From 3f44b6c933dbf3c2e3590536f7faa431cf519413 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Mon, 18 Jun 2018 09:51:06 -0400 Subject: [PATCH 01/10] Mention cost of solution Similar to this page - Upgrade Readiness, we should mention the cost of Update Compliance https://docs.microsoft.com/en-us/windows/deployment/upgrade/upgrade-readiness-get-started --- windows/deployment/update/update-compliance-get-started.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 9d1b01ce0f..c2f19abb9c 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -27,6 +27,9 @@ Steps are provided in sections that follow the recommended setup process: Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/) or the Azure [Log Analytics overview](https://azure.microsoft.com/services/log-analytics/). +>[!IMPORTANT] +>Update Compliance is a free solution for Azure subscribers. + If you are already using OMS, skip to step **6** to add Update Compliance to your workspace. >[!NOTE] @@ -74,4 +77,4 @@ Once you've added Update Compliance to Microsoft Operations Management Suite, yo ## Use Update Compliance to monitor Windows Updates -Once your devices are enrolled, you can starte to [Use Update Compliance to monitor Windows Updates](update-compliance-using.md). \ No newline at end of file +Once your devices are enrolled, you can starte to [Use Update Compliance to monitor Windows Updates](update-compliance-using.md). From d6daa45b0736029b1b56c0c4fd3439d7b9022806 Mon Sep 17 00:00:00 2001 From: Richard Zhang Date: Mon, 18 Jun 2018 08:56:06 -0700 Subject: [PATCH 02/10] Add support for Windows 10 IoT Enterprise SKU MBAM team has completed the test for Windows 10 IoT Enterprise SKU. add this one to the supported list. --- mdop/mbam-v25/mbam-25-supported-configurations.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md index 8c4076c276..7b603f1d3f 100644 --- a/mdop/mbam-v25/mbam-25-supported-configurations.md +++ b/mdop/mbam-v25/mbam-25-supported-configurations.md @@ -464,6 +464,12 @@ The following table lists the operating systems that are supported for MBAM Clie + +

Windows 10 IoT

+

Enterprise

+

+

32-bit or 64-bit

+

Windows 10

Enterprise

@@ -518,6 +524,12 @@ The following table lists the operating systems that are supported for MBAM Grou + +

