deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into lsaldanha-4611645-ESIM

Browse Source
This commit is contained in:
Daniel Simpson 2020-11-09 06:55:19 -08:00 committed by GitHub
commit 9d236f051e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
169 changed files with 19522 additions and 1112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/client-management/mdm/TOC.md
View File

@ -175,6 +175,7 @@
#### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md)
#### [ADMX_AppCompat](policy-csp-admx-appcompat.md)
#### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md)
#### [ADMX_Bits](policy-csp-admx-bits.md)
#### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md)
#### [ADMX_COM](policy-csp-admx-com.md)
#### [ADMX_Cpls](policy-csp-admx-cpls.md)
@ -198,30 +199,39 @@
#### [ADMX_nca](policy-csp-admx-nca.md)
#### [ADMX_NCSI](policy-csp-admx-ncsi.md)
#### [ADMX_Netlogon](policy-csp-admx-netlogon.md)
#### [ADMX_NetworkConnections](policy-csp-admx-networkconnections.md)
#### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md)
#### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md)
#### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md)
#### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md)
#### [ADMX_Reliability](policy-csp-admx-reliability.md)
#### [ADMX_Scripts](policy-csp-admx-scripts.md)
#### [ADMX_sdiageng](policy-csp-admx-sdiageng.md)
#### [ADMX_Securitycenter](policy-csp-admx-securitycenter.md)
#### [ADMX_Sensors](policy-csp-admx-sensors.md)
#### [ADMX_Servicing](policy-csp-admx-servicing.md)
#### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md)
#### [ADMX_Sharing](policy-csp-admx-sharing.md)
#### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md)
#### [ADMX_Smartcard](policy-csp-admx-smartcard.md)
#### [ADMX_Snmp](policy-csp-admx-snmp.md)
#### [ADMX_StartMenu](policy-csp-admx-startmenu.md)
#### [ADMX_Taskbar](policy-csp-admx-taskbar.md)
#### [ADMX_tcpip](policy-csp-admx-tcpip.md)
#### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md)
#### [ADMX_TPM](policy-csp-admx-tpm.md)
#### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md)
#### [ADMX_W32Time](policy-csp-admx-w32time.md)
#### [ADMX_WCM](policy-csp-admx-wcm.md)
#### [ADMX_WinCal](policy-csp-admx-wincal.md)
#### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md)
#### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
#### [ADMX_WindowsExplorer](policy-csp-admx-windowsexplorer.md)
#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
#### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md)
#### [ADMX_WinInit](policy-csp-admx-wininit.md)
#### [ADMX_wlansvc](policy-csp-admx-wlansvc.md)
#### [ApplicationDefaults](policy-csp-applicationdefaults.md)
#### [ApplicationManagement](policy-csp-applicationmanagement.md)
#### [AppRuntime](policy-csp-appruntime.md)

329
windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
View File

@ -42,6 +42,24 @@ ms.date: 10/08/2020
- [ADMX_AppCompat/AppCompatTurnOffUserActionRecord](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffuseractionrecord)
- [ADMX_AppCompat/AppCompatTurnOffProgramInventory](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprograminventory)
- [ADMX_AuditSettings/IncludeCmdLine](./policy-csp-admx-auditsettings.md#admx-auditsettings-includecmdline)
- [ADMX_Bits/BITS_DisableBranchCache](./policy-csp-admx-bits.md#admx-bits-bits-disablebranchcache)
- [ADMX_Bits/BITS_DisablePeercachingClient](./policy-csp-admx-bits.md#admx-bits-bits-disablepeercachingclient)
- [ADMX_Bits/BITS_DisablePeercachingServer](./policy-csp-admx-bits.md#admx-bits-bits-disablepeercachingserver)
- [ADMX_Bits/BITS_EnablePeercaching](./policy-csp-admx-bits.md#admx-bits-bits-enablepeercaching)
- [ADMX_Bits/BITS_MaxBandwidthServedForPeers](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthservedforpeers)
- [ADMX_Bits/BITS_MaxBandwidthV2_Maintenance](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthv2-maintenance)
- [ADMX_Bits/BITS_MaxBandwidthV2_Work](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthv2-work)
- [ADMX_Bits/BITS_MaxCacheSize](./policy-csp-admx-bits.md#admx-bits-bits-maxcachesize)
- [ADMX_Bits/BITS_MaxContentAge](./policy-csp-admx-bits.md#admx-bits-bits-maxcontentage)
- [ADMX_Bits/BITS_MaxDownloadTime](./policy-csp-admx-bits.md#admx-bits-bits-maxdownloadtime)
- [ADMX_Bits/BITS_MaxFilesPerJob](./policy-csp-admx-bits.md#admx-bits-bits-maxfilesperjob)
- [ADMX_Bits/BITS_MaxJobsPerMachine](./policy-csp-admx-bits.md#admx-bits-bits-maxjobspermachine)
- [ADMX_Bits/BITS_MaxJobsPerUser](./policy-csp-admx-bits.md#admx-bits-bits-maxjobsperuser)
- [ADMX_Bits/BITS_MaxRangesPerFile](./policy-csp-admx-bits.md#admx-bits-bits-maxrangesperfile)
- [ADMX_CipherSuiteOrder/SSLCipherSuiteOrder](./policy-csp-admx-ciphersuiteorder.md#admx-ciphersuiteorder-sslciphersuiteorder)
- [ADMX_CipherSuiteOrder/SSLCurveOrder](./policy-csp-admx-ciphersuiteorder.md#admx-ciphersuiteorder-sslcurveorder)
- [ADMX_COM/AppMgmt_COM_SearchForCLSID_1](./policy-csp-admx-com.md#admx-com-appmgmt-com-searchforclsid-1)
- [ADMX_COM/AppMgmt_COM_SearchForCLSID_2](./policy-csp-admx-com.md#admx-com-appmgmt-com-searchforclsid-2)
- [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md#admx-cpls-usedefaulttile)
- [ADMX_CtrlAltDel/DisableChangePassword](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablechangepassword)
- [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer)
@ -121,6 +139,110 @@ ms.date: 10/08/2020
- [ADMX_MMC/MMC_LinkToWeb](./policy-csp-admx-mmc.md#admx-mmc-mmc-linktoweb)
- [ADMX_MMC/MMC_Restrict_Author](./policy-csp-admx-mmc.md#admx-mmc-mmc-restrict-author)
- [ADMX_MMC/MMC_Restrict_To_Permitted_Snapins](./policy-csp-admx-mmc.md#admx-mmc-mmc-restrict-to-permitted-snapins)
- [ADMX_MMCSnapins/MMC_ADMComputers_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-admcomputers-1)
- [ADMX_MMCSnapins/MMC_ADMComputers_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-admcomputers-2)
- [ADMX_MMCSnapins/MMC_ADMUsers_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-admusers-1)
- [ADMX_MMCSnapins/MMC_ADMUsers_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-admusers-2)
- [ADMX_MMCSnapins/MMC_ADSI](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-adsi)
- [ADMX_MMCSnapins/MMC_ActiveDirDomTrusts](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-activedirdomtrusts)
- [ADMX_MMCSnapins/MMC_ActiveDirSitesServices](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-activedirsitesservices)
- [ADMX_MMCSnapins/MMC_ActiveDirUsersComp](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-activediruserscomp)
- [ADMX_MMCSnapins/MMC_AppleTalkRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-appletalkrouting)
- [ADMX_MMCSnapins/MMC_AuthMan](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-authman)
- [ADMX_MMCSnapins/MMC_CertAuth](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-certauth)
- [ADMX_MMCSnapins/MMC_CertAuthPolSet](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-certauthpolset)
- [ADMX_MMCSnapins/MMC_Certs](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-certs)
- [ADMX_MMCSnapins/MMC_CertsTemplate](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-certstemplate)
- [ADMX_MMCSnapins/MMC_ComponentServices](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-componentservices)
- [ADMX_MMCSnapins/MMC_ComputerManagement](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-computermanagement)
- [ADMX_MMCSnapins/MMC_ConnectionSharingNAT](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-connectionsharingnat)
- [ADMX_MMCSnapins/MMC_DCOMCFG](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-dcomcfg)
- [ADMX_MMCSnapins/MMC_DFS](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-dfs)
- [ADMX_MMCSnapins/MMC_DHCPRelayMgmt](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-dhcprelaymgmt)
- [ADMX_MMCSnapins/MMC_DeviceManager_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-devicemanager-1)
- [ADMX_MMCSnapins/MMC_DeviceManager_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-devicemanager-2)
- [ADMX_MMCSnapins/MMC_DiskDefrag](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-diskdefrag)
- [ADMX_MMCSnapins/MMC_DiskMgmt](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-diskmgmt)
- [ADMX_MMCSnapins/MMC_EnterprisePKI](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-enterprisepki)
- [ADMX_MMCSnapins/MMC_EventViewer_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-eventviewer-1)
- [ADMX_MMCSnapins/MMC_EventViewer_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-eventviewer-2)
- [ADMX_MMCSnapins/MMC_EventViewer_3](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-eventviewer-3)
- [ADMX_MMCSnapins/MMC_EventViewer_4](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-eventviewer-4)
- [ADMX_MMCSnapins/MMC_FAXService](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-faxservice)
- [ADMX_MMCSnapins/MMC_FailoverClusters](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-failoverclusters)
- [ADMX_MMCSnapins/MMC_FolderRedirection_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-folderredirection-1)
- [ADMX_MMCSnapins/MMC_FolderRedirection_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-folderredirection-2)
- [ADMX_MMCSnapins/MMC_FrontPageExt](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-frontpageext)
- [ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-grouppolicymanagementsnapin)
- [ADMX_MMCSnapins/MMC_GroupPolicySnapIn](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-grouppolicysnapin)
- [ADMX_MMCSnapins/MMC_GroupPolicyTab](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-grouppolicytab)
- [ADMX_MMCSnapins/MMC_HRA](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-hra)
- [ADMX_MMCSnapins/MMC_IAS](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ias)
- [ADMX_MMCSnapins/MMC_IASLogging](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iaslogging)
- [ADMX_MMCSnapins/MMC_IEMaintenance_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iemaintenance-1)
- [ADMX_MMCSnapins/MMC_IEMaintenance_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iemaintenance-2)
- [ADMX_MMCSnapins/MMC_IGMPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-igmprouting)
- [ADMX_MMCSnapins/MMC_IIS](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iis)
- [ADMX_MMCSnapins/MMC_IPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iprouting)
- [ADMX_MMCSnapins/MMC_IPSecManage_GP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipsecmanage-gp)
- [ADMX_MMCSnapins/MMC_IPXRIPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipxriprouting)
- [ADMX_MMCSnapins/MMC_IPXRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipxrouting)
- [ADMX_MMCSnapins/MMC_IPXSAPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipxsaprouting)
- [ADMX_MMCSnapins/MMC_IndexingService](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-indexingservice)
- [ADMX_MMCSnapins/MMC_IpSecManage](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipsecmanage)
- [ADMX_MMCSnapins/MMC_IpSecMonitor](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipsecmonitor)
- [ADMX_MMCSnapins/MMC_LocalUsersGroups](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-localusersgroups)
- [ADMX_MMCSnapins/MMC_LogicalMappedDrives](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-logicalmappeddrives)
- [ADMX_MMCSnapins/MMC_NPSUI](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-npsui)
- [ADMX_MMCSnapins/MMC_NapSnap](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-napsnap)
- [ADMX_MMCSnapins/MMC_NapSnap_GP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-napsnap-gp)
- [ADMX_MMCSnapins/MMC_Net_Framework](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-net-framework)
- [ADMX_MMCSnapins/MMC_OCSP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ocsp)
- [ADMX_MMCSnapins/MMC_OSPFRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ospfrouting)
- [ADMX_MMCSnapins/MMC_PerfLogsAlerts](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-perflogsalerts)
- [ADMX_MMCSnapins/MMC_PublicKey](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-publickey)
- [ADMX_MMCSnapins/MMC_QoSAdmission](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-qosadmission)
- [ADMX_MMCSnapins/MMC_RAS_DialinUser](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ras-dialinuser)
- [ADMX_MMCSnapins/MMC_RIPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-riprouting)
- [ADMX_MMCSnapins/MMC_RIS](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ris)
- [ADMX_MMCSnapins/MMC_RRA](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-rra)
- [ADMX_MMCSnapins/MMC_RSM](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-rsm)
- [ADMX_MMCSnapins/MMC_RemStore](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-remstore)
- [ADMX_MMCSnapins/MMC_RemoteAccess](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-remoteaccess)
- [ADMX_MMCSnapins/MMC_RemoteDesktop](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-remotedesktop)
- [ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-resultantsetofpolicysnapin)
- [ADMX_MMCSnapins/MMC_Routing](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-routing)
- [ADMX_MMCSnapins/MMC_SCA](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sca)
- [ADMX_MMCSnapins/MMC_SMTPProtocol](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-smtpprotocol)
- [ADMX_MMCSnapins/MMC_SNMP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-snmp)
- [ADMX_MMCSnapins/MMC_ScriptsMachine_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-scriptsmachine-1)
- [ADMX_MMCSnapins/MMC_ScriptsMachine_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-scriptsmachine-2)
- [ADMX_MMCSnapins/MMC_ScriptsUser_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-scriptsuser-1)
- [ADMX_MMCSnapins/MMC_ScriptsUser_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-scriptsuser-2)
- [ADMX_MMCSnapins/MMC_SecuritySettings_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-securitysettings-1)
- [ADMX_MMCSnapins/MMC_SecuritySettings_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-securitysettings-2)
- [ADMX_MMCSnapins/MMC_SecurityTemplates](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-securitytemplates)
- [ADMX_MMCSnapins/MMC_SendConsoleMessage](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sendconsolemessage)
- [ADMX_MMCSnapins/MMC_ServerManager](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-servermanager)
- [ADMX_MMCSnapins/MMC_ServiceDependencies](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-servicedependencies)
- [ADMX_MMCSnapins/MMC_Services](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-services)
- [ADMX_MMCSnapins/MMC_SharedFolders](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sharedfolders)
- [ADMX_MMCSnapins/MMC_SharedFolders_Ext](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sharedfolders-ext)
- [ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-softwareinstalationcomputers-1)
- [ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-softwareinstalationcomputers-2)
- [ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-softwareinstallationusers-1)
- [ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-softwareinstallationusers-2)
- [ADMX_MMCSnapins/MMC_SysInfo](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sysinfo)
- [ADMX_MMCSnapins/MMC_SysProp](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sysprop)
- [ADMX_MMCSnapins/MMC_TPMManagement](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-tpmmanagement)
- [ADMX_MMCSnapins/MMC_Telephony](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-telephony)
- [ADMX_MMCSnapins/MMC_TerminalServices](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-terminalservices)
- [ADMX_MMCSnapins/MMC_WMI](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wmi)
- [ADMX_MMCSnapins/MMC_WindowsFirewall](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-windowsfirewall)
- [ADMX_MMCSnapins/MMC_WindowsFirewall_GP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-windowsfirewall-gp)
- [ADMX_MMCSnapins/MMC_WiredNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirednetworkpolicy)
- [ADMX_MMCSnapins/MMC_WirelessMon](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessmon)
- [ADMX_MMCSnapins/MMC_WirelessNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessnetworkpolicy)
- [ADMX_MSAPolicy/IncludeMicrosoftAccount_DisableUserAuthCmdLine](./policy-csp-admx-msapolicy.md#admx-msapolicy-microsoftaccount-disableuserauth)
- [ADMX_nca/CorporateResources](./policy-csp-admx-nca.md#admx-nca-corporateresources)
- [ADMX_nca/CustomCommands](./policy-csp-admx-nca.md#admx-nca-customcommands)
@ -172,6 +294,33 @@ ms.date: 10/08/2020
- [ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-sysvolsharecompatibilitymode)
- [ADMX_Netlogon/Netlogon_TryNextClosestSite](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-trynextclosestsite)
- [ADMX_Netlogon/Netlogon_UseDynamicDns](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-usedynamicdns)
- [ADMX_NetworkConnections/NC_AddRemoveComponents](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-addremovecomponents)
- [ADMX_NetworkConnections/NC_AdvancedSettings](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-advancedsettings)
- [ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-allowadvancedtcpipconfig)
- [ADMX_NetworkConnections/NC_ChangeBindState](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-changebindstate)
- [ADMX_NetworkConnections/NC_DeleteAllUserConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-deletealluserconnection)
- [ADMX_NetworkConnections/NC_DeleteConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-deleteconnection)
- [ADMX_NetworkConnections/NC_DialupPrefs](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-dialupprefs)
- [ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-donotshowlocalonlyicon)
- [ADMX_NetworkConnections/NC_EnableAdminProhibits](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-enableadminprohibits)
- [ADMX_NetworkConnections/NC_ForceTunneling](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-forcetunneling)
- [ADMX_NetworkConnections/NC_IpStateChecking](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-ipstatechecking)
- [ADMX_NetworkConnections/NC_LanChangeProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanchangeproperties)
- [ADMX_NetworkConnections/NC_LanConnect](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanconnect)
- [ADMX_NetworkConnections/NC_LanProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanproperties)
- [ADMX_NetworkConnections/NC_NewConnectionWizard](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-newconnectionwizard)
- [ADMX_NetworkConnections/NC_PersonalFirewallConfig](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-personalfirewallconfig)
- [ADMX_NetworkConnections/NC_RasAllUserProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasalluserproperties)
- [ADMX_NetworkConnections/NC_RasChangeProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-raschangeproperties)
- [ADMX_NetworkConnections/NC_RasConnect](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasconnect)
- [ADMX_NetworkConnections/NC_RasMyProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasmyproperties)
- [ADMX_NetworkConnections/NC_RenameAllUserRasConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamealluserrasconnection)
- [ADMX_NetworkConnections/NC_RenameConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renameconnection)
- [ADMX_NetworkConnections/NC_RenameLanConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamelanconnection)
- [ADMX_NetworkConnections/NC_RenameMyRasConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamemyrasconnection)
- [ADMX_NetworkConnections/NC_ShowSharedAccessUI](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-showsharedaccessui)
- [ADMX_NetworkConnections/NC_Statistics](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-statistics)
- [ADMX_NetworkConnections/NC_StdDomainUserSetLocation](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-stddomainusersetlocation)
- [ADMX_OfflineFiles/Pol_AlwaysPinSubFolders](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-alwayspinsubfolders)
- [ADMX_OfflineFiles/Pol_AssignedOfflineFiles_1](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-assignedofflinefiles-1)
- [ADMX_OfflineFiles/Pol_AssignedOfflineFiles_2](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-assignedofflinefiles-2)
@ -231,6 +380,10 @@ ms.date: 10/08/2020
- [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-2)
- [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-3)
- [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-4)
- [ADMX_PowerShellExecutionPolicy/EnableModuleLogging](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablemodulelogging)
- [ADMX_PowerShellExecutionPolicy/EnableScripts](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablescripts)
- [ADMX_PowerShellExecutionPolicy/EnableTranscripting](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enabletranscripting)
- [ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath)
- [ADMX_Reliability/EE_EnablePersistentTimeStamp](./policy-csp-admx-reliability.md#admx-reliability-ee-enablepersistenttimestamp)
- [ADMX_Reliability/PCH_ReportShutdownEvents](./policy-csp-admx-reliability.md#admx-reliability-pch-reportshutdownevents)
- [ADMX_Reliability/ShutdownEventTrackerStateFile](./policy-csp-admx-reliability.md#admx-reliability-shutdowneventtrackerstatefile)
@ -251,6 +404,11 @@ ms.date: 10/08/2020
- [ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy](./policy-csp-admx-sdiageng.md#admx-sdiageng-scripteddiagnosticsexecutionpolicy)
- [ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy](./policy-csp-admx-sdiageng.md#admx-sdiageng-scripteddiagnosticssecuritypolicy)
- [ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain](/policy-csp-admx-securitycenter.md#admx-securitycenter-securitycenter-securitycenterindomain)
- [ADMX_Sensors/DisableLocationScripting_1](./policy-csp-admx-sensors.md#admx-sensors-disablelocationscripting-1)
- [ADMX_Sensors/DisableLocationScripting_2](./policy-csp-admx-sensors.md#admx-sensors-disablelocationscripting-2)
- [ADMX_Sensors/DisableLocation_1](./policy-csp-admx-sensors.md#admx-sensors-disablelocation-1)
- [ADMX_Sensors/DisableSensors_1](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-1)
- [ADMX_Sensors/DisableSensors_2](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-2)
- [ADMX_Servicing/Servicing](./policy-csp-admx-servicing.md#admx-servicing-servicing)
- [ADMX_SharedFolders/PublishDfsRoots](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishdfsroots)
- [ADMX_SharedFolders/PublishSharedFolders](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishsharedfolders)
@ -278,6 +436,95 @@ ms.date: 10/08/2020
- [ADMX_Snmp/SNMP_Communities](./policy-csp-admx-snmp.md#admx-snmp-snmp-communities)
- [ADMX_Snmp/SNMP_PermittedManagers](./policy-csp-admx-snmp.md#admx-snmp-snmp-permittedmanagers)
- [ADMX_Snmp/SNMP_Traps_Public](./policy-csp-admx-snmp.md#admx-snmp-snmp-traps-public)
- [ADMX_StartMenu/AddSearchInternetLinkInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-addsearchinternetlinkinstartmenu)
- [ADMX_StartMenu/ClearRecentDocsOnExit](./policy-csp-admx-startmenu.md#admx-startmenu-clearrecentdocsonexit)
- [ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-clearrecentprogfornewuserinstartmenu)
- [ADMX_StartMenu/ClearTilesOnExit](./policy-csp-admx-startmenu.md#admx-startmenu-cleartilesonexit)
- [ADMX_StartMenu/DesktopAppsFirstInAppsView](./policy-csp-admx-startmenu.md#admx-startmenu-desktopappsfirstinappsview)
- [ADMX_StartMenu/DisableGlobalSearchOnAppsView](./policy-csp-admx-startmenu.md#admx-startmenu-disableglobalsearchonappsview)
- [ADMX_StartMenu/ForceStartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-forcestartmenulogoff)
- [ADMX_StartMenu/GoToDesktopOnSignIn](./policy-csp-admx-startmenu.md#admx-startmenu-gotodesktoponsignin)
- [ADMX_StartMenu/GreyMSIAds](./policy-csp-admx-startmenu.md#admx-startmenu-greymsiads)
- [ADMX_StartMenu/HidePowerOptions](./policy-csp-admx-startmenu.md#admx-startmenu-hidepoweroptions)
- [ADMX_StartMenu/Intellimenus](./policy-csp-admx-startmenu.md#admx-startmenu-intellimenus)
- [ADMX_StartMenu/LockTaskbar](./policy-csp-admx-startmenu.md#admx-startmenu-locktaskbar)
- [ADMX_StartMenu/MemCheckBoxInRunDlg](./policy-csp-admx-startmenu.md#admx-startmenu-memcheckboxinrundlg)
- [ADMX_StartMenu/NoAutoTrayNotify](./policy-csp-admx-startmenu.md#admx-startmenu-noautotraynotify)
- [ADMX_StartMenu/NoBalloonTip](./policy-csp-admx-startmenu.md#admx-startmenu-noballoontip)
- [ADMX_StartMenu/NoChangeStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nochangestartmenu)
- [ADMX_StartMenu/NoClose](./policy-csp-admx-startmenu.md#admx-startmenu-noclose)
- [ADMX_StartMenu/NoCommonGroups](./policy-csp-admx-startmenu.md#admx-startmenu-nocommongroups)
- [ADMX_StartMenu/NoFavoritesMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nofavoritesmenu)
- [ADMX_StartMenu/NoFind](./policy-csp-admx-startmenu.md#admx-startmenu-nofind)
- [ADMX_StartMenu/NoGamesFolderOnStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nogamesfolderonstartmenu)
- [ADMX_StartMenu/NoHelp](./policy-csp-admx-startmenu.md#admx-startmenu-nohelp)
- [ADMX_StartMenu/NoInstrumentation](./policy-csp-admx-startmenu.md#admx-startmenu-noinstrumentation)
- [ADMX_StartMenu/NoMoreProgramsList](./policy-csp-admx-startmenu.md#admx-startmenu-nomoreprogramslist)
- [ADMX_StartMenu/NoNetAndDialupConnect](./policy-csp-admx-startmenu.md#admx-startmenu-nonetanddialupconnect)
- [ADMX_StartMenu/NoPinnedPrograms](./policy-csp-admx-startmenu.md#admx-startmenu-nopinnedprograms)
- [ADMX_StartMenu/NoRecentDocsMenu](./policy-csp-admx-startmenu.md#admx-startmenu-norecentdocsmenu)
- [ADMX_StartMenu/NoResolveSearch](./policy-csp-admx-startmenu.md#admx-startmenu-noresolvesearch)
- [ADMX_StartMenu/NoResolveTrack](./policy-csp-admx-startmenu.md#admx-startmenu-noresolvetrack)
- [ADMX_StartMenu/NoRun](./policy-csp-admx-startmenu.md#admx-startmenu-norun)
- [ADMX_StartMenu/NoSMConfigurePrograms](./policy-csp-admx-startmenu.md#admx-startmenu-nosmconfigureprograms)
- [ADMX_StartMenu/NoSMMyDocuments](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmydocuments)
- [ADMX_StartMenu/NoSMMyMusic](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmymusic)
- [ADMX_StartMenu/NoSMMyNetworkPlaces](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmynetworkplaces)
- [ADMX_StartMenu/NoSMMyPictures](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmypictures)
- [ADMX_StartMenu/NoSearchCommInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchcomminstartmenu)
- [ADMX_StartMenu/NoSearchComputerLinkInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchcomputerlinkinstartmenu)
- [ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearcheverywherelinkinstartmenu)
- [ADMX_StartMenu/NoSearchFilesInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchfilesinstartmenu)
- [ADMX_StartMenu/NoSearchInternetInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchinternetinstartmenu)
- [ADMX_StartMenu/NoSearchProgramsInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchprogramsinstartmenu)
- [ADMX_StartMenu/NoSetFolders](./policy-csp-admx-startmenu.md#admx-startmenu-nosetfolders)
- [ADMX_StartMenu/NoSetTaskbar](./policy-csp-admx-startmenu.md#admx-startmenu-nosettaskbar)
- [ADMX_StartMenu/NoStartMenuDownload](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenudownload)
- [ADMX_StartMenu/NoStartMenuHomegroup](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenuhomegroup)
- [ADMX_StartMenu/NoStartMenuRecordedTV](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenurecordedtv)
- [ADMX_StartMenu/NoStartMenuSubFolders](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenusubfolders)
- [ADMX_StartMenu/NoStartMenuVideos](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenuvideos)
- [ADMX_StartMenu/NoStartPage](./policy-csp-admx-startmenu.md#admx-startmenu-nostartpage)
- [ADMX_StartMenu/NoTaskBarClock](./policy-csp-admx-startmenu.md#admx-startmenu-notaskbarclock)
- [ADMX_StartMenu/NoTaskGrouping](./policy-csp-admx-startmenu.md#admx-startmenu-notaskgrouping)
- [ADMX_StartMenu/NoToolbarsOnTaskbar](./policy-csp-admx-startmenu.md#admx-startmenu-notoolbarsontaskbar)
- [ADMX_StartMenu/NoTrayContextMenu](./policy-csp-admx-startmenu.md#admx-startmenu-notraycontextmenu)
- [ADMX_StartMenu/NoTrayItemsDisplay](./policy-csp-admx-startmenu.md#admx-startmenu-notrayitemsdisplay)
- [ADMX_StartMenu/NoUninstallFromStart](./policy-csp-admx-startmenu.md#admx-startmenu-nouninstallfromstart)
- [ADMX_StartMenu/NoUserFolderOnStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nouserfolderonstartmenu)
- [ADMX_StartMenu/NoUserNameOnStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nousernameonstartmenu)
- [ADMX_StartMenu/NoWindowsUpdate](./policy-csp-admx-startmenu.md#admx-startmenu-nowindowsupdate)
- [ADMX_StartMenu/PowerButtonAction](./policy-csp-admx-startmenu.md#admx-startmenu-powerbuttonaction)
- [ADMX_StartMenu/QuickLaunchEnabled](./policy-csp-admx-startmenu.md#admx-startmenu-quicklaunchenabled)
- [ADMX_StartMenu/RemoveUnDockPCButton](./policy-csp-admx-startmenu.md#admx-startmenu-removeundockpcbutton)
- [ADMX_StartMenu/ShowAppsViewOnStart](./policy-csp-admx-startmenu.md#admx-startmenu-showappsviewonstart)
- [ADMX_StartMenu/ShowRunAsDifferentUserInStart](./policy-csp-admx-startmenu.md#admx-startmenu-showrunasdifferentuserinstart)
- [ADMX_StartMenu/ShowRunInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-showruninstartmenu)
- [ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey](./policy-csp-admx-startmenu.md#admx-startmenu-showstartondisplaywithforegroundonwinkey)
- [ADMX_StartMenu/StartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-startmenulogoff)
- [ADMX_StartMenu/StartPinAppsWhenInstalled](./policy-csp-admx-startmenu.md#admx-startmenu-startpinappswheninstalled)
- [ADMX_Taskbar/DisableNotificationCenter](./policy-csp-admx-taskbar.md#admx-taskbar-disablenotificationcenter)
- [ADMX_Taskbar/EnableLegacyBalloonNotifications](./policy-csp-admx-taskbar.md#admx-taskbar-enablelegacyballoonnotifications)
- [ADMX_Taskbar/HideSCAHealth](./policy-csp-admx-taskbar.md#admx-taskbar-hidescahealth)
- [ADMX_Taskbar/HideSCANetwork](./policy-csp-admx-taskbar.md#admx-taskbar-hidescanetwork)
- [ADMX_Taskbar/HideSCAPower](./policy-csp-admx-taskbar.md#admx-taskbar-hidescapower)
- [ADMX_Taskbar/HideSCAVolume](./policy-csp-admx-taskbar.md#admx-taskbar-hidescavolume)
- [ADMX_Taskbar/NoBalloonFeatureAdvertisements](./policy-csp-admx-taskbar.md#admx-taskbar-noballoonfeatureadvertisements)
- [ADMX_Taskbar/NoPinningStoreToTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningstoretotaskbar)
- [ADMX_Taskbar/NoPinningToDestinations](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningtodestinations)
- [ADMX_Taskbar/NoPinningToTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningtotaskbar)
- [ADMX_Taskbar/NoRemoteDestinations](./policy-csp-admx-taskbar.md#admx-taskbar-noremotedestinations)
- [ADMX_Taskbar/NoSystraySystemPromotion](./policy-csp-admx-taskbar.md#admx-taskbar-nosystraysystempromotion)
- [ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-showwindowsstoreappsontaskbar)
- [ADMX_Taskbar/TaskbarLockAll](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarlockall)
- [ADMX_Taskbar/TaskbarNoAddRemoveToolbar](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoaddremovetoolbar)
- [ADMX_Taskbar/TaskbarNoDragToolbar](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnodragtoolbar)
- [ADMX_Taskbar/TaskbarNoMultimon](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnomultimon)
- [ADMX_Taskbar/TaskbarNoNotification](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnonotification)
- [ADMX_Taskbar/TaskbarNoPinnedList](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnopinnedlist)
- [ADMX_Taskbar/TaskbarNoRedock](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoredock)
- [ADMX_Taskbar/TaskbarNoResize](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoresize)
- [ADMX_Taskbar/TaskbarNoThumbnail](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnothumbnail)
- [ADMX_tcpip/6to4_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name)
- [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval)
- [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state)
@ -434,12 +681,86 @@ ms.date: 10/08/2020
- [ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient)
- [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient)
- [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpserver)
- [ADMX_WCM/WCM_DisablePowerManagement](./policy-csp-admx-wcm.md#admx-wcm-wcm-disablepowermanagement)
- [ADMX_WCM/WCM_EnableSoftDisconnect](./policy-csp-admx-wcm.md#admx-wcm-wcm-enablesoftdisconnect)
- [ADMX_WCM/WCM_MinimizeConnections](./policy-csp-admx-wcm.md#admx-wcm-wcm-minimizeconnections)
- [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1)
- [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2)
- [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled)
- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1)
- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2)
- [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar)
- [ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-checksamesourceandtargetforfranddfs)
- [ADMX_WindowsExplorer/ClassicShell](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-classicshell)
- [ADMX_WindowsExplorer/ConfirmFileDelete](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-confirmfiledelete)
- [ADMX_WindowsExplorer/DefaultLibrariesLocation](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-defaultlibrarieslocation)
- [ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disablebinddirectlytopropertysetstorage)
- [ADMX_WindowsExplorer/DisableIndexedLibraryExperience](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disableindexedlibraryexperience)
- [ADMX_WindowsExplorer/DisableKnownFolders](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disableknownfolders)
- [ADMX_WindowsExplorer/DisableSearchBoxSuggestions](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disablesearchboxsuggestions)
- [ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enableshellshortcuticonremotepath)
- [ADMX_WindowsExplorer/EnableSmartScreen](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enablesmartscreen)
- [ADMX_WindowsExplorer/EnforceShellExtensionSecurity](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enforceshellextensionsecurity)
- [ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-explorerribbonstartsminimized)
- [ADMX_WindowsExplorer/HideContentViewModeSnippets](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-hidecontentviewmodesnippets)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-internet)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-internetlockdown)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-intranet)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-intranetlockdown)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-localmachine)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-localmachinelockdown)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-restricted)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-restrictedlockdown)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-trusted)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-trustedlockdown)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-internet)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-internetlockdown)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-intranet)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-intranetlockdown)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-localmachine)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-localmachinelockdown)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-restricted)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-restrictedlockdown)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-trusted)
- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-trustedlockdown)
- [ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-linkresolveignorelinkinfo)
- [ADMX_WindowsExplorer/MaxRecentDocs](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-maxrecentdocs)
- [ADMX_WindowsExplorer/NoBackButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nobackbutton)
- [ADMX_WindowsExplorer/NoCDBurning](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nocdburning)
- [ADMX_WindowsExplorer/NoCacheThumbNailPictures](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nocachethumbnailpictures)
- [ADMX_WindowsExplorer/NoChangeAnimation](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nochangeanimation)
- [ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nochangekeyboardnavigationindicators)
- [ADMX_WindowsExplorer/NoDFSTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nodfstab)
- [ADMX_WindowsExplorer/NoDrives](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nodrives)
- [ADMX_WindowsExplorer/NoEntireNetwork](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noentirenetwork)
- [ADMX_WindowsExplorer/NoFileMRU](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofilemru)
- [ADMX_WindowsExplorer/NoFileMenu](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofilemenu)
- [ADMX_WindowsExplorer/NoFolderOptions](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofolderoptions)
- [ADMX_WindowsExplorer/NoHardwareTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nohardwaretab)
- [ADMX_WindowsExplorer/NoManageMyComputerVerb](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nomanagemycomputerverb)
- [ADMX_WindowsExplorer/NoMyComputerSharedDocuments](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nomycomputershareddocuments)
- [ADMX_WindowsExplorer/NoNetConnectDisconnect](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nonetconnectdisconnect)
- [ADMX_WindowsExplorer/NoNewAppAlert](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nonewappalert)
- [ADMX_WindowsExplorer/NoPlacesBar](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noplacesbar)
- [ADMX_WindowsExplorer/NoRecycleFiles](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-norecyclefiles)
- [ADMX_WindowsExplorer/NoRunAsInstallPrompt](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-norunasinstallprompt)
- [ADMX_WindowsExplorer/NoSearchInternetTryHarderButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nosearchinternettryharderbutton)
- [ADMX_WindowsExplorer/NoSecurityTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nosecuritytab)
- [ADMX_WindowsExplorer/NoShellSearchButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noshellsearchbutton)
- [ADMX_WindowsExplorer/NoStrCmpLogical](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nostrcmplogical)
- [ADMX_WindowsExplorer/NoViewContextMenu](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noviewcontextmenu)
- [ADMX_WindowsExplorer/NoViewOnDrive](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noviewondrive)
- [ADMX_WindowsExplorer/NoWindowsHotKeys](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nowindowshotkeys)
- [ADMX_WindowsExplorer/NoWorkgroupContents](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noworkgroupcontents)
- [ADMX_WindowsExplorer/PlacesBar](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-placesbar)
- [ADMX_WindowsExplorer/PromptRunasInstallNetPath](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-promptrunasinstallnetpath)
- [ADMX_WindowsExplorer/RecycleBinSize](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-recyclebinsize)
- [ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-shellprotocolprotectedmodetitle-1)
- [ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-shellprotocolprotectedmodetitle-2)
- [ADMX_WindowsExplorer/ShowHibernateOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showhibernateoption)
- [ADMX_WindowsExplorer/ShowSleepOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showsleepoption)
- [ADMX_WindowsExplorer/TryHarderPinnedLibrary](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedlibrary)
- [ADMX_WindowsExplorer/TryHarderPinnedOpenSearch](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedopensearch)
- [ADMX_WindowsMediaDRM/DisableOnline](./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline)
- [ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings)
- [ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings)
@ -462,9 +783,17 @@ ms.date: 10/08/2020
- [ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventwmpdesktopshortcut)
- [ADMX_WindowsMediaPlayer/SkinLockDown](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-skinlockdown)
- [ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-windowsstreamingmediaprotocols)
- [ADMX_WindowsStore/DisableAutoDownloadWin8](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableautodownloadwin8)
- [ADMX_WindowsStore/DisableOSUpgrade_1](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-1)
- [ADMX_WindowsStore/DisableOSUpgrade_2](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-2)
- [ADMX_WindowsStore/RemoveWindowsStore_1](./policy-csp-admx-windowsstore.md#admx-windowsstore-removewindowsstore-1)
- [ADMX_WindowsStore/RemoveWindowsStore_2](./policy-csp-admx-windowsstore.md#admx-windowsstore-removewindowsstore-2)
- [ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription](./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription)
- [ADMX_WinInit/Hiberboot](./policy-csp-admx-wininit.md#admx-wininit-hiberboot)
- [ADMX_WinInit/ShutdownTimeoutHungSessionsDescription](./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription)
- [ADMX_wlansvc/SetCost](./policy-csp-admx-wlansvc.md#admx-wlansvc-setcost)
- [ADMX_wlansvc/SetPINEnforced](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinenforced)
- [ADMX_wlansvc/SetPINPreferred](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinpreferred)
- [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
- [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
- [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)

