From a recovery partition
Lets you boot into DaRT without needing a CD, DVD, or UFD that includes instances in which there is no network connectivity.
-Also, can be implemented and managed as part of your standard Windows image process by using automated distribution tools, such as System Center Configuration Manager.
Also, can be implemented and managed as part of your standard Windows image process by using automated distribution tools, such as Microsoft Endpoint Configuration Manager.
When updating DaRT, requires you to update all computers in your enterprise instead of just one partition (on the network) or device (CD, DVD, or UFD).
-As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like Group Policy, Active Directory, and System Center Configuration Manager. It also delivers a “mobile-first, cloud-first” approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business.
+As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like Group Policy, Active Directory, and Microsoft Configuration Manager. It also delivers a “mobile-first, cloud-first” approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business.
## Deployment and Provisioning
@@ -57,7 +57,7 @@ With Windows 10, you can continue to use traditional OS deployment, but you can
- Create self-contained provisioning packages built with the [Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages).
-- Use traditional imaging techniques such as deploying custom images using [System Center Configuration Manager](https://docs.microsoft.com/sccm/core/understand/introduction).
+- Use traditional imaging techniques such as deploying custom images using [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/understand/introduction).
You have multiple options for [upgrading to Windows 10](https://technet.microsoft.com/itpro/windows/deploy/windows-10-deployment-scenarios). For existing devices running Windows 7 or Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This can mean significantly lower deployment costs, as well as improved productivity as end users can be immediately productive – everything is right where they left it. Of course, you can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today with Windows 7.
@@ -86,7 +86,7 @@ You can envision user and device management as falling into these two categories
- Windows Hello
- Domain joined PCs and tablets can continue to be managed with the [System Center Configuration Manager](https://docs.microsoft.com/sccm/core/understand/introduction) client or Group Policy.
+ Domain joined PCs and tablets can continue to be managed with the [Configuration Manager](https://docs.microsoft.com/configmgr/core/understand/introduction) client or Group Policy.
For more information about how Windows 10 and Azure AD optimize access to work resources across a mix of devices and scenarios, see [Using Windows 10 devices in your workplace](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-windows10-devices/).
@@ -100,7 +100,7 @@ Your configuration requirements are defined by multiple factors, including the l
**MDM**: [MDM](https://www.microsoft.com/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premises domain-joined devices. This makes MDM the best choice for devices that are constantly on the go.
-**Group Policy** and **System Center Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer’s 1,500 configurable Group Policy settings. If so, Group Policy and System Center Configuration Manager continue to be excellent management choices:
+**Group Policy** and **Microsoft Endpoint Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer’s 1,500 configurable Group Policy settings. If so, Group Policy and Configuration Manager continue to be excellent management choices:
- Group Policy is the best way to granularly configure domain joined Windows PCs and tablets connected to the corporate network using Windows-based tools. Microsoft continues to add Group Policy settings with each new version of Windows.
@@ -128,10 +128,10 @@ There are a variety of steps you can take to begin the process of modernizing de
**Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Starting with Configuration Manager 1710, co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. See these topics for details:
-- [Co-management for Windows 10 devices](https://docs.microsoft.com/sccm/core/clients/manage/co-management-overview)
-- [Prepare Windows 10 devices for co-management](https://docs.microsoft.com/sccm/core/clients/manage/co-management-prepare)
-- [Switch Configuration Manager workloads to Intune](https://docs.microsoft.com/sccm/core/clients/manage/co-management-switch-workloads)
-- [Co-management dashboard in System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/co-management-dashboard)
+- [Co-management for Windows 10 devices](https://docs.microsoft.com/configmgr/core/clients/manage/co-management-overview)
+- [Prepare Windows 10 devices for co-management](https://docs.microsoft.com/configmgr/core/clients/manage/co-management-prepare)
+- [Switch Configuration Manager workloads to Intune](https://docs.microsoft.com/configmgr/core/clients/manage/co-management-switch-workloads)
+- [Co-management dashboard in Configuration Manager](https://docs.microsoft.com/configmgr/core/clients/manage/co-management-dashboard)
## Related topics
diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/mdm/appv-deploy-and-config.md
index 7c1c0a5050..cd4c993d17 100644
--- a/windows/client-management/mdm/appv-deploy-and-config.md
+++ b/windows/client-management/mdm/appv-deploy-and-config.md
@@ -15,7 +15,7 @@ manager: dansimp
## Executive summary
-Microsoft Application Virtualization (App-V) apps have typically been configured, deployed, and managed through on-premises group policies using System Center Configuration Manager (SCCM) or App-V server. In Windows 10, version 1703, App-V apps can be configured, deployed, and managed using mobile device management (MDM), matching their on-premises counterparts.
