,7 +277,7 @@
 #### [Configure]()
 ##### [Configure iOS features](microsoft-defender-atp/ios-configure-features.md)
-#### [Privacy](microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md)
+#### [Privacy](microsoft-defender-atp/ios-privacy.md)
 ### [Microsoft Defender Advanced Threat Protection for Linux]()
@ -297,6 +296,7 @@
 ##### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md)
 ##### [Set preferences](microsoft-defender-atp/linux-preferences.md)
 ##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/linux-pua.md)
 ##### [Schedule scans with Microsoft Defender ATP for Linux](microsoft-defender-atp/linux-schedule-scan-atp.md)
 #### [Troubleshoot]()
 ##### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md)
--- a/windows/security/threat-protection/images/linux-mdatp-1.png
+++ b/windows/security/threat-protection/images/linux-mdatp-1.png
--- a/windows/security/threat-protection/images/linux-mdatp.png
+++ b/windows/security/threat-protection/images/linux-mdatp.png
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md
@ -1,78 +1,96 @@
 ---
-title: Microsoft Defender ATP for iOS note on Privacy
+title: Privacy information - Microsoft Defender for Endpoint for iOS
 ms.reviewer:
-description: Describes the Microsoft Defender ATP for iOS Privacy
+description: Describes privacy information for Microsoft Defender for Endpoint for iOS
-keywords: microsoft, defender, atp, iOS, license, terms, application, use, installation, service, feedback, scope, 
+keywords: microsoft, defender, atp, ios, policy, overview
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: sunasing
+ms.author: macapara
-author: sunasing
+author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
 - m365-security-compliance 
 - m365initiative-defender-endpoint 
 ms.topic: conceptual
 hideEdit: true
 ---
-# Microsoft Defender ATP for iOS - Privacy information
+# Privacy information - Microsoft Defender for Endpoint for iOS
 **Applies to:**
 - [Microsoft Defender for Endpoint](microsoft-defender-atp-ios.md)
->[!NOTE]
+> [!NOTE]
-> Defender for Endpoint for iOS uses a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. Microsoft or your organization **does not see your browsing activity**.
+> Defender for Endpoint for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. **Microsoft or your organization, does not see your browsing activity.**
-Defender for Endpoint for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint.
+Defender for Endpoint for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint. The information is collected to help keep Defender for Endpoint for iOS secure, up-to-date, performing as expected, and to support the service.
-Information is collected to help keep Defender for Endpoint for iOS secure, up-to-date, performing as expected and to support the service.
+For more information about data storage, see [Microsoft Defender for Endpoint data storage and privacy](data-storage-privacy.md).
-## Required data
+## Required data 
-Required data consists of data that is necessary to make Defender for Endpoint for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. Here's a list of the types of data being collected:
+Required data consists of data that is necessary to make Defender for Endpoint for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. 
-### Web page / Network information
+Here is a list of the types of data being collected: 
- Connection information
+### Web page or Network information 
 - Protocol type (such as HTTP, HTTPS, etc.)
-### Device and account information
+- Connection information only when a malicious connection or web page is detected. 
- Device information such as date & time, iOS version, CPU info, and Device identifier
+- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected. 
 - Device identifier is one of the below:
    - Wi-Fi adapter MAC address
    - Randomly generated globally unique identifier (GUID)
- Tenant, Device, and User information
+### Device and account information 
    - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory.
    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory
    - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted
    - User Principal Name - Email ID of the user
-### Product and service usage data
+- Device information such as date & time, iOS version, CPU info, and Device identifier, where Device identifier is one of the following: 
- App package info, including name, version, and app upgrade status
+    - Wi-Fi adapter MAC address 
 - Actions performed in the app
 - Crash report logs generated by iOS
 - Memory usage data
-## Optional data
+    - Randomly generated globally unique identifier (GUID) 
-Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself.
+- Tenant, Device, and User information 
-Optional diagnostic data includes:
+    - Azure Active Directory (AD) Device ID and Azure User ID - Uniquely identifies the device, User respectively at Azure Active directory. 
- App, CPU, and network usage
+    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory. 
 - Features configured by the admin
-**Feedback Data** is collected through in-app feedback provided by the user.
+    - Microsoft Defender for Endpoint org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify if there are issues affecting a select set of enterprises and the number of enterprises impacted. 
    - User Principal Name - Email ID of the user. 
 ### Product and service usage data 
 The following information is collected only for Microsoft Defender for Endpoint app installed on the device. 
 - App package info, including name, version, and app upgrade status. 
 - Actions done in the app. 
 - Crash report logs generated by iOS. 
 - Memory usage data. 
 ## Optional Data 
 Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself. 
 Optional diagnostic data includes: 
 - App, CPU, and network usage for Defender for Endpoint. 
 - Features configured by the admin for Defender for Endpoint. 
 Feedback Data is collected through in-app feedback provided by the user. 
 - The user's email address, if they choose to provide it.
 - Feedback type (smile, frown, idea) and any feedback comments submitted by the user. 
 For more information, see [More on Privacy](https://aka.ms/mdatpiosprivacystatement).