1064
windows/client-management/mdm/policy-configuration-service-provider.md
View File

File diff suppressed because it is too large Load Diff

1101
windows/client-management/mdm/policy-csp-admx-bits.md Normal file
View File

File diff suppressed because it is too large Load Diff

2199
windows/client-management/mdm/policy-csp-admx-networkconnections.md Normal file
View File

File diff suppressed because it is too large Load Diff

351
windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md Normal file
View File

@ -0,0 +1,351 @@
---
title: Policy CSP - ADMX_PowerShellExecutionPolicy
description: Policy CSP - ADMX_PowerShellExecutionPolicy
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 10/26/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_PowerShellExecutionPolicy
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_PowerShellExecutionPolicy policies
<dl>
<dd>
<a href="#admx-powershellexecutionpolicy-enablemodulelogging">ADMX_PowerShellExecutionPolicy/EnableModuleLogging</a>
</dd>
<dd>
<a href="#admx-powershellexecutionpolicy-enablescripts">ADMX_PowerShellExecutionPolicy/EnableScripts</a>
</dd>
<dd>
<a href="#admx-powershellexecutionpolicy-enabletranscripting">ADMX_PowerShellExecutionPolicy/EnableTranscripting</a>
</dd>
<dd>
<a href="#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath">ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-powershellexecutionpolicy-enablemodulelogging"></a>**ADMX_PowerShellExecutionPolicy/EnableModuleLogging**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on logging for Windows PowerShell modules.
If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False. If this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.
To add modules and snap-ins to the policy setting list, click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer.
> [!NOTE]
> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on Module Logging*
- GP name: *EnableModuleLogging*
- GP path: *Windows Components\Windows PowerShell*
- GP ADMX file name: *PowerShellExecutionPolicy.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-powershellexecutionpolicy-enablescripts"></a>**ADMX_PowerShellExecutionPolicy/EnableScripts**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.
If you enable this policy setting, the scripts selected in the drop-down list are allowed to run. The "Allow only signed scripts" policy setting allows scripts to execute only if they are signed by a trusted publisher.
The "Allow local scripts and remote signed scripts" policy setting allows any local scripts to run; scripts that originate from the Internet must be signed by a trusted publisher. The "Allow all scripts" policy setting allows all scripts to run.
If you disable this policy setting, no scripts are allowed to run.
> [!NOTE]
> This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration." If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed."
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on Script Execution*
- GP name: *EnableScripts*
- GP path: *Windows Components\Windows PowerShell*
- GP ADMX file name: *PowerShellExecutionPolicy.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-powershellexecutionpolicy-enabletranscripting"></a>**ADMX_PowerShellExecutionPolicy/EnableTranscripting**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other applications that leverage the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent to calling the Start-Transcript cmdlet on each Windows PowerShell session.
If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcripting can still be enabled through the Start-Transcript cmdlet.
If you use the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users from viewing the transcripts of other users or computers.
> [!NOTE]
> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on PowerShell Transcription*
- GP name: *EnableTranscripting*
- GP path: *Windows Components\Windows PowerShell*
- GP ADMX file name: *PowerShellExecutionPolicy.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath"></a>**ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.
If you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a different value with the SourcePath parameter on the Update-Help cmdlet.
If this policy setting is disabled or not configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet.
> [!NOTE]
> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set the default source path for Update-Help*
- GP name: *EnableUpdateHelpDefaultSourcePath*
- GP path: *Windows Components\Windows PowerShell*
- GP ADMX file name: *PowerShellExecutionPolicy.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

401
windows/client-management/mdm/policy-csp-admx-sensors.md Normal file
View File

@ -0,0 +1,401 @@
---
title: Policy CSP - ADMX_Sensors
description: Policy CSP - ADMX_Sensors
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 10/22/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_Sensors
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_Sensors policies
<dl>
<dd>
<a href="#admx-sensors-disablelocationscripting-1">ADMX_Sensors/DisableLocationScripting_1</a>
</dd>
<dd>
<a href="#admx-sensors-disablelocationscripting-2">ADMX_Sensors/DisableLocationScripting_2</a>
</dd>
<dd>
<a href="#admx-sensors-disablelocation-1">ADMX_Sensors/DisableLocation_1</a>
</dd>
<dd>
<a href="#admx-sensors-disablesensors-1">ADMX_Sensors/DisableSensors_1</a>
</dd>
<dd>
<a href="#admx-sensors-disablesensors-2">ADMX_Sensors/DisableSensors_2</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-sensors-disablelocationscripting-1"></a>**ADMX_Sensors/DisableLocationScripting_1**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
If you enable this policy setting, scripts for the location feature will not run.
If you disable or do not configure this policy setting, all location scripts will run.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off location scripting*
- GP name: *DisableLocationScripting_1*
- GP path: *Windows Components\Location and Sensors*
- GP ADMX file name: *Sensors.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-sensors-disablelocationscripting-2"></a>**ADMX_Sensors/DisableLocationScripting_2**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
If you enable this policy setting, scripts for the location feature will not run.
If you disable or do not configure this policy setting, all location scripts will run.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off location scripting*
- GP name: *DisableLocationScripting_2*
- GP path: *Windows Components\Location and Sensors*
- GP ADMX file name: *Sensors.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-sensors-disablelocation-1"></a>**ADMX_Sensors/DisableLocation_1**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the location feature for this computer.
If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.
If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off location*
- GP name: *DisableLocation_1*
- GP path: *Windows Components\Location and Sensors*
- GP ADMX file name: *Sensors.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-sensors-disablesensors-1"></a>**ADMX_Sensors/DisableSensors_1**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off sensors*
- GP name: *DisableSensors_1*
- GP path: *Windows Components\Location and Sensors*
- GP ADMX file name: *Sensors.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-sensors-disablesensors-2"></a>**ADMX_Sensors/DisableSensors_2**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off sensors*
- GP name: *DisableSensors_2*
- GP path: *Windows Components\Location and Sensors*
- GP ADMX file name: *Sensors.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

