deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 23:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3632 from MicrosoftDocs/master

Browse Source 
Publish 08/25/2020 3:35 PM
This commit is contained in:
Gary Moore 2020-08-25 16:15:57 -07:00 committed by GitHub
commit af6dcde729
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 61 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
View File

@ -30,9 +30,11 @@ Turn on Microsoft Defender Application Guard in Enterprise Mode.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
The following list shows the supported values:
- 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment.
- 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container.
The following list shows the supported values:
- 0 - Disable Microsoft Defender Application Guard
- 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY
- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY
- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments
<a href="" id="clipboardfiletype"></a>**Settings/ClipboardFileType**
Determines the type of content that can be copied from the host to Application Guard environment and vice versa.
@ -297,4 +299,4 @@ ADMX Info:
- GP name: *AuditApplicationGuard*
- GP path: *Windows Components/Microsoft Defender Application Guard*
- GP ADMX file name: *AppHVSI.admx*
<!--/ADMXMapped-->
<!--/ADMXMapped-->

66
windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
View File

@ -129,7 +129,8 @@ If you don't know the Store app publisher or product name, you can find them by
If you need to add Windows 10 mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
>**Note**<br>Your PC and phone must be on the same wireless network.
> [!NOTE]
> Your PC and phone must be on the same wireless network.
1. On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
@ -194,19 +195,19 @@ To add another Desktop app, click the ellipsis **…**. After youve entered t
If youre unsure about what to include for the publisher, you can run this PowerShell command:
```ps1
```powershell
Get-AppLockerFileInformation -Path "<path_of_the_exe>"
```
Where `"<path_of_the_exe>"` goes to the location of the app on the device. For example:
```ps1
```powershell
Get-AppLockerFileInformation -Path "C:\Program Files\Windows NT\Accessories\wordpad.exe"
```
In this example, you'd get the following info:
```
```console
Path Publisher
---- ---------
%PROGRAMFILES%\WINDOWS NT\ACCESSORIES\WORDPAD.EXE O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
@ -279,22 +280,22 @@ For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com
This is the XML file that AppLocker creates for Microsoft Dynamics 365.
```xml
<?xml version="1.0"?>
<AppLockerPolicy Version="1">
<RuleCollection EnforcementMode="NotConfigured" Type="Appx">
<FilePublisherRule Action="Allow" UserOrGroupSid="S-1-1-0" Description="" Name="Microsoft.MicrosoftDynamicsCRMforWindows10, version 3.2.0.0 and above, from Microsoft Corporation" Id="3da34ed9-aec6-4239-88ba-0afdce252ab4">
<Conditions>
<FilePublisherCondition BinaryName="*" ProductName="Microsoft.MicrosoftDynamicsCRMforWindows10" PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US">
<BinaryVersionRange HighSection="*" LowSection="3.2.0.0"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>
<RuleCollection EnforcementMode="NotConfigured" Type="Dll"/>
<RuleCollection EnforcementMode="NotConfigured" Type="Exe"/>
<RuleCollection EnforcementMode="NotConfigured" Type="Msi"/>
<RuleCollection EnforcementMode="NotConfigured" Type="Script"/>
</AppLockerPolicy>
<?xml version="1.0"?>
<AppLockerPolicy Version="1">
<RuleCollection EnforcementMode="NotConfigured" Type="Appx">
<FilePublisherRule Action="Allow" UserOrGroupSid="S-1-1-0" Description="" Name="Microsoft.MicrosoftDynamicsCRMforWindows10, version 3.2.0.0 and above, from Microsoft Corporation" Id="3da34ed9-aec6-4239-88ba-0afdce252ab4">
<Conditions>
<FilePublisherCondition BinaryName="*" ProductName="Microsoft.MicrosoftDynamicsCRMforWindows10" PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US">
<BinaryVersionRange HighSection="*" LowSection="3.2.0.0"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>
<RuleCollection EnforcementMode="NotConfigured" Type="Dll"/>
<RuleCollection EnforcementMode="NotConfigured" Type="Exe"/>
<RuleCollection EnforcementMode="NotConfigured" Type="Msi"/>
<RuleCollection EnforcementMode="NotConfigured" Type="Script"/>
</AppLockerPolicy>
```
12. After youve created your XML file, you need to import it by using Microsoft Intune.
@ -335,6 +336,7 @@ The executable rule helps to create an AppLocker rule to sign any unsigned apps.
