From 2404d4afd01d5dc620969fe27221834370ddb8e6 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 18 Jun 2018 13:55:56 -0700 Subject: [PATCH 01/10] add checkboxes - alert notifs --- ...tifications-windows-defender-advanced-threat-protection.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index db4d4d1e03..66c9392ae8 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -50,7 +50,9 @@ You can create rules that determine the machines and alert severities to send em 2. Click **Add notification rule**. 3. Specify the General information: - - **Rule name** + - **Rule name** - Specify a name for the notification rule. + - **Show customer display name** - Specify the customer name that appears on the email notification. + - **Include a deeplink** - Adds a link with the tenant ID to allow access to a specific tenant. - **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md). - **Alert severity** - Choose the alert severity level From 6cf524f532ada8f49bf91f32c6e191b5b747b3ce Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 19 Jun 2018 10:59:12 -0700 Subject: [PATCH 02/10] change deeplink to anonymous link --- ...tifications-windows-defender-advanced-threat-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index 66c9392ae8..7c2c9fed27 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/06/2018 +ms.date: 06/19/2018 --- # Configure alert notifications in Windows Defender ATP @@ -52,7 +52,7 @@ You can create rules that determine the machines and alert severities to send em 3. Specify the General information: - **Rule name** - Specify a name for the notification rule. - **Show customer display name** - Specify the customer name that appears on the email notification. - - **Include a deeplink** - Adds a link with the tenant ID to allow access to a specific tenant. + - **Include anonymous link** - Adds a link with the tenant ID to allow access to a specific tenant. - **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md). - **Alert severity** - Choose the alert severity level From 7e9c90dab64cb314e303f67ec8d07a472c971a28 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Sun, 15 Jul 2018 14:41:11 +0000 Subject: [PATCH 03/10] Updated configure-email-notifications-windows-defender-advanced-threat-protection.md --- ...fications-windows-defender-advanced-threat-protection.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index 7c2c9fed27..6013963ae8 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/19/2018 +ms.date: 07/16/2018 --- # Configure alert notifications in Windows Defender ATP @@ -51,8 +51,8 @@ You can create rules that determine the machines and alert severities to send em 3. Specify the General information: - **Rule name** - Specify a name for the notification rule. - - **Show customer display name** - Specify the customer name that appears on the email notification. - - **Include anonymous link** - Adds a link with the tenant ID to allow access to a specific tenant. + - **Include organization name** - Specify the customer name that appears on the email notification. + - **Include tenant-specific portal link** - Adds a link with the tenant ID to allow access to a specific tenant. - **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md). - **Alert severity** - Choose the alert severity level From e5b16d9a69371b1119723e7447e6f27cc8e86e35 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Sun, 15 Jul 2018 14:50:37 +0000 Subject: [PATCH 04/10] Updated configure-email-notifications-windows-defender-advanced-threat-protection.md --- ...-notifications-windows-defender-advanced-threat-protection.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index 6013963ae8..1ebb14a664 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -23,7 +23,6 @@ ms.date: 07/16/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink) From 4d4fd301f6797a16064a6630080de90f4575f57c Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 16 Jul 2018 14:48:44 +0000 Subject: [PATCH 05/10] Merged PR 9822: Add filename clarification (issue 1278) --- windows/configuration/wcd/wcd-start.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md index 186c30961e..904711ae31 100644 --- a/windows/configuration/wcd/wcd-start.md +++ b/windows/configuration/wcd/wcd-start.md @@ -27,7 +27,10 @@ Use Start settings to apply a customized Start screen to devices. ## StartLayout -Use StartLayout to select the LayoutModification.xml file that applies a customized Start screen to a device. +Use StartLayout to select the `LayoutModification.xml` file that applies a customized Start screen to a mobile device. + +>[!NOTE] +>The XML file that defines the Start layout for Windows 10 Mobile must be named `LayoutModification.xml`. For more information, see [Start layout XML for mobile editions of Windows 10 ](../mobile-devices/lockdown-xml.md)). From 9835aec1fafda64cc2cae23cf3b7fcae6edbee69 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Mon, 16 Jul 2018 18:28:06 +0000 Subject: [PATCH 06/10] Merged PR 9827: Updated advhunt reference with network events Updated advanced-hunting-reference-windows-defender-advanced-threat-protection.md --- ...nce-windows-defender-advanced-threat-protection.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md index 2888e97c54..2ebe1dceb6 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md @@ -40,6 +40,9 @@ To effectively build queries that span multiple tables, you need to understand t | AdditionalFields | string | Additional information about the event in JSON array format | | AlertId | string | Unique identifier for the alert | | ComputerName | string | Fully qualified domain name (FQDN) of the machine | +| ConnectedNetworks | string | Networks that the adapter is connected to. Each JSON array contains the network name, category (public, private or domain), a description, and a flag indicating if it’s connected publicly to the internet. | +| DefaultGateways | string | Default gateway addresses in JSON array format | +| DnsServers | string | DNS server addresses in JSON array format | | EventTime | datetime | Date and time when the event was recorded | | EventType | string | Table where the record is stored | | FileName | string | Name of the file that the recorded action was applied to | @@ -64,15 +67,22 @@ To effectively build queries that span multiple tables, you need to understand t | InitiatingProcessSha1 | string | SHA-1 of the process (image file) that initiated the event | | InitiatingProcessSha256 | string | SHA-256 of the process (image file) that initiated the event. This field is usually not populated—use the SHA1 column when available. | | InitiatingProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the process that initiated the event | +| IPAddresses | string | JSON array containing all the IP addresses assigned to the adapter, along with their respective subnet prefix and IP address space, such as public, private, or link-local | +| Ipv4Dhcp | string | IPv4 address of DHCP server | +| Ipv6Dhcp | string | IPv6 address of DHCP server | | IsAzureADJoined | boolean | Boolean indicator of whether machine is joined to the Azure Active Directory | | LocalIP | string | IP address assigned to the local machine used during communication | | LocalPort | int | TCP port on the local machine used during communication | | LogonId | string | Identifier for a logon session. This identifier is unique on the same machine only between restarts. | | LoggedOnUsers | string | List of all users that are logged on the machine at the time of the event in JSON array format | | LogonType | string | Type of logon session, specifically:

