From f5acb9dfb0f87115460e72709331d48dead090e4 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 27 Nov 2018 17:06:17 -0800 Subject: [PATCH 1/2] changed render based on translation feedback --- .../wd-app-guard-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md index b4f08ff71c..16fa6c33df 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md @@ -8,14 +8,14 @@ ms.pagetype: security ms.localizationpriority: medium author: justinha ms.author: justinha -ms.date: 09/07/2018 +ms.date: 11/27/2018 --- # Windows Defender Application Guard overview **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) -Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by rendering current attack methods obsolete. +Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. ## What is Application Guard and how does it work? Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted. From b2e1c32d38f730f70fa4deab36a60daef64faa81 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 28 Nov 2018 14:01:18 -0800 Subject: [PATCH 2/2] update rbac and add note to restrict app action --- ...rtal-access-windows-defender-advanced-threat-protection.md | 4 ++-- ...hine-alerts-windows-defender-advanced-threat-protection.md | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md index 700bbaef2b..3128addc7a 100644 --- a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 09/03/2018 +ms.date: 11/28/2018 --- # Assign user access to Windows Defender Security Center @@ -31,7 +31,7 @@ Windows Defender ATP supports two ways to manage permissions: > [!NOTE] >If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch: ->- Users with full access (Security Administrators) are automatically assigned the default **Global administrator** role, which also has full access. Only global administrators can manage permissions using RBAC. +>- Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Azure AD), are automatically assigned the default Windows Defender ATP administrator role, which also has full access. Additional Azure AD user groups can be assigned to the Windows Defender ATP administrator role after switching to RBAC. Only users assigned to the Windows Defender ATP administrator role can manage permissions using RBAC. >- Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Azure AD user groups can be assigned a role under RBAC. >- After switching to RBAC, you will not be able to switch back to using basic permissions management. diff --git a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md index 3ad2b9c1a8..b684069aa8 100644 --- a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 11/05/2018 +ms.date: 11/28/2018 --- # Take response actions on a machine @@ -122,6 +122,7 @@ In addition to the ability of containing an attack by stopping malicious process >[!IMPORTANT] > - This action is available for machines on Windows 10, version 1709 or later. +> - This feature is available if your organization uses Windows Defender Antivirus. > - This action needs to meet the Windows Defender Application Control code integrity policy formats and signing requirements. For more information, see [Code integrity policy formats and signing](https://docs.microsoft.com/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard#code-integrity-policy-formats-and-signing).