Windows 10 IoT

+

Enterprise

+

+

32-bit or 64-bit

+

Windows 10

Enterprise

From ed5a4444a7be5a778a785925d376e3cf67602f0f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 18 Jun 2018 11:16:23 -0700 Subject: [PATCH 03/10] update top level onboard topic --- ...ows-defender-advanced-threat-protection.md | 139 +++++++++--------- 1 file changed, 70 insertions(+), 69 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index e5ee209594..d46258d563 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -1,70 +1,71 @@ ---- -title: Onboard machines to the Windows Defender ATP service -description: Onboard Windows 10 machines, servers, non-Windows machines and learn how to run a detection test. -keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: high -ms.date: 04/24/2018 ---- - -# Onboard machines to the Windows Defender ATP service - -**Applies to:** - -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education -- macOS -- Linux -- Windows Server 2012 R2 -- Windows Server 2016 -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - -[!include[Prerelease information](prerelease.md)] - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) - -You need to onboard to Windows Defender ATP before you can use the service. - -For more information, see [Onboard your Windows 10 machines to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be). - -## Licensing requirements -Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: - - - Windows 10 Enterprise E5 - - Windows 10 Education E5 - - Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5 - -For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). - -## Windows Defender Antivirus configuration requirement -The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. - -You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). - -When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy. - -If you are onboarding servers and Windows Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Windows Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md). - - -For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). - - -## In this section -Topic | Description -:---|:--- -[Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise. -[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP -[Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. -[Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service. -[Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings. -[Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding. - +--- +title: Onboard machines to the Windows Defender ATP service +description: Onboard Windows 10 machines, servers, non-Windows machines and learn how to run a detection test. +keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 06/18/2018 +--- + +# Onboard machines to the Windows Defender ATP service + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- macOS +- Linux +- Windows Server 2012 R2 +- Windows Server 2016 +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) + +You need to onboard to Windows Defender ATP before you can use the service. + +For more information, see [Onboard your Windows 10 machines to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be). + +## Licensing requirements +Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: + + - Windows 10 Enterprise E5 + - Windows 10 Education E5 + - Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5 + +For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). + +## Windows Defender Antivirus configuration requirement +The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. + +You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). + +When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy. + +If you are onboarding servers and Windows Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Windows Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md). + + +For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). + + +## In this section +Topic | Description +:---|:--- +[Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise. +[Onboard previous versions of Windows](onboard-configure-windows-defender-advanced-threat-protection .md)| +[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP +[Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. +[Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service. +[Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings. +[Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding. + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) \ No newline at end of file From 3eff6b0f71ec0c7efcd1d36a015d08a1ba72174b Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 18 Jun 2018 11:34:26 -0700 Subject: [PATCH 04/10] add downlevel support --- ...ard-configure-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index d46258d563..2c409b2bbb 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -61,7 +61,7 @@ For more information, see [Windows Defender Antivirus compatibility](../windows- Topic | Description :---|:--- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise. -[Onboard previous versions of Windows](onboard-configure-windows-defender-advanced-threat-protection .md)| +[Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)| Onboard Windows 7 and Windows 8.1 machines to Windows Defender ATP [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service. From 76e170355cc65fa23b5d297d37c57e92821b782f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 18 Jun 2018 11:39:56 -0700 Subject: [PATCH 05/10] remove dns --- ...blocked-list-windows-defender-advanced-threat-protection.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md index 824dbb804b..27426578b6 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -42,8 +42,7 @@ You can define the conditions for when entities are identified as malicious or s - File hash - Certificate - IP address - - DNS - + 3. Click **Add system exclusion**. 4. For each attribute specify the exclusion type, details, and their corresponding required values. From 7bd3cda6d1aacfe47ed1d40e4dc8b65d0a10e754 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 18 Jun 2018 12:11:47 -0700 Subject: [PATCH 06/10] copyedit --- .../protect-enterprise-data-using-wip.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index b6041c8b1f..1ad43ba3f3 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -8,7 +8,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.author: justinha -ms.date: 05/30/2018 +ms.date: 06/18/2018 ms.localizationpriority: medium --- @@ -39,7 +39,7 @@ As an admin, you can address the question of who gets access to your data by usi In the end, all of these security measures have one thing in common: employees will tolerate only so much inconvenience before looking for ways around the security restrictions. For example, if you don’t allow employees to share files through a protected system, employees will turn to an outside app that more than likely lacks security controls. ### Using data loss prevention systems -To help address this security insufficiency, company’s developed data loss prevention (also known as DLP) systems. Data loss prevention systems require: +To help address this security insufficiency, companies developed data loss prevention (also known as DLP) systems. Data loss prevention systems require: - **A set of rules about how the system can identify and categorize the data that needs to be protected.** For example, a rule set might contain a rule that identifies credit card numbers and another rule that identifies Social Security numbers. - **A way to scan company data to see whether it matches any of your defined rules.** Currently, Microsoft Exchange Server and Exchange Online provide this service for email in transit, while Microsoft SharePoint and SharePoint Online provide this service for content stored in document libraries. From 5e3a6fadad5e0864310bdea0dbefe5f3b611e0ba Mon Sep 17 00:00:00 2001 From: Ryan Ries Date: Mon, 18 Jun 2018 14:13:38 -0500 Subject: [PATCH 07/10] Adding more detail about Kerberos service tickets Adding more detail about Kerberos service tickets --- .../credential-guard/credential-guard-protection-limits.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md index 1f51382ce3..aad838b212 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md @@ -31,6 +31,7 @@ Some ways to store credentials are not protected by Windows Defender Credential - Digest and CredSSP credentials - When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. - Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well.- +- Kerberos service tickets are not encrypted, only the Kerberos Ticket Granting Ticket (TGT) is encrypted. - When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it does not provide additional protection from privileged system attacks originating from the host. - Windows logon cached password verifiers (commonly called "cached credentials") do not qualify as credentials because they cannot be presented to another computer for authentication, and can only be used locally to verify credentials. They are stored in the registry on the local computer and provide validation for credentials when a domain-joined computer cannot connect to AD DS during user logon. These “cached logons”, or more specifically, cached domain account information, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller is not available. From 9b1ea04133287f77cc41625faa2d70618290dc25 Mon Sep 17 00:00:00 2001 From: Ryan Ries Date: Mon, 18 Jun 2018 14:28:53 -0500 Subject: [PATCH 08/10] Update credential-guard-protection-limits.md --- .../credential-guard/credential-guard-protection-limits.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md index aad838b212..a619cc000a 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md @@ -31,7 +31,7 @@ Some ways to store credentials are not protected by Windows Defender Credential - Digest and CredSSP credentials - When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. - Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well.- -- Kerberos service tickets are not encrypted, only the Kerberos Ticket Granting Ticket (TGT) is encrypted. +- Kerberos service tickets are not protected by CredGuard, but the Kerberos Ticket Granting Ticket (TGT) is. - When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it does not provide additional protection from privileged system attacks originating from the host. - Windows logon cached password verifiers (commonly called "cached credentials") do not qualify as credentials because they cannot be presented to another computer for authentication, and can only be used locally to verify credentials. They are stored in the registry on the local computer and provide validation for credentials when a domain-joined computer cannot connect to AD DS during user logon. These “cached logons”, or more specifically, cached domain account information, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller is not available. From 44b76b0fa190384f9f8b78f661b36e6c71e737dd Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 18 Jun 2018 12:30:43 -0700 Subject: [PATCH 09/10] Update credential-guard-protection-limits.md --- .../credential-guard/credential-guard-protection-limits.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md index a619cc000a..1428ee92e3 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md @@ -31,7 +31,7 @@ Some ways to store credentials are not protected by Windows Defender Credential - Digest and CredSSP credentials - When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. - Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well.- -- Kerberos service tickets are not protected by CredGuard, but the Kerberos Ticket Granting Ticket (TGT) is. +- Kerberos service tickets are not protected by Credential Guard, but the Kerberos Ticket Granting Ticket (TGT) is. - When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it does not provide additional protection from privileged system attacks originating from the host. - Windows logon cached password verifiers (commonly called "cached credentials") do not qualify as credentials because they cannot be presented to another computer for authentication, and can only be used locally to verify credentials. They are stored in the registry on the local computer and provide validation for credentials when a domain-joined computer cannot connect to AD DS during user logon. These “cached logons”, or more specifically, cached domain account information, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller is not available. From 91faf29dafb0028c1ae30cda88e85c81fa14f217 Mon Sep 17 00:00:00 2001 From: Richard Zhang Date: Mon, 18 Jun 2018 15:18:33 -0700 Subject: [PATCH 10/10] Update release-notes-for-mbam-25-sp1.md --- mdop/mbam-v25/release-notes-for-mbam-25-sp1.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md index 6fb8a41a78..a39802e24b 100644 --- a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md +++ b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md @@ -136,10 +136,12 @@ Digging this further with Fiddler – it does look like once we click on Reports **Workaround:** Looking at the site.master code and noticed the X-UA mode was dictated as IE8. As IE8 is WAY past the end of life, and customer is using IE11. Update the setting to the below code. This allows the site to utilize IE11 rendering technologies - + Original setting is: - + + + This is the reason why the issue was not seen with other browsers like Chrome, Firefox etc.