- **Interactive** - User physically interacts with the machine using the local keyboard and screen

- **Remote interactive (RDP) logons** - User interacts with the machine remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients

- **Network** - Session initiated when the machine is accessed using PsExec or when shared resources on the machine, such as printers and shared folders, are accessed

- **Batch** - Session initiated by scheduled tasks

- **Service** - Session initiated by services as they start
+| MacAddress | string | MAC address of the network adapter | | MachineGroup | string | Machine group of the machine. This group is used by role-based access control to determine access to the machine. | | MachineId | string | Unique identifier for the machine in the service | | MD5 | string | MD5 hash of the file that the recorded action was applied to | +| NetworkAdapterName | string | Name of the network adapter | +| NetworkAdapterStatus | string | Operational status of the network adapter. For the possible values, refer to [this enumeration](https://docs.microsoft.com/en-us/dotnet/api/system.net.networkinformation.operationalstatus?view=netframework-4.7.2). | +| NetworkAdapterType | string | Network adapter type. For the possible values, refer to [this enumeration](https://docs.microsoft.com/en-us/dotnet/api/system.net.networkinformation.networkinterfacetype?view=netframework-4.7.2). | | NetworkCardIPs | string | List of all network adapters on the machine, including their MAC addresses and assigned IP addresses, in JSON array format | | OSArchitecture | string | Architecture of the operating system running on the machine | | OSBuild | string | Build version of the operating system running on the machine | @@ -99,6 +109,7 @@ To effectively build queries that span multiple tables, you need to understand t | ReportId | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the ComputerName and EventTime columns. | | SHA1 | string | SHA-1 of the file that the recorded action was applied to | | SHA256 | string | SHA-256 of the file that the recorded action was applied to. This field is usually not populated—use the SHA1 column when available. | +| TunnelingProtocol | string | Tunneling protocol, if the interface is used for this purpose, for example:
- Various IPv6 to IPv4 tunneling protocols (6to4, Teredo, ISATAP)
- VPN (PPTP, SSTP)
- SSH
**NOTE:** This field doesn’t provide full IP tunneling specifications. | >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink) From 3f822702ef1b80e46da95b39c2829908c719d017 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 16 Jul 2018 11:55:01 -0700 Subject: [PATCH 07/10] added new block list --- .../microsoft-recommended-block-rules.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index b019f68b3c..2754f9f13f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium author: jsuther1974 -ms.date: 07/10/2018 +ms.date: 07/16/2018 --- # Microsoft recommended block rules @@ -762,6 +762,12 @@ Microsoft recommends that you block the following Microsoft-signed applications --> + + + + + @@ -1391,7 +1397,8 @@ Microsoft recommends that you block the following Microsoft-signed applications - + + From 927c0e4ce248149a97d371d8d961e13fe983ce1a Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Mon, 16 Jul 2018 20:38:39 +0000 Subject: [PATCH 08/10] Merged PR 9836: DataUsage/SetCost3G is deprecated in Policy CSP --- .../mdm/policy-csp-datausage.md | 60 +------------------ 1 file changed, 2 insertions(+), 58 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index 3fa83ab1c8..285c21097a 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 03/12/2018 +ms.date: 07/13/2018 --- # Policy CSP - DataUsage @@ -33,67 +33,11 @@ ms.date: 03/12/2018 **DataUsage/SetCost3G** - - - - - - - - - - - - - - - - - - - - -
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
- - - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - -This policy setting configures the cost of 3G connections on the local machine. - -If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 3G connections on the local machine: - -- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. - -- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. - -- Variable: This connection is costed on a per byte basis. - -If this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default. +This policy is deprecated in Windows 10, next major version. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). - -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Set 3G Cost* -- GP name: *SetCost3G* -- GP path: *Network/WWAN Service/WWAN Media Cost* -- GP ADMX file name: *wwansvc.admx* - -
From fff45584b69192c0567743f870f82d64a939f6e5 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 16 Jul 2018 20:39:00 +0000 Subject: [PATCH 09/10] Merged PR 9837: add note about download --- devices/surface-hub/surface-hub-recovery-tool.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/devices/surface-hub/surface-hub-recovery-tool.md b/devices/surface-hub/surface-hub-recovery-tool.md index 81c91723b7..ef1cd24725 100644 --- a/devices/surface-hub/surface-hub-recovery-tool.md +++ b/devices/surface-hub/surface-hub-recovery-tool.md @@ -18,6 +18,9 @@ The [Microsoft Surface Hub Recovery Tool](https://www.microsoft.com/download/det To re-image the Surface Hub SSD using the Recovery Tool, you'll need to remove the SSD from the Surface Hub, connect the drive to the USB-to-SATA cable, and then connect the cable to the desktop PC on which the Recovery Tool is installed. For more information on how to remove the existing drive from your Surface Hub, please refer to the [Surface Hub SSD Replacement Guide (PDF)](http://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf). +>[!IMPORTANT] +>Do not let the device go to sleep or interrupt the download of the image file. + If the tool is unsuccessful in reimaging your drive, please contact [Surface Hub Support](https://support.microsoft.com/help/4037644/surface-contact-surface-warranty-and-software-support). ## Prerequisites From 98e031c76138d2fe7b4c304668af84f19ebf0eb9 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Mon, 16 Jul 2018 22:21:12 +0000 Subject: [PATCH 10/10] Merged PR 9842: incorporated BitLocker CSP comment, change history upated --- windows/client-management/mdm/bitlocker-csp.md | 7 +++++-- .../new-in-windows-mdm-enrollment-management.md | 16 +++++++++++++++- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 1aaa38d668..622256b740 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 06/29/2018 +ms.date: 07/16/2018 --- # BitLocker CSP @@ -845,7 +845,10 @@ The following diagram shows the BitLocker configuration service provider in tree ``` **AllowStandardUserEncryption** -Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user. +Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user Azure AD account. + +> [!Note] +> This policy is only supported in Azure AD accounts. "AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy being set to "0", i.e, silent encryption is enforced. diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index a8b7a2f901..18204ba530 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -10,7 +10,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 06/26/2018 +ms.date: 07/16/2018 --- # What's new in MDM enrollment and management @@ -1638,14 +1638,28 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware +[BitLocker CSP](bitlocker-csp.md) +

Added a new node AllowStandardUserEncryption.

+ + +[DevDetail CSP](devdetail-csp.md) +

Added a new node SMBIOSSerialNumber.

+ + [Policy CSP](policy-configuration-service-provider.md)

Added the following new policies in Windows 10, next major version:

  • ApplicationManagement/LaunchAppAfterLogOn
  • ApplicationManagement/ScheduleForceRestartForUpdateFailures
    • +
  • DmaGuard/DeviceEnumerationPolicy
    • +
  • Experience/AllowClipboardHistory
  • TaskManager/AllowEndTask
  • WindowsLogon/DontDisplayNetworkSelectionUI
+

Recent changes:

+
    +
  • DataUsage/SetCost3G - deprecated in RS5.
    • +