5010
windows/client-management/mdm/policy-csp-admx-startmenu.md Normal file
View File

File diff suppressed because it is too large Load Diff

1663
windows/client-management/mdm/policy-csp-admx-taskbar.md Normal file
View File

File diff suppressed because it is too large Load Diff

272
windows/client-management/mdm/policy-csp-admx-wcm.md Normal file
View File

@ -0,0 +1,272 @@
---
title: Policy CSP - ADMX_WCM
description: Policy CSP - ADMX_WCM
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 10/22/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_WCM
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_WCM policies
<dl>
<dd>
<a href="#admx-wcm-wcm-disablepowermanagement">ADMX_WCM/WCM_DisablePowerManagement</a>
</dd>
<dd>
<a href="#admx-wcm-wcm-enablesoftdisconnect">ADMX_WCM/WCM_EnableSoftDisconnect</a>
</dd>
<dd>
<a href="#admx-wcm-wcm-minimizeconnections">ADMX_WCM/WCM_MinimizeConnections</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-wcm-wcm-disablepowermanagement"></a>**ADMX_WCM/WCM_DisablePowerManagement**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that power management is disabled when the machine enters connected standby mode.
If this policy setting is enabled, Windows Connection Manager does not manage adapter radios to reduce power consumption when the machine enters connected standby mode.
If this policy setting is not configured or is disabled, power management is enabled when the machine enters connected standby mode.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Disable power management in connected standby mode*
- GP name: *WCM_DisablePowerManagement*
- GP path: *Network\Windows Connection Manager*
- GP ADMX file name: *WCM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-wcm-wcm-enablesoftdisconnect"></a>**ADMX_WCM/WCM_EnableSoftDisconnect**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows will soft-disconnect a computer from a network.
If this policy setting is enabled or not configured, Windows will soft-disconnect a computer from a network when it determines that the computer should no longer be connected to a network.
If this policy setting is disabled, Windows will disconnect a computer from a network immediately when it determines that the computer should no longer be connected to a network.
When soft disconnect is enabled:
- When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted.
- Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection.
- When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when theyre not actively using it (for example, email apps) might lose their connection. If this happens, these apps should re-establish their connection over a different network.
This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows will not disconnect from any networks.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable Windows to soft-disconnect a computer from a network*
- GP name: *WCM_EnableSoftDisconnect*
- GP path: *Network\Windows Connection Manager*
- GP ADMX file name: *WCM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-wcm-wcm-minimizeconnections"></a>**ADMX_WCM/WCM_MinimizeConnections**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting determines if a computer can have multiple connections to the internet or to a Windows domain. If multiple connections are allowed, it then determines how network traffic will be routed.
If this policy setting is set to 0, a computer can have simultaneous connections to the internet, to a Windows domain, or to both. Internet traffic can be routed over any connection - including a cellular connection and any metered network. This was previously the Disabled state for this policy setting. This option was first available in Windows 8.
If this policy setting is set to 1, any new automatic internet connection is blocked when the computer has at least one active internet connection to a preferred type of network. Here's the order of preference (from most preferred to least preferred): Ethernet, WLAN, then cellular. Ethernet is always preferred when connected. Users can still manually connect to any network. This was previously the Enabled state for this policy setting. This option was first available in Windows 8.
If this policy setting is set to 2, the behavior is similar to 1. However, if a cellular data connection is available, it will always stay connected for services that require a cellular connection. When the user is connected to a WLAN or Ethernet connection, no internet traffic will be routed over the cellular connection. This option was first available in Windows 10 (Version 1703).
If this policy setting is set to 3, the behavior is similar to 2. However, if there's an Ethernet connection, Windows won't allow users to connect to a WLAN manually. A WLAN can only be connected (automatically or manually) when there's no Ethernet connection.
This policy setting is related to the "Enable Windows to soft-disconnect a computer from a network" policy setting.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Minimize the number of simultaneous connections to the Internet or a Windows Domain*
- GP name: *WCM_MinimizeConnections*
- GP path: *Network\Windows Connection Manager*
- GP ADMX file name: *WCM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

5367
windows/client-management/mdm/policy-csp-admx-windowsexplorer.md Normal file
View File

File diff suppressed because it is too large Load Diff

409
windows/client-management/mdm/policy-csp-admx-windowsstore.md Normal file
View File

@ -0,0 +1,409 @@
---
title: Policy CSP - ADMX_WindowsStore
description: Policy CSP - ADMX_WindowsStore
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 10/26/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_WindowsStore
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_WindowsStore policies
<dl>
<dd>
<a href="#admx-windowsstore-disableautodownloadwin8">ADMX_WindowsStore/DisableAutoDownloadWin8</a>
</dd>
<dd>
<a href="#admx-windowsstore-disableosupgrade-1">ADMX_WindowsStore/DisableOSUpgrade_1</a>
</dd>
<dd>
<a href="#admx-windowsstore-disableosupgrade-2">ADMX_WindowsStore/DisableOSUpgrade_2</a>
</dd>
<dd>
<a href="#admx-windowsstore-removewindowsstore-1">ADMX_WindowsStore/RemoveWindowsStore_1</a>
</dd>
<dd>
<a href="#admx-windowsstore-removewindowsstore-2">ADMX_WindowsStore/RemoveWindowsStore_2</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-windowsstore-disableautodownloadwin8"></a>**ADMX_WindowsStore/DisableAutoDownloadWin8**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
If you enable this setting, the automatic download of app updates is turned off. If you disable this setting, the automatic download of app updates is turned on.
If you don't configure this setting, the automatic download of app updates is determined by a registry setting that the user can change using Settings in the Windows Store.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off Automatic Download of updates on Win8 machines*
- GP name: *DisableAutoDownloadWin8*
- GP path: *Windows Components\Store*
- GP ADMX file name: *WindowsStore.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<hr/>
<!--Policy-->
<a href="" id="admx-windowsstore-disableosupgrade-1"></a>**ADMX_WindowsStore/DisableOSUpgrade_1**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
If you enable this setting, the Store application will not offer updates to the latest version of Windows.
If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off the offer to update to the latest version of Windows*
- GP name: *DisableOSUpgrade_1*
- GP path: *Windows Components\Store*
- GP ADMX file name: *WindowsStore.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<hr/>
<!--Policy-->
<a href="" id="admx-windowsstore-disableosupgrade-2"></a>**ADMX_WindowsStore/DisableOSUpgrade_2**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
If you enable this setting, the Store application will not offer updates to the latest version of Windows.
If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off the offer to update to the latest version of Windows*
- GP name: *DisableOSUpgrade_2*
- GP path: *Windows Components\Store*
- GP ADMX file name: *WindowsStore.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<hr/>
<!--Policy-->
<a href="" id="admx-windowsstore-removewindowsstore-1"></a>**ADMX_WindowsStore/RemoveWindowsStore_1**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
If you disable or don't configure this setting, access to the Store application is allowed.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off the Store application*
- GP name: *RemoveWindowsStore_1*
- GP path: *Windows Components\Store*
- GP ADMX file name: *WindowsStore.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<hr/>
<!--Policy-->
<a href="" id="admx-windowsstore-removewindowsstore-2"></a>**ADMX_WindowsStore/RemoveWindowsStore_2**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
If you disable or don't configure this setting, access to the Store application is allowed.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off the Store application*
- GP name: *RemoveWindowsStore_2*
- GP path: *Windows Components\Store*
- GP ADMX file name: *WindowsStore.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

260
windows/client-management/mdm/policy-csp-admx-wlansvc.md Normal file
View File

@ -0,0 +1,260 @@
---
title: Policy CSP - ADMX_wlansvc
description: Policy CSP - ADMX_wlansvc
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 10/27/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_wlansvc
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_wlansvc policies
<dl>
<dd>
<a href="#admx-wlansvc-setcost">ADMX_wlansvc/SetCost</a>
</dd>
<dd>
<a href="#admx-wlansvc-setpinenforced">ADMX_wlansvc/SetPINEnforced</a>
</dd>
<dd>
<a href="#admx-wlansvc-setpinpreferred">ADMX_wlansvc/SetPINPreferred</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-wlansvc-setcost"></a>**ADMX_wlansvc/SetCost**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine.
If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all WLAN connections on the local machine:
- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.
- Variable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set Cost*
- GP name: *IncludeCmdLine*
- GP path: *Network\WLAN Service\WLAN Media Cost*
- GP ADMX file name: *wlansvc.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-wlansvc-setpinenforced"></a>**ADMX_wlansvc/SetPINEnforced**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devices is required rather than optional.
Conversely it means that Push Button is NOT allowed.
If this policy setting is disabled or is not configured, by default Push Button pairing is allowed (but not necessarily preferred).
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Require PIN pairing*
- GP name: *SetPINEnforced*
- GP path: *Network\Wireless Display*
- GP ADMX file name: *wlansvc.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-wlansvc-setpinpreferred"></a>**ADMX_wlansvc/SetPINPreferred**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods.
When enabled, it makes the connections to prefer a PIN for pairing to Wireless Display devices over the Push Button pairing method.
If this policy setting is disabled or is not configured, by default Push Button pairing is preferred (if allowed by other policies).
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prefer PIN pairing*
- GP name: *SetPINPreferred*
- GP path: *Network\Wireless Display*
- GP ADMX file name: *wlansvc.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

19
windows/configuration/stop-employees-from-using-microsoft-store.md
View File

@ -32,7 +32,6 @@ IT pros can configure access to Microsoft Store for client computers in their or
## Options to configure access to Microsoft Store
You can use these tools to configure access to Microsoft Store: AppLocker or Group Policy. For Windows 10, this is only supported on Windows 10 Enterprise edition.
## <a href="" id="block-store-applocker"></a>Block Microsoft Store using AppLocker
@ -64,6 +63,20 @@ For more information on AppLocker, see [What is AppLocker?](/windows/device-secu
8. Optional: On **Exceptions**, specify conditions by which to exclude files from being affected by the rule. This allows you to add exceptions based on the same rule reference and rule scope as you set before. Click **Next**.
## <a href="" id="block-store-csp"></a>Block Microsoft Store using configuration service provider
Applies to: Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education
If you have Windows 10 devices in your organization that are managed using a mobile device management (MDM) system, such as Microsoft Intune, you can block access to Microsoft Store app using the following configuration service providers (CSPs):
- [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider)
- [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp)
For more information, see [Configure an MDM provider](https://docs.microsoft.com/microsoft-store/configure-mdm-provider-microsoft-store-for-business).
For more information on the rules available via AppLocker on the different supported operating systems, see [Operating system requirements](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker#operating-system-requirements).
## <a href="" id="block-store-group-policy"></a>Block Microsoft Store using Group Policy
@ -87,12 +100,12 @@ You can also use Group Policy to manage access to Microsoft Store.
> [!Important]
> Enabling **Turn off the Store application** policy turns off app updates from Microsoft Store.
## <a href="" id="block-store-mdm"></a>Block Microsoft Store using management tool
## <a href="" id="block-store-mobile"></a>Block Microsoft Store on Windows 10 Mobile
Applies to: Windows 10 Mobile
If you have mobile devices in your organization that you upgraded from earlier versions of Windows Phone 8 to Windows 10 Mobile, existing policies created using the Windows Phone 8.1 configuration service providers (CSP) with your MDM tool will continue to work on Windows 10 Mobile. If you are starting with Windows 10 Mobile, we recommend using [AppLocker](#block-store-applocker) to manage access to Microsoft Store app.
If you have mobile devices in your organization that you upgraded from earlier versions of Windows Phone 8 to Windows 10 Mobile, existing policies created using the Windows Phone 8.1 CSPs with your MDM tool will continue to work on Windows 10 Mobile. If you are starting with Windows 10 Mobile, we recommend using [AppLocker](#block-store-applocker) to manage access to Microsoft Store app.
When your MDM tool supports Microsoft Store for Business, the MDM can use these CSPs to block Microsoft Store app:

6
windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
View File

@ -13,7 +13,7 @@ ms.author: deniseb
ms.custom: nextgen
ms.reviewer:
manager: dansimp
ms.date: 11/02/2020
ms.date: 11/06/2020
---
# Manage Microsoft Defender Antivirus updates and apply baselines
@ -77,11 +77,11 @@ All our updates contain
<details>
<summary> October-2020 (Platform: 4.18.2010.x | Engine: 1.1.17600.5)</summary>
<summary> October-2020 (Platform: 4.18.2010.7 | Engine: 1.1.17600.5)</summary>
&ensp;Security intelligence update version: **1.327.7.0**
&ensp;Released: **October 29, 2020**
&ensp;Platform: **4.18.2010.x**
&ensp;Platform: **4.18.2010.7**
&ensp;Engine: **1.1.17600.5**
&ensp;Support phase: **Security and Critical Updates**

32
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
View File

@ -13,7 +13,7 @@ ms.author: deniseb
ms.custom: nextgen
ms.reviewer:
manager: dansimp
ms.date: 09/28/2020
ms.date: 11/06/2020
---
# Microsoft Defender Antivirus compatibility
@ -27,17 +27,17 @@ ms.date: 09/28/2020
## Overview
Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection.
- If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Microsoft Defender Antivirus automatically goes into disabled mode.
- If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.)
- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) (currently in preview) enabled, then whenever a malicious artifact is detected, Microsoft Defender ATP takes action to block and remediate the artifact.
Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection.
- If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender for Endpoint is not used, then Microsoft Defender Antivirus automatically goes into disabled mode.
- If your organization is using Microsoft Defender for Endpoint together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.)
- If your organization is using Microsoft Defender for Endpoint together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) enabled, then whenever a malicious artifact is detected, Microsoft Defender for Endpoint takes action to block and remediate the artifact.
## Antivirus and Microsoft Defender ATP
## Antivirus and Microsoft Defender for Endpoint
The following table summarizes what happens with Microsoft Defender Antivirus when third-party antivirus products are used together or without Microsoft Defender ATP.
The following table summarizes what happens with Microsoft Defender Antivirus when third-party antivirus products are used together or without Microsoft Defender for Endpoint.
| Windows version | Antimalware protection offered by | Organization enrolled in Microsoft Defender ATP | Microsoft Defender Antivirus state |
| Windows version | Antimalware protection | Microsoft Defender for Endpoint enrollment | Microsoft Defender Antivirus state |
|------|------|-------|-------|
| Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode |
| Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode |
@ -72,32 +72,32 @@ The following table summarizes the functionality and features that are available
|State |[Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) |
|--|--|--|--|--|--|
|Active mode <br/><br/> |Yes |No |Yes |Yes |Yes |
|Passive mode |No |No |Yes |No |Yes |
|Passive mode |No |No |Yes |Only during [scheduled or on-demand scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus) |Yes |
|[EDR in block mode enabled](../microsoft-defender-atp/edr-in-block-mode.md) |No |No |Yes |Yes |Yes |
|Automatic disabled mode |No |Yes |No |No |No |
- In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
- When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items.
- In Automatic disabled mode, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated.
- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated.
## Keep the following points in mind
If you are enrolled in Microsoft Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Microsoft Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
If you are enrolled in Microsoft Defender for Endpoint and you are using a third-party antimalware product, then passive mode is enabled. [The service requires common information sharing from Microsoft Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
When Microsoft Defender Antivirus is automatic disabled, it can automatically re-enable if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats. This is to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app.
When Microsoft Defender Antivirus is automatically disabled, it can automatically re-enabled if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. This is to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app.
In passive mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
If you uninstall the other product, and choose to use Microsoft Defender Antivirus to provide protection to your endpoints, Microsoft Defender Antivirus will automatically return to its normal active mode.
> [!WARNING]
> You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
> You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender for Endpoint, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
> [!IMPORTANT]
> If you are using [Microsoft endpoint data loss prevention (Endpoint DLP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus real-time protection is enabled even when Microsoft Defender Antivirus is running in passive mode. Endpoint DLP depends on real-time protection to operate.
> If you are using [Microsoft Endpoint DLP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus real-time protection is enabled, even when Microsoft Defender Antivirus is running in passive mode. Endpoint DLP depends on real-time protection to operate.
## Related topics
## See also
- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
- [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md)

4
windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)

6
windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
View File

@ -21,9 +21,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
@ -38,7 +38,7 @@ Adds or remove tag to a specific [Machine](machine.md).
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---

30
windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
View File

@ -17,18 +17,18 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Configure advanced features in Microsoft Defender ATP
# Configure advanced features in Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Microsoft Defender ATP with.
Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Defender for Endpoint with.
Use the following advanced features to get better protected from potentially malicious files and gain better insight during security investigations:
@ -88,7 +88,7 @@ To use this feature, devices must be running Windows 10 version 1709 or later. T
For more information, see [Manage indicators](manage-indicators.md).
>[!NOTE]
>Network protection leverages reputation services that process requests in locations that might be outside of the location you have selected for your Microsoft Defender ATP data.
>Network protection leverages reputation services that process requests in locations that might be outside of the location you have selected for your Defender for Endpoint data.
## Show user details
@ -116,9 +116,9 @@ The integration with Azure Advanced Threat Protection allows you to pivot direct
## Microsoft Secure Score
Forwards Microsoft Defender ATP signals to Microsoft Secure Score in the Microsoft 365 security center. Turning on this feature gives Microsoft Secure Score visibility into the devices security posture. Forwarded data is stored and processed in the same location as the your Microsoft Secure Score data.
Forwards Defender for Endpoint signals to Microsoft Secure Score in the Microsoft 365 security center. Turning on this feature gives Microsoft Secure Score visibility into the devices security posture. Forwarded data is stored and processed in the same location as the your Microsoft Secure Score data.
### Enable the Microsoft Defender ATP integration from the Azure ATP portal
### Enable the Defender for Endpoint integration from the Azure ATP portal
To receive contextual device integration in Azure ATP, you'll also need to enable the feature in the Azure ATP portal.
@ -139,18 +139,18 @@ When you turn this feature on, you'll be able to incorporate data from Office 36
>[!NOTE]
>You'll need to have the appropriate license to enable this feature.
To receive contextual device integration in Office 365 Threat Intelligence, you'll need to enable the Microsoft Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).
To receive contextual device integration in Office 365 Threat Intelligence, you'll need to enable the Defender for Endpoint settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).
## Microsoft Threat Experts
Out of the two Microsoft Threat Expert components, targeted attack notification is in general availability. Experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. You can receive targeted attack notifications from Microsoft Threat Experts through your Microsoft Defender ATP portal's alerts dashboard and via email if you configure it.
Out of the two Microsoft Threat Expert components, targeted attack notification is in general availability. Experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. You can receive targeted attack notifications from Microsoft Threat Experts through your Defender for Endpoint portal's alerts dashboard and via email if you configure it.
>[!NOTE]
>The Microsoft Threat Experts capability in Microsoft Defender ATP is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security).
>The Microsoft Threat Experts capability in Defender for Endpoint is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security).
## Microsoft Cloud App Security
Enabling this setting forwards Microsoft Defender ATP signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Cloud App Security data.
Enabling this setting forwards Defender for Endpoint signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Cloud App Security data.
>[!NOTE]
>This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on devices running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions.
@ -161,10 +161,10 @@ Turning on this setting allows signals to be forwarded to Azure Information Prot
## Microsoft Intune connection
Microsoft Defender ATP can be integrated with [Microsoft Intune](https://docs.microsoft.com/intune/what-is-intune) to [enable device risk-based conditional access](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune). When you [turn on this feature](configure-conditional-access.md), you'll be able to share Microsoft Defender ATP device information with Intune, enhancing policy enforcement.
Defender for Endpoint can be integrated with [Microsoft Intune](https://docs.microsoft.com/intune/what-is-intune) to [enable device risk-based conditional access](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune). When you [turn on this feature](configure-conditional-access.md), you'll be able to share Defender for Endpoint device information with Intune, enhancing policy enforcement.
>[!IMPORTANT]
>You'll need to enable the integration on both Intune and Microsoft Defender ATP to use this feature. For more information on specific steps, see [Configure Conditional Access in Microsoft Defender ATP](configure-conditional-access.md).
>You'll need to enable the integration on both Intune and Defender for Endpoint to use this feature. For more information on specific steps, see [Configure Conditional Access in Defender for Endpoint](configure-conditional-access.md).
This feature is only available if you have the following:
@ -181,7 +181,7 @@ When you enable Intune integration, Intune will automatically create a classic C
## Preview features
Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
Learn about new features in the Defender for Endpoint preview release and be among the first to try upcoming features by turning on the preview experience.
You'll have access to upcoming features, which you can provide feedback on to help improve the overall experience before features are generally available.
@ -189,7 +189,7 @@ You'll have access to upcoming features, which you can provide feedback on to he
Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data.
After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Microsoft Defender ATP alerts will be shared with insider risk management for applicable users.
After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Defender for Endpoint alerts will be shared with insider risk management for applicable users.
## Enable advanced features

2
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md
View File

@ -24,7 +24,7 @@ ms.date: 09/20/2020
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Use the `AssignedIPAddresses()` function in your advanced hunting queries to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp argument, this function obtains the most recent IP addresses at the specified time.