+Microsoft Application Virtualization (App-V) apps have typically been configured, deployed, and managed through on-premises group policies using Microsoft Endpoint Configuration Manager or App-V server. In Windows 10, version 1703, App-V apps can be configured, deployed, and managed using mobile device management (MDM), matching their on-premises counterparts.
MDM services can be used to publish App-V packages to clients running Windows 10, version 1703 (or later). All capabilities such as App-V enablement, configuration, and publishing can be completed using the EnterpriseAppVManagement CSP.
diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index 0a9fa5c02f..24d475d6e4 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -31,7 +31,7 @@ For personal devices (BYOD): ### Azure AD Join -Company owned devices are traditionally joined to the on-premises Active Directory domain of the organization. These devices can be managed using Group Policy or computer management software such as System Center Configuration Manager. In Windows 10, it’s also possible to manage domain joined devices with an MDM. +Company owned devices are traditionally joined to the on-premises Active Directory domain of the organization. These devices can be managed using Group Policy or computer management software such as Microsoft Endpoint Configuration Manager. In Windows 10, it’s also possible to manage domain joined devices with an MDM. Windows 10 introduces a new way to configure and deploy corporate owned Windows devices. This mechanism is called Azure AD Join. Like traditional domain join, Azure AD Join allows devices to become known and managed by an organization. However, with Azure AD Join, Windows authenticates to Azure AD instead of authenticating to a domain controller. diff --git a/windows/deployment/media/windows10-deployment-config-manager.png b/windows/deployment/media/windows10-deployment-config-manager.png index af6c8313e0..9a3ae2b1f5 100644 Binary files a/windows/deployment/media/windows10-deployment-config-manager.png and b/windows/deployment/media/windows10-deployment-config-manager.png differ diff --git a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md index 022ac067c8..d57413d357 100644 --- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md @@ -60,7 +60,7 @@ DirectAccess can be used to ensure that the user can login with their domain cre ### Image deployment and drive provisioning considerations -The Image Deployment process can be accomplished either by a centralized IT process for your organization or by individual users creating their own Windows To Go workspaces. You must have local Administrator access and access to a Windows 10 Enterprise or Windows 10 Education image to create a Windows To Go workspace, or you must be using System Center Configuration Manager 2012 Service Pack 1 or later to distribute Windows To Go workspaces to users. The image deployment process takes a blank USB drive and a Windows 10 Enterprise image (WIM) and turns it into a Windows To Go drive. +The Image Deployment process can be accomplished either by a centralized IT process for your organization or by individual users creating their own Windows To Go workspaces. You must have local Administrator access and access to a Windows 10 Enterprise or Windows 10 Education image to create a Windows To Go workspace, or you must be using System Center 2012 Configuration Manager Service Pack 1 or later to distribute Windows To Go workspaces to users. The image deployment process takes a blank USB drive and a Windows 10 Enterprise image (WIM) and turns it into a Windows To Go drive.  diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md index 484aa23fe6..0b58c82162 100644 --- a/windows/deployment/planning/windows-10-infrastructure-requirements.md +++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md @@ -53,7 +53,7 @@ For System Center Configuration Manager, Windows 10 support is offered with var > Configuration Manager 2012 supports Windows 10 version 1507 (build 10.0.10240) and 1511 (build 10.0.10586) for the lifecycle of these builds. Future releases of Windows 10 CB/CBB are not supported With Configuration Manager 2012, and will require Microsoft Endpoint Configuration Manager current branch for supported management. -For more details about System Center Configuration Manager support for Windows 10, see [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](../deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md). +For more details about Microsoft Endpoint Configuration Manager support for Windows 10, see [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](../deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md). ## Management tools diff --git a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md index f559f6feee..c5595129d2 100644 --- a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md +++ b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md @@ -35,10 +35,10 @@ For the purposes of this topic, we will use three machines: DC01, CM01, and PC00 Figure 1. The machines used in this topic. -## Upgrade to Windows 10 with System Center 2012 R2 Configuration Manager +## Upgrade to Windows 10 with System Center 2012 R2 Configuration Manager -System Center 2012 R2 Configuration Manager SP1 adds support to manage and deploy Windows 10. Although it does not include