diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md index 84cd2e95c8..922ce9bb64 100644 --- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md @@ -29,72 +29,69 @@ Configuring the HP ArcSight Connector tool requires several configuration files This section guides you in getting the necessary information to set and use the required configuration files correctly. 1. Get the following information from your AAD application by selecting the **View Endpoint** on the application configuration page: - - OAuth 2 Token refresh URL - - OAuth 2 Client ID - - OAuth 2 Client secret + - OAuth 2.0 Token refresh URL + - OAuth 2.0 Client ID + - OAuth 2.0 Client secret 2. Download the wdatp-connector.properties file and update the following values: -(JOEY: UPLOAD FILE IN DOWNLOAD CENTER - PUT EMPTY PROPERTIES FILE. PUT WITH THE FOLLOWING VALUES.) +(JOEY: PUT IN THE LINK FROM DOWNLOAD MANAGEMENT STUDIO) - **client_ID**: OAuth 2 Client ID - **client_secret**: OAuth 2 Client secret - - **auth_url**: Append the following to the value you obtained from the AAD app: ```?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com ``` + - **auth_url**: ```https://login.microsoftonline.com/?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com ``` + + >!NOTE + >Replace *tenantID* with your tenant ID. + + - **token_url**: `https://login.microsoftonline.com//oauth2/token` + + >!NOTE + >Replace the *tenantID* value with your tenant ID. - For example: `https:////oauth2/authorize?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com` - - **token_url**: Use your tenant ID URL [JOEY: NOT SURE IF THIS IS CORRECT - PLEASE HELP PROVIDE TECHNICAL DESCRIPTION] - **redirect_uri**: ```https://localhost:44300/wdatpconnector``` - - **scope**: Leave blank [JOEY: NOT SURE IF THIS IS CORRECT - PLEASE CHECK] + - **scope**: Leave the value blank 3. Download the wdatp-connector.json.properties file. This file is used to parse the information from Windows Defender ATP to HP ArcSight consumable format. -(JOEY: UPLOAD FILE IN DOWNLOAD CENTER) +(JOEY: PUT IN THE LINK FROM DOWNLOAD MANAGEMENT STUDIO) ## Install and configure HP ArcSight SmartConnector The following steps assume that you have completed all the required steps in [Before you begin](#before-you-begin). 1. Install the latest 32-bit Windows SmartConnector installer. You can find this in the HPE Software center. The tool is typically installed in `C:\ArcSightSmartConnectors\\`. -[AVIV, NEED ALL THE SCREENSHOTS HERE] -[AVIV/BRIAN - WHAT IF THEY WANT TO USE 64-BIT? CAN I THEN JUST REMOVE THE WORDS 32-BIT?] -2. Open File Explorer and put the two configuration files in the installation location, for example: + >!NOTE + >Replace *descriptive_name* with your preferred location name. + +2. Follow the installation wizard through the following tasks: + - Introduction + - Choose Install Folder + - Choose Install Set + - Choose Shortcut Folder + - Pre-Installation Summary + - Installing... + + You can keep the default values for each of these tasks. + +3. Open File Explorer and put the two configuration files in the installation location, for example: - WDATP-connector.jsonparser.properties: `C:\ArcSightSmartConnectors\\current\user\agent\flexagent\` - WDATP-connector.properties: `C:\ArcSightSmartConnectors\\` - [AVIV - I BELIEVE THERE ARE SEVERAL SCREENS BEFORE THE CONNECTOR SETUP IS DISPLAYED. CAN YOU PROVIDE THOSE PLEASE?] +4. After the installation of the core connector completes, the Connector Setup window opens. In the Connector Setup window, select **Add a Connector**. -3. In the Connector Setup window, select **Add a Connector**. - - ![Connector Setup window - select Add a Connector](images/hp-1.png) - -4. Select the **ArcSight FlexConnector REST** connector and click **Next**. -![Connector Setup window - select ArcSight FlexConnector REST](images/hp-2.png) - -5. Generate a refresh token to use in the installer: - - a. Open a command prompt. Browse to `C:\ArcSightSmartConnectors\\current\bin`. - - b. Type: `arcsight restutil token -config C:\ArcSightSmartConnectors_Prod\WDATP\WDATP-connector.properties`. - A Web browser window will open. - - c. Type in your credentials then click on the password field to let the page redirect. - - d. In the login prompt enter your `DOMAIN\alias` [AVIV - ARE WE SURE OUR CUSTOMERS FULLOW THE SAME DOMAIN\ALIAS FORMAT?] and your password. After some redirects and providing permission to the app, a token is provided in the command prompt. - - f. Save the token in a secure location. +5. Select the **ArcSight FlexConnector REST** connector and click **Next**. 6. Type the following information in the parameter details form. All other values in the form are optional and can be left blank. -![Connector Setup - Enter parameter details](images/hp-3.png) - Field | Value :---|:--- Configuration File | Type in the name of the client property file. It must match the client property file. Events URL | https://DataAccess-PRD.trafficmanager.net:444/api/alerts Authentication Type | OAuth 2 OAuth 2 Client Properties file | Select wdatp-connector.properties. -Refresh Token | Paste the refresh token you generated in the previous step. +Refresh Token | Use either the Windows Defender ATP token URL or the restutil tool to get your refresh token.