12. After youve created your XML file, you need to import it by using Microsoft Intune.
**To import a list of protected apps using Microsoft Intune**
1. In **Protected apps**, click **Import apps**.
@ -428,7 +430,7 @@ Separate multiple resources with the "|" delimiter.
If you dont use proxy servers, you must also include the "," delimiter just before the "|".
For example:
```code
```console
URL <,proxy>|URL <,proxy>
```
@ -441,7 +443,7 @@ In this case, Windows blocks the connection by default.
To stop Windows from automatically blocking these connections, you can add the `/*AppCompat*/` string to the setting.
For example:
```code
```console
URL <,proxy>|URL <,proxy>/*AppCompat*/
```
@ -449,14 +451,14 @@ When you use this string, we recommend that you also turn on [Azure Active Direc
Value format with proxy:
```code
```console
contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,contoso.internalproxy2.com
```
Value format without proxy:
```code
contoso.sharepoint.com|contoso.visualstudio.com
```console
contoso.sharepoint.com,|contoso.visualstudio.com,|contoso.onedrive.com
```
### Protected domains
@ -465,7 +467,7 @@ Specify the domains used for identities in your environment.
All traffic to the fully-qualified domains appearing in this list will be protected.
Separate multiple domains with the "|" delimiter.
```code
```console
exchange.contoso.com|contoso.com|region.contoso.com
```
@ -475,7 +477,7 @@ Specify the DNS suffixes used in your environment.
All traffic to the fully-qualified domains appearing in this list will be protected.
Separate multiple resources with the "," delimiter.
```code
```console
corp.contoso.com,region.contoso.com
```
@ -488,7 +490,7 @@ This list shouldnt include any servers listed in your Internal proxy servers
Internal proxy servers must be used only for WIP-protected (enterprise) traffic.
Separate multiple resources with the ";" delimiter.
```code
```console
proxy.contoso.com:80;proxy2.contoso.com:443
```
@ -500,7 +502,7 @@ This list shouldnt include any servers listed in your Proxy servers list.
Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.
Separate multiple resources with the ";" delimiter.
```code
```console
contoso.internalproxy1.com;contoso.internalproxy2.com
```
@ -539,7 +541,7 @@ Specify your authentication redirection endpoints for your company.
These locations are considered enterprise or personal, based on the context of the connection before the redirection.
Separate multiple resources with the "," delimiter.
```code
```console
sts.contoso.com,sts.contoso2.com
```
@ -597,8 +599,8 @@ After you've decided where your protected apps can access enterprise data on you
- **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive.
>[!NOTE]
>Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders.
> [!NOTE]
> Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders.
**Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.

2
windows/security/threat-protection/auditing/event-4626.md
View File

@ -1,6 +1,6 @@
---
title: 4626(S) User/Device claims information. (Windows 10)
description: Describes security event 4626(S) User/Device claims information.
description: Describes security event 4626(S) User/Device claims information. This event is generated for new account logons.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4627.md
View File

@ -1,6 +1,6 @@
---
title: 4627(S) Group membership information. (Windows 10)
description: Describes security event 4627(S) Group membership information.
description: Describes security event 4627(S) Group membership information. This event is generated with event 4624(S) An account was successfully logged on.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4634.md
View File

@ -1,6 +1,6 @@
---
title: 4634(S) An account was logged off. (Windows 10)
description: Describes security event 4634(S) An account was logged off.
description: Describes security event 4634(S) An account was logged off. This event is generated when a logon session is terminated and no longer exists.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4647.md
View File

@ -1,6 +1,6 @@
---
title: 4647(S) User initiated logoff. (Windows 10)
description: Describes security event 4647(S) User initiated logoff.
description: Describes security event 4647(S) User initiated logoff. This event is generated when a logoff is initiated. No further user-initiated activity can occur.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4649.md
View File

@ -1,6 +1,6 @@
---
title: 4649(S) A replay attack was detected. (Windows 10)
description: Describes security event 4649(S) A replay attack was detected.
description: Describes security event 4649(S) A replay attack was detected. This event is generated when a KRB_AP_ERR_REPEAT Kerberos response is sent to the client.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4657.md
View File

@ -1,6 +1,6 @@
---
title: 4657(S) A registry value was modified. (Windows 10)
description: Describes security event 4657(S) A registry value was modified.
description: Describes security event 4657(S) A registry value was modified. This event is generated when a registry key value is modified.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4658.md
View File

@ -1,6 +1,6 @@
---
title: 4658(S) The handle to an object was closed. (Windows 10)
description: Describes security event 4658(S) The handle to an object was closed.
description: Describes security event 4658(S) The handle to an object was closed. This event is generated when the handle to an object is closed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4660.md
View File

@ -1,6 +1,6 @@
---
title: 4660(S) An object was deleted. (Windows 10)
description: Describes security event 4660(S) An object was deleted.
description: Describes security event 4660(S) An object was deleted. This event is generated when an object is deleted.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4673.md
View File

@ -1,6 +1,6 @@
---
title: 4673(S, F) A privileged service was called. (Windows 10)
description: Describes security event 4673(S, F) A privileged service was called.
description: Describes security event 4673(S, F) A privileged service was called. This event is generated for an attempt to perform privileged system service operations.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4675.md
View File

@ -1,6 +1,6 @@
---
title: 4675(S) SIDs were filtered. (Windows 10)
description: Describes security event 4675(S) SIDs were filtered.
description: Describes security event 4675(S) SIDs were filtered. This event is generated when SIDs were filtered for a specific Active Directory trust.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4688.md
View File

@ -1,6 +1,6 @@
---
title: 4688(S) A new process has been created. (Windows 10)
description: Describes security event 4688(S) A new process has been created.
description: Describes security event 4688(S) A new process has been created. This event is generated when a new process starts.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4689.md
View File

@ -1,6 +1,6 @@
---
title: 4689(S) A process has exited. (Windows 10)
description: Describes security event 4689(S) A process has exited.
description: Describes security event 4689(S) A process has exited. This event is generates when a process exits.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4698.md
View File

@ -1,6 +1,6 @@
---
title: 4698(S) A scheduled task was created. (Windows 10)
description: Describes security event 4698(S) A scheduled task was created.
description: Describes security event 4698(S) A scheduled task was created. This event is generated when a scheduled task is created.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4699.md
View File

@ -1,6 +1,6 @@
---
title: 4699(S) A scheduled task was deleted. (Windows 10)
description: Describes security event 4699(S) A scheduled task was deleted.
description: Describes security event 4699(S) A scheduled task was deleted. This event is generated every time a scheduled task is deleted.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4700.md
View File

@ -1,6 +1,6 @@
---
title: 4700(S) A scheduled task was enabled. (Windows 10)
description: Describes security event 4700(S) A scheduled task was enabled.
description: Describes security event 4700(S) A scheduled task was enabled. This event is generated every time a scheduled task is enabled.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4701.md
View File

@ -1,6 +1,6 @@
---
title: 4701(S) A scheduled task was disabled. (Windows 10)
description: Describes security event 4701(S) A scheduled task was disabled.
description: Describes security event 4701(S) A scheduled task was disabled. This event is generated every time a scheduled task is disabled.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4702.md
View File

@ -1,6 +1,6 @@
---
title: 4702(S) A scheduled task was updated. (Windows 10)
description: Describes security event 4702(S) A scheduled task was updated.
description: Describes security event 4702(S) A scheduled task was updated. This event is generated when a scheduled task is updated/changed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4703.md
View File

@ -1,6 +1,6 @@
---
title: 4703(S) A user right was adjusted. (Windows 10)
description: Describes security event 4703(S) A user right was adjusted.
description: Describes security event 4703(S) A user right was adjusted. This event is generated when token privileges are enabled or disabled for a specific account.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4704.md
View File

@ -1,6 +1,6 @@
---
title: 4704(S) A user right was assigned. (Windows 10)
description: Describes security event 4704(S) A user right was assigned.
description: Describes security event 4704(S) A user right was assigned. This event is generated when a user right is assigned to an account.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/auditing/event-4705.md
View File

@ -1,6 +1,6 @@
---
title: 4705(S) A user right was removed. (Windows 10)
description: Describes security event 4705(S) A user right was removed.
description: Describes security event 4705(S) A user right was removed. This event is generated when a user right is removed from an account.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy

1
windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
View File

@ -50,3 +50,4 @@ The Command Prompt window will close automatically. If successful, the detection
## Related topics
- [Onboard Windows 10 devices](configure-endpoints.md)
- [Onboard servers](configure-server-endpoints.md)
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)