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
View File

@ -23,9 +23,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink)
## Optimize query performance
@ -91,7 +91,7 @@ DeviceProcessEvents
| where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc"
```
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink)
## Related topics

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
View File

@ -25,9 +25,9 @@ ms.date: 01/22/2020
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `DeviceAlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The miscellaneous device events or `DeviceEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about various event types, including events triggered by security controls, such as Microsoft Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
View File

@ -25,9 +25,9 @@ ms.date: 01/14/2020
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `DeviceFileCertificateInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file signing certificates. This table uses data obtained from certificate verification activities regularly performed on files on endpoints.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `DeviceFileEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `DeviceImageLoadEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `DeviceInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about devices in the organization, including their OS version, active users, and computer name. Use this reference to construct queries that return information from the table.
@ -38,7 +38,7 @@ For information on other tables in the advanced hunting schema, see [the advance
| `DeviceId` | string | Unique identifier for the device in the service |
| `DeviceName` | string | Fully qualified domain name (FQDN) of the device |
| `ClientVersion` | string | Version of the endpoint agent or sensor running on the device |
| `PublicIP` | string | Public IP address used by the onboarded device to connect to the Microsoft Defender ATP service. This could be the IP address of the device itself, a NAT device, or a proxy |
| `PublicIP` | string | Public IP address used by the onboarded device to connect to the Defender for Endpoint service. This could be the IP address of the device itself, a NAT device, or a proxy |
| `OSArchitecture` | string | Architecture of the operating system running on the device |
| `OSPlatform` | string | Platform of the operating system running on the device. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7 |
| `OSBuild` | string | Build version of the operating system running on the device |

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `DeviceLogonEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `DeviceNetworkEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about network connections and related events. Use this reference to construct queries that return information from the table.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `DeviceNetworkInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about networking configuration of devices, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `DeviceProcessEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about process creation and related events. Use this reference to construct queries that return information from the table.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `DeviceRegistryEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md
View File

@ -22,9 +22,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
Advanced hunting displays errors to notify for syntax mistakes and whenever queries hit [predefined limits](advanced-hunting-limits.md). Refer to the table below for tips on how to resolve or avoid errors.

2
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md
View File

@ -24,7 +24,7 @@ ms.date: 10/10/2020
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[Advanced hunting](advanced-hunting-overview.md) relies on data coming from across your organization. To get the most comprehensive data possible, ensure that you have the correct settings in the corresponding data sources.

2
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md
View File

@ -22,7 +22,7 @@ ms.date: 09/20/2020
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
The `FileProfile()` function is an enrichment function in [advanced hunting](advanced-hunting-overview.md) that adds the following data to files found by the query.

2
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md
View File

@ -23,7 +23,7 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
With the *go hunt* action, you can quickly investigate events and various entity types using powerful query-based [advanced hunting](advanced-hunting-overview.md) capabilities. This action automatically runs an advanced hunting query to find relevant information about the selected event or entity.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md
View File

@ -22,9 +22,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
To keep the service performant and responsive, advanced hunting sets various limits for queries run manually and by [custom detection rules](custom-detection-rules.md). Refer to the following table to understand these limits.

4
windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- Azure Active Directory
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-basicaccess-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-basicaccess-abovefoldlink)
Refer to the instructions below to use basic permissions management.

18
windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
View File

@ -27,23 +27,23 @@ ms.collection:
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
## Overview
Todays threat landscape is overrun by [fileless malware](https://docs.microsoft.com/windows/security/threat-protection/intelligence/fileless-threats) and that lives off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, and human-operated attacks that adapt to what adversaries find on compromised devices. Traditional security solutions are not sufficient to stop such attacks; you need artificial intelligence (AI) and device learning (ML) backed capabilities, such as behavioral blocking and containment, included in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security).
Todays threat landscape is overrun by [fileless malware](https://docs.microsoft.com/windows/security/threat-protection/intelligence/fileless-threats) and that lives off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, and human-operated attacks that adapt to what adversaries find on compromised devices. Traditional security solutions are not sufficient to stop such attacks; you need artificial intelligence (AI) and device learning (ML) backed capabilities, such as behavioral blocking and containment, included in [Defender for Endpoint](https://docs.microsoft.com/windows/security).
Behavioral blocking and containment capabilities can help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. Next-generation protection, EDR, and Microsoft Defender ATP components and features work together in behavioral blocking and containment capabilities.
Behavioral blocking and containment capabilities can help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. Next-generation protection, EDR, and Defender for Endpoint components and features work together in behavioral blocking and containment capabilities.
:::image type="content" source="images/mdatp-next-gen-EDR-behavblockcontain.png" alt-text="Behavioral blocking and containment":::
Behavioral blocking and containment capabilities work with multiple components and features of Microsoft Defender ATP to stop attacks immediately and prevent attacks from progressing.
Behavioral blocking and containment capabilities work with multiple components and features of Defender for Endpoint to stop attacks immediately and prevent attacks from progressing.
- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) (which includes Microsoft Defender Antivirus) can detect threats by analyzing behaviors, and stop threats that have started running.
- [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) receives security signals across your network, devices, and kernel behavior. As threats are detected, alerts are created. Multiple alerts of the same type are aggregated into incidents, which makes it easier for your security operations team to investigate and respond.
- [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) has a wide range of optics across identities, email, data, and apps, in addition to the network, endpoint, and kernel behavior signals received through EDR. A component of [Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection), Microsoft Defender ATP processes and correlates these signals, raises detection alerts, and connects related alerts in incidents.
- [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) has a wide range of optics across identities, email, data, and apps, in addition to the network, endpoint, and kernel behavior signals received through EDR. A component of [Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection), Defender for Endpoint processes and correlates these signals, raises detection alerts, and connects related alerts in incidents.
With these capabilities, more threats can be prevented or blocked, even if they start running. Whenever suspicious behavior is detected, the threat is contained, alerts are created, and threats are stopped in their tracks.
@ -85,7 +85,7 @@ Below are two real-life examples of behavioral blocking and containment in actio
As described in [In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks](https://www.microsoft.com/security/blog/2019/10/08/in-hot-pursuit-of-elusive-threats-ai-driven-behavior-based-blocking-stops-attacks-in-their-tracks), a credential theft attack against 100 organizations around the world was stopped by behavioral blocking and containment capabilities. Spear-phishing email messages that contained a lure document were sent to the targeted organizations. If a recipient opened the attachment, a related remote document was able to execute code on the users device and load Lokibot malware, which stole credentials, exfiltrated stolen data, and waited for further instructions from a command-and-control server.
Behavior-based device learning models in Microsoft Defender ATP caught and stopped the attackers techniques at two points in the attack chain:
Behavior-based device learning models in Defender for Endpoint caught and stopped the attackers techniques at two points in the attack chain:
- The first protection layer detected the exploit behavior. Device learning classifiers in the cloud correctly identified the threat as and immediately instructed the client device to block the attack.
- The second protection layer, which helped stop cases where the attack got past the first layer, detected process hollowing, stopped that process, and removed the corresponding files (such as Lokibot).
@ -97,7 +97,7 @@ This example shows how behavior-based device learning models in the cloud add ne
### Example 2: NTLM relay - Juicy Potato malware variant
As described in the recent blog post, [Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection), in January 2020, Microsoft Defender ATP detected a privilege escalation activity on a device in an organization. An alert called “Possible privilege escalation using NTLM relay” was triggered.
As described in the recent blog post, [Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection), in January 2020, Defender for Endpoint detected a privilege escalation activity on a device in an organization. An alert called “Possible privilege escalation using NTLM relay” was triggered.
:::image type="content" source="images/NTLMalertjuicypotato.png" alt-text="NTLM alert for Juicy Potato malware":::
@ -113,7 +113,7 @@ This example shows that with behavioral blocking and containment capabilities, t
## Next steps
- [Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
- [Learn more about Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
- [Configure your attack surface reduction rules](attack-surface-reduction.md)
@ -121,4 +121,4 @@ This example shows that with behavioral blocking and containment capabilities, t
- [See recent global threat activity](https://www.microsoft.com/wdsi/threats)
- [Get an overview of Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
- [Get an overview of Microsoft 365 Defender ](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)

20
windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
View File

@ -18,32 +18,32 @@ ms.topic: article
ms.date: 04/24/2018
---
# Check sensor health state in Microsoft Defender ATP
# Check sensor health state in Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-checksensor-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-checksensor-abovefoldlink)
The **Devices with sensor issues** tile is found on the Security Operations dashboard. This tile provides information on the individual devices ability to provide sensor data and communicate with the Microsoft Defender ATP service. It reports how many devices require attention and helps you identify problematic devices and take action to correct known issues.
The **Devices with sensor issues** tile is found on the Security Operations dashboard. This tile provides information on the individual devices ability to provide sensor data and communicate with the Defender for Endpoint service. It reports how many devices require attention and helps you identify problematic devices and take action to correct known issues.
There are two status indicators on the tile that provide information on the number of devices that are not reporting properly to the service:
- **Misconfigured** - These devices might partially be reporting sensor data to the Microsoft Defender ATP service and might have configuration errors that need to be corrected.
- **Inactive** - Devices that have stopped reporting to the Microsoft Defender ATP service for more than seven days in the past month.
- **Misconfigured** - These devices might partially be reporting sensor data to the Defender for Endpoint service and might have configuration errors that need to be corrected.
- **Inactive** - Devices that have stopped reporting to the Defender for Endpoint service for more than seven days in the past month.
Clicking any of the groups directs you to **Devices list**, filtered according to your choice.
![Screenshot of Devices with sensor issues tile](images/atp-devices-with-sensor-issues-tile.png)
On **Devices list**, you can filter the health state list by the following status:
- **Active** - Devices that are actively reporting to the Microsoft Defender ATP service.
- **Misconfigured** - These devices might partially be reporting sensor data to the Microsoft Defender ATP service but have configuration errors that need to be corrected. Misconfigured devices can have either one or a combination of the following issues:
- **Active** - Devices that are actively reporting to the Defender for Endpoint service.
- **Misconfigured** - These devices might partially be reporting sensor data to the Defender for Endpoint service but have configuration errors that need to be corrected. Misconfigured devices can have either one or a combination of the following issues:
- **No sensor data** - Devices has stopped sending sensor data. Limited alerts can be triggered from the device.
- **Impaired communications** - Ability to communicate with device is impaired. Sending files for deep analysis, blocking files, isolating device from network and other actions that require communication with the device may not work.
- **Inactive** - Devices that have stopped reporting to the Microsoft Defender ATP service.
- **Inactive** - Devices that have stopped reporting to the Defender for Endpoint service.
You can also download the entire list in CSV format using the **Export** feature. For more information on filters, see [View and organize the Devices list](machines-view-overview.md).
@ -55,4 +55,4 @@ You can also download the entire list in CSV format using the **Export** feature
You can view the device details when you click on a misconfigured or inactive device.
## Related topic
- [Fix unhealthy sensors in Microsoft Defender ATP](fix-unhealthy-sensors.md)
- [Fix unhealthy sensors in Defender for Endpoint](fix-unhealthy-sensors.md)

12
windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md
View File

@ -27,11 +27,11 @@ ms.collection:
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
## Overview
Client behavioral blocking is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in Microsoft Defender ATP. As suspicious behaviors are detected on devices (also referred to as clients or endpoints), artifacts (such as files or applications) are blocked, checked, and remediated automatically.
Client behavioral blocking is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in Defender for Endpoint. As suspicious behaviors are detected on devices (also referred to as clients or endpoints), artifacts (such as files or applications) are blocked, checked, and remediated automatically.
:::image type="content" source="images/pre-execution-and-post-execution-detection-engines.png" alt-text="Cloud and client protection":::
@ -72,11 +72,11 @@ Behavior-based detections are named according to the [MITRE ATT&CK Matrix for En
## Configuring client behavioral blocking
If your organization is using Microsoft Defender ATP, client behavioral blocking is enabled by default. However, to benefit from all Microsoft Defender ATP capabilities, including [behavioral blocking and containment](behavioral-blocking-containment.md), make sure the following features and capabilities of Microsoft Defender ATP are enabled and configured:
If your organization is using Defender for Endpoint, client behavioral blocking is enabled by default. However, to benefit from all Defender for Endpoint capabilities, including [behavioral blocking and containment](behavioral-blocking-containment.md), make sure the following features and capabilities of Defender for Endpoint are enabled and configured:
- [Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)
- [Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)
- [Devices onboarded to Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-configure)
- [Devices onboarded to Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-configure)
- [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode)
@ -92,4 +92,4 @@ If your organization is using Microsoft Defender ATP, client behavioral blocking
- [(Blog) Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection/)
- [Helpful Microsoft Defender ATP resources](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/helpful-resources)
- [Helpful Defender for Endpoint resources](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/helpful-resources)

6
windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
View File

@ -22,9 +22,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Collect investigation package from a device.
@ -35,7 +35,7 @@ Collect investigation package from a device.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---

14
windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
View File

@ -17,15 +17,15 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Microsoft Defender ATP for US Government GCC High customers
# Microsoft Defender for Endpoint for US Government GCC High customers
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for US Government Community Cloud High (GCC High) customers, built in the US Azure Government environment, uses the same underlying technologies as Microsoft Defender ATP in Azure Commercial.
Microsoft Defender for Endpoint for US Government Community Cloud High (GCC High) customers, built in the US Azure Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial.
This offering is currently available to US Office 365 GCC High customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some key differences in the availability of capabilities for this offering.
@ -40,7 +40,7 @@ The following OS versions are supported:
- Windows Server, 2019 (with [KB4490481](https://support.microsoft.com/help/4490481))
>[!NOTE]
>The above mentioned patch level must be deployed before device onboarding in order to configure Microsoft Defender ATP to the correct environment.
A patch must be deployed before device onboarding in order to configure Defender for Endpoint to the correct environment.
The following OS versions are supported via Azure Security Center:
- Windows Server 2008 R2 SP1
@ -59,7 +59,7 @@ The following OS versions are not supported:
- macOS
- Linux
The initial release of Microsoft Defender ATP will not have immediate parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government (GCC High) customers, there are some capabilities not yet available that we'd like to highlight. These are the known gaps as of August 2020:
The initial release of Defender for Endpoint will not have immediate parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government (GCC High) customers, there are some capabilities not yet available that we'd like to highlight. These are the known gaps as of August 2020:
## Threat Analytics
Not currently available.
@ -91,7 +91,7 @@ Not currently available.
Integrations with the following Microsoft products are not currently available:
- Azure Advanced Threat Protection
- Azure Information Protection
- Office 365 Advanced Threat Protection
- Defender for Office 365
- Microsoft Cloud App Security
- Skype for Business
- Microsoft Intune (sharing of device information and enhanced policy enforcement)
@ -105,7 +105,7 @@ You'll need to ensure that traffic from the following are allowed:
Service location | DNS record
:---|:---
Common URLs for all locations (Global location) | ```crl.microsoft.com```<br>```ctldl.windowsupdate.com```<br>```notify.windows.com```<br>```settings-win.data.microsoft.com``` <br><br> NOTE: ```settings-win.data.microsoft.com``` is only needed on Windows 10 devices running version 1803 or earlier.
Microsoft Defender ATP GCC High specific | ```us4-v20.events.data.microsoft.com``` <br>```winatp-gw-usgt.microsoft.com```<br>```winatp-gw-usgv.microsoft.com```<br>```*.blob.core.usgovcloudapi.net```
Defender for Endpoint GCC High specific | ```us4-v20.events.data.microsoft.com``` <br>```winatp-gw-usgt.microsoft.com```<br>```winatp-gw-usgv.microsoft.com```<br>```*.blob.core.usgovcloudapi.net```

9
windows/security/threat-protection/microsoft-defender-atp/common-errors.md
View File

@ -20,11 +20,10 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
* The error codes listed in the following table may be returned by an operation on any of Microsoft Defender ATP APIs.
* In addition to the error code, every error response contains an error message, which can help resolving the problem.
* The message is a free text that can be changed.
* At the bottom of the page, you can find response examples.
* The error codes listed in the following table may be returned by an operation on any of Microsoft Defender for Endpoint APIs.
* Note that in addition to the error code, every error response contains an error message which can help resolving the problem.
* Note that the message is a free text that can be changed.
* At the bottom of the page you can find response examples.
Error code |HTTP status code |Message
:---|:---|:---

10
windows/security/threat-protection/microsoft-defender-atp/community.md
View File

@ -19,17 +19,17 @@ ms.date: 04/24/2018
---
# Access the Microsoft Defender ATP Community Center
# Access the Microsoft Defender for Endpoint Community Center
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
The Microsoft Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product.
The Defender for Endpoint Community Center is a place where community members can learn, collaborate, and share experiences about the product.
There are several spaces you can explore to learn about specific information:
- Announcements
@ -38,8 +38,8 @@ There are several spaces you can explore to learn about specific information:
There are several ways you can access the Community Center:
- In the Microsoft Defender Security Center navigation pane, select **Community center**. A new browser tab opens and takes you to the Microsoft Defender ATP Tech Community page.
- Access the community through the [Microsoft Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
- In the Microsoft Defender Security Center navigation pane, select **Community center**. A new browser tab opens and takes you to the Defender for Endpoint Tech Community page.
- Access the community through the [Microsoft Defender for Endpoint Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
You can instantly view and read conversations that have been posted in the community.

12
windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
View File

@ -23,11 +23,11 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink)
Conditional Access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications.
@ -37,7 +37,7 @@ With Conditional Access, you can control access to enterprise information based
You can define security conditions under which devices and applications can run and access information from your network by enforcing policies to stop applications from running until a device returns to a compliant state.
The implementation of Conditional Access in Microsoft Defender ATP is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies.
The implementation of Conditional Access in Defender for Endpoint is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies.
The compliance policy is used with Conditional Access to allow only devices that fulfill one or more device compliance policy rules to access applications.
@ -67,15 +67,15 @@ When the risk is removed either through manual or automated remediation, the dev
The following example sequence of events explains Conditional Access in action:
1. A user opens a malicious file and Microsoft Defender ATP flags the device as high risk.
1. A user opens a malicious file and Defender for Endpoint flags the device as high risk.
2. The high risk assessment is passed along to Intune. In parallel, an automated investigation is initiated to remediate the identified threat. A manual remediation can also be done to remediate the identified threat.
3. Based on the policy created in Intune, the device is marked as not compliant. The assessment is then communicated to Azure AD by the Intune Conditional Access policy. In Azure AD, the corresponding policy is applied to block access to applications.
4. The manual or automated investigation and remediation is completed and the threat is removed. Microsoft Defender ATP sees that there is no risk on the device and Intune assesses the device to be in a compliant state. Azure AD applies the policy which allows access to applications.
4. The manual or automated investigation and remediation is completed and the threat is removed. Defender for Endpoint sees that there is no risk on the device and Intune assesses the device to be in a compliant state. Azure AD applies the policy which allows access to applications.
5. Users can now access applications.
## Related topic
- [Configure Conditional Access in Microsoft Defender ATP](configure-conditional-access.md)
- [Configure Conditional Access in Microsoft Defender for Endpoint](configure-conditional-access.md)

25
windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
View File

@ -17,25 +17,24 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Configure Micro Focus ArcSight to pull Microsoft Defender ATP detections
# Configure Micro Focus ArcSight to pull Defender for Endpoint detections
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink)
You'll need to install and configure some files and tools to use Micro Focus ArcSight so that it can pull Microsoft Defender ATP detections.
You'll need to install and configure some files and tools to use Micro Focus ArcSight so that it can pull Defender for Endpoint detections.
>[!Note]
>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
>- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
>- [Defender for Endpoint Alert](alerts.md) is composed from one or more detections
>- [Defender for Endpoint Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
## Before you begin
@ -43,7 +42,7 @@ Configuring the Micro Focus ArcSight Connector tool requires several configurati
This section guides you in getting the necessary information to set and use the required configuration files correctly.
- Make sure you have enabled the SIEM integration feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md).
- Make sure you have enabled the SIEM integration feature from the **Settings** menu. For more information, see [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md).
- Have the file you saved from enabling the SIEM integration feature ready. You'll need to get the following values:
- OAuth 2.0 Token refresh URL
@ -116,7 +115,7 @@ The following steps assume that you have completed all the required steps in [Be
<td>Browse to the location of the <em>wdatp-connector.properties</em> file. The name must match the file provided in the .zip that you downloaded.</td>
<tr>
<td>Refresh Token</td>
<td>You can obtain a refresh token in two ways: by generating a refresh token from the <b>SIEM settings</b> page or using the restutil tool. <br><br> For more information on generating a refresh token from the <b>Preferences setup</b> , see <a href="enable-siem-integration.md" data-raw-source="[Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)">Enable SIEM integration in Microsoft Defender ATP</a>. </br> </br><b>Get your refresh token using the restutil tool:</b> </br> a. Open a command prompt. Navigate to C:\<em>folder_location</em>\current\bin where <em>folder_location</em> represents the location where you installed the tool. </br></br> b. Type: <code>arcsight restutil token -config</code> from the bin directory.For example: <b>arcsight restutil boxtoken -proxy proxy.location.hp.com:8080</b> A Web browser window will open. </br> </br>c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. </br> </br>d. A refresh token is shown in the command prompt. </br></br> e. Copy and paste it into the <b>Refresh Token</b> field.
