deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into deploy

Browse Source
This commit is contained in:
Joey Caparas 2020-03-10 14:20:10 -07:00
commit a0018daae7
13 changed files with 351 additions and 360 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

182
devices/surface-hub/index.md
View File

@ -1,182 +0,0 @@
---
title: Surface Hub
author: greg-lindsay
ms.author: greglin
manager: laurawi
layout: LandingPage
ms.prod: surface-hub
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: landing-page
description: "Get started with Microsoft Surface Hub."
ms.localizationpriority: High
---
# Get started with Surface Hub
Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device that brings the power of Windows 10 to team collaboration. Use the links below to learn how to plan, deploy, manage, and support your Surface Hub devices.
<ul class="panelContent cardsF">
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/get-started-blue.svg" alt="Get started icon" />
</div>
</div>
<div class="cardText">
<h3>Overview</h3>
<p><a href="https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099" target="_blank">Behind the design: Surface Hub 2S</a></p>
<p><a href="surface-hub-2s-whats-new.md">What's new in Surface Hub 2S</a></p>
<p><a href="differences-between-surface-hub-and-windows-10-enterprise.md">Operating system essentials</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/task-checklist-planning-blue.svg" alt="Plan icon" />
</div>
</div>
<div class="cardText">
<h3>Plan</h3>
<p><a href="surface-hub-2s-site-readiness-guide.md">Surface Hub 2S Site Readiness Guide</a></p>
<p><a href="surface-hub-2s-install-mount.md">Install and mount Surface Hub 2S</a></p>
<p><a href="surface-hub-2s-custom-install.md">Customize Surface Hub 2S installation</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/deploy-blue.svg" alt="Deploy icon" />
</div>
</div>
<div class="cardText">
<h3>Deploy</h3>
<p><a href="surface-hub-2s-adoption-kit.md">Surface Hub 2S adoption and training</a></p>
<p><a href="surface-hub-2s-deploy-checklist.md">Surface Hub 2S deployment checklist</a></p>
<p><a href="surface-hub-2s-account.md">Create device account</a></p>
</div>
</div>
</div>
</div>
</li>
</ul>
<ul class="panelContent cardsF">
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/process-flow-blue.svg" alt="Manage icon" />
</div>
</div>
<div class="cardText">
<h3>Manage</h3>
<p><a href="surface-hub-2s-manage-intune.md">Manage with Intune</a></p>
<p><a href="local-management-surface-hub-settings.md">Manage local settings</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/security-blue.svg" alt="Secure icon" />
</div>
</div>
<div class="cardText">
<h3>Secure</h3>
<p><a href="surface-hub-2s-secure-with-uefi-semm.md">Secure with UEFI and SEMM</a></p>
<p><a href="surface-hub-wifi-direct.md">Wi-Fi security considerations</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/connector-blue.svg" alt="Support icon" />
</div>
</div>
<div class="cardText">
<h3>Troubleshoot</h3>
<p><a href="https://support.microsoft.com/help/4493926" target="_blank">Service and warranty</a></p>
<p><a href="surface-hub-2s-recover-reset.md">Recover & reset Surface Hub 2S</a></p>
<p><a href="support-solutions-surface-hub.md">Surface Hub support solutions</a></p>
<p><a href="https://support.office.com/article/Enable-Microsoft-Whiteboard-on-Surface-Hub-b5df4539-f735-42ff-b22a-0f5e21be7627" target="_blank">Enable Microsoft Whiteboard on Surface Hub</a></p>
</div>
</div>
</div>
</div>
</li>
</ul>
---
<ul class="panelContent cardsW">
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardText">
<h3>Get ready for Surface Hub 2S</h3>
<p><a href="https://www.microsoft.com/p/surface-hub-2S/8P62MW6BN9G4?activetab=pivot:overviewtab" target="_blank">Ordering Surface Hub 2S</p>
<p><a href="surface-hub-2s-prepare-environment.md">Prepare your environment for Surface Hub 2S</p>
<p><a href="surface-hub-2s-install-mount.md">Install & mount Surface Hub 2S</p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardText">
<h3>Surface Hub 2S Videos</h3>
<p><a href="surface-hub-2s-adoption-videos.md" target="_blank">Adoption and training videos</p>
<p><a href="https://youtu.be/pbhNngw3a-Y" target="_blank">What is Surface Hub 2S?</p>
<p><a href="https://www.youtube.com/watch?v=CH2seLS5Wb0" target="_blank">Surface Hub 2S with Teams</p>
<p><a href="https://www.youtube.com/watch?v=I4N2lQX4WyI&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ&index=7" target="_blank">Surface Hub 2S with Microsoft 365</p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardText">
<h3>Community</h3>
<p><a href="https://techcommunity.microsoft.com/t5/Surface-Hub/bd-p/SurfaceHub" target="_blank">Join the Surface Hub Technical Community</p>
<p><a href="https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices" target="_blank">Join the Surface Devices Technical Community</p>
</div>
</div>
</div>
</div>
</li>
</ul>