built-in support to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 to Windows 10, you can build a custom task sequence to perform the necessary tasks. +System Center 2012 R2 Configuration Manager SP 1 adds support to manage and deploy Windows 10. Although it does not include built-in support to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 to Windows 10, you can build a custom task sequence to perform the necessary tasks. ## Create the task sequence @@ -114,13 +114,13 @@ Figure 2. Upgrade from Windows 7 to Windows 10 Enterprise x64 with a task sequ After the task sequence finishes, the computer will be fully upgraded to Windows 10. -## Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager Current Branch +## Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager -With Microsoft Endpoint Configuration Manager Current Branch, new built-in functionality makes it easier to upgrade to Windows 10. +With Configuration Manager, new built-in functionality makes it easier to upgrade to Windows 10. **Note** -For more details about Configuration Manager Current Branch, see the [Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](https://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released. +For more details about Configuration Manager, see the [Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](https://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released. @@ -150,7 +150,7 @@ Figure 3. The Configuration Manager upgrade task sequence. ### Create a device collection -After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0001 machine running Windows 7 SP1, with the next version of Microsoft Endpoint Configuration Manager client installed. +After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0001 machine running Windows 7 SP1, with the next version of Configuration Manager client installed. 1. On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings: - General diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index f6e320c931..75e7f8f006 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -129,11 +129,12 @@ Once completed, you should see onboarded servers in the portal within an hour. To onboard Windows Server, version 1803 or Windows Server 2019, please refer to the supported methods and versions below. > [!NOTE] -> The Onboarding package for Windows Server 2019 through Microsoft Endpoint Configuration Manager currently ships a script. For more information on how to deploy scripts in Microsoft Endpoint Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/packages-and-programs). +> The Onboarding package for Windows Server 2019 through Microsoft Endpoint Configuration Manager currently ships a script. For more information on how to deploy scripts in Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/packages-and-programs). Supported tools include: - Local script - Group Policy +- Microsoft Endpoint Configuration Manager - System Center Configuration Manager 2012 / 2012 R2 1511 / 1602 - VDI onboarding scripts for non-persistent machines diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index 2fc67b8211..d54f893ac4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -58,7 +58,7 @@ The following is in scope for this project: capabilities including automatic investigation and remediation - Enabling Microsoft Defender ATP threat and vulnerability management (TVM) -- Use of System Center Configuration Manager to onboard endpoints into the service. +- Use of Microsoft Endpoint Configuration Manager to onboard endpoints into the service. ### Out of scope diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 4e93583820..6bed8fc78a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -25,13 +25,13 @@ ms.topic: article Proper planning is the foundation of a successful deployment. In this deployment scenario, you'll be guided through the steps on: - Tenant configuration - Network configuration -- Onboarding using System Center Configuration Manager +- Onboarding using Microsoft Endpoint Configuration Manager - Endpoint detection and response - Next generation protection - Attack surface reduction >[!NOTE] ->For the purpose of guiding you through a typical deployment, this scenario will only cover the use of System Center Configuration Manager. Microsoft Defnder ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md). +>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Microsoft Defender ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md). ## Tenant Configuration @@ -111,7 +111,7 @@ under: Preview Builds \> Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service - - Set it to **Enabled** and select**Disable Authenticated Proxy usage** + - Set it to **Enabled** and select�**Disable Authenticated Proxy usage** 1. Open the Group Policy Management Console. 