**Get your refresh token using the Windows Defender ATP token URL:**
Open a browser and connect to the following URL: `https://DataAccess-PRD.trafficmanager.net:444/api/FetchToken?clientId=f7c1acd8-0458-48a0-a662-dba6de049d1c&tenantId=&clientSecret=`

NOTE: Replace the *tenantID* value with your tenant ID.
**Get your refresh token using the restutil tool:**
a. Open a command prompt. Navigate to `C:\ArcSightSmartConnectors\\current\bin`.
b. Type: `arcsight restutil token -config C:\ArcSightSmartConnectors_Prod\WDATP\WDATP-connector.properties`.A Web browser window will open.
c. A web browser will open. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials.
d. A refresh token is provided in the command prompt. -You can leave the destination parameter fields with the default values. +7. You can leave the destination parameter fields with the default values. ![Connector Setup - Enter parameter details](images/hp-5.png) Type in a name for the connector. You can leave the other fields blank. diff --git a/windows/manage/configure-windows-telemetry-in-your-organization.md b/windows/manage/configure-windows-telemetry-in-your-organization.md index 3bb9df599b..a7f9bbef7e 100644 --- a/windows/manage/configure-windows-telemetry-in-your-organization.md +++ b/windows/manage/configure-windows-telemetry-in-your-organization.md @@ -148,6 +148,7 @@ The following table defines the endpoints for telemetry services: | Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
settings-win.data.microsoft.com | | [Windows Error Reporting](http://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com | | [Online Crash Analysis](http://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com | +| OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 | ### Data use and access diff --git a/windows/manage/images/wufb-config1a.png b/windows/manage/images/wufb-config1a.png index 44ce007a76..1514b87528 100644 Binary files a/windows/manage/images/wufb-config1a.png and b/windows/manage/images/wufb-config1a.png differ diff --git a/windows/manage/images/wufb-config2.png b/windows/manage/images/wufb-config2.png index 0ab09d4868..f54eef9a50 100644 Binary files a/windows/manage/images/wufb-config2.png and b/windows/manage/images/wufb-config2.png differ diff --git a/windows/manage/images/wufb-config3a.png b/windows/manage/images/wufb-config3a.png index a76d1569be..538028cfdc 100644 Binary files a/windows/manage/images/wufb-config3a.png and b/windows/manage/images/wufb-config3a.png differ diff --git a/windows/manage/waas-integrate-wufb.md b/windows/manage/waas-integrate-wufb.md index d00083ad6c..bf9f2ebf78 100644 --- a/windows/manage/waas-integrate-wufb.md +++ b/windows/manage/waas-integrate-wufb.md @@ -23,10 +23,10 @@ You can integrate Windows Update for Business deployments with existing manageme ## Integrate Windows Update for Business with Windows Server Update Services -For Windows 10, version 1607, devices can now be configured to receive updates from both Windows Update and Windows Server Update Services (WSUS). In a joint WSUS and Windows Update for Business setup: +For Windows 10, version 1607, devices can now be configured to receive updates from both Windows Update (or Microsoft Update) and Windows Server Update Services (WSUS). In a joint WSUS and Windows Update for Business setup: - Devices will receive their Windows content from Microsoft and defer these updates according to Windows Update for Business policy -- All other content synced from WSUS will be directly applied to the device; that is, non-Windows Updates content will not follow your Windows Update for Business deferral policies +- All other content synced from WSUS will be directly applied to the device; that is, updates to products other than Windows will not follow your Windows Update for Business deferral policies ### Configuration example \#1: Deferring Windows Update updates with other update content hosted on WSUS @@ -34,13 +34,13 @@ For Windows 10, version 1607, devices can now be configured to receive updates f - Device is configured to defer Windows Quality Updates using Windows Update for Business - Device is also configured to be managed by WSUS -- Device is not configured to include Microsoft Updates from Windows Update (**Update/AllowMUUpdateService** = not enabled) -- Admin has opted to put Microsoft updates on WSUS +- Device is not configured to enable Microsoft Update (**Update/AllowMUUpdateService** = not enabled) +- Admin has opted to put updates to Office and other products on WSUS - Admin has also put 3rd party drivers on WSUS - - + +
ContentMetadata sourcePayload sourceDeferred?
Windows UpdateWindows UpdateWindows UpdateYes![diagram of content flow](images/wufb-config1a.png)
Microsoft Update (such as Office updates)WSUSWSUSNo
Updates to WindowsWindows UpdateWindows UpdateYes![diagram of content flow](images/wufb-config1a.png)
Updates to Office and other productsWSUSWSUSNo
Third-party driversWSUSWSUSNo
@@ -54,10 +54,9 @@ For Windows 10, version 1607, devices can now be configured to receive updates f - - - - + + +
ContentMetadata sourcePayload sourceDeferred?
Windows Update (exclude driver)Windows UpdateWindows UpdateYes![diagram of content flow](images/wufb-config2.png)
Windows Update driversWSUSWSUSNo
Microsoft Update (such as Office updates)WSUSWSUSNo
Windows drivers, third-party driversWSUSWSUSNo
Updates to Windows (excluding drivers)Windows UpdateWindows UpdateYes![diagram of content flow](images/wufb-config2.png)
Updates to Office and other productsWSUSWSUSNo
DriversWSUSWSUSNo
@@ -66,18 +65,18 @@ For Windows 10, version 1607, devices can now be configured to receive updates f **Configuration:** - Device is configured to defer Quality Updates using Windows Update for Business and to be managed by WSUS -- Device is configured to “receive updates for other Microsoft products” along with Windows Update updates (**Update/AllowMUUpdateService** = enabled) -- Admin has also placed Microsoft Update content on the WSUS server +- Device is configured to “receive updates for other Microsoft products” along with updates to Windows (**Update/AllowMUUpdateService** = enabled) +- Admin has also placed Microsoft Update, third-paprty, and locally-published update content on the WSUS server -In this example, the Microsoft Update deferral behavior is slightly different than if WSUS were not enabled. -- In a non-WSUS case, the Microsoft Update updates would be deferred just as any Windows Update update would be. -- However, with WSUS also configured, Microsoft Update content is sourced from Microsoft but deferral policies are not applied. +In this example, the deferral behavior for updates to Office and other non-Windows products is slightly different than if WSUS were not enabled. +- In a non-WSUS case, these updates would be deferred just as any update to Windows would be. +- However, with WSUS also configured, these updates are sourced from Microsoft but deferral policies are not applied. - - - + + +
ContentMetadata sourcePayload sourceDeferred?
Windows Update (exclude drivers)Windows UpdateWindows UpdateYes![diagram of content flow](images/wufb-config3a.png)
Microsoft Update (such as Office updates)Microsoft UpdateMicrosoft UpdateNo
Drivers, third-partyWSUSWSUSNo
Updates to Windows (excluding drivers)Microsoft UpdateMicrosoft UpdateYes![diagram of content flow](images/wufb-config3a.png)
Updates to Office and other productsMicrosoft UpdateMicrosoft UpdateNo
Drivers, third-party applicationsWSUSWSUSNo
>[!NOTE] diff --git a/windows/manage/waas-restart.md b/windows/manage/waas-restart.md index 84f1227699..e8a8394d2d 100644 --- a/windows/manage/waas-restart.md +++ b/windows/manage/waas-restart.md @@ -27,7 +27,7 @@ When you set the **Configure Automatic Updates** policy to **Auto download and s When **Configure Automatic Updates** is enabled, you can enable one of the following additional policies to manage device restart: - **Turn off auto-restart for updates during active hours** prevents automatic restart during active hours. -- **Always automatically restart at the scheduled time** forces a restart after the specified installation time and lets you configure a timer to warn a signed-in user that a restart is going to occur. +- **Always automatically restart at the scheduled time** forces a restart after the specified installation time and lets you configure a timer to warn a signed-in user that a restart is going to occur. To set the time, you need to go **Configure Automatic Updates**, select option **4 - Auto download and schedule the install**, and then enter a time in the **Scheduled install time** dropdown. - **No auto-restart with logged on users for scheduled automatic updates installations** prevents automatic restart when a user is signed in. If a user schedules the restart in the update notification, the device will restart at the time the user specifies even if a user is signed in at the time. This policy only applies when **Configure Automatic Updates** is set to option **4-Auto download and schedule the install**. ## Configure active hours