<td>You can obtain a refresh token in two ways: by generating a refresh token from the <b>SIEM settings</b> page or using the restutil tool. <br><br> For more information on generating a refresh token from the <b>Preferences setup</b> , see <a href="enable-siem-integration.md" data-raw-source="[Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md)">Enable SIEM integration in Defender for Endpoint</a>. </br> </br><b>Get your refresh token using the restutil tool:</b> </br> a. Open a command prompt. Navigate to C:\<em>folder_location</em>\current\bin where <em>folder_location</em> represents the location where you installed the tool. </br></br> b. Type: <code>arcsight restutil token -config</code> from the bin directory.For example: <b>arcsight restutil boxtoken -proxy proxy.location.hp.com:8080</b> A Web browser window will open. </br> </br>c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. </br> </br>d. A refresh token is shown in the command prompt. </br></br> e. Copy and paste it into the <b>Refresh Token</b> field.
</td>
</tr>
</tr>
@ -178,7 +177,7 @@ The following steps assume that you have completed all the required steps in [Be
You can now run queries in the Micro Focus ArcSight console.
Microsoft Defender ATP detections will appear as discrete events, with "Microsoft” as the vendor and “Windows Defender ATP” as the device name.
Defender for Endpoint detections will appear as discrete events, with "Microsoft” as the vendor and “Windows Defender ATP” as the device name.
## Troubleshooting Micro Focus ArcSight connection
@ -204,7 +203,7 @@ Microsoft Defender ATP detections will appear as discrete events, with "Microsof
> Verify that the connector is running by stopping the process again. Then start the connector again, and no browser window should appear.
## Related topics
- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
- [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)
- [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
- [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md)
- [Configure Splunk to pull Defender for Endpoint detections](configure-splunk.md)
- [Pull Defender for Endpoint detections using REST API](pull-alerts-using-rest-api.md)
- [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)

2
windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
View File

@ -29,7 +29,7 @@ ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
If your organization is using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/) (Microsoft Defender ATP), [automated investigation and remediation capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. As outlined in [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/enhance-your-soc-with-microsoft-defender-atp-automatic/ba-p/848946), these capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats. [Learn more about automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations).
If your organization is using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/) (Defender for Endpoint), [automated investigation and remediation capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. As outlined in [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/enhance-your-soc-with-microsoft-defender-atp-automatic/ba-p/848946), these capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats. [Learn more about automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations).
To configure automated investigation and remediation, [turn on the features](#turn-on-automated-investigation-and-remediation), and then [set up device groups](#set-up-device-groups).

10
windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
View File

@ -17,12 +17,12 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Configure Conditional Access in Microsoft Defender ATP
# Configure Conditional Access in Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
This section guides you through all the steps you need to take to properly implement Conditional Access.
@ -54,7 +54,7 @@ It's important to note the required roles to access these portals and implement
Take the following steps to enable Conditional Access:
- Step 1: Turn on the Microsoft Intune connection from Microsoft Defender Security Center
- Step 2: Turn on the Microsoft Defender ATP integration in Intune
- Step 2: Turn on the Defender for Endpoint integration in Intune
- Step 3: Create the compliance policy in Intune
- Step 4: Assign the policy
- Step 5: Create an Azure AD Conditional Access policy
@ -66,7 +66,7 @@ Take the following steps to enable Conditional Access:
3. Click **Save preferences**.
### Step 2: Turn on the Microsoft Defender ATP integration in Intune
### Step 2: Turn on the Defender for Endpoint integration in Intune
1. Sign in to the [Azure portal](https://portal.azure.com).
2. Select **Device compliance** > **Microsoft Defender ATP**.
3. Set **Connect Windows 10.0.15063+ devices to Microsoft Defender Advanced Threat Protection** to **On**.
@ -107,4 +107,4 @@ Take the following steps to enable Conditional Access:
For more information, see [Enable Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/intune/advanced-threat-protection).
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink)

14
windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
View File

@ -23,12 +23,12 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
You can configure Microsoft Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity.
You can configure Defender for Endpoint to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity.
> [!NOTE]
> Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications.
@ -57,7 +57,7 @@ You can create rules that determine the devices and alert severities to send ema
- **Include device information** - Includes the device name in the email alert body.
>[!NOTE]
> This information might be processed by recipient mail servers that ar not in the geographic location you have selected for your Microsoft Defender ATP data.
> This information might be processed by recipient mail servers that ar not in the geographic location you have selected for your Defender for Endpoint data.
- **Devices** - Choose whether to notify recipients for alerts on all devices (Global administrator role only) or on selected device groups. For more information, see [Create and manage device groups](machine-groups.md).
- **Alert severity** - Choose the alert severity level.
@ -92,9 +92,9 @@ This section lists various issues that you may encounter when using email notifi
**Solution:** Make sure that the notifications are not blocked by email filters:
1. Check that the Microsoft Defender ATP email notifications are not sent to the Junk Email folder. Mark them as Not junk.
2. Check that your email security product is not blocking the email notifications from Microsoft Defender ATP.
3. Check your email application rules that might be catching and moving your Microsoft Defender ATP email notifications.
1. Check that the Defender for Endpoint email notifications are not sent to the Junk Email folder. Mark them as Not junk.
2. Check that your email security product is not blocking the email notifications from Defender for Endpoint.
3. Check your email application rules that might be catching and moving your Defender for Endpoint email notifications.
## Related topics
- [Update data retention settings](data-retention-settings.md)

14
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
View File

@ -27,12 +27,12 @@ ms.date: 04/24/2018
- Group Policy
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink)
> [!NOTE]
@ -45,7 +45,7 @@ ms.date: 04/24/2018
[![Image of the PDF showing the various deployment paths](images/onboard-gp.png)](images/onboard-gp.png#lightbox)
Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP.
Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Defender for Endpoint.
@ -76,9 +76,9 @@ Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/publ
9. Click **OK** and close any open GPMC windows.
>[!TIP]
> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md).
> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Defender for Endpoint device](run-detection-test.md).
## Additional Microsoft Defender ATP configuration settings
## Additional Defender for Endpoint configuration settings
For each device, you can state whether samples can be collected from the device when a request is made through Microsoft Defender Security Center to submit a file for deep analysis.
You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature.
@ -234,5 +234,5 @@ With Group Policy there isnt an option to monitor deployment of policies on t
- [Onboard Windows 10 devices using Mobile Device Management tools](configure-endpoints-mdm.md)
- [Onboard Windows 10 devices using a local script](configure-endpoints-script.md)
- [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
- [Run a detection test on a newly onboarded Microsoft Defender ATP devices](run-detection-test.md)
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint devices](run-detection-test.md)
- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)

20
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
View File

@ -25,13 +25,13 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink)
You can use mobile device management (MDM) solutions to configure devices. Microsoft Defender ATP supports MDMs by providing OMA-URIs to create policies to manage devices.
You can use mobile device management (MDM) solutions to configure devices. Defender for Endpoint supports MDMs by providing OMA-URIs to create policies to manage devices.
For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
For more information on using Defender for Endpoint CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
## Before you begin
If you're using Microsoft Intune, you must have the device MDM Enrolled. Otherwise, settings will not be applied successfully.
@ -40,13 +40,13 @@ For more information on enabling MDM with Microsoft Intune, see [Device enrollme
## Onboard devices using Microsoft Intune
[![Image of the PDF showing onboarding devices to Microsoft Defender ATP using Microsoft Intune](images/onboard-intune.png) ](images/onboard-intune-big.png#lightbox)
[![Image of the PDF showing onboarding devices to Defender for Endpoint using Microsoft Intune](images/onboard-intune.png) ](images/onboard-intune-big.png#lightbox)
Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP.
Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Defender for Endpoint.
Follow the instructions from [Intune](https://docs.microsoft.com/intune/advanced-threat-protection).
For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
For more information on using Defender for Endpoint CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
> [!NOTE]
@ -55,7 +55,7 @@ For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedTh
>[!TIP]
> After onboarding the device, you can choose to run a detection test to verify that a device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md).
> After onboarding the device, you can choose to run a detection test to verify that a device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md).
Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP.
@ -98,5 +98,5 @@ For more information on Microsoft Intune policy settings see, [Windows 10 policy
- [Onboard Windows 10 devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
- [Onboard Windows 10 devices using a local script](configure-endpoints-script.md)
- [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md)
- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)

18
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
View File

@ -26,21 +26,21 @@ ms.topic: article
- macOS
- Linux
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-nonwindows-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-nonwindows-abovefoldlink)
Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network.
Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network.
You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. For more information, see:
- [Microsoft Defender ATP for Linux system requirements](microsoft-defender-atp-linux.md#system-requirements)
- [Microsoft Defender ATP for Mac system requirements](microsoft-defender-atp-mac.md#system-requirements).
You'll need to know the exact Linux distros and macOS versions that are compatible with Defender for Endpoint for the integration to work. For more information, see:
- [Microsoft Defender for Endpoint for Linux system requirements](microsoft-defender-atp-linux.md#system-requirements)
- [Microsoft Defender for Endpoint for Mac system requirements](microsoft-defender-atp-mac.md#system-requirements).
## Onboarding non-Windows devices
You'll need to take the following steps to onboard non-Windows devices:
1. Select your preferred method of onboarding:
- For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).
- For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).
- For other non-Windows devices choose **Onboard non-Windows devices through third-party integration**.
1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed.
@ -56,7 +56,7 @@ You'll need to take the following steps to onboard non-Windows devices:
## Offboard non-Windows devices
1. Follow the third-party's documentation to disconnect the third-party solution from Microsoft Defender ATP.
1. Follow the third-party's documentation to disconnect the third-party solution from Microsoft Defender for Endpoint.
2. Remove permissions for the third-party solution in your Azure AD tenant.
1. Sign in to the [Azure portal](https://portal.azure.com).
@ -69,4 +69,4 @@ You'll need to take the following steps to onboard non-Windows devices:
- [Onboard Windows 10 devices](configure-endpoints.md)
- [Onboard servers](configure-server-endpoints.md)
- [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
- [Troubleshooting Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)

18
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
View File

@ -25,11 +25,11 @@ ms.date: 02/07/2020
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Microsoft Endpoint Configuration Manager current branch
- System Center 2012 R2 Configuration Manager
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
## Supported client operating systems
@ -56,7 +56,7 @@ Starting in Configuration Manager version 2002, you can onboard the following op
[![Image of the PDF showing the various deployment paths](images/onboard-config-mgr.png)](images/onboard-config-mgr.png#lightbox)
Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP.
Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender for Endpoint.
@ -77,10 +77,10 @@ Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/publ
a. Choose a predefined device collection to deploy the package to.
> [!NOTE]
> Microsoft Defender ATP doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](https://answers.microsoft.com/en-us/windows/wiki/windows_10/how-to-complete-the-windows-10-out-of-box/47e3f943-f000-45e3-8c5c-9d85a1a0cf87) phase. Make sure users complete OOBE after running Windows installation or upgrading.
> Defender for Endpoint doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](https://answers.microsoft.com/en-us/windows/wiki/windows_10/how-to-complete-the-windows-10-out-of-box/47e3f943-f000-45e3-8c5c-9d85a1a0cf87) phase. Make sure users complete OOBE after running Windows installation or upgrading.
>[!TIP]
> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md).
> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Defender for Endpoint device](run-detection-test.md).
>
> Note that it is possible to create a detection rule on a Configuration Manager application to continuously check if a device has been onboarded. An application is a different type of object than a package and program.
> If a device is not yet onboarded (due to pending OOBE completion or any other reason), Configuration Manager will retry to onboard the device until the rule detects the status change.
@ -190,13 +190,13 @@ If you use Microsoft Endpoint Configuration Manager current branch, see [Create
## Monitor device configuration
If you're using Microsoft Endpoint Configuration Manager current branch, use the built-in Microsoft Defender ATP dashboard in the Configuration Manager console. For more information, see [Microsoft Defender Advanced Threat Protection - Monitor](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#monitor).
If you're using Microsoft Endpoint Configuration Manager current branch, use the built-in Defender for Endpoint dashboard in the Configuration Manager console. For more information, see [Defender for Endpoint - Monitor](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#monitor).
If you're using System Center 2012 R2 Configuration Manager, monitoring consists of two parts:
1. Confirming the configuration package has been correctly deployed and is running (or has successfully run) on the devices in your network.
2. Checking that the devices are compliant with the Microsoft Defender ATP service (this ensures the device can complete the onboarding process and can continue to report data to the service).
2. Checking that the devices are compliant with the Defender for Endpoint service (this ensures the device can complete the onboarding process and can continue to report data to the service).
### Confirm the configuration package has been correctly deployed
@ -208,7 +208,7 @@ If you're using System Center 2012 R2 Configuration Manager, monitoring consists
4. Review the status indicators under **Completion Statistics** and **Content Status**.
If there are failed deployments (devices with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to troubleshoot the devices. For more information, see, [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md).
If there are failed deployments (devices with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to troubleshoot the devices. For more information, see, [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md).
![Configuration Manager showing successful deployment with no errors](images/sccm-deployment.png)
@ -232,4 +232,4 @@ For more information, see [Introduction to compliance settings in System Center
- [Onboard Windows 10 devices using a local script](configure-endpoints-script.md)
- [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)

16
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
View File

@ -25,14 +25,14 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
You can also manually onboard individual devices to Microsoft Defender ATP. You might want to do this first when testing the service before you commit to onboarding all devices in your network.
You can also manually onboard individual devices to Defender for Endpoint. You might want to do this first when testing the service before you commit to onboarding all devices in your network.
> [!IMPORTANT]
> This script has been optimized for use on up to 10 devices.
@ -44,7 +44,7 @@ You can also manually onboard individual devices to Microsoft Defender ATP. You
[![Image of the PDF showing the various deployment paths](images/onboard-script.png)](images/onboard-script.png#lightbox)
Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP.
Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Defender for Endpoint.
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
@ -72,11 +72,11 @@ Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/publ
5. Press the **Enter** key or click **OK**.
For information on how you can manually validate that the device is compliant and correctly reports sensor data see, [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md).
For information on how you can manually validate that the device is compliant and correctly reports sensor data see, [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md).
>[!TIP]
> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint endpoint](run-detection-test.md).
## Configure sample collection settings
For each device, you can set a configuration value to state whether samples can be collected from the device when a request is made through Microsoft Defender Security Center to submit a file for deep analysis.
@ -151,5 +151,5 @@ Monitoring can also be done directly on the portal, or by using the different de
- [Onboard Windows 10 devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
- [Onboard Windows 10 devices using Mobile Device Management tools](configure-endpoints-mdm.md)
- [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md)
- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)

16
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
View File

@ -27,16 +27,16 @@ ms.date: 04/16/2020
- Virtual desktop infrastructure (VDI) devices
>[!WARNING]
> Microsoft Defender ATP support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However single session scenarios on Windows Virtual Desktop are fully supported.
> Microsoft Defender for Endpoint support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However single session scenarios on Windows Virtual Desktop are fully supported.
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
## Onboard non-persistent virtual desktop infrastructure (VDI) devices
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
Microsoft Defender ATP supports non-persistent VDI session onboarding.
Defender for Endpoint supports non-persistent VDI session onboarding.
>[!Note]
>To onboard non-persistent VDI sessions, VDI devices must be Windows 10 or Windows Server 2019.
@ -45,10 +45,10 @@ Microsoft Defender ATP supports non-persistent VDI session onboarding.
There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
- Instant early onboarding of a short-lived sessions, which must be onboarded to Microsoft Defender ATP prior to the actual provisioning.
- Instant early onboarding of a short-lived sessions, which must be onboarded to Defender for Endpoint prior to the actual provisioning.
- The device name is typically reused for new sessions.
VDI devices can appear in Microsoft Defender ATP portal as either:
VDI devices can appear in Defender for Endpoint portal as either:
- Single entry for each device.
Note that in this case, the *same* device name must be configured when the session is created, for example using an unattended answer file.
@ -57,7 +57,7 @@ Note that in this case, the *same* device name must be configured when the sessi
The following steps will guide you through onboarding VDI devices and will highlight steps for single and multiple entries.
>[!WARNING]
> For environments where there are low resource configurations, the VDI boot procedure might slow the Microsoft Defender ATP sensor onboarding.
> For environments where there are low resource configurations, the VDI boot procedure might slow the Defender for Endpoint sensor onboarding.
1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
@ -126,7 +126,7 @@ For more information on DISM commands and offline servicing, please refer to the
If offline servicing is not a viable option for your non-persistent VDI environment, the following steps should be taken to ensure consistency and sensor health:
1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft Defender ATP sensor. For more information, see [Offboard devices using a local script](configure-endpoints-script.md#offboard-devices-using-a-local-script).
1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Defender for Endpoint sensor. For more information, see [Offboard devices using a local script](configure-endpoints-script.md#offboard-devices-using-a-local-script).
2. Ensure the sensor is stopped by running the command below in a CMD window:
@ -153,4 +153,4 @@ If offline servicing is not a viable option for your non-persistent VDI environm
- [Onboard Windows 10 devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
- [Onboard Windows 10 devices using Mobile Device Management tools](configure-endpoints-mdm.md)
- [Onboard Windows 10 devices using a local script](configure-endpoints-script.md)
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)

6
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
View File

@ -25,10 +25,10 @@ ms.topic: conceptual
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft 365 Endpoint data loss prevention (DLP)](/microsoft-365/compliance/endpoint-dlp-learn-about)
Devices in your organization must be configured so that the Microsoft Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the devices in your organization.
Devices in your organization must be configured so that the Defender for Endpoint service can get sensor data from them. There are various methods and deployment tools that you can use to configure the devices in your organization.
The following deployment tools and methods are supported:
@ -47,4 +47,4 @@ Topic | Description
[Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md) | Learn how to use the configuration package to configure VDI devices.
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink)

8
windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
> Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink).
> Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink).
[Attack surface reduction (ASR) rules](./attack-surface-reduction.md) identify and prevent typical malware exploits. They control when and how potentially malicious code can run. For example, they can prevent JavaScript or VBScript from launching a downloaded executable, block Win32 API calls from Office macros, and block processes that run from USB drives.
@ -52,5 +52,5 @@ For more information about ASR rule deployment in Microsoft 365 security center,
**Related topics**
* [Ensure your devices are configured properly](configure-machines.md)
* [Get devices onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)
* [Monitor compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md)
* [Get devices onboarded to Microsoft Defender for Endpoint](configure-machines-onboarding.md)
* [Monitor compliance to the Microsoft Defender for Endpoint security baseline](configure-machines-security-baseline.md)

20
windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
View File

@ -17,15 +17,15 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Get devices onboarded to Microsoft Defender ATP
# Get devices onboarded to Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
Each onboarded device adds an additional endpoint detection and response (EDR) sensor and increases visibility over breach activity in your network. Onboarding also ensures that a device can be checked for vulnerable components as well security configuration issues and can receive critical remediation actions during attacks.
@ -35,17 +35,17 @@ Before you can track and manage onboarding of devices:
## Discover and track unprotected devices
The **Onboarding** card provides a high-level overview of your onboarding rate by comparing the number of Windows 10 devices that have actually onboarded to Microsoft Defender ATP against the total number of Intune-managed Windows 10 devices.
The **Onboarding** card provides a high-level overview of your onboarding rate by comparing the number of Windows 10 devices that have actually onboarded to Defender for Endpoint against the total number of Intune-managed Windows 10 devices.
![Device configuration management Onboarding card](images/secconmgmt_onboarding_card.png)<br>
*Card showing onboarded devices compared to the total number of Intune-managed Windows 10 device*
>[!NOTE]
>If you used Security Center Configuration Manager, the onboarding script, or other onboarding methods that dont use Intune profiles, you might encounter data discrepancies. To resolve these discrepancies, create a corresponding Intune configuration profile for Microsoft Defender ATP onboarding and assign that profile to your devices.
>If you used Security Center Configuration Manager, the onboarding script, or other onboarding methods that dont use Intune profiles, you might encounter data discrepancies. To resolve these discrepancies, create a corresponding Intune configuration profile for Defender for Endpoint onboarding and assign that profile to your devices.
## Onboard more devices with Intune profiles
Microsoft Defender ATP provides several convenient options for [onboarding Windows 10 devices](onboard-configure.md). For Intune-managed devices, however, you can leverage Intune profiles to conveniently deploy the Microsoft Defender ATP sensor to select devices, effectively onboarding these devices to the service.
Defender for Endpoint provides several convenient options for [onboarding Windows 10 devices](onboard-configure.md). For Intune-managed devices, however, you can leverage Intune profiles to conveniently deploy the Defender for Endpoint sensor to select devices, effectively onboarding these devices to the service.
From the **Onboarding** card, select **Onboard more devices** to create and assign a profile on Intune. The link takes you to the device compliance page on Intune, which provides a similar overview of your onboarding state.
@ -53,21 +53,21 @@ From the **Onboarding** card, select **Onboard more devices** to create and assi
*Microsoft Defender ATP device compliance page on Intune device management*
>[!TIP]
>Alternatively, you can navigate to the Microsoft Defender ATP onboarding compliance page in the [Microsoft Azure portal](https://portal.azure.com/) from **All services > Intune > Device compliance > Microsoft Defender ATP**.
>Alternatively, you can navigate to the Defender for Endpoint onboarding compliance page in the [Microsoft Azure portal](https://portal.azure.com/) from **All services > Intune > Device compliance > Microsoft Defender ATP**.
>[!NOTE]
> If you want to view the most up-to-date device data, click on **List of devices without ATP sensor**.
From the device compliance page, create a configuration profile specifically for the deployment of the Microsoft Defender ATP sensor and assign that profile to the devices you want to onboard. To do this, you can either:
From the device compliance page, create a configuration profile specifically for the deployment of the Defender for Endpoint sensor and assign that profile to the devices you want to onboard. To do this, you can either:
- Select **Create a device configuration profile to configure ATP sensor** to start with a predefined device configuration profile.
- Create the device configuration profile from scratch.
For more information, [read about using Intune device configuration profiles to onboard devices to Microsoft Defender ATP](https://docs.microsoft.com/intune/advanced-threat-protection#onboard-devices-by-using-a-configuration-profile).
For more information, [read about using Intune device configuration profiles to onboard devices to Defender for Endpoint](https://docs.microsoft.com/intune/advanced-threat-protection#onboard-devices-by-using-a-configuration-profile).
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
## Related topics
- [Ensure your devices are configured properly](configure-machines.md)
- [Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md)
- [Increase compliance to the Defender for Endpoint security baseline](configure-machines-security-baseline.md)
- [Optimize ASR rule deployment and detections](configure-machines-asr.md)

34
windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
View File

@ -17,17 +17,17 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Increase compliance to the Microsoft Defender ATP security baseline
# Increase compliance to the Microsoft Defender for Endpoint security baseline
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
Security baselines ensure that security features are configured according to guidance from both security experts and expert Windows system administrators. When deployed, the Microsoft Defender ATP security baseline sets Microsoft Defender ATP security controls to provide optimal protection.
Security baselines ensure that security features are configured according to guidance from both security experts and expert Windows system administrators. When deployed, the Defender for Endpoint security baseline sets Defender for Endpoint security controls to provide optimal protection.
To understand security baselines and how they are assigned on Intune using configuration profiles, [read this FAQ](https://docs.microsoft.com/intune/security-baselines#q--a).
@ -36,22 +36,22 @@ Before you can deploy and track compliance to security baselines:
- [Ensure you have the necessary permissions](configure-machines.md#obtain-required-permissions)
## Compare the Microsoft Defender ATP and the Windows Intune security baselines
The Windows Intune security baseline provides a comprehensive set of recommended settings needed to securely configure devices running Windows, including browser settings, PowerShell settings, as well as settings for some security features like Microsoft Defender Antivirus. In contrast, the Microsoft Defender ATP baseline provides settings that optimize all the security controls in the Microsoft Defender ATP stack, including settings for endpoint detection and response (EDR) as well as settings also found in the Windows Intune security baseline. For more information about each baseline, see:
The Windows Intune security baseline provides a comprehensive set of recommended settings needed to securely configure devices running Windows, including browser settings, PowerShell settings, as well as settings for some security features like Microsoft Defender Antivirus. In contrast, the Defender for Endpoint baseline provides settings that optimize all the security controls in the Defender for Endpoint stack, including settings for endpoint detection and response (EDR) as well as settings also found in the Windows Intune security baseline. For more information about each baseline, see:
- [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows)
- [Microsoft Defender ATP baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-defender-atp)
Ideally, devices onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls. To benefit from the latest data on risks and threats and to minimize conflicts as baselines evolve, always apply the latest versions of the baselines across all products as soon as they are released.
Ideally, devices onboarded to Defender for Endpoint are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Defender for Endpoint security baseline layered on top to optimally configure the Defender for Endpoint security controls. To benefit from the latest data on risks and threats and to minimize conflicts as baselines evolve, always apply the latest versions of the baselines across all products as soon as they are released.
>[!NOTE]
>The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machine (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments.
>The Defender for Endpoint security baseline has been optimized for physical devices and is currently not recommended for use on virtual machine (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments.
## Monitor compliance to the Microsoft Defender ATP security baseline
## Monitor compliance to the Defender for Endpoint security baseline
The **Security baseline** card on [device configuration management](configure-machines.md) provides an overview of compliance across Windows 10 devices that have been assigned the Microsoft Defender ATP security baseline.
The **Security baseline** card on [device configuration management](configure-machines.md) provides an overview of compliance across Windows 10 devices that have been assigned the Defender for Endpoint security baseline.
![Security baseline card](images/secconmgmt_baseline_card.png)<br>
*Card showing compliance to the Microsoft Defender ATP security baseline*
*Card showing compliance to the Defender for Endpoint security baseline*
Each device is given one of the following status types:
@ -65,20 +65,20 @@ To review specific devices, select **Configure security baseline** on the card.
>[!NOTE]
>You might experience discrepancies in aggregated data displayed on the device configuration management page and those displayed on overview screens in Intune.
## Review and assign the Microsoft Defender ATP security baseline
## Review and assign the Microsoft Defender for Endpoint security baseline
Device configuration management monitors baseline compliance only of Windows 10 devices that have been specifically assigned the Microsoft Defender ATP security baseline. You can conveniently review the baseline and assign it to devices on Intune device management.
Device configuration management monitors baseline compliance only of Windows 10 devices that have been specifically assigned the Microsoft Defender for Endpoint security baseline. You can conveniently review the baseline and assign it to devices on Intune device management.
1. Select **Configure security baseline** on the **Security baseline** card to go to Intune device management. A similar overview of baseline compliance is displayed.
>[!TIP]
> Alternatively, you can navigate to the Microsoft Defender ATP security baseline in the Microsoft Azure portal from **All services > Intune > Device security > Security baselines > Microsoft Defender ATP baseline**.
> Alternatively, you can navigate to the Defender for Endpoint security baseline in the Microsoft Azure portal from **All services > Intune > Device security > Security baselines > Microsoft Defender ATP baseline**.
2. Create a new profile.
![Microsoft Defender ATP security baseline overview on Intune](images/secconmgmt_baseline_intuneprofile1.png)<br>
*Microsoft Defender ATP security baseline overview on Intune*
![Microsoft Defender for Endpoint security baseline overview on Intune](images/secconmgmt_baseline_intuneprofile1.png)<br>
*Microsoft Defender for Endpoint security baseline overview on Intune*
3. During profile creation, you can review and adjust specific settings on the baseline.
@ -98,9 +98,9 @@ Device configuration management monitors baseline compliance only of Windows 10
>[!TIP]
>Security baselines on Intune provide a convenient way to comprehensively secure and protect your devices. [Learn more about security baselines on Intune](https://docs.microsoft.com/intune/security-baselines).
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
## Related topics
- [Ensure your devices are configured properly](configure-machines.md)
- [Get devices onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)
- [Get devices onboarded to Microsoft Defender for Endpoint](configure-machines-onboarding.md)
- [Optimize ASR rule deployment and detections](configure-machines-asr.md)

16
windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
View File

@ -23,14 +23,14 @@ ms.topic: conceptual
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint ](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
With properly configured devices, you can boost overall resilience against threats and enhance your capability to detect and respond to attacks. Security configuration management helps ensure that your devices:
- Onboard to Microsoft Defender ATP
- Meet or exceed the Microsoft Defender ATP security baseline configuration
- Onboard to Microsoft Defender for Endpoint
- Meet or exceed the Defender for Endpoint security baseline configuration
- Have strategic attack surface mitigations in place
Click **Configuration management** from the navigation menu to open the Device configuration management page.
@ -56,7 +56,7 @@ Before you can ensure your devices are configured properly, enroll them to Intun
>To enroll Windows devices to Intune, administrators must have already been assigned licenses. [Read about assigning licenses for device enrollment](https://docs.microsoft.com/intune/licenses-assign).
>[!TIP]
>To optimize device management through Intune, [connect Intune to Microsoft Defender ATP](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune).
>To optimize device management through Intune, [connect Intune to Defender for Endpoint](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune).
## Obtain required permissions
By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage and assign the device configuration profiles needed for onboarding devices and deploying the security baseline.
@ -77,8 +77,8 @@ If you have been assigned other roles, ensure you have the necessary permissions
## In this section
Topic | Description
:---|:---
[Get devices onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)| Track onboarding status of Intune-managed devices and onboard more devices through Intune.
[Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md) | Track baseline compliance and noncompliance. Deploy the security baseline to more Intune-managed devices.
[Get devices onboarded to Defender for Endpoint](configure-machines-onboarding.md)| Track onboarding status of Intune-managed devices and onboard more devices through Intune.
[Increase compliance to the Defender for Endpoint security baseline](configure-machines-security-baseline.md) | Track baseline compliance and noncompliance. Deploy the security baseline to more Intune-managed devices.
[Optimize ASR rule deployment and detections](configure-machines-asr.md) | Review rule deployment and tweak detections using impact analysis tools in Microsoft 365 security center.
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)

14
windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
View File

@ -26,20 +26,20 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
## Before you begin
> [!NOTE]
> Discuss the eligibility requirements with your Microsoft Technical Service provider and account team before you apply to the managed threat hunting service.
Ensure that you have Microsoft Defender ATP deployed in your environment with devices enrolled, and not just on a laboratory set-up.
Ensure that you have Defender for Endpoint deployed in your environment with devices enrolled, and not just on a laboratory set-up.
Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a 90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on-Demand subscription.
## Register to Microsoft Threat Experts managed threat hunting service
If you're already a Microsoft Defender ATP customer, you can apply through the Microsoft Defender ATP portal.
If you're already a Defender for Endpoint customer, you can apply through the Microsoft Defender for Endpoint portal.
1. From the navigation pane, go to **Settings > General > Advanced features > Microsoft Threat Experts**.
@ -59,7 +59,7 @@ If you're already a Microsoft Defender ATP customer, you can apply through the M
## Receive targeted attack notification from Microsoft Threat Experts
You can receive targeted attack notification from Microsoft Threat Experts through the following medium:
- The Microsoft Defender ATP portal's **Alerts** dashboard
- The Defender for Endpoint portal's **Alerts** dashboard
- Your email, if you choose to configure it
To receive targeted attack notifications through email, create an email notification rule.
@ -116,7 +116,7 @@ Watch this video for a quick overview of the Microsoft Services Hub.
**Alert information**
- We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further?
- Weve observed two similar attacks, which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious PowerShell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
- I receive an odd alert today for abnormal number of failed logins from a high profile users device. I cannot find any further evidence around these sign-in attempts. How can Microsoft Defender ATP see these attempts? What type of sign-ins are being monitored?
- I receive an odd alert today for abnormal number of failed logins from a high profile users device. I cannot find any further evidence around these sign-in attempts. How can Defender for Endpoint see these attempts? What type of sign-ins are being monitored?
- Can you give more context or insights about this alert: “Suspicious behavior by a system utility was observed”.
**Possible machine compromise**
@ -125,7 +125,7 @@ Watch this video for a quick overview of the Microsoft Services Hub.
**Threat intelligence details**
- We detected a phishing email that delivered a malicious Word document to a user. The malicious Word document caused a series of suspicious events, which triggered multiple Microsoft Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you send me a link?
- I recently saw a [social media reference, for example, Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Microsoft Defender ATP provides against this threat actor?
- I recently saw a [social media reference, for example, Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Defender for Endpoint provides against this threat actor?
**Microsoft Threat Experts alert communications**
- Can your incident response team help us address the targeted attack notification that we got?

4
windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
>[!NOTE]

8
windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
View File

@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]
@ -44,7 +44,7 @@ The integration will allow MSSPs to take the following actions:
- Get email notifications, and
- Fetch alerts through security information and event management (SIEM) tools
Before MSSPs can take these actions, the MSSP customer will need to grant access to their Microsoft Defender ATP tenant so that the MSSP can access the portal.
Before MSSPs can take these actions, the MSSP customer will need to grant access to their Defender for Endpoint tenant so that the MSSP can access the portal.
Typically, MSSP customers take the initial configuration steps to grant MSSPs access to their Windows Defender Security Central tenant. After access is granted, other configuration steps can be done by either the MSSP customer or the MSSP.
@ -54,7 +54,7 @@ In general, the following configuration steps need to be taken:
- **Grant the MSSP access to Microsoft Defender Security Center** <br>
This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Microsoft Defender ATP tenant.
This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Defender for Endpoint tenant.
- **Configure alert notifications sent to MSSPs** <br>

34
windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
View File

@ -26,13 +26,13 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
The Microsoft Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
The Defender for Endpoint sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Defender for Endpoint service.
The embedded Microsoft Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Microsoft Defender ATP cloud service.
The embedded Defender for Endpoint sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Defender for Endpoint cloud service.
>[!TIP]
>For organizations that use forward proxies as a gateway to the Internet, you can use network protection to investigate behind a proxy. For more information, see [Investigate connection events that occur behind forward proxies](investigate-behind-proxy.md).
@ -44,7 +44,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
- Web Proxy Auto-discovery Protocol (WPAD)
> [!NOTE]
> If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Microsoft Defender ATP URL exclusions in the proxy, see [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
> If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Defender for Endpoint URL exclusions in the proxy, see [Enable access to Defender for Endpoint service URLs in the proxy server](#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server).
- Manual static proxy configuration:
- Registry based configuration
@ -52,7 +52,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
## Configure the proxy server manually using a registry-based static proxy
Configure a registry-based static proxy to allow only Microsoft Defender ATP sensor to report diagnostic data and communicate with Microsoft Defender ATP services if a computer is not be permitted to connect to the Internet.
Configure a registry-based static proxy to allow only Defender for Endpoint sensor to report diagnostic data and communicate with Defender for Endpoint services if a computer is not be permitted to connect to the Internet.
The static proxy is configurable through Group Policy (GP). The group policy can be found under:
@ -105,7 +105,7 @@ netsh winhttp reset proxy
See [Netsh Command Syntax, Contexts, and Formatting](https://docs.microsoft.com/windows-server/networking/technologies/netsh/netsh-contexts) to learn more.
## Enable access to Microsoft Defender ATP service URLs in the proxy server
## Enable access to Microsoft Defender for Endpoint service URLs in the proxy server
If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, add the domains listed in the downloadable sheet to the allowed domains list.
@ -114,7 +114,7 @@ The following downloadable spreadsheet lists the services and their associated U
|**Spreadsheet of domains list**|**Description**|
|:-----|:-----|
|![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)<br/> | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)<br/> | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the domains listed in the above table from HTTPS scanning.
@ -130,7 +130,7 @@ If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the
> [!NOTE]
> If you are using Microsoft Defender Antivirus in your environment, see [Configure network connections to the Microsoft Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus).
If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
If a proxy or firewall is blocking anonymous traffic, as Defender for Endpoint sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
### Microsoft Monitoring Agent (MMA) - proxy and firewall requirements for older versions of Windows client or Windows Server
@ -150,7 +150,7 @@ The information below list the proxy and firewall configuration information requ
Please see the following guidance to eliminate the wildcard (*) requirement for your specific environment when using the Microsoft Monitoring Agent (MMA) for previous versions of Windows.
1. Onboard a previous operating system with the Microsoft Monitoring Agent (MMA) into Microsoft Defender for Endpoint (for more information, see [Onboard previous versions of Windows on Microsoft Defender ATP](https://go.microsoft.com/fwlink/p/?linkid=2010326) and [Onboard Windows servers](configure-server-endpoints.md#windows-server-2008-r2-sp1-windows-server-2012-r2-and-windows-server-2016).
1. Onboard a previous operating system with the Microsoft Monitoring Agent (MMA) into Defender for Endpoint (for more information, see [Onboard previous versions of Windows on Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2010326) and [Onboard Windows servers](configure-server-endpoints.md#windows-server-2008-r2-sp1-windows-server-2012-r2-and-windows-server-2016).
2. Ensure the machine is successfully reporting into the Microsoft Defender Security Center portal.
@ -169,9 +169,9 @@ The *.blob.core.windows.net URL endpoint can be replaced with the URLs shown in
## Verify client connectivity to Microsoft Defender ATP service URLs
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Defender for Endpoint service URLs.
1. Download the [MDATP Client Analyzer tool](https://aka.ms/mdatpanalyzer) to the PC where Microsoft Defender ATP sensor is running on.
1. Download the [MDATP Client Analyzer tool](https://aka.ms/mdatpanalyzer) to the PC where Defender for Endpoint sensor is running on.
2. Extract the contents of MDATPClientAnalyzer.zip on the device.
@ -196,7 +196,7 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
5. Extract the *MDATPClientAnalyzerResult.zip* file created by tool in the folder used in the *HardDrivePath*.
6. Open *MDATPClientAnalyzerResult.txt* and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs. <br><br>
The tool checks the connectivity of Microsoft Defender ATP service URLs that Microsoft Defender ATP client is configured to interact with. It then prints the results into the *MDATPClientAnalyzerResult.txt* file for each URL that can potentially be used to communicate with the Microsoft Defender ATP services. For example:
The tool checks the connectivity of Defender for Endpoint service URLs that Defender for Endpoint client is configured to interact with. It then prints the results into the *MDATPClientAnalyzerResult.txt* file for each URL that can potentially be used to communicate with the Defender for Endpoint services. For example:
```text
Testing URL : https://xxx.microsoft.com/xxx
@ -207,18 +207,18 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
5 - Command line proxy: Doesn't exist
```
If at least one of the connectivity options returns a (200) status, then the Microsoft Defender ATP client can communicate with the tested URL properly using this connectivity method. <br><br>
If at least one of the connectivity options returns a (200) status, then the Defender for Endpoint client can communicate with the tested URL properly using this connectivity method. <br><br>
However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Defender for Endpoint service URLs in the proxy server](#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
> [!NOTE]
> The Connectivity Analyzer tool is not compatible with ASR rule [Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction#attack-surface-reduction-rules). You will need to temporarily disable this rule to run the connectivity tool.
> [!NOTE]
> When the TelemetryProxyServer is set, in Registry or via Group Policy, Microsoft Defender ATP will fall back to direct if it can't access the defined proxy.
> When the TelemetryProxyServer is set, in Registry or via Group Policy, Defender for Endpoint will fall back to direct if it can't access the defined proxy.
## Related topics
- [Onboard Windows 10 devices](configure-endpoints.md)
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)

69
windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
View File

@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Onboard Windows servers to the Microsoft Defender ATP service
# Onboard Windows servers to the Microsoft Defender for Endpoint service
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
@ -30,21 +30,21 @@ ms.topic: article
- Windows Server (SAC) version 1803 and later
- Windows Server 2019 and later
- Windows Server 2019 core edition
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink)
Microsoft Defender ATP extends support to also include the Windows Server operating system. This support provides advanced attack detection and investigation capabilities seamlessly through the Microsoft Defender Security Center console.
Defender for Endpoint extends support to also include the Windows Server operating system. This support provides advanced attack detection and investigation capabilities seamlessly through the Microsoft Defender Security Center console.
For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Microsoft Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128).
For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Defender for Endpoint](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128).
For guidance on how to download and use Windows Security Baselines for Windows servers, see [Windows Security Baselines](https://docs.microsoft.com/windows/device-security/windows-security-baselines).
## Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016
You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 to Microsoft Defender ATP by using any of the following options:
You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 to Defender for Endpoint by using any of the following options:
- **Option 1**: [Onboard by installing and configuring Microsoft Monitoring Agent (MMA)](#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma)
- **Option 2**: [Onboard through Azure Security Center](#option-2-onboard-windows-servers-through-azure-security-center)
@ -55,23 +55,23 @@ After completing the onboarding steps using any of the provided options, you'll
> [!NOTE]
> Microsoft defender ATP standalone server license is required, per node, in order to onboard a Windows server through Microsoft Defender Security Center (Option 1), or an Azure Security Center Standard license is required, per node, in order to onboard a Windows server through Azure Security Center (Option 2), see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services).
> Defender for Endpoint standalone server license is required, per node, in order to onboard a Windows server through Microsoft Defender Security Center (Option 1), or an Azure Security Center Standard license is required, per node, in order to onboard a Windows server through Azure Security Center (Option 2), see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services).
### Option 1: Onboard by installing and configuring Microsoft Monitoring Agent (MMA)
You'll need to install and configure MMA for Windows servers to report sensor data to Microsoft Defender ATP. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
You'll need to install and configure MMA for Windows servers to report sensor data to Defender for Endpoint. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support.
If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Defender for Endpoint workspace through Multihoming support.
In general, you'll need to take the following steps:
1. Fulfill the onboarding requirements outlined in **Before you begin** section.
2. Turn on server monitoring from Microsoft Defender Security center.
3. Install and configure MMA for the server to report sensor data to Microsoft Defender ATP.
3. Install and configure MMA for the server to report sensor data to Defender for Endpoint.
4. Configure and update System Center Endpoint Protection clients.
> [!TIP]
> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Defender for Endpoint endpoint](run-detection-test.md).
#### Before you begin
@ -92,7 +92,7 @@ Perform the following steps to fulfill the onboarding requirements:
<span id="server-mma"/>
### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP
### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender for Endpoint
1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
@ -106,14 +106,14 @@ Perform the following steps to fulfill the onboarding requirements:
<span id="server-proxy"/>
### Configure Windows server proxy and Internet connectivity settings if needed
If your servers need to use a proxy to communicate with Microsoft Defender ATP, use one of the following methods to configure the MMA to use the proxy server:
If your servers need to use a proxy to communicate with Defender for Endpoint, use one of the following methods to configure the MMA to use the proxy server:
- [Configure the MMA to use a proxy server](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#install-agent-using-setup-wizard)
- [Configure Windows to use a proxy server for all connections](configure-proxy-internet.md)
If a proxy or firewall is in use, please ensure that servers can access all of the Microsoft Defender ATP service URLs directly and without SSL interception. For more information, see [enable access to Microsoft Defender ATP service URLs](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). Use of SSL interception will prevent the system from communicating with the Defender for Endpoint service.
If a proxy or firewall is in use, please ensure that servers can access all of the Microsoft Defender ATP service URLs directly and without SSL interception. For more information, see [enable access to Defender for Endpoint service URLs](configure-proxy-internet.md#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server). Use of SSL interception will prevent the system from communicating with the Defender for Endpoint service.
Once completed, you should see onboarded Windows servers in the portal within an hour.
@ -124,17 +124,16 @@ Once completed, you should see onboarded Windows servers in the portal within an
3. Click **Onboard Servers in Azure Security Center**.
4. Follow the onboarding instructions in [Microsoft Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
4. Follow the onboarding instructions in [Microsoft Defender for Endpoint with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients).
### Option 3: Onboard Windows servers through Microsoft Endpoint Configuration Manager version 2002 and later
You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsoft Endpoint Configuration Manager version 2002 and later. For more information, see [Microsoft Defender Advanced Threat Protection in Microsoft Endpoint Configuration Manager current branch](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection).
You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsoft Endpoint Configuration Manager version 2002 and later. For more information, see [Microsoft Defender for Endpoint
in Microsoft Endpoint Configuration Manager current branch](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection).
After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients).
## Windows Server (SAC) version 1803, Windows Server 2019, and Windows Server 2019 Core edition
You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windows Server 2019 Core edition by using the following deployment methods:
@ -150,7 +149,7 @@ You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windo
Support for Windows Server, provide deeper insight into activities happening on the Windows server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well.
1. Configure Microsoft Defender ATP onboarding settings on the Windows server. For more information, see [Onboard Windows 10 devices](configure-endpoints.md).
1. Configure Defender for Endpoint onboarding settings on the Windows server. For more information, see [Onboard Windows 10 devices](configure-endpoints.md).
2. If you're running a third-party antimalware solution, you'll need to apply the following Microsoft Defender AV passive mode settings. Verify that it was configured correctly:
@ -179,28 +178,28 @@ Support for Windows Server, provide deeper insight into activities happening on
For information on how to use Group Policy to configure and manage Microsoft Defender Antivirus on your Windows servers, see [Use Group Policy settings to configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus).
## Integration with Azure Security Center
Microsoft Defender ATP can integrate with Azure Security Center to provide a comprehensive Windows server protection solution. With this integration, Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers.
Defender for Endpoint can integrate with Azure Security Center to provide a comprehensive Windows server protection solution. With this integration, Azure Security Center can leverage the power of Defender for Endpoint to provide improved threat detection for Windows Servers.
The following capabilities are included in this integration:
- Automated onboarding - Microsoft Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
- Automated onboarding - Defender for Endpoint sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
> [!NOTE]
> Automated onboarding is only applicable for Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016.
- Windows servers monitored by Azure Security Center will also be available in Microsoft Defender ATP - Azure Security Center seamlessly connects to the Microsoft Defender ATP tenant, providing a single view across clients and servers. In addition, Microsoft Defender ATP alerts will be available in the Azure Security Center console.
- Windows servers monitored by Azure Security Center will also be available in Defender for Endpoint - Azure Security Center seamlessly connects to the Defender for Endpoint tenant, providing a single view across clients and servers. In addition, Defender for Endpoint alerts will be available in the Azure Security Center console.
- Server investigation - Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach.
> [!IMPORTANT]
> - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created (in the US for US users, in the EU for European and UK users).<br>
Data collected by Microsoft Defender ATP is stored in the geo-location of the tenant as identified during provisioning.
> - If you use Microsoft Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
> - When you use Azure Security Center to monitor servers, a Defender for Endpoint tenant is automatically created (in the US for US users, in the EU for European and UK users).<br>
Data collected by Defender for Endpoint is stored in the geo-location of the tenant as identified during provisioning.
> - If you use Defender for Endpoint before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
> - Once configured, you cannot change the location where your data is stored. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant. <br>
Server endpoint monitoring utilizing this integration has been disabled for Office 365 GCC customers.
## Configure and update System Center Endpoint Protection clients
Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
Defender for Endpoint integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
The following steps are required to enable this integration:
- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie).
@ -214,28 +213,28 @@ You can offboard Windows Server (SAC), Windows Server 2019, and Windows Server 2
For other Windows server versions, you have two options to offboard Windows servers from the service:
- Uninstall the MMA agent
- Remove the Microsoft Defender ATP workspace configuration
- Remove the Defender for Endpoint workspace configuration
> [!NOTE]
> Offboarding causes the Windows server to stop sending sensor data to the portal but data from the Windows server, including reference to any alerts it has had will be retained for up to 6 months.
### Uninstall Windows servers by uninstalling the MMA agent
To offboard the Windows server, you can uninstall the MMA agent from the Windows server or detach it from reporting to your Microsoft Defender ATP workspace. After offboarding the agent, the Windows server will no longer send sensor data to Microsoft Defender ATP.
To offboard the Windows server, you can uninstall the MMA agent from the Windows server or detach it from reporting to your Defender for Endpoint workspace. After offboarding the agent, the Windows server will no longer send sensor data to Defender for Endpoint.
For more information, see [To disable an agent](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent).
### Remove the Microsoft Defender ATP workspace configuration
### Remove the Defender for Endpoint workspace configuration
To offboard the Windows server, you can use either of the following methods:
- Remove the Microsoft Defender ATP workspace configuration from the MMA agent
- Remove the Defender for Endpoint workspace configuration from the MMA agent
- Run a PowerShell command to remove the configuration
#### Remove the Microsoft Defender ATP workspace configuration from the MMA agent
#### Remove the Defender for Endpoint workspace configuration from the MMA agent
1. In the **Microsoft Monitoring Agent Properties**, select the **Azure Log Analytics (OMS)** tab.
2. Select the Microsoft Defender ATP workspace, and click **Remove**.
2. Select the Defender for Endpoint workspace, and click **Remove**.
![Image of Microsoft Monitoring Agen Properties](images/atp-mma.png)
![Image of Microsoft Monitoring Agent Properties](images/atp-mma.png)
#### Run a PowerShell command to remove the configuration
@ -261,5 +260,5 @@ To offboard the Windows server, you can use either of the following methods:
- [Onboard Windows 10 devices](configure-endpoints.md)
- [Onboard non-Windows devices](configure-endpoints-non-windows.md)
- [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
- [Run a detection test on a newly onboarded Defender for Endpoint device](run-detection-test.md)
- [Troubleshooting Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)

23
windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
View File

@ -24,21 +24,20 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
## Pull detections using security information and events management (SIEM) tools
>[!NOTE]
>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
>- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
>-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
>- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
>- [Microsoft Defender for Endpoint Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
>-The Microsoft Defender for Endpoint Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
Microsoft Defender ATP supports security information and event management (SIEM) tools to pull detections. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (Azure AD) using the OAuth 2.0 authentication protocol for an Azure AD application that represents the specific SIEM connector installed in your environment.
Defender for Endpoint supports security information and event management (SIEM) tools to pull detections. Defender for Endpoint exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
Microsoft Defender ATP currently supports the following specific SIEM solution tools through a dedicated SIEM integration model:
Defender for Endpoint currently supports the following specific SIEM solution tools through a dedicated SIEM integration model:
- IBM QRadar
- Micro Focus ArcSight
@ -47,12 +46,12 @@ Other SIEM solutions (such as Splunk, RSA NetWitness) are supported through a di
To use either of these supported SIEM tools, you'll need to:
- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
- [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md)
- Configure the supported SIEM tool:
- [Configure HP ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
- Configure IBM QRadar to pull Microsoft Defender ATP detections For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
- [Configure HP ArcSight to pull Defender for Endpoint detections](configure-arcsight.md)
- Configure IBM QRadar to pull Defender for Endpoint detections For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
For more information on the list of fields exposed in the Detection API, see, [Microsoft Defender ATP Detection fields](api-portal-mapping.md).
For more information on the list of fields exposed in the Detection API see, [Defender for Endpoint Detection fields](api-portal-mapping.md).

10
windows/security/threat-protection/microsoft-defender-atp/connected-applications.md
View File

@ -18,17 +18,17 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Connected applications in Microsoft Defender ATP
# Connected applications in Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Connected applications integrates with the Microsoft Defender ATP platform using APIs.
Connected applications integrates with the Defender for Endpoint platform using APIs.
Applications use standard OAuth 2.0 protocol to authenticate and provide tokens for use with Microsoft Defender ATP APIs. In addition, Azure Active Directory (Azure AD) applications allow tenant admins to set explicit control over which APIs can be accessed using the corresponding app.
Applications use standard OAuth 2.0 protocol to authenticate and provide tokens for use with Microsoft Defender for Endpoint APIs. In addition, Azure Active Directory (Azure AD) applications allow tenant admins to set explicit control over which APIs can be accessed using the corresponding app.
You'll need to follow [these steps](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/apis-intro) to use the APIs with the connected application.
@ -37,7 +37,7 @@ From the left navigation menu, select **Partners & APIs** > **Connected AAD appl
## View connected application details
The Connected applications page provides information about the Azure AD applications connected to Microsoft Defender ATP in your organization. You can review the usage of the connected applications: last seen, number of requests in the past 24 hours, and request trends in the last 30 days.
The Connected applications page provides information about the Azure AD applications connected to Microsoft Defender for Endpoint in your organization. You can review the usage of the connected applications: last seen, number of requests in the past 24 hours, and request trends in the last 30 days.
![Image of connected apps](images/connected-apps.png)

8
windows/security/threat-protection/microsoft-defender-atp/contact-support.md
View File

@ -17,15 +17,15 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Contact Microsoft Defender ATP support
# Contact Microsoft Defender for Endpoint support
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
- [Microsoft Defender for Endpoint](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Microsoft Defender ATP has recently upgraded the support process to offer a more modern and advanced support experience.
Defender for Endpoint has recently upgraded the support process to offer a more modern and advanced support experience.
The new widget allows customers to:
- Find solutions to common problems
@ -68,7 +68,7 @@ In case the suggested articles are not sufficient, you can open a service reques
## Open a service request
Learn how to open support tickets by contacting Microsoft Defender ATP support.
Learn how to open support tickets by contacting Defender for Endpoint support.

8
windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
View File

@ -24,13 +24,13 @@ ms.custom: asr
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
## What is controlled folder access?
Controlled folder access helps you protect your valuable data from malicious apps and threats, like ransomware. Controlled folder access protects your data by checking apps against a list of known, trusted apps. Supported on Windows Server 2019 and Windows 10 clients, controlled folder access can be turned on using the Windows Security App or in Microsoft Endpoint Configuration Manager and Intune (for managed devices).
Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
Controlled folder access works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
## How does controlled folder access work?
@ -54,9 +54,9 @@ Controlled folder access requires enabling [Microsoft Defender Antivirus real-ti
## Review controlled folder access events in the Microsoft Defender Security Center
Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
Defender for Endpoint provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
You can query Microsoft Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
Example query:

8
windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
View File

@ -21,14 +21,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Creates new [Alert](alerts.md) on top of **Event**.
<br>**Microsoft Defender ATP Event** is required for the alert creation.
<br>**Microsoft Defender for Endpoint Event** is required for the alert creation.
<br>You will need to supply 3 parameters from the Event in the request: **Event Time**, **Machine ID** and **Report ID**. See example below.
<br>You can use an event found in Advanced Hunting API or Portal.
<br>If there existing an open alert on the same Device with the same Title, the new created alert will be merged with it.
@ -41,7 +41,7 @@ Creates new [Alert](alerts.md) on top of **Event**.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---

4
windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
View File

@ -25,7 +25,7 @@ ms.date: 09/20/2020
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
@ -109,7 +109,7 @@ Your custom detection rule can automatically take actions on files or devices th
These actions are applied to devices in the `DeviceId` column of the query results:
- **Isolate device**—applies full network isolation, preventing the device from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network)
- **Isolate device**—applies full network isolation, preventing the device from connecting to any application or service, except for the Defender for Endpoint service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network)
- **Collect investigation package**—collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices)
- **Run antivirus scan**—performs a full Microsoft Defender Antivirus scan on the device
- **Initiate investigation**—starts an [automated investigation](automated-investigations.md) on the device

2
windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md
View File

@ -24,7 +24,7 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Manage your existing [custom detection rules](custom-detection-rules.md) to ensure they are effectively finding threats and taking actions. Explore how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it.

2
windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
View File

@ -21,7 +21,7 @@ manager: dansimp
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
> [!IMPORTANT]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

2
windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
View File

@ -21,7 +21,7 @@ manager: dansimp
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients.

2
windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
View File

@ -21,7 +21,7 @@ manager: dansimp
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.

10
windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
View File

@ -16,7 +16,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Verify data storage location and update data retention settings for Microsoft Defender ATP
# Verify data storage location and update data retention settings for Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
@ -24,12 +24,12 @@ ms.topic: conceptual
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
During the onboarding process, a wizard takes you through the data storage and retention settings of Microsoft Defender ATP.
During the onboarding process, a wizard takes you through the data storage and retention settings of Defender for Endpoint.
After completing the onboarding, you can verify your selection in the data retention settings page.
@ -52,5 +52,5 @@ You can verify the data location by navigating to **Settings** > **Data retentio
## Related topics
- [Update data retention settings](data-retention-settings.md)
- [Configure alert notifications in Microsoft Defender ATP](configure-email-notifications.md)
- [Configure alert notifications in Defender for Endpoint](configure-email-notifications.md)
- [Configure advanced features](advanced-features.md)

28
windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
View File

@ -17,29 +17,30 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Microsoft Defender ATP data storage and privacy
# Microsoft Defender for Endpoint data storage and privacy
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
- [Microsoft Defender for Endpoint](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
This section covers some of the most frequently asked questions regarding privacy and data handling for Microsoft Defender ATP.
This section covers some of the most frequently asked questions regarding privacy and data handling for Defender for Endpoint.
> [!NOTE]
> This document explains the data storage and privacy details related to Microsoft Defender ATP. For more information related to Microsoft Defender ATP and other products and services like Microsoft Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). For more information, see [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577).
> This document explains the data storage and privacy details related to Defender for Endpoint. For more information related to Defender for Endpoint and other products and services like Microsoft Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information.
## What data does Microsoft Defender ATP collect?
Microsoft Defender ATP will collect and store information from your configured devices in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes.
## What data does Microsoft Defender for Endpoint collect?
Microsoft Defender for Endpoint will collect and store information from your configured devices in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes.
Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and device details (such as device identifiers, names, and the operating system version).
Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/?linkid=827578).
This data enables Microsoft Defender ATP to:
This data enables Defender for Endpoint to:
- Proactively identify indicators of attack (IOAs) in your organization
- Generate alerts if a possible attack was detected
- Provide your security operations with a view into devices, files, and URLs related to threat signals from your network, enabling you to investigate and explore the presence of security threats on the network.
@ -47,16 +48,16 @@ This data enables Microsoft Defender ATP to:
Microsoft does not use your data for advertising.
## Data protection and encryption
The Microsoft Defender ATP service utilizes state-of-the-art data protection technologies, which are based on Microsoft Azure infrastructure.
The Defender for Endpoint service utilizes state of the art data protection technologies which are based on Microsoft Azure infrastructure.
There are various aspects relevant to data protection that our service takes care of. Encryption is one of the most critical and it includes data encryption at rest, encryption in flight, and key management with Key Vault. For more information on other technologies used by the Microsoft Defender ATP service, see [Azure encryption overview](https://docs.microsoft.com/azure/security/security-azure-encryption-overview).
There are various aspects relevant to data protection that our service takes care of. Encryption is one of the most critical and it includes data encryption at rest, encryption in flight, and key management with Key Vault. For more information on other technologies used by the Defender for Endpoint service, see [Azure encryption overview](https://docs.microsoft.com/azure/security/security-azure-encryption-overview).
In all scenarios, data is encrypted using 256-bit [AES encryption](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) at the minimum.
## Data storage location
Microsoft Defender ATP operates in the Microsoft Azure datacenters in the European Union, the United Kingdom, or in the United States. Customer data collected by the service may be stored in: (a) the geo-location of the tenant as identified during provisioning or, (b) if Microsoft Defender ATP uses another Microsoft online service to process such data, the geolocation as defined by the data storage rules of that other online service.
Defender for Endpoint operates in the Microsoft Azure datacenters in the European Union, the United Kingdom, or in the United States. Customer data collected by the service may be stored in: (a) the geo-location of the tenant as identified during provisioning or, (b) if Defender for Endpoint uses another Microsoft online service to process such data, the geolocation as defined by the data storage rules of that other online service.
Customer data in pseudonymized form may also be stored in the central storage and processing systems in the United States.
@ -90,10 +91,11 @@ Your data will be kept and will be available to you while the license is under g
## Can Microsoft help us maintain regulatory compliance?
Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Microsoft Defender ATP services against their own legal and regulatory requirements. Microsoft Defender ATP has achieved a number of certifications including ISO, SOC, FedRAMP High, and PCI and continues to pursue additional national, regional, and industry-specific certifications.
Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Defender for Endpoint services against their own legal and regulatory requirements. Defender for Endpoint has achieved a number of certifications including ISO, SOC, FedRAMP High, and PCI and continues to pursue additional national, regional and industry-specific certifications.
By providing customers with compliant, independently verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run.
For more information on the Microsoft Defender ATP certification reports, see [Microsoft Trust Center](https://servicetrust.microsoft.com/).
For more information on the Defender for Endpoint certification reports, see [Microsoft Trust Center](https://servicetrust.microsoft.com/).
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-datastorage-belowfoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-datastorage-belowfoldlink)

12
windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md
View File

@ -27,18 +27,18 @@ ms.date: 04/24/2018
- Windows Defender
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-defendercompat-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-defendercompat-abovefoldlink)
The Microsoft Defender Advanced Threat Protection agent depends on Microsoft Defender Antivirus for some capabilities such as file scanning.
The Microsoft Defender for Endpoint agent depends on Microsoft Defender Antivirus for some capabilities such as file scanning.
>[!IMPORTANT]
>Microsoft Defender ATP does not adhere to the Microsoft Defender Antivirus Exclusions settings.
>Defender for Endpoint does not adhere to the Microsoft Defender Antivirus Exclusions settings.
You must configure Security intelligence updates on the Microsoft Defender ATP devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
You must configure Security intelligence updates on the Defender for Endpoint devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
If an onboarded device is protected by a third-party antimalware client, Microsoft Defender Antivirus on that endpoint will enter into passive mode.
@ -46,4 +46,4 @@ Microsoft Defender Antivirus will continue to receive updates, and the *mspeng.e
The Microsoft Defender Antivirus interface will be disabled, and users on the device will not be able to use Microsoft Defender Antivirus to perform on-demand scans or configure most options.
For more information, see the [Microsoft Defender Antivirus and Microsoft Defender ATP compatibility topic](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
For more information, see the [Microsoft Defender Antivirus and Defender for Endpoint compatibility topic](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).

4
windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
View File

@ -21,9 +21,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description

15
windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
View File

@ -24,20 +24,20 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
There are three phases in deploying Microsoft Defender ATP:
There are three phases in deploying Defender for Endpoint:
|Phase | Description |
|:-------|:-----|
| ![Phase 1: Prepare](images/prepare.png)<br>[Phase 1: Prepare](prepare-deployment.md)| Learn about what you need to consider when deploying Microsoft Defender ATP: <br><br>- Stakeholders and sign-off <br> - Environment considerations <br>- Access <br> - Adoption order
| ![Phase 1: Prepare](images/prepare.png)<br>[Phase 1: Prepare](prepare-deployment.md)| Learn about what you need to consider when deploying Defender for Endpoint: <br><br>- Stakeholders and sign-off <br> - Environment considerations <br>- Access <br> - Adoption order
| ![Phase 2: Setup](images/setup.png) <br>[Phase 2: Setup](production-deployment.md)| Take the initial steps to access Microsoft Defender Security Center. You'll be guided on:<br><br>- Validating the licensing <br> - Completing the setup wizard within the portal<br>- Network configuration|
| ![Phase 3: Onboard](images/onboard.png) <br>[Phase 3: Onboard](onboarding.md) | Onboard devices to the service so the Microsoft Defender ATP service can get sensor data from them.
The deployment guide will guide you through the recommended path in deploying Microsoft Defender ATP.
The deployment guide will guide you through the recommended path in deploying Defender for Endpoint.
If you're unfamiliar with the general deployment planning steps, check out the [Plan deployment](deployment-strategy.md) topic to get a high-level overview of the general deployment steps and methods.
@ -49,9 +49,9 @@ The following is in scope for this deployment guide:
- Use of Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to onboard endpoints into the service and configure capabilities
- Enabling Microsoft Defender ATP endpoint detection and response (EDR) capabilities
- Enabling Defender for Endpoint endpoint detection and response (EDR) capabilities
- Enabling Microsoft Defender ATP endpoint protection platform (EPP)
- Enabling Defender for Endpoint endpoint protection platform (EPP)
capabilities
- Next-generation protection
@ -63,7 +63,6 @@ The following is in scope for this deployment guide:
The following are out of scope of this deployment guide:
- Configuration of third-party solutions that might integrate with Microsoft
Defender ATP
- Configuration of third-party solutions that might integrate with Defender for Endpoint
- Penetration testing in production environment

18
windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
View File

@ -16,18 +16,18 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Plan your Microsoft Defender ATP deployment
# Plan your Microsoft Defender for Endpoint deployment
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink)
Depending on the requirements of your environment, we've put together material to help guide you through the various options you can adopt to deploy Microsoft Defender ATP.
Depending on the requirements of your environment, we've put together material to help guide you through the various options you can adopt to deploy Defender for Endpoint.
These are the general steps you need to take to deploy Microsoft Defender ATP:
These are the general steps you need to take to deploy Defender for Endpoint:
![Image of deployment flow](images/onboarding-flow-diagram.png)
@ -41,16 +41,16 @@ We understand that every enterprise environment is unique, so we've provided sev
Depending on your environment, some tools are better suited for certain architectures.
Use the following material to select the appropriate Microsoft Defender ATP architecture that best suites your organization.
Use the following material to select the appropriate Defender for Endpoint architecture that best suites your organization.
|**Item**|**Description**|
|:-----|:-----|
|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)<br/> [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: <ul><li> Cloud-native </li><li> Co-management </li><li> On-premise</li><li>Evaluation and local onboarding</li>
|[![Thumb image for Defender for Endpoint deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)<br/> [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: <ul><li> Cloud-native </li><li> Co-management </li><li> On-premise</li><li>Evaluation and local onboarding</li>
## Step 2: Select deployment method
Microsoft Defender ATP supports a variety of endpoints that you can onboard to the service.
Defender for Endpoint supports a variety of endpoints that you can onboard to the service.
The following table lists the supported endpoints and the corresponding deployment tool that you can use so that you can plan the deployment appropriately.
@ -65,7 +65,7 @@ The following table lists the supported endpoints and the corresponding deployme
## Step 3: Configure capabilities
After onboarding endpoints, configure the security capabilities in Microsoft Defender ATP so that you can maximize the robust security protection available in the suite. Capabilities include:
After onboarding endpoints, configure the security capabilities in Defender for Endpoint so that you can maximize the robust security protection available in the suite. Capabilities include:
- Endpoint detection and response
- Next-generation protection

8
windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md
View File

@ -16,15 +16,15 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Microsoft Defender ATP device timeline event flags
# Microsoft Defender for Endpoint device timeline event flags
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Event flags in the Microsoft Defender ATP device timeline help you filter and organize specific events when you're investigate potential attacks.
Event flags in the Defender for Endpoint device timeline help you filter and organize specific events when you're investigate potential attacks.
TheMicrosoft Defender ATP device timelineprovides a chronological view of the events and associated alerts observed on a device. This list of events provides full visibility into any events, files, and IP addresses observed on the device. The list can sometimes be lengthy. Device timeline event flags help you track events that could be related.
TheDefender for Endpoint device timelineprovides a chronological view of the events and associated alerts observed on a device. This list of events provides full visibility into any events, files, and IP addresses observed on the device. The list can sometimes be lengthy. Device timeline event flags help you track events that could be related.
After you've gone through a device timeline, you can sort, filter, and export the specific events that you flagged.

12
windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
View File

@ -28,18 +28,18 @@ ms.collection:
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
## What is EDR in block mode?
When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is turned on, Microsoft Defender ATP blocks malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected, post breach.
When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is turned on, Defender for Endpoint blocks malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected, post breach.
EDR in block mode is also integrated with [threat & vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt). Your organization's security team will get a [security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) to turn EDR in block mode on if it isn't already enabled.
:::image type="content" source="images/edrblockmode-TVMrecommendation.png" alt-text="recommendation to turn on EDR in block mode":::
> [!NOTE]
> To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
> EDR in block mode is currently in preview, available to organizations who have opted in to receive **[preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview)**. To get the best protection, make sure to **[deploy Microsoft Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
## What happens when something is detected?
@ -87,11 +87,11 @@ No. EDR in block mode does not affect third-party antivirus protection running o
### Why do I need to keep Microsoft Defender Antivirus up to date?
Because Microsoft Defender Antivirus detects and remediates malicious items, it's important to keep it up to date to leverage the latest device learning models, behavioral detections, and heuristics for EDR in block mode to be most effective. The [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) stack of capabilities works in an integrated manner, and to get best protection value, you should keep Microsoft Defender Antivirus up to date.
Because Microsoft Defender Antivirus detects and remediates malicious items, it's important to keep it up to date to leverage the latest device learning models, behavioral detections, and heuristics for EDR in block mode to be most effective. The [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) stack of capabilities works in an integrated manner, and to get best protection value, you should keep Microsoft Defender Antivirus up to date.
### Why do we need cloud protection on?
Cloud protection is needed to turn on the feature on the device. Cloud protection allows [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) to deliver the latest and greatest protection based on our breadth and depth of security intelligence, along with behavioral and device learning models.
Cloud protection is needed to turn on the feature on the device. Cloud protection allows [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) to deliver the latest and greatest protection based on our breadth and depth of security intelligence, along with behavioral and device learning models.
## See also
@ -99,5 +99,5 @@ Cloud protection is needed to turn on the feature on the device. Cloud protectio
[Behavioral blocking and containment](behavioral-blocking-containment.md)
[Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus)
[Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus)

4
windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
View File

@ -32,7 +32,7 @@ Each ASR rule contains one of three settings:
- Block: Enable the ASR rule
- Audit: Evaluate how the ASR rule would impact your organization if enabled
To use ASR rules, you must have either a Windows 10 Enterprise E3 or E5 license. We recommend E5 licenses so you can take advantage of the advanced monitoring and reporting capabilities that are available in [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP). Advanced monitoring and reporting capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules.
To use ASR rules, you must have either a Windows 10 Enterprise E3 or E5 license. We recommend E5 licenses so you can take advantage of the advanced monitoring and reporting capabilities that are available in [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Defender for Endpoint). Advanced monitoring and reporting capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules.
> [!TIP]
> To learn more about Windows licensing, see [Windows 10 Licensing](https://www.microsoft.com/licensing/product-licensing/windows10?activetab=windows10-pivot:primaryr5) and get the [Volume Licensing guide for Windows 10](https://download.microsoft.com/download/2/D/1/2D14FE17-66C2-4D4C-AF73-E122930B60F6/Windows-10-Volume-Licensing-Guide.pdf).
@ -51,7 +51,7 @@ Enterprise-level management such as Intune or Microsoft Endpoint Configuration M
You can exclude files and folders from being evaluated by most attack surface reduction rules. This means that even if an ASR rule determines the file or folder contains malicious behavior, it will not block the file from running. This could potentially allow unsafe files to run and infect your devices.
You can also exclude ASR rules from triggering based on certificate and file hashes by allowing specified Microsoft Defender ATP file and certificate indicators. (See [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).)
You can also exclude ASR rules from triggering based on certificate and file hashes by allowing specified Defender for Endpoint file and certificate indicators. (See [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).)
> [!IMPORTANT]
> Excluding files or folders can severely reduce the protection provided by ASR rules. Excluded files will be allowed to run, and no report or event will be recorded.

4
windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
View File

@ -22,7 +22,7 @@ manager: dansimp
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[Controlled folder access](controlled-folders.md) helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is included with Windows 10 and Windows Server 2019.
@ -134,4 +134,4 @@ Use `Disabled` to turn off the feature.
* [Protect important folders with controlled folder access](controlled-folders.md)
* [Customize controlled folder access](customize-controlled-folders.md)
* [Evaluate Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md)
* [Evaluate Microsoft Defender for Endpoint](../microsoft-defender-atp/evaluate-atp.md)

2
windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
View File

@ -21,7 +21,7 @@ manager: dansimp
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[Exploit protection](exploit-protection.md) helps protect against malware that uses exploits to infect devices and spread. Exploit protection consists of a number of mitigations that can be applied to either the operating system or individual apps.

2
windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
View File

@ -21,7 +21,7 @@ manager: dansimp
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the internet. You can [audit network protection](evaluate-network-protection.md) in a test environment to view which apps would be blocked before you enable it.

28
windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
View File

@ -1,5 +1,5 @@
---
title: Enable SIEM integration in Microsoft Defender ATP
title: Enable SIEM integration in Microsoft Defender for Endpoint
description: Enable SIEM integration to receive detections in your security information and event management (SIEM) solution.
keywords: enable siem connector, siem, connector, security information and events
search.product: eADQiWindows 10XVcnh
@ -17,23 +17,23 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Enable SIEM integration in Microsoft Defender ATP
# Enable SIEM integration in Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink)
Enable security information and event management (SIEM) integration so you can pull detections from Microsoft Defender Security Center. Pull detections using your SIEM solution or by connecting directly to the detections REST API.
>[!NOTE]
>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
>- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
>- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
>- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
>- [Microsoft Defender for Endpoint Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
>- The Microsoft Defender for Endpoint Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
## Prerequisites
@ -78,15 +78,15 @@ Enable security information and event management (SIEM) integration so you can p
> [!NOTE]
> You'll need to generate a new Refresh token every 90 days.
6. Follow the instructions for [creating an Azure AD app registration for Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp) and assign the correct permissions to it to read alerts.
6. Follow the instructions for [creating an Azure AD app registration for Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp) and assign the correct permissions to it to read alerts.
You can now proceed with configuring your SIEM solution or connecting to the detections REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive detections from Microsoft Defender Security Center.
## Integrate Microsoft Defender ATP with IBM QRadar
You can configure IBM QRadar to collect detections from Microsoft Defender ATP. For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
## Integrate Microsoft Defender for Endpoint with IBM QRadar
You can configure IBM QRadar to collect detections from Microsoft Defender for Endpoint. For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
## Related topics
- [Configure HP ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
- [Microsoft Defender ATP Detection fields](api-portal-mapping.md)
- [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
## See also
- [Configure HP ArcSight to pull Microsoft Defender for Endpoint detections](configure-arcsight.md)
- [Microsoft Defender for Endpoint Detection fields](api-portal-mapping.md)
- [Pull Microsoft Defender for Endpoint detections using REST API](pull-alerts-using-rest-api.md)
- [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)

21
windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
View File

@ -1,6 +1,6 @@
---
title: Enable Microsoft Defender ATP Insider Device
description: Install and use Microsoft Defender ATP for Mac.
title: Enable Microsoft Defender for Endpoint Insider Device
description: Install and use Microsoft Defender for Endpoint (Mac).
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -19,19 +19,18 @@ ms.collection:
ms.topic: conceptual
---
# Enable Microsoft Defender ATP Insider Device
# Enable Microsoft Defender for Endpoint Insider Device
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
> [!IMPORTANT]
> Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md), and [manual deployment](mac-install-manually.md) instructions.
> Make sure you have enabled [Microsoft Defender for Endpoint (Mac)](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md), and [manual deployment](mac-install-manually.md) instructions.
## Enable the Insider program with Jamf
1. Create configuration profile com.microsoft.wdav.plist with the following content:
1. Create configuration profile `com.microsoft.wdav.plist` with the following content:
```XML
<?xml version="1.0" encoding="UTF-8"?>
@ -49,14 +48,14 @@ To get preview features for Mac, you must set up your device to be an "Insider"
1. From the JAMF console, navigate to **Computers>Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings**.
1. Create an entry withcom.microsoft.wdavas the preference domain and upload the `.plist` created earlier.
1. Create an entry with`com.microsoft.wdav`as the preference domain and upload the `.plist` created earlier.
> [!WARNING]
> You must enter the correct preference domain (com.microsoft.wdav), otherwise the preferences will not be recognized by the product
## Enable the Insider program with Intune
1. Create configuration profile com.microsoft.wdav.plist with the following content:
1. Create configuration profile `com.microsoft.wdav.plist` with the following content:
```XML
<?xml version="1.0" encoding="utf-8"?>
@ -119,9 +118,9 @@ To get preview features for Mac, you must set up your device to be an "Insider"
1. Save the `.plist` created earlier as com.microsoft.wdav.xml.
1. Enter com.microsoft.wdav as the custom configuration profile name.
1. Enter `com.microsoft.wdav` as the custom configuration profile name.
1. Open the configuration profile and upload com.microsoft.wdav.xml. This file was created in step 1.
1. Open the configuration profile and upload `com.microsoft.wdav.xml`. This file was created in step 1.
1. Select **OK**.
@ -148,7 +147,7 @@ For versions earlier than 100.78.0, run:
### Verify you are running the correct version
To get the latest version of the Microsoft Defender ATP for Mac, set the Microsoft AutoUpdate to “Fast Ring”. To get “Microsoft AutoUpdate”, download it from [Release history for Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/officeupdates/release-history-microsoft-autoupdate).
To get the latest version of the Microsoft Defender for Endpoint (Mac), set the Microsoft AutoUpdate to “Fast Ring”. To get “Microsoft AutoUpdate”, download it from [Release history for Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/officeupdates/release-history-microsoft-autoupdate).
To verify you are running the correct version, run `mdatp --health` on the device.

14
windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
View File

@ -1,7 +1,7 @@
---
title: Evaluate Microsoft Defender Advanced Threat Protection
title: Evaluate Microsoft Defender for Endpoint
ms.reviewer:
description: Evaluate the different security capabilities in Microsoft Defender ATP.
description: Evaluate the different security capabilities in Microsoft Defender for Endpoint.
keywords: attack surface reduction, evaluate, next, generation, protection
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -18,16 +18,16 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Evaluate Microsoft Defender ATP
# Evaluate Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
[Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
You can evaluate Microsoft Defender Advanced Threat Protection in your organization by [starting your free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
You can evaluate Microsoft Defender for Endpoint in your organization by [starting your free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
You can also evaluate the different security capabilities in Microsoft Defender ATP by using the following instructions.
You can also evaluate the different security capabilities in Microsoft Defender for Endpoint by using the following instructions.
## Evaluate attack surface reduction
@ -48,4 +48,4 @@ Next gen protections help detect and block the latest threats.
## See Also
[Microsoft Defender Advanced Threat Protection overview](microsoft-defender-advanced-threat-protection.md)
[Microsoft Defender for Endpoint overview](microsoft-defender-advanced-threat-protection.md)

4
windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md
View File

@ -21,7 +21,7 @@ manager: dansimp
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Attack surface reduction rules help prevent actions typically used by malware to compromise devices or networks. Set attack surface reduction rules for devices running any of the following editions and versions of Windows:
@ -33,7 +33,7 @@ Attack surface reduction rules help prevent actions typically used by malware to
Learn how to evaluate attack surface reduction rules by enabling audit mode to test the feature directly in your organization.
> [!TIP]
> You can also visit the Microsoft Defender ATP demo scenario website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
> You can also visit the Microsoft Defender for Endpoint demo scenario website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
## Use audit mode to measure impact

6
windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
View File

@ -21,7 +21,7 @@ manager: dansimp
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[Controlled folder access](controlled-folders.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients.
@ -30,7 +30,7 @@ It is especially useful in helping protect against [ransomware](https://www.micr
This article helps you evaluate controlled folder access. It explains how to enable audit mode so you can test the feature directly in your organization.
> [!TIP]
> You can also visit the Microsoft Defender ATP demo scenario website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
> You can also visit the Microsoft Defender for Endpoint demo scenario website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
## Use audit mode to measure impact
@ -68,5 +68,5 @@ See [Protect important folders with controlled folder access](controlled-folders
## See also
* [Protect important folders with controlled folder access](controlled-folders.md)
* [Evaluate Microsoft Defender ATP]../(microsoft-defender-atp/evaluate-atp.md)
* [Evaluate Microsoft Defender for Endpoint](evaluate-atp.md)
* [Use audit mode](audit-windows-defender.md)

4
windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
View File

@ -23,14 +23,14 @@ manager: dansimp
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[Exploit protection](exploit-protection.md) helps protect devices from malware that uses exploits to spread and infect other devices. Mitigation can be applied to either the operating system or to an individual app. Many of the features that were part of the Enhanced Mitigation Experience Toolkit (EMET) are included in exploit protection. (The EMET has reached its end of support.)
This article helps you enable exploit protection in audit mode and review related events in Event Viewer. You can enable audit mode to see how mitigation works for certain apps in a test environment. By auditing exploit protection, you can see what *would* have happened if you had enabled exploit protection in your production environment. This way, you can help ensure exploit protection doesn't adversely affect your line-of-business apps, and you can see which suspicious or malicious events occur.
> [!TIP]
> You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how exploit protection works.
> You can also visit the Microsoft Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how exploit protection works.
## Enable exploit protection in audit mode

6
windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md
View File

@ -21,14 +21,14 @@ manager: dansimp
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[Network protection](network-protection.md) helps prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
This article helps you evaluate Network protection by enabling the feature and guiding you to a testing site. The sites in this evaluation article aren't malicious. They're specially created websites that pretend to be malicious. The site will replicate the behavior that would happen if a user visited a malicious site or domain.
This article helps you evaluate network protection by enabling the feature and guiding you to a testing site. The sites in this evaluation article aren't malicious. They're specially created websites that pretend to be malicious. The site will replicate the behavior that would happen if a user visited a malicious site or domain.
> [!TIP]
> You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how other protection features work.
> You can also visit the Microsoft Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how other protection features work.
## Enable network protection in audit mode

51
windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
View File

@ -1,6 +1,6 @@
---
title: Microsoft Defender ATP evaluation lab
description: Learn about Microsoft Defender ATP capabilities, run attack simulations, and see how it prevents, detects, and remediates threats.
title: Microsoft Defender for Endpoint evaluation lab
description: Learn about Microsoft Defender for Endpoint capabilities, run attack simulations, and see how it prevents, detects, and remediates threats.
keywords: evaluate mdatp, evaluation, lab, simulation, windows 10, windows server 2019, evaluation lab
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@ -18,33 +18,32 @@ ms.collection:
ms.topic: article
---
# Microsoft Defender ATP evaluation lab
# Microsoft Defender for Endpoint evaluation lab
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Conducting a comprehensive security product evaluation can be a complex process requiring cumbersome environment and device configuration before an end-to-end attack simulation can actually be done. Adding to the complexity is the challenge of tracking where the simulation activities, alerts, and results are reflected during the evaluation.
The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
The Microsoft Defender for Endpoint evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLUM]
With the simplified set-up experience, you can focus on running your own test scenarios and the pre-made simulations to see how Microsoft Defender ATP performs.
With the simplified set-up experience, you can focus on running your own test scenarios and the pre-made simulations to see how Defender for Endpoint performs.
You'll have full access to the powerful capabilities of the platform such as automated investigations, advanced hunting, and threat analytics, allowing you to test the comprehensive protection stack that Microsoft Defender ATP offers.
You'll have full access to the powerful capabilities of the platform such as automated investigations, advanced hunting, and threat analytics, allowing you to test the comprehensive protection stack that Defender for Endpoint offers.
You can add Windows 10 or Windows Server 2019 devices that come pre-configured to have the latest OS versions and the right security components in place as well as Office 2019 Standard installed.
You can also install threat simulators. Microsoft Defender ATP has partnered with industry leading threat simulation platforms to help you test out the Microsoft Defender ATP capabilities without having to leave the portal.
You can also install threat simulators. Defender for Endpoint has partnered with industry leading threat simulation platforms to help you test out the Defender for Endpoint capabilities without having to leave the portal.
Install your preferred simulator, run scenarios within the evaluation lab, and instantly see how the platform performs - all conveniently available at no extra cost to you. You'll also have convenient access to wide array of simulations which you can access and run from the simulations catalog.
## Before you begin
You'll need to fulfill the [licensing requirements](minimum-requirements.md#licensing-requirements) or have trial access to Microsoft Defender ATP to access the evaluation lab.
You'll need to fulfill the [licensing requirements](minimum-requirements.md#licensing-requirements) or have trial access to Microsoft Defender for Endpoint to access the evaluation lab.
You must have **Manage security settings** permissions to:
- Create the lab
@ -56,10 +55,7 @@ If you enabled role-based access control (RBAC) and created at least a one machi
For more information, see [Create and manage roles](user-roles.md).
Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink)
Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink)
## Get started with the lab
@ -77,7 +73,7 @@ Already have a lab? Make sure to enable the new threat simulators and have activ
## Setup the evaluation lab
1. In the navigation pane, select **Evaluation and tutorials > Evaluation lab**, then select **Setup lab**.
1. In the navigation pane, select **Evaluation and tutorials** > **Evaluation lab**, then select **Setup lab**.
![Image of the evaluation lab welcome page](images/evaluation-lab-setup.png)
@ -103,12 +99,12 @@ After the lab setup process is complete, you can add devices and run simulations
## Add devices
When you add a device to your environment, Microsoft Defender ATP sets up a well-configured device with connection details. You can add Windows 10 or Windows Server 2019 devices.
When you add a device to your environment, Defender for Endpoint sets up a well-configured device with connection details. You can add Windows 10 or Windows Server 2019 devices.
The device will be configured with the most up-to-date version of the OS and Office 2019 Standard as well as other apps such as Java, Python, and SysIntenals.
>[!TIP]
> Need more devices in your lab? Submit a support ticket to have your request reviewed by the Microsoft Defender ATP team.
> Need more devices in your lab? Submit a support ticket to have your request reviewed by the Defender for Endpoint team.
If you chose to add a threat simulator during the lab setup, all devices will have the threat simulator agent installed in the devices that you add.
@ -116,17 +112,17 @@ The device will automatically be onboarded to your tenant with the recommended W
The following security components are pre-configured in the test devices:
- [Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
- [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
- [Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus)
- [Controlled Folder Access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)
- [Exploit Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection)
- [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)
- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)
- [Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection)
- [Network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)
- [Potentially unwanted application detection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)
- [Cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus)
- [Windows Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview)
- [Microsoft Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview)
>[!NOTE]
> Microsoft Defender Antivirus will be on (not in audit). If Microsoft Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the device through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus).
> Microsoft Defender Antivirus will be on (not in audit mode). If Microsoft Defender Antivirus blocks you from running your simulation, you can turn off real-time protection on the device through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus).
Automated investigation settings will be dependent on tenant settings. It will be configured to be semi-automated by default. For more information, see [Overview of Automated investigations](automated-investigations.md).
@ -172,7 +168,7 @@ You can simulate attack scenarios using:
You can also use [Advanced hunting](advanced-hunting-query-language.md) to query data and [Threat analytics](threat-analytics.md) to view reports about emerging threats.
### Do-it-yourself attack scenarios
If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Microsoft Defender ATP capabilities and walk you through investigation experience.
If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Defender for Endpoint capabilities and walk you through investigation experience.
>[!NOTE]
@ -202,7 +198,7 @@ If you are looking for a pre-made simulation, you can use our ["Do It Yourself"
If you chose to install any of the supported threat simulators during the lab setup, you can run the built-in simulations on the evaluation lab devices.
Running threat simulations using third-party platforms is a good way to evaluate Microsoft Defender ATP capabilities within the confines of a lab environment.
Running threat simulations using third-party platforms is a good way to evaluate Microsoft Defender for Endpoint capabilities within the confines of a lab environment.
>[!NOTE]
>Before you can run simulations, ensure the following requirements are met:
@ -229,17 +225,16 @@ Running threat simulations using third-party platforms is a good way to evaluate
![Image of simulations tab](images/simulations-tab.png)
After running your simulations, we encourage you to walk through the lab progress bar and explore Microsoft Defender ATP features. See if the attack simulations you ran triggered an automated investigation and remediation, check out the evidence collected and analyzed by the feature.
After running your simulations, we encourage you to walk through the lab progress bar and explore **Microsoft Defender for Endpoint triggered an automated investigation and remediation**. Check out the evidence collected and analyzed by the feature.
Hunt for attack evidence through advanced hunting by using the rich query language and raw telemetry and check out some world-wide threats documented in Threat analytics.
## Simulation gallery
Microsoft Defender ATP has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal.
Microsoft Defender for Endpoint has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal.
View all the available simulations by going to **Simulations and tutorials** > **Simulations catalog** from the menu.
A list of supported third-party threat simulation agents are listed, and specific types of simulations along with detailed descriptions are provided on the catalog.
You can conveniently run any available simulation right from the catalog.

Some files were not shown because too many files have changed in this diff Show More