127
devices/surface-hub/index.yml Normal file
View File

@ -0,0 +1,127 @@
### YamlMime:Hub
title: Surface Hub documentation # < 60 chars
summary: Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device. # < 160 chars
# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-bi | power-platform | sql | sql-server | vs | visual-studio | windows | xamarin
brand: windows
metadata:
title: Surface Hub documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Get started with Microsoft Surface Hub. # Required; article description that is displayed in search results. < 160 chars.
services: product-insights
ms.service: product-insights #Required; service per approved list. service slug assigned to your service by ACOM.
ms.topic: hub-page # Required
ms.prod: surface-hub
ms.technology: windows
audience: ITPro
ms.localizationpriority: medium
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
manager: laurawi
# highlightedContent section (optional)
# Maximum of 8 items
highlightedContent:
# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
items:
# Card
- title: What is Surface Hub 2S?
itemType: overview
url: https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099
# Card
- title: What's new in Surface Hub 2S?
itemType: whats-new
url: surface-hub-2s-whats-new.md
# Card
- title: Operating system essentials
itemType: learn
url: differences-between-surface-hub-and-windows-10-enterprise.md
# Card
- title: Surface Hub 2S Site Readiness Guide
itemType: learn
url: surface-hub-2s-site-readiness-guide.md
# Card
- title: Install and mount Surface Hub 2S
itemType: how-to-guide
url: surface-hub-2s-install-mount.md
# Card
- title: Customize Surface Hub 2S installation
itemType: how-to-guide
url: surface-hub-2s-custom-install.md
# productDirectory section (optional)
productDirectory:
title: Deploy, manage, and support your Surface Hub devices # < 60 chars (optional)
summary: Find related links to deploy, manage and support your Surface Hub devices. # < 160 chars (optional)
items:
# Card
- title: Deploy
# imageSrc should be square in ratio with no whitespace
imageSrc: https://docs.microsoft.com/office/media/icons/deploy-blue.svg
links:
- url: surface-hub-2s-adoption-kit.md
text: Surface Hub 2S adoption and training
- url: surface-hub-2s-deploy-checklist.md
text: Surface Hub 2S deployment checklist
- url: surface-hub-2s-account.md
text: Create device account
# Card
- title: Manage
imageSrc: https://docs.microsoft.com/office/media/icons/process-flow-blue.svg
links:
- url: surface-hub-2s-manage-intune.md
text: Manage with Intune
- url: local-management-surface-hub-settings.md
text: Manage local settings
# Card
- title: Secure
imageSrc: https://docs.microsoft.com/office/media/icons/security-blue.svg
links:
- url: surface-hub-2s-secure-with-uefi-semm.md
text: Secure with UEFI and SEMM
- url: surface-hub-wifi-direct.md
text: Wi-Fi security considerations
# Card
- title: Troubleshoot
imageSrc: https://docs.microsoft.com/office/media/icons/connector-blue.svg
links:
- url: https://support.microsoft.com/help/4493926
text: Service and warranty
- url: surface-hub-2s-recover-reset.md
text: Recover & reset Surface Hub 2S
- url: support-solutions-surface-hub.md
text: Surface Hub support solutions
- url: https://support.office.com/article/Enable-Microsoft-Whiteboard-on-Surface-Hub-b5df4539-f735-42ff-b22a-0f5e21be7627
text: Enable Microsoft Whiteboard on Surface Hub
# additionalContent section (optional)
# Card with links style
additionalContent:
# Supports up to 3 sections
sections:
- title: Other content # < 60 chars (optional)
summary: Find related links for videos, community and support. # < 160 chars (optional)
items:
# Card
- title: Get ready for Surface Hub 2S
links:
- text: Ordering Surface Hub 2S
url: https://www.microsoft.com/p/surface-hub-2S/8P62MW6BN9G4?activetab=pivot:overviewtab
- text: Prepare your environment for Surface Hub 2S
url: surface-hub-2s-prepare-environment.md
# Card
- title: Surface Hub 2S Videos
links:
- text: Adoption and training videos
url: surface-hub-2s-adoption-videos.md
- text: Surface Hub 2S with Teams
url: https://www.youtube.com/watch?v=CH2seLS5Wb0
- text: Surface Hub 2S with Microsoft 365
url: https://www.youtube.com/watch?v=I4N2lQX4WyI&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ&index=7
# Card
- title: Community
links:
- text: Join the Surface Hub Technical Community
url: https://techcommunity.microsoft.com/t5/Surface-Hub/bd-p/SurfaceHub
- text: Join the Surface Devices Technical Community
url: https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices

2
devices/surface/TOC.md
View File

@ -1,6 +1,6 @@
# [Surface](index.yml) # [Surface](index.yml)
## [Get started](get-started.md) ## [Surface devices documentation](get-started.yml)
## Overview ## Overview

169
devices/surface/get-started.md
View File

@ -1,169 +0,0 @@
---
title: Get started with Surface devices
author: greg-lindsay
ms.author: greglin
manager: laurawi
layout: LandingPage
ms.assetid:
ms.audience: itpro
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: landing-page
description: "Get started with Microsoft Surface devices"
ms.localizationpriority: High
---
# Get started with Surface devices
Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface for Business devices in your organization.
<ul class="panelContent cardsF">
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/task-checklist-planning-blue.svg" alt="Plan" />
</div>
</div>
<div class="cardText">
<h3>Plan</h3>
<p><a href="considerations-for-surface-and-system-center-configuration-manager.md">Surface and Endpoint Configuration Manager considerations</a></p>
<p><a href="wake-on-lan-for-surface-devices.md">Wake On LAN for Surface devices</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/deploy-blue.svg" alt="Deploy" />
</div>
</div>
<div class="cardText">
<h3>Deploy</h3>
<p><a href="manage-surface-driver-and-firmware-updates.md">Manage and deploy Surface driver and firmware updates</a></p>
<p><a href="windows-autopilot-and-surface-devices.md">Autopilot and Surface devices</a></p>
<p><a href="surface-pro-arm-app-management.md">Deploying, managing, and servicing Surface Pro X</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/process-flow-blue.svg" alt="Manage" />
</div>
</div>
<div class="cardText">
<h3>Manage</h3>
<p><a href="surface-wireless-connect.md">Optimize Wi-Fi connectivity for Surface devices</a></p>
<p><a href="maintain-optimal-power-settings-on-Surface-devices.md">Best practice power settings for Surface devices</a></p>
<p><a href="battery-limit.md">Manage battery limit with UEFI</a></p>
</div>
</div>
</div>
</div>
</li>
</ul>
<ul class="panelContent cardsF">
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/security-blue.svg" alt="Secure" />
</div>
</div>
<div class="cardText">
<h3>Secure</h3>
<p><a href="surface-manage-dfci-guide.md">Intune management of Surface UEFI settings</a></p>
<p><a href="surface-enterprise-management-mode.md">Surface Enterprise Management Mode (SEMM)</a></p>
<p><a href="microsoft-surface-data-eraser.md">Surface Data Eraser tool</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage">
<img src="https://docs.microsoft.com/office/media/icons/connector-blue.svg" alt="Support" />
</div>
</div>
<div class="cardText">
<h3>Support</h3>
<p><a href="https://support.microsoft.com/help/4483194/maximize-surface-battery-life">Maximize your Surface battery life</a></p>
<p><a href="https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations">Troubleshoot Surface Dock and docking stations</a></p>
<p><a href="support-solutions-surface.md">Top support solutions</a></p>
</div>
</div>
</div>
</div>
</li>
</ul>
---
<ul class="panelContent cardsW">
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardText">
<h3>Tech specs</h3>
<P><a href="https://www.microsoft.com/surface/business/surface-pro-7" target="_blank">Surface Pro 7 for Business</a></P>
<P><a href="https://www.microsoft.com/surface/business/surface-pro-x" target="_blank">Surface Pro X for Business</a></p>
<P><a href="https://www.microsoft.com/surface/business/surface-laptop-3" target="_blank">Surface Laptop 3 for Business</a></p>
<P><a href="https://www.microsoft.com/surface/business/surface-book-2" target="_blank">Surface Book 2 for Business</a></p>
<P><a href="https://www.microsoft.com/surface/business/surface-studio-2" target="_blank">Surface Studio 2 for Business</a></p>
<P><a href="https://www.microsoft.com/surface/business/surface-go" target="_blank">Surface Go</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardText">
<h3>Discover Surface tools</h3>
<P><a href="surface-dock-firmware-update.md">Surface Dock Firmware Update</a></p>
<P><a href="surface-diagnostic-toolkit-for-business-intro.md">Surface Diagnostic Toolkit for Business</a></p>
<P><a href="surface-enterprise-management-mode.md">SEMM and UEFI</a></p>
<P><a href="microsoft-surface-brightness-control.md">Surface Brightness Control</a></p>
<P><a href="battery-limit.md">Battery Limit setting</a></p>
</div>
</div>
</div>
</div>
</li>
<li>
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardText">
<h3>Community</h3>
<p><a href="https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro" target="_blank">Surface IT Pro blog</a></p>
<p><a href="https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices" target="_blank">Surface Devices Tech Community</a></p>
<p><a href="https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ" target="_blank">Microsoft Mechanics Surface videos</a></p>
</div>
</div>
</div>
</div>
</li>
</ul>