 - The user's email address, if they choose to provide it
 - Feedback type (smile, frown, idea) and any feedback comments submitted by the user
 [More on Privacy](https://aka.ms/mdatpiosprivacystatement)
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md
@ -0,0 +1,167 @@
 ---
 title: How to schedule scans with Microsoft Defender for Endpoint (Linux)
 description: Learn how to schedule an automatic scanning time for Microsoft Defender for Endpoint (Linux) to better protect your organization's assets.
 keywords: microsoft, defender, atp, linux, scans, antivirus, microsoft defender for endpoint (linux)
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: dansimp
 author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 # Schedule scans with Microsoft Defender for Endpoint (Linux)
 To run a scan for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands).
 Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks.
 ## Pre-requisite
 > [!NOTE]
 > To get a list of all the time zones, run the following command:
 > `timedatectl list-timezones`<br>
 > Examples for timezones:
 > - `America/Los_Angeles`
 > - `America/New_York`
 > - `America/Chicago`
 > - `America/Denver`
 ## To set the Cron job
 Use the following commands:
 **To backup crontab entries**
 `sudo crontab -l > /var/tmp/cron_backup_200919.dat`
 > [!NOTE]
 > Where 200919 == YRMMDD
 > [!TIP]
 > Do this before you edit or remove. <br>
 To edit the crontab, and add a new job as a root user: <br>
 `sudo crontab -e`
 > [!NOTE]
 > The default editor is VIM.
 You might see:
 0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh
 Press “Insert”
 Add the following entries:
 CRON_TZ=America/Los_Angeles
 0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log
 > [!NOTE]
 >In this example, we have  set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8).
 Press “Esc”
 Type “:wq” without the double quotes.
 > [!NOTE]
 > w == write, q == quit
 To view your cron jobs, type `sudo crontab -l`
 :::image type="content" source="..\images\linux-mdatp-1.png" alt-text="linux mdatp":::
 **To inspect cron job runs**
 `sudo grep mdatp /var/log/cron`
 **To inspect the mdatp_cron_job.log**
 `sudo nano mdatp_cron_job.log`
 ## For those who use Ansible, Chef, or Puppet
 Use the following commands:
 ### To set cron jobs in Ansible
 `cron – Manage cron.d and crontab entries`
 See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information.
 ### To set crontabs in Chef
 `cron resource`
 See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information.
 ### To set cron jobs in Puppet
 Resource Type: cron
 See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) for more information.
 Automating with Puppet: Cron jobs and scheduled tasks
 See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) for more information.
 ## Additional information
 **To get help with crontab**
 `man crontab`
 **To get a list of crontab file of the current user**
 `crontab -l`
 **To get a list of crontab file of another user**
 `crontab -u username -l`
 **To backup crontab entries**
 `crontab -l > /var/tmp/cron_backup.dat`
 > [!TIP]
 > Do this before you edit or remove. <br>
 **To restore crontab entries**
 `crontab /var/tmp/cron_backup.dat`
 **To edit the crontab and add a new job as a root user**
 `sudo crontab -e`
 **To edit the crontab and add a new job**
 `crontab -e`
 **To edit other user’s crontab entries**
 `crontab -u username -e`
 **To remove all crontab entries**
 `crontab -r`
 **To remove other user’s crontab entries**
 `crontab -u username -r`
 **Explanation**
 +—————- minute (values: 0 – 59) (special characters: , – * /)  <br>
 | +————- hour (values: 0 – 23) (special characters: , – * /) <br>
 | | +———- day of month (values: 1 – 31) (special characters: , – * / L W C)  <br>
 | | | +——- month (values: 1 – 12) (special characters: ,- * / )  <br>
 | | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) <br>
 | | | | |*****command to be executed
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
@ -150,13 +150,13 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender
 4. After the certificate is created and installed to your device, run the following command from the Terminal to sign the file:
    ```bash
-    $ security cms -S -N "<CertificateName>" -i <PathToFile>/com.apple.webcontent-filter.mobileconfig -o <PathToSignedFile>/com.microsoft.network-extension.signed.mobileconfig
+    $ security cms -S -N "<CertificateName>" -i <PathToFile>/com.microsoft.network-extension.mobileconfig -o <PathToSignedFile>/com.microsoft.network-extension.signed.mobileconfig
    ```
    For example, if the certificate name is **SigningCertificate** and the signed file is going to be stored in Documents:
    ```bash
-    $ security cms -S -N "SigningCertificate" -i ~/Documents/com.apple.webcontent-filter.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig
+    $ security cms -S -N "SigningCertificate" -i ~/Documents/com.microsoft.network-extension.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig
    ```
 5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.microsoft.network-extension.signed.mobileconfig` when prompted for the file.
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
@ -104,12 +104,13 @@ needs.<br>
 In the following section, you'll create a number of configuration policies.
 First is a configuration policy to select which groups of users or devices will
-be onboarded to Defender for Endpoint. 
+be onboarded to Defender for Endpoint:
 - [Endpoint detection and response](#endpoint-detection-and-response) 
 Then you will continue by creating several
-different types of endpoint security policies.
+different types of endpoint security policies:
 - [Endpoint detection and response](#endpoint-detection-and-response)
 - [Next-generation protection](#next-generation-protection)
 - [Attack surface reduction](#attack-surface-reduction--attack-surface-reduction-rules)