deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 19:33:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into rs3

Browse Source
This commit is contained in:
jdeckerMS
2017-09-19 06:24:00 -07:00
parent 8a2414b9eb 8b3d6f069f
commit adf8e3df49
8 changed files with 34 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
View File

@ -1,7 +1,6 @@
---
title: Windows Defender Firewall with Advanced Security Design Guide (Windows 10)
description: Windows Defender Firewall with Advanced Security
Design Guide
description: Windows Defender Firewall with Advanced Security Design Guide
ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51
ms.prod: w10
ms.mktglfcycl: deploy

1
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -1374,6 +1374,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<li>Search/AllowCloudSearch</li>
<li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li>
</ul>
<p>Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">Microsoft Store for Business</td>

14
windows/client-management/mdm/policy-csp-update.md
View File

@ -471,8 +471,12 @@ This policy is accessible through the Update setting in the user interface or Gr
<p style="margin-left: 20px">The following list shows the supported values:
- 16 (default) User gets all applicable upgrades from Current Branch (CB).
- 32 User gets upgrades from Current Branch for Business (CBB).
- 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709)
- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709)
- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709)
- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted).
- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel.
<!--EndDescription-->
<!--EndPolicy-->
@ -1253,12 +1257,12 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
<p style="margin-left: 20px">Allows the IT admin to set a device to CBB train.
<p style="margin-left: 20px">Allows the IT admin to set a device to Semi-Annual Channel train.
<p style="margin-left: 20px">The following list shows the supported values:
- 0 (default) User gets upgrades from Current Branch.
- 1 User gets upgrades from Current Branch for Business.
- 0 (default) User gets upgrades from Semi-Annual Channel (Targeted).
- 1 User gets upgrades from Semi-Annual Channel.
<!--EndDescription-->
<!--EndPolicy-->

8
windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
View File

@ -53,7 +53,7 @@ Field numbers match the numbers in the images below.
| 12 | Sha256 | deviceCustomString6 | 9987474deb9f457ece2a9533a08ec173a0986fa3aa6ac355eeba5b622e4a43f5 | Available for Windows Defender AV alerts. |
| 13 | ThreatName | eviceCustomString1 | Trojan:Win32/Skeeyah.A!bit | Available for Windows Defender AV alerts. |
| 14 | IpAddress | sourceAddress | 218.90.204.141 | Available for alerts associated to network events. For example, 'Communication to a malicious network destination'. |
| 15 | Url | requestUrl | down.esales360.cn | Availabe for alerts associated to network events. For example, 'Communication to a malicious network destination'. |
| 15 | Url | requestUrl | down.esales360.cn | Available for alerts associated to network events. For example, 'Communication to a malicious network destination'. |
| 16 | RemediationIsSuccess | deviceCustomNumber2 | TRUE | Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE. |
| 17 | WasExecutingWhileDetected | deviceCustomNumber1 | FALSE | Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE. |
| 18 | AlertId | externalId | 636210704265059241_673569822 | Value available for every alert. |
@ -63,12 +63,12 @@ Field numbers match the numbers in the images below.
| 22 | Actor | deviceCustomString4 | | Available for alerts related to a known actor group. |
| 21+5 | ComputerDnsName | No mapping | liz-bean.contoso.com | The machine fully qualified domain name. Value available for every alert. |
| | LogOnUsers | sourceUserId | contoso\liz-bean; contoso\jay-hardee | The domain and user of the interactive logon user/s at the time of the event. Note: For machines on Windows 10 version 1607, the domain information will not be available. |
| | InternalIPv4List | No mapping | 192.168.1.7, 10.1.14.1 | |
| | InternalIPv4List | No mapping | fd30:0000:0000:0001:ff4e:003e:0009:000e, FE80:CD00:0000:0CDE:1257:0000:211E:729C | |
| | InternalIPv4List | No mapping | 192.168.1.7, 10.1.14.1 | List of IPV4 internal IPs for active network interfaces. |
| | InternalIPv6List | No mapping | fd30:0000:0000:0001:ff4e:003e:0009:000e, FE80:CD00:0000:0CDE:1257:0000:211E:729C | List of IPV6 internal IPs for active network interfaces. |
| Internal field | LastProcessedTimeUtc | No mapping | 2017-05-07T01:56:58.9936648Z | Time when event arrived at the backend. This field can be used when setting the request parameter for the range of time that alerts are retrieved. |
| | Not part of the schema | deviceVendor | | Static value in the ArcSight mapping - 'Microsoft'. |
| | Not part of the schema | deviceProduct | | Static value in the ArcSight mapping - 'Windows Defender ATP'. |
| | Not part of the schema | deviceVersion | | Static value in the ArcSight mapping - '2.0', used to identify the mapping versions. |1234567891011121314151617181920212223242526272829303132
| | Not part of the schema | deviceVersion | | Static value in the ArcSight mapping - '2.0', used to identify the mapping versions.
![Image of alert with numbers](images/atp-alert-page.png)