2. Create a policy or edit an existing policy based off the organizational practices. @@ -205,9 +205,9 @@ You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https: > [!NOTE] > As a cloud-based solution, the IP range can change. It's recommended you move to DNS resolving setting. -## Onboarding using System Center Configuration Manager +## Onboarding using Microsoft Endpoint Configuration Manager ### Collection creation -To onboard Windows 10 devices with System Center Configuration Manager, the +To onboard Windows 10 devices with Microsoft Endpoint Configuration Manager, the deployment can target either and existing collection or a new collection can be created for testing. The onboarding like group policy or manual method does not install any agent on the system. Within the Configuration Manager console @@ -217,55 +217,54 @@ maintain that configuration for as long as the Configuration Manager client continues to receive this policy from the management point. Follow the steps below to onboard systems with Configuration Manager. -1. In System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**. +1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**. -  +  2. Right Click **Device Collection** and select **Create Device Collection**. -  +  3. Provide a **Name** and **Limiting Collection**, then select **Next**. -  +  4. Select **Add Rule** and choose **Query Rule**. -  +  5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**. -  +  6. Select **Criteria** and then choose the star icon. -  +  7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is equal to** and value **10240** and click on **OK**. -  +  8. Select **Next** and **Close**. -  +  9. Select **Next**. -  +  After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment. ## Endpoint detection and response ### Windows 10 From within the Microsoft Defender Security Center it is possible to download -the '.onboarding' policy that can be used to create the policy in System Center Configuration -Manager and deploy that policy to Windows 10 devices. +the '.onboarding' policy that can be used to create the policy in Microsoft Endpoint Configuration Manager and deploy that policy to Windows 10 devices. 1. From a Microsoft Defender Security Center Portal, select [Settings and then Onboarding](https://securitycenter.windows.com/preferences2/onboarding). -2. Under Deployment method select the supported version of **System Center Configuration Manager**. +2. Under Deployment method select the supported version of **Configuration Manager**.  @@ -274,15 +273,15 @@ Manager and deploy that policy to Windows 10 devices.  4. Save the package to an accessible location. -5. In System Center Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**. +5. In Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**. 6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**. -  +  7. Enter the name and description, verify **Onboarding** is selected, then select **Next**. -  +  8. Click **Browse**. @@ -305,7 +304,7 @@ Manager and deploy that policy to Windows 10 devices. 15. Click **Close** when the Wizard completes. -16. In the System Center Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**. +16. In the Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**.  @@ -371,14 +370,14 @@ Specifically, for Windows 7 SP1, the following patches must be installed: [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework). Do not install both on the same system. -To deploy the MMA with System Center Configuration Manager, follow the steps +To deploy the MMA with Microsoft Endpoint Configuration Manager, follow the steps below to utilize the provided batch files to onboard the systems. The CMD file when executed, will require the system to copy files from a network share by the System, the System will install MMA, Install the DependencyAgent, and configure MMA for enrollment into the workspace. -1. In System Center Configuration Manager console, navigate to **Software +1. In the Configuration Manager console, navigate to **Software Library**. 2. Expand **Application Management**. @@ -387,15 +386,15 @@ MMA for enrollment into the workspace. 4. Provide a Name for the package, then click **Next** -  +  5. Verify **Standard Program** is selected. -  +  6. Click **Next**. -  +  7. Enter a program name. @@ -411,17 +410,17 @@ MMA for enrollment into the workspace. 13. Click **Next**. -  +  14. Verify the configuration, then click **Next**. -  +  15. Click **Next**. 16. Click **Close**. -17. In the System Center Configuration Manager console, right-click the Microsoft Defender ATP +17. In the Configuration Manager console, right-click the Microsoft Defender ATP Onboarding Package just created and select **Deploy**. 18. On the right panel select the appropriate collection. @@ -431,7 +430,7 @@ MMA for enrollment into the workspace. ## Next generation protection Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. -1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**. +1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.  @@ -481,9 +480,9 @@ Protection. All these features provide an audit mode and a block mode. In audit To set ASR rules in Audit mode: -1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. +1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. -  +  2. Select **Attack Surface Reduction**. @@ -491,26 +490,26 @@ To set ASR rules in Audit mode: 3. Set rules to **Audit** and click **Next**. -  +  4. Confirm the new Exploit Guard policy by clicking on **Next**. -  +  5. Once the policy is created click **Close**. -  +  6. Right-click on the newly created policy and choose **Deploy**. -  +  7. Target the policy to the newly created Windows 10 collection and click **OK**. -  +  After completing this task, you now have successfully configured ASR rules in audit mode. @@ -541,15 +540,15 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros ### To set Network Protection rules in Audit mode: -1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. +1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. -  +  2. Select **Network protection**. 