122
devices/surface/get-started.yml Normal file
View File

@ -0,0 +1,122 @@
### YamlMime:Landing
title: Surface devices documentation # < 60 chars
summary: Harness the power of Surface, Windows, and Office connected together through the cloud. # < 160 chars
metadata:
title: Surface devices documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Get started with Microsoft Surface devices # Required; article description that is displayed in search results. < 160 chars.
ms.service: product-insights #Required; service per approved list. service slug assigned to your service by ACOM.
ms.topic: landing-page # Required
manager: laurawi
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
ms.audience: itpro
ms.localizationpriority: High
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
landingContent:
# Cards and links should be based on top customer tasks or top subjects
# Start card title with a verb
# Card (optional)
- title: Surface devices
linkLists:
- linkListType: overview
links:
- text: Surface Pro 7 for Business
url: https://www.microsoft.com/surface/business/surface-pro-7
- text: Surface Pro X for Business
url: https://www.microsoft.com/surface/business/surface-pro-x
- text: Surface Laptop 3 for Business
url: https://www.microsoft.com/surface/business/surface-laptop-3
- text: Surface Book 2 for Business
url: https://www.microsoft.com/surface/business/surface-book-2
- text: Surface Studio 2 for Business
url: https://www.microsoft.com/surface/business/surface-studio-2
- text: Surface Go
url: https://www.microsoft.com/surface/business/surface-go
- linkListType: video
links:
- text: Microsoft Mechanics Surface videos
url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ
# Card (optional)
- title: Get started
linkLists:
- linkListType: get-started
links:
- text: Surface and Endpoint Configuration Manager considerations
url: considerations-for-surface-and-system-center-configuration-manager.md
- text: Wake On LAN for Surface devices
url: wake-on-lan-for-surface-devices.md
# Card
- title: Deploy Surface devices
linkLists:
- linkListType: deploy
links:
- text: Manage and deploy Surface driver and firmware updates
url: manage-surface-driver-and-firmware-updates.md
- text: Autopilot and Surface devices
url: windows-autopilot-and-surface-devices.md
- text: Deploying, managing, and servicing Surface Pro X
url: surface-pro-arm-app-management.md
# Card
- title: Manage Surface devices
linkLists:
- linkListType: how-to-guide
links:
- text: Optimize Wi-Fi connectivity for Surface devices
url: surface-wireless-connect.md
- text: Best practice power settings for Surface devices
url: maintain-optimal-power-settings-on-Surface-devices.md
- text: Manage battery limit with UEFI
url: battery-limit.md
# Card
- title: Secure Surface devices
linkLists:
- linkListType: how-to-guide
links:
- text: Intune management of Surface UEFI settings
url: surface-manage-dfci-guide.md
- text: Surface Enterprise Management Mode (SEMM)
url: surface-enterprise-management-mode.md
- text: Surface Data Eraser tool
url: microsoft-surface-data-eraser.md
# Card
- title: Discover Surface tools
linkLists:
- linkListType: how-to-guide
links:
- text: Surface Dock Firmware Update
url: surface-dock-firmware-update.md
- text: Surface Diagnostic Toolkit for Business
url: surface-diagnostic-toolkit-for-business-intro.md
- text: SEMM and UEFI
url: surface-enterprise-management-mode.md
- text: Surface Brightness Control
url: microsoft-surface-brightness-control.md
- text: Battery Limit setting
url: battery-limit.md
# Card
- title: Support and community
linkLists:
- linkListType: learn
links:
- text: Top support solutions
url: support-solutions-surface.md
- text: Maximize your Surface battery life
url: https://support.microsoft.com/help/4483194/maximize-surface-battery-life
- text: Troubleshoot Surface Dock and docking stations
url: https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations
- linkListType: reference
links:
- text: Surface IT Pro blog
url: https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro
- text: Surface Devices Tech Community
url: https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices

6
windows/client-management/mdm/policy-csp-restrictedgroups.md
View File

@ -76,7 +76,11 @@ manager: dansimp
<!--Description--> <!--Description-->
This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership. Using the policy, you can specify what members are part of a group. Any members that are not specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group. This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership. Using the policy, you can specify what members are part of a group. Any members that are not specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group.
Caution: If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members. > [!NOTE]
> DeviceEnroller.exe will not elevate the user if a pre-configured local admin group already exists on the device. This is a security measure in the executable where it checks for other non-disabled Administrators' membership(s). If at least one already exists, the tool will exit without elevating.
> [!CAUTION]
> If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members.
Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of 0 members when applying the policy implies clearing the access group and should be used with caution. Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of 0 members when applying the policy implies clearing the access group and should be used with caution.

6
windows/security/threat-protection/TOC.md
View File

@ -92,8 +92,8 @@
##### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports) ##### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
##### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis) ##### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
### [Use the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md) ### [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md)
#### [Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md) #### [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md)
### [Investigate entities using Live response]() ### [Investigate entities using Live response]()
@ -414,7 +414,7 @@
#### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md) #### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md)
#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) #### [Overview of AIR](microsoft-defender-atp/automated-investigations.md)

6
windows/security/threat-protection/index.md
View File

@ -74,10 +74,10 @@ The attack surface reduction set of capabilities provide the first line of defen
**[Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)**<br> **[Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)**<br>
To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats. To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats.
- [Behavior monitoring](/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) - [Behavior monitoring](/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
- [Cloud-based protection](/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) - [Cloud-based protection](/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
- [Machine learning](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) - [Machine learning](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
- [URL Protection](/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus) - [URL Protection](/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
- [Automated sandbox service](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md) - [Automated sandbox service](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
<a name="edr"></a> <a name="edr"></a>

2
windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md
View File

@ -13,7 +13,7 @@ author: denisebmsft
ms.author: deniseb ms.author: deniseb
ms.custom: nextgen ms.custom: nextgen
ms.date: 02/05/2020 ms.date: 02/05/2020
ms.reviewer: ms.reviewer: shwetaj
manager: dansimp manager: dansimp
audience: ITPro audience: ITPro
ms.topic: article ms.topic: article

BIN
windows/security/threat-protection/windows-defender-antivirus/images/pre-execution-and-post-execution-detection-engines.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 134 KiB

