deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #5262 from MicrosoftDocs/master

Browse Source 
Publish 06/08/2021, 3:30 PM
This commit is contained in:
Gary Moore 2021-06-08 15:56:59 -07:00 committed by GitHub
commit adb88e67ef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 138 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
windows/client-management/mdm/defender-csp.md
View File

@ -10,7 +10,7 @@ ms.prod: w10
ms.technology: windows ms.technology: windows
author: dansimp author: dansimp
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 06/02/2021 ms.date: 06/07/2021
--- ---
# Defender CSP # Defender CSP
@ -59,6 +59,9 @@ Defender
--------TamperProtection (Added in Windows 10, version 1903) --------TamperProtection (Added in Windows 10, version 1903)
--------EnableFileHashComputation (Added in Windows 10, version 1903) --------EnableFileHashComputation (Added in Windows 10, version 1903)
--------SupportLogLocation (Added in the next major release of Windows 10) --------SupportLogLocation (Added in the next major release of Windows 10)
--------PlatformUpdatesChannel (Added with the 4.18.2105.4 Defender platform release)
--------EngineUpdatesChannel (Added with the 4.18.2105.4 Defender platform release)
--------DefinitionUpdatesChannel (Added with the 4.18.2105.4 Defender platform release)
----Scan ----Scan
----UpdateSignature ----UpdateSignature
----OfflineScan (Added in Windows 10 version 1803) ----OfflineScan (Added in Windows 10 version 1803)
@ -518,9 +521,74 @@ When enabled or disabled exists on the client and admin moves the setting to not
More details: More details:
- [Microsoft Defender AV diagnostic data](/microsoft-365/security/defender-endpoint/collect-diagnostic-data) - [Microsoft Defender Antivirus diagnostic data](/microsoft-365/security/defender-endpoint/collect-diagnostic-data)
- [Collect investigation package from devices](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices) - [Collect investigation package from devices](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices)
<a href="" id="configuration-supportloglocation"></a>**Configuration/PlatformUpdatesChannel**
Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout.
Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.
Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.
Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).
Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid values are:
• 0: Not configured (Default)
• 1: Beta Channel - Prerelease
• 2: Current Channel (Preview)
• 3: Current Channel (Staged)
• 4: Current Channel (Broad)
<a href="" id="configuration-supportloglocation"></a>**Configuration/EngineUpdatesChannel**
Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout.
Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.
Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.
Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).
Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid values are:
- 0 - Not configured (Default)
- 1 - Beta Channel - Prerelease
- 2 - Current Channel (Preview)
- 3 - Current Channel (Staged)
- 4 - Current Channel (Broad)
<a href="" id="configuration-supportloglocation"></a>**Configuration/DefinitionUpdatesChannel**
Enable this policy to specify when devices receive daily Microsoft Defender definition updates during the daily gradual rollout.
Current Channel (Staged): Devices will be offered updates after the release cycle. Suggested to apply to a small, representative part of production population (~10%)
Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
If you disable or do not configure this policy, the device will stay up to date automatically during the daily release cycle. Suitable for most devices.
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid Values are:
• 0: Not configured (Default)
• 3: Current Channel (Staged)
• 4: Current Channel (Broad)
<a href="" id="scan"></a>**Scan** <a href="" id="scan"></a>**Scan**
Node that can be used to start a Windows Defender scan on a device. Node that can be used to start a Windows Defender scan on a device.

2
windows/security/information-protection/TOC.yml
View File

@ -29,6 +29,8 @@
href: bitlocker\bitlocker-using-with-other-programs-faq.yml href: bitlocker\bitlocker-using-with-other-programs-faq.yml
- name: "Prepare your organization for BitLocker: Planning and policies" - name: "Prepare your organization for BitLocker: Planning and policies"
href: bitlocker\prepare-your-organization-for-bitlocker-planning-and-policies.md href: bitlocker\prepare-your-organization-for-bitlocker-planning-and-policies.md
- name: BitLocker deployment comparison
href: bitlocker\bitlocker-deployment-comparison.md
- name: BitLocker basic deployment - name: BitLocker basic deployment
href: bitlocker\bitlocker-basic-deployment.md href: bitlocker\bitlocker-basic-deployment.md
- name: "BitLocker: How to deploy on Windows Server 2012 and later" - name: "BitLocker: How to deploy on Windows Server 2012 and later"

66
windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md Normal file
View File

@ -0,0 +1,66 @@
---
title: BitLocker deployment comparison (Windows 10)
description: This article shows the BitLocker deployment comparison chart.
ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: lovina-saldanha
ms.author: v-lsaldanha
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 05/20/2021
ms.custom: bitlocker
---
# BitLocker deployment comparison
**Applies to**
- Windows 10
This article depicts the BitLocker deployment comparison chart.
## BitLocker deployment comparison chart
| |Microsoft Intune |Microsoft Endpoint Configuration Manager |Microsoft BitLocker Administration and Monitoring (MBAM)* |
|---------|---------|---------|---------|
|**Requirements**||||
|Minimum client operating system version |Windows 10 | Windows 10 and Windows 8.1 | Windows 7 and later |
|Supported Windows 10 SKUs | Enterprise, Pro, Education | Enterprise, Pro, Education | Enterprise |
|Minimum Windows 10 version |1909** | None | None |
|Supported domain-joined status | Microsoft Azure Active Directory (Azure AD) joined, hybrid Azure AD joined | Active Directory joined, hybrid Azure AD joined | Active Directory joined |
|Permissions required to manage policies | Endpoint security manager or custom | Full administrator or custom | Domain Admin or Delegated GPO access |
|Cloud or on premises | Cloud | On premises | On premises |
|Server components required? | | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Additional agent required? | No (device enrollment only) | Configuration Manager client | MBAM client |
|Administrative plane | Microsoft Endpoint Manager admin center | Configuration Manager console | Group Policy Management Console and MBAM sites |
|Administrative portal installation required | | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Compliance reporting capabilities | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Force encryption | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Encryption for storage cards (mobile) | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | |
|Allow recovery password | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Manage startup authentication | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Select cipher strength and algorithms for fixed drives | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Select cipher strength and algorithms for removable drives | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Select cipher strength and algorithms for operating environment drives | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Standard recovery password storage location | Azure AD or
Active Directory | Configuration Manager site database | MBAM database |
|Store recovery password for operating system and fixed drives to Azure AD or Active Directory | Yes (Active Directory and Azure AD) | Yes (Active Directory only) | Yes (Active Directory only) |
|Customize preboot message and recovery link | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Allow/deny key file creation | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Deny Write permission to unprotected drives | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Can be administered outside company network | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | |
|Support for organization unique IDs | | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Self-service recovery | Yes (through Azure AD or Company Portal app) | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Recovery password rotation for fixed and operating environment drives | Yes (Windows 10, version 1909 and later) | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Wait to complete encryption until recovery information is backed up to Azure AD | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | | |
|Wait to complete encryption until recovery information is backed up to Active Directory | | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Allow or deny Data Recovery Agent | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Unlock a volume using certificate with custom object identifier | | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Prevent memory overwrite on restart | | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Configure custom Trusted Platform Module Platform Configuration Register profiles | | | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |
|Manage auto-unlock functionality | | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: | :::image type="content" source="images/yes-icon.png" alt-text="supported"::: |

BIN
windows/security/information-protection/bitlocker/images/yes-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 916 B