3. Set the setting to **Audit** and click **Next**. -  +  4. Confirm the new Exploit Guard Policy by clicking **Next**. @@ -561,42 +560,42 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros 6. Right-click on the newly created policy and choose **Deploy**. -  +  7. Select the policy to the newly created Windows 10 collection and choose **OK**. -  +  After completing this task, you now have successfully configured Network Protection in audit mode. ### To set Controlled Folder Access rules in Audit mode: -1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. +1. In the Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. -  +  2. Select **Controlled folder access**. 3. Set the configuration to **Audit** and click **Next**. -  +  4. Confirm the new Exploit Guard Policy by clicking on **Next**. -  +  5. Once the policy is created click on **Close**. -  +  6. Right-click on the newly created policy and choose **Deploy**. -  +  7. Target the policy to the newly created Windows 10 collection and click **OK**. -  +  After completing this task, you now have successfully configured Controlled folder access in audit mode. diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md index 1accae5758..484dd83dc0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md @@ -219,7 +219,7 @@ Before you begin testing the deployed catalog file, make sure that the catalog s ## Deploy catalog files with Microsoft Endpoint Configuration Manager -As an alternative to Group Policy, you can use Microsoft Endpoint Configuration Manager to deploy catalog files to the managed computers in your environment. This approach can simplify the deployment and management of multiple catalog files as well as provide reporting around which catalog each client or collection has deployed. In addition to the deployment of these files, Microsoft Endpoint Configuration Manager can also be used to inventory the currently deployed catalog files for reporting and compliance purposes. Complete the following steps to create a new deployment package for catalog files: +As an alternative to Group Policy, you can use Configuration Manager to deploy catalog files to the managed computers in your environment. This approach can simplify the deployment and management of multiple catalog files as well as provide reporting around which catalog each client or collection has deployed. In addition to the deployment of these files, Configuration Manager can also be used to inventory the currently deployed catalog files for reporting and compliance purposes. Complete the following steps to create a new deployment package for catalog files: >[!NOTE] >The following example uses a network share named \\\\Shares\\CatalogShare as a source for the catalog files. If you have collection specific catalog files, or prefer to deploy them individually, use whichever folder structure works best for your organization. @@ -294,7 +294,7 @@ Before you begin testing the deployed catalog file, make sure that the catalog s ## Inventory catalog files with Microsoft Endpoint Configuration Manager -When catalog files have been deployed to the computers within your environment, whether by using Group Policy or Microsoft Endpoint Configuration Manager, you can inventory them with the software inventory feature of Microsoft Endpoint Configuration Manager. The following process walks you through the enablement of software inventory to discover catalog files on your managed systems through the creation and deployment of a new client settings policy. +When catalog files have been deployed to the computers within your environment, whether by using Group Policy or Configuration Manager, you can inventory them with the software inventory feature of Configuration Manager. The following process walks you through the enablement of software inventory to discover catalog files on your managed systems through the creation and deployment of a new client settings policy. >[!NOTE] >A standard naming convention for your catalog files will significantly simplify the catalog file software inventory process. In this example, *-Contoso* has been added to all catalog file names. @@ -332,7 +332,7 @@ When catalog files have been deployed to the computers within your environment, 9. Now that you have created the client settings policy, right-click the new policy, click **Deploy**, and then choose the collection on which you would like to inventory the catalog files. -At the time of the next software inventory cycle, when the targeted clients receive the new client settings policy, you will be able to view the inventoried files in the built-in Microsoft Endpoint Configuration Manager reports or Resource Explorer. To view the inventoried files on a client within Resource Explorer, complete the following steps: +At the time of the next software inventory cycle, when the targeted clients receive the new client settings policy, you will be able to view the inventoried files in the built-in Configuration Manager reports or Resource Explorer. To view the inventoried files on a client within Resource Explorer, complete the following steps: 1. Open the Configuration Manager console, and select the Assets and Compliance workspace.