BIN
windows/security/threat-protection/windows-defender-antivirus/images/shadow-protection-detection.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
windows/security/threat-protection/windows-defender-antivirus/images/turn-shadow-protection-on.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

89
windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md Normal file
View File

@ -0,0 +1,89 @@
---
title: Shadow protection in next-generation protection
description: Learn about shadow protection in next-generation protection
keywords: Windows Defender Antivirus, shadow protection, passive mode
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
author: denisebmsft
ms.author: deniseb
manager: dansimp
ms.reviewer: shwetaj
audience: ITPro
ms.topic: article
ms.prod: w10
localization_priority: Normal
ms.custom: next-gen
ms.collection:
---
# Shadow protection in next-generation protection
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
## What is shadow protection?
Shadow protection (currently in [limited private preview](#can-i-participate-in-the-private-preview-of-shadow-protection)) extends behavioral-based blocking and containment capabilities by blocking malicious artifacts or behaviors even if [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) is not your active antivirus protection. If your organization has decided to use an antivirus solution other than Windows Defender Antivirus, you are still protected through shadow protection.
> [!TIP]
> To get the best protection, [deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline). And see [Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus).
## What happens when something is detected?
When shadow protection is turned on, and a malicious artifact is detected, the detection results in blocking and remediation actions. You'll see detection status as **Blocked** or **Remediated** as completed actions in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation#review-completed-actions).
The following images shows an instance of unwanted software that was detected and blocked through shadow protection:
:::image type="content" source="images/shadow-protection-detection.jpg" alt-text="Malware detected by shadow protection":::
## Turn on shadow protection
1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
2. Choose **Settings** > **Advanced features**.
:::image type="content" source="images/turn-shadow-protection-on.jpg" alt-text="Turn shadow protection on":::
3. Turn shadow protection on.
> [!NOTE]
> Currently, shadow protection can be turned on only in the Microsoft Defender Security Center. You cannot use registry keys, Intune, or group policies to turn shadow protection on or off at this time.
## Requirements for shadow protection
|Requirement |Details |
|---------|---------|
|Permissions |One of the following roles should be assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal): <br/>- Security Administrator or Global Administrator<br/>- Security Reader <br/>See [Basic permissions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/basic-permissions) |
|Operating system |One of the following: <br/>- Windows 10 (all releases) <br/>- Windows Server 2016 or later |
|Windows E5 enrollment |This is included in the following subscriptions: <br/>- Microsoft 365 E5 <br/>- The Identity & Threat Protection offering for Microsoft 365 E3 customers. <br/>See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide#components) and [Features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). |
|Cloud-delivered protection |Make sure Windows Defender Antivirus is configured such that cloud-delivered protection is enabled. <br/>See [Enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus). |
|Windows Defender Antivirus antimalware client |To make sure your client is up to date, using PowerShell, run the `Get-MpComputerStatus` cmdlet as an administrator. In the **AMProductVersion** line, you should see **4.18.2001.10** or above. |
|Windows Defender Antivirus engine |To make sure your engine is up to date, using PowerShell, run the `Get-MpComputerStatus` cmdlet as an administrator. In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. |
> [!IMPORTANT]
> To get the best protection value, make sure Windows Defender Antivirus is configured to receive regular updates and other essential features, such as behavioral monitoring, IOfficeAV, tamper protection, and more. See [Protect security settings with tamper protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection)
## Frequently asked questions
### Will shadow protection have any impact on a user's antivirus protection?
No. Shadow protection does not affect third-party antivirus protection running on users' machines. Shadow protection kicks in if the primary antivirus solution misses something, or if there is post-breach detection. Shadow protection works just like Windows Defender Antivirus in passive mode with the additional steps of blocking and remediating malicious items detected.
### Why do I need to keep Windows Defender Antivirus up to date?
The [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) stack works in integration, and to get best protection value, you should keep Windows Defender Antivirus up to date.
### Why do we need cloud protection on?
Cloud protection is needed to turn on the feature on the device. Cloud protection allows [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) to deliver the latest and greatest protection based on the optics received, along with behavioral and machine learning models.
### Can I participate in the private preview of shadow protection?
If you would like to participate in our private preview program, please send email to `shwjha@microsoft.com`.
## See also
- [Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus)