deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into jreeds-rebrand-antivirus

Browse Source
This commit is contained in:
Denise Vangel-MSFT
2020-06-02 11:26:11 -07:00
parent a143a5bed0 d3d852413f
commit b68bfe8c57
17 changed files with 183 additions and 321 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.openpublishing.redirection.json
View File

@ -14602,6 +14602,11 @@
"redirect_document_id": true
},
{
"source_path": "browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md",
"redirect_url": "https://docs.microsoft.com/internet-explorer/kb-support/ie-edge-faqs",
"redirect_document_id": false
},
{
"source_path": "windows/keep-secure/security-technologies.md",
"redirect_url": "https://docs.microsoft.com/windows/windows-10/index",
"redirect_document_id": true

123
browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md
View File

@ -1,123 +0,0 @@
---
title: Clear the Internet Explorer cache from a command line
description: Introduces command-line commands and a sample batch file for clearing the IE cache.
audience: ITPro
manager: msmets
author: ramakoni1
ms.author: ramakoni
ms.reviewer: ramakoni, DEV_Triage
ms.prod: internet-explorer
ms.technology:
ms.topic: kb-support
ms.custom: CI=111026
ms.localizationpriority: Normal
# localization_priority: medium
# ms.translationtype: MT
ms.date: 01/23/2020
---
# How to clear Internet Explorer cache by using the command line
This article outlines the procedure to clear the Internet Explorer cache by using the command line.
## Command line commands to clear browser cache
1. Delete history from the Low folder
`del /s /q C:\Users\\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah`
2. Delete history
`RunDll32.exe InetCpl.cpl, ClearMyTracksByProcess 1`
3. Delete cookies
`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2`
4. Delete temporary internet files
`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8`
5. Delete form data
`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16`
6. Delete stored passwords
`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32`
7. Delete all
`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255`
8. Delete files and settings stored by add-ons
`InetCpl.cpl,ClearMyTracksByProcess 4351`
If you upgraded from a previous version of Internet Explorer, you have to use the following commands to delete the files from older versions:
`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9`
Command to reset Internet Explorer settings:
`Rundll32.exe inetcpl.cpl ResetIEtoDefaults`
## Sample batch file to clear Internet Explorer cache files
A sample batch file is available that you can use to clear Internet Explorer cache files and other items. You can download the file from [https://msdnshared.blob.core.windows.net/media/2017/09/ClearIE_Cache.zip](https://msdnshared.blob.core.windows.net/media/2017/09/ClearIE_Cache.zip).
The batch file offers the following options:
- Delete Non-trusted web History (low-level hidden cleanup)
- Delete History
- Delete Cookies
- Delete Temporary Internet Files
- Delete Form Data
- Delete Stored Passwords
- Delete All
- Delete All "Also delete files and settings stored by add-ons"
- Delete IE10 and IE9 Temporary Internet Files
- Resets IE Settings
- EXIT
**Contents of the batch file**
```dos
@echo off
# This sample script is not supported under any Microsoft standard support program or service.
# The sample script is provided AS IS without warranty of any kind. Microsoft further disclaims
# all implied warranties including, without limitation, any implied warranties of merchantability
# or of fitness for a particular purpose. The entire risk arising out of the use or performance of
# the sample scripts and documentation remains with you. In no event shall Microsoft, its authors,
# or anyone else involved in the creation, production, or delivery of the scripts be liable for any
# damages whatsoever (including, without limitation, damages for loss of business profits, business
# interruption, loss of business information, or other pecuniary loss) arising out of the use of or
# inability to use the sample scripts or documentation, even if Microsoft has been advised of the
# possibility of such damages
:home
cls
COLOR 00
echo Delete IE History
echo Please select the task you wish to run.
echo Pick one:
echo.
echo 1. Delete History
echo 2. Delete Cookies
echo 3. Delete Temporary Internet Files
echo 4. Delete Form Data
echo 5. Delete Stored Passwords
echo 6. Delete All
echo 7. Delete All "Also delete files and settings stored by add-ons"
echo 8. Delete IE10 and 9 Temporary Internet Files
echo 9. Reset IE Settings
echo 00. EXIT
:choice
Echo Hit a number [1-10] and press enter.
set /P CH=[1-10]
if "%CH%"=="1" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1
if "%CH%"=="2" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
if "%CH%"=="3" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
if "%CH%"=="4" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16
if "%CH%"=="5" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32
if "%CH%"=="6" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255
if "%CH%"=="7" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351
if "%CH%"=="8" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9
if "%CH%"=="9" set x=rundll32.exe inetcpl.cpl ResetIEtoDefaults
if "%CH%"=="00" goto quit
%x%
goto Home
:quit
```

165
devices/hololens/hololens-diagnostic-logs.md
View File

@ -27,19 +27,20 @@ HoloLens users and administrators can choose from among four different methods t
- Feedback Hub app
- DiagnosticLog CSP
- Settings app
- Fallback diagnostics
> [!IMPORTANT]
> Device diagnostic logs contain personally identifiable information (PII), such as about what processes or applications the user starts during typical operations. When multiple users share a HoloLens device (for example, users sign in to the same device by using different Microsoft Azure Active Directory (AAD) accounts) the diagnostic logs may contain PII information that applies to multiple users. For more information, see [Microsoft Privacy statement](https://privacy.microsoft.com/privacystatement).
The following table compares the four collection methods. The method names link to more detailed information in the sections that follow the table.
The following table compares the three collection methods. The method names link to more detailed information in the sections that follow the table.
|Method |Prerequisites |Data locations |Data access and use |Data retention |
| --- | --- | --- | --- | --- |
|[Feedback Hub](#feedback-hub) |Network and internet connection<br /><br />Feedback Hub app<br /><br />Permission to upload files to the Microsoft cloud |Microsoft cloud<br /><br />HoloLens device (optional) |User requests assistance, agrees to the terms of use, and uploads the data<br /><br />Microsoft employees view the data, as consistent with the terms of use |Data in the cloud is retained for the period that is defined by Next Generation Privacy (NGP). Then the data is deleted automatically.<br /><br />Data on the device can be deleted at any time by a user who has **Device owner** or **Admin** permissions. |
|[Settings Troubleshooter](#settings-troubleshooter) |Settings app |HoloLens device<br /><br />Connected computer (optional) |The user stores the data, and only the user accesses the data (unless the user specifically shares the data with another user). |The data is retained until the user deletes it. |
|[Settings Troubleshooter](#settings-troubleshooter) |Settings app |HoloLens device<br /><br />Connected computer (optional) |The user stores the data, and only the user accesses the data (unless the user specifically shares the data with another user). |The data is retained until the user deletes it.* |
|[DiagnosticLog CSP](#diagnosticlog-csp) |Network connection<br /><br />MDM environment that supports the DiagnosticLog CSP |Administrator configures storage locations |In the managed environment, the user implicitly consents to administrator access to the data.<br /><br />Administrator configures access roles and permissions. | Administrator configures retention policy. |
|[Fallback diagnostics](#fallback-diagnostics) |Device configuration:<ul><li>Powered on and connected to computer</li><li>Power and Volume buttons functioning</li></ul> |HoloLens device<br /><br />Connected computer |The user stores the data, and only the user accesses the data (unless the user specifically shares the data with another user). |The data is retained until the user deletes it. |
- End-user is responsible for sharing the logs responsibly with someone else. These files are primarily useful when contacting customer service and support.
## Feedback Hub
@ -110,160 +111,4 @@ The IT administrator uses the DiagnosticLog CSP to configure the data storage, r
- The retention period for the diagnostic information.
- Permissions that control access to the diagnostic information.
## Fallback diagnostics
While device telemetry usually provides an initial understanding of a problem report, some issues require a broader and deeper understanding of the device state. When you (as a user or an administrator) investigate such issues, diagnostic logs that reside on the device are more useful than the basic device telemetry.
The fallback diagnostics process provides a way for you to gather diagnostic information if no other methods are available. Such scenarios include the following:
- The network or network-based resources (such as the Feedback Hub, MDM, and so on) are not available.
- The device is "stuck" or locked in a state in which usual troubleshooting capabilities (such as the Settings app) are not available. Such scenarios include the Out-of-Box-Experience (OOBE), kiosk mode, and a locked or "hung" user interface.
> [!IMPORTANT]
> - On HoloLens 2 devices, you can use fallback diagnostics under the following conditions only:
> - During the Out-of-the-Box-Experience (OOBE) and when you select **Send Full Diagnostics Data**.
> - If the environment's Group Policy enforces the **System\AllowTelemetry** policy value of **Full**.
> - On HoloLens (1st gen) devices, you can use fallback diagnostics on HoloLens version 17763.316 or a later version. This version is the version that the Windows Device Recovery Tool restores when it resets the device.
### How to use fallback diagnostics
Before you start the fallback diagnostics process, make sure of the following:
- The device is connected to a computer by using a USB cable.
- The device is powered on.
- The Power and Volume buttons on the device are functioning correctly.
To collect fallback diagnostic information, follow these steps:
1. On the device, press the Power and Volume Down buttons at the same time and then release them.
1. Wait for few seconds while the device collects the data.
### Data locations
The device stores the data locally. You can access that information from the connected desktop computer at the following location:
> This PC\\\<*HoloLens device name*>\\Internal Storage\\Documents
For more information about the files that the fallback diagnostics process collects, see [What diagnostics files does the fallback diagnostics process collect?](#what-diagnostics-files-does-the-fallback-diagnostics-process-collect).
### Data access, use, and retention
Because you store the data yourself, only you have access to the data. If you choose to share the data with another user, you implicitly grant permission for that user to access or store the data.
The data remains until you delete it.
### Frequently asked questions about fallback diagnostics on HoloLens
#### Does the device have to be enrolled with an MDM system?
No.
#### How can I use fallback diagnostics on HoloLens?
Before you start the fallback diagnostics process, make sure of the following:
- The device is connected to a computer by using a USB cable.
- The device is powered on.
- The Power and Volume buttons on the device are functioning correctly.
To collect fallback diagnostic information, follow these steps:
1. On the device, press the Power and Volume Down buttons at the same time and then release them.
1. Wait for few seconds while the device collects the data.
#### How would I know that data collection finished?
The fallback diagnostics process does not have a user interface. On HoloLens 2, when the process starts to collect data, it creates a file that is named HololensDiagnostics.temp. When the process finishes, it removes the file.
#### What diagnostics files does the fallback diagnostics process collect?
The fallback diagnostics process collects one or more .zip files, depending on the version of HoloLens. The following table lists each of the possible .zip files, and the applicable versions of HoloLens.
|File |Contents |HoloLens (1st gen) |HoloLens 2 10.0.18362+ |HoloLens 2 10.0.19041+ |
| --- | --- | --- | --- | --- |
|HololensDiagnostics.zip |Files&nbsp;for&nbsp;tracing sessions that ran on the device.<br /><br />Diagnostic information that's specific to Hololens. |✔️ |✔️ |✔️ |
|DeviceEnrollmentDiagnostics.zip |Information that's related to MDM, device enrollment, CSPs, and policies. | |✔️ |✔️ |
|AutoPilotDiagnostics.zip |Information that's related to autopilot and licensing.| | |✔️ |
|TPMDiagnostics.zip |Information that's related to the trusted platform module (TPM) on the device | | |✔️ |
> [!NOTE]
> Starting on May 2, 2019, the fallback diagnostics process collects EventLog*.etl files only if the signed-in user is the device owner. This is because these files may contain PII data. Such data is accessible to device owners only. This behavior matches the behavior of Windows desktop computers, where administrators have access to event log files but other users do not.
**Sample diagnostic content for HoloLens (1st gen)**
HololensDiagnostics.zip contains files such as the following:
- AuthLogon.etl
- EventLog-HupRe.etl.001
- FirstExperience.etl.001
- HetLog.etl
- HoloInput.etl.001
- HoloShell.etl.001
- WiFi.etl.001
**Sample diagnostic content for HoloLens 2 10.0.18362+**
HololensDiagnostics.zip contains files such as the following:
- EventLog-Application.etl.001*
- EventLog-System.etl.001*
- AuthLogon.etl
- EventLog-HupRe.etl.001
- FirstExperience.etl.001
- HetLog.etl
- HoloInput.etl.001
- HoloShell.etl.001
- WiFi.etl.001
- CSPsAndPolicies.etl.001
- RadioMgr.etl
- WiFiDriverIHVSession.etl
DeviceEnrollmentDiagnostics.zip contains files such as the following:
- MDMDiagHtmlReport.html
- MdmDiagLogMetadata.json
- MDMDiagReport.xml
- MdmDiagReport_RegistryDump.reg
- MdmLogCollectorFootPrint.txt
**Sample diagnostic content for HoloLens 2 10.0.19041+**
HololensDiagnostics.zip contains files such as the following:
- EventLog-Application.etl.001*
- EventLog-System.etl.001*
- AuthLogon.etl
- EventLog-HupRe.etl.001
- FirstExperience.etl.001
- HetLog.etl
- HoloInput.etl.001
- HoloShell.etl.001
- WiFi.etl.001
- CSPsAndPolicies.etl.001
- RadioMgr.etl
- WiFiDriverIHVSession.etl
- DisplayDiagnosticData.json
- HUP dumps
DeviceEnrollmentDiagnostics.zip contains files such as the following:
- MDMDiagHtmlReport.html
- MdmDiagLogMetadata.json
- MDMDiagReport.xml
- MdmDiagReport_RegistryDump.reg
- MdmLogCollectorFootPrint.txt
AutoPilotDiagnostics.zip contains files such as the following:
- DeviceHash_HoloLens-U5603.csv
- LicensingDiag.cab
- LicensingDiag_Output.txt
- TpmHliInfo_Output.txt
- DiagnosticLogCSP_Collector_DeviceEnrollment_\*.etl
- DiagnosticLogCSP_Collector_Autopilot_*.etl
TPMDiagnostics.zip contains files such as the following:
- CertReq_enrollaik_Output.txt
- CertUtil_tpminfo_Output.txt
- TPM\*.etl

4
devices/hololens/hololens-kiosk.md
View File

@ -98,7 +98,9 @@ If you use a Mobile Device Management (MDM) system or a provisioning package to
|Dynamics 365 Guides |Microsoft.Dynamics365.Guides\_8wekyb3d8bbwe\!MicrosoftGuides |
|Dynamics 365 Remote Assist |Microsoft.MicrosoftRemoteAssist\_8wekyb3d8bbwe\!Microsoft.RemoteAssist |
|Feedback&nbsp;Hub |Microsoft.WindowsFeedbackHub\_8wekyb3d8bbwe\!App |
|Mail |c5e2524a-ea46-4f67-841f-6a9465d9d515\_cw5n1h2txyewy\!App |
|File Explorer |c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App |
|Mail |microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail |
|Microsoft Store |Microsoft.WindowsStore_8wekyb3d8bbwe!App |
|Miracast<sup>4</sup> |&nbsp; |
|Movies & TV |Microsoft.ZuneVideo\_8wekyb3d8bbwe\!Microsoft.ZuneVideo |
|OneDrive |microsoft.microsoftskydrive\_8wekyb3d8bbwe\!App |

8
devices/hololens/hololens-release-notes.md
View File

@ -142,9 +142,6 @@ You can now quickly access and use commands with your voice while using any app
The updated app integrates with Microsoft 365, currently in English (United States) only, to help you get more done across your devices. On HoloLens 2, Cortana will no longer support certain device-specific commands like adjusting the volume or restarting the device, which are now supported with the new system voice commands mentioned above. Learn more about the new Cortana app and its direction on our blog [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
> [!NOTE]
> There's currently an issue we're investigating that requires you to launch the app after booting the device in order to use the "Hey Cortana" keyword activation, and if you updated from a 18362 build, you may see an app tile for the previous version of the Cortana app in Start that no longer works.
### Quality improvements and fixes
Improvements and Fixes also in the update:
@ -162,6 +159,11 @@ Improvements and Fixes also in the update:
- Added Share button in Feedback Hub so users can more easily share feedback.
- Fixed a bug where RoboRaid did not install correctly.
### Known issues
- We are investigating an issue surrounding the use of the zh-CN system language that prevents the voice commands for taking a mixed reality capture or displaying the device IP address from working.
- We're investigating an issue that requires you to launch the Cortana app after booting the device in order to use the "Hey Cortana" voice activation, and if you updated from a 18362 build, you may see a second app tile for the previous version of the Cortana app in Start that no longer works.
## Windows Holographic, version 1903 - May 2020 Update
- Build 18362.1061

1
devices/surface/documentation/surface-system-sku-reference.md
View File

@ -26,6 +26,7 @@ System SKU is a variable (along with System Model and others) stored in System M
| Surface Book 2 15inch | Surface Book 2 | Surface_Book_1793 |
| Surface Go Consumer | Surface Go | Surface_Go_1824_Consumer |
| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial |
| Surface Go 2 | Surface Go 2 | Surface_Go_2_1927 |
| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer |
| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial |
| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer |

11
windows/deployment/upgrade/setupdiag.md
View File

@ -37,11 +37,18 @@ SetupDiag works by examining Windows Setup log files. It attempts to parse these
## SetupDiag in Windows 10, version 2004 and later
With the release of Windows 10, version 2004, SetupDiag is included with Windows Setup.
With the release of Windows 10, version 2004, SetupDiag is included with [Windows Setup](https://docs.microsoft.com/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files#windows-setup-scenario).
During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, **setupdiag.exe** is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure.
When run by Windows Setup, results of the SetupDiag analysis can be found at **%WinDir%\Logs\SetupDiag\SetupDiagResults.xml** and in the registry under **HKLM\Setup\SetupDiag\Results**.
When run by Windows Setup, the following [parameters](#parameters) are used:
- /ZipLogs:False
- /Format:xml
- /Output:%windir%\logs\SetupDiag\SetupDiagResults.xml
- /RegPath:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupDiag\Results
The resulting SetupDiag analysis can be found at **%WinDir%\Logs\SetupDiag\SetupDiagResults.xml** and in the registry under **HKLM\Setup\SetupDiag\Results**.
If the upgrade process proceeds normally, the **Sources** directory including **setupdiag.exe** is moved under **%SystemDrive%\Windows.Old** for cleanup. If the **Windows.old** directory is deleted later, **setupdiag.exe** will also be removed.

7
windows/deployment/windows-autopilot/windows-autopilot-requirements.md
View File

@ -14,6 +14,9 @@ author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
ms.custom:
- CI 116757
- CSSTroubleshooting
---
@ -68,10 +71,10 @@ If the Delivery Optimization Service is inaccessible, the AutoPilot process will
<tr><td><b>Diagnostics data<b><td>Starting in Windows 10, 1903, diagnostic data collection will be enabled by default. To disable Windows Analytics and related diagnostics capabilities, see <a href="https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization#manage-enterprise-diagnostic-data-level">Manage enterprise diagnostic data level</a>.<br>
If diagnostic data cannot be sent, the Autopilot process will still continue, but services that depend on diagnostic data, such as Windows Analytics, will not work.
<tr><td><b>Network Connection Status Indicator (NCSI)<b><td>Windows must be able to tell that the device is able to access the internet. For more information, see <a href="https://docs.microsoft.com/windows/privacy/manage-windows-1709-endpoints#network-connection-status-indicator-ncsi">Network Connection Status Indicator (NCSI)</a>.
<tr><td><b>Network Connection Status Indicator (NCSI)<b><td>Windows must be able to tell that the device is able to access the internet. For more information, see <a href="https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#14-network-connection-status-indicator">Network Connection Status Indicator (NCSI)</a>.
<a href="http://www.msftconnecttest.com">www.msftconnecttest.com</a> must be resolvable via DNS and accessible via HTTP.
<tr><td><b>Windows Notification Services (WNS)<b><td>This service is used to enable Windows to receive notifications from apps and services. See <a href="https://docs.microsoft.com/windows/privacy/manage-windows-1809-endpoints#microsoft-store">Microsoft Store</a> for more information.<br>
<tr><td><b>Windows Notification Services (WNS)<b><td>This service is used to enable Windows to receive notifications from apps and services. See <a href="https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store">Microsoft Store</a> for more information.<br>
If the WNS services are not available, the Autopilot process will still continue without notifications.
<tr><td><b>Microsoft Store, Microsoft Store for Business<b><td>Apps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM).  App updates and additional apps may also be needed when the user first logs in. For more information, see <a href="https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business">Prerequisites for Microsoft Store for Business and Education</a> (also includes Azure AD and Windows Notification Services).<br>

2
windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
View File

@ -1882,7 +1882,7 @@ This policy controls how BitLocker-enabled system volumes are handled in conjunc
Secure Boot ensures that the computer's preboot environment loads only firmware that is digitally signed by authorized software publishers. Secure Boot also provides more flexibility for managing preboot configurations than BitLocker integrity checks prior to Windows Server 2012 and Windows 8.
When this policy is enabled and the hardware is capable of using Secure Boot for BitLocker scenarios, the **Use enhanced Boot Configuration Data validation profile** Group Policy setting is ignored, and Secure Boot verifies BCD settings according to the Secure Boot policy setting, which is configured separately from BitLocker.
>**Warning:** Enabling this policy might result in BitLocker recovery when manufacturer-specific firmware is updated. If you disable this policy, suspend BitLocker prior to applying firmware updates.
>**Warning:** Disabling this policy might result in BitLocker recovery when manufacturer-specific firmware is updated. If you disable this policy, suspend BitLocker prior to applying firmware updates.
### <a href="" id="bkmk-depopt1"></a>Provide the unique identifiers for your organization

10
windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
View File

@ -111,7 +111,7 @@ For example:
If you want to prevent the installation of a device class or certain devices, you can use the prevent device installation policies:
1. Enable **Prevent installation of devices that match any of these device IDs**.
2. Enable **Prevent installation of devices that match these device setup classes**.
2. Enable **Prevent installation of devices using drivers that match these device setup classes**.
> [!Note]
> The prevent device installation policies take precedence over the allow device installation policies.
@ -145,6 +145,14 @@ Get-WMIObject -Class Win32_DiskDrive |
Select-Object -Property *
```
The **Prevent installation of devices using drivers that match these device setup classes** policy allows you to specify device setup classes that Windows is prevented from installing.
To prevent installation of particular classes of devices:
1. Find the GUID of the device setup class from [System-Defined Device Setup Classes Available to Vendors](https://docs.microsoft.com/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors).
2. Enable **Prevent installation of devices using drivers that match these device setup classes** and add the class GUID to the list.
![Add device setup class to prevent list](images/Add-device-setup-class-to-prevent-list.png)
### Block installation and usage of removable storage
1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/).

BIN
windows/security/threat-protection/device-control/images/Add-device-setup-class-to-prevent-list.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

95
windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md Normal file
View File

@ -0,0 +1,95 @@
---
title: Collect diagnostic data of Microsoft Defender Antivirus
description: Use a tool to collect data to troubleshoot Microsoft Defender Antivirus
keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
ms.date: 06/01/2020
ms.reviewer:
manager: dansimp
---
# Collect Windows Defender AV diagnostic data
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV.
On at least two devices that are experiencing the same issue, obtain the .cab diagnostic file by taking the following steps:
1. Open an administrator-level version of the command prompt as follows:
a. Open the **Start** menu.
b. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**.
c. Enter administrator credentials or approve the prompt.
2. Navigate to the Windows Defender directory. By default, this is `C:\Program Files\Windows Defender`.
> [!NOTE]
> If you're running an updated Windows Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
3. Type the following command, and then press **Enter**
```Dos
mpcmdrun.exe -GetFiles
```
4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`.
> [!NOTE]
> To redirect the cab file to a a different path or UNC share, use the following command: `mpcmdrun.exe -GetFiles -SupportLogLocation <path>` <br/>For more information see [Redirect diagnostic data to a UNC share](#redirect-diagnostic-data-to-a-unc-share).
5. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
> [!NOTE]
>If you have a problem with Update compliance, send an email using the <a href="mailto:ucsupport@microsoft.com?subject=WDAV assessment issue&body=I%20am%20encountering%20the%20following%20issue%20when%20using%20Windows%20Defender%20AV%20in%20Update%20Compliance%3a%20%0d%0aI%20have%20provided%20at%20least%202%20support%20.cab%20files%20at%20the%20following%20location%3a%20%3Caccessible%20share%2c%20including%20access%20details%20such%20as%20password%3E%0d%0aMy%20OMS%20workspace%20ID%20is%3a%20%0d%0aPlease%20contact%20me%20at%3a">Update Compliance support email template</a>, and fill out the template with the following information:
>```
> I am encountering the following issue when using Microsoft Defender Antivirus in Update Compliance:
> I have provided at least 2 support .cab files at the following location:
> <accessible share, including access details such as password>
>
> My OMS workspace ID is:
>
> Please contact me at:
## Redirect diagnostic data to a UNC share
To collect diagnostic data on a central repository, you can specify the SupportLogLocation parameter.
```Dos
mpcmdrun.exe -GetFiles -SupportLogLocation <path>
```
Copies the diagnostic data to the specified path. If the path is not specified, the diagnostic data will be copied to the location specified in the Support Log Location Configuration.
When the SupportLogLocation parameter is used, a folder structure as below will be created in the destination path:
```Dos
<path>\<MMDD>\MpSupport-<hostname>-<HHMM>.cab
```
| field | Description |
|:----|:----|
| path | The path as specified on the commandline or retrieved from configuration
| MMDD | Month Day when the diagnostic data was collected (eg 0530)
| hostname | the hostname of the device on which the diagnostic data was collected.
| HHMM | Hours Minutes when the diagnostic data was collected (eg 1422)
> [!NOTE]
> When using a File share please make sure that account used to collect the diagnostic package has write access to the share.
## See also
- [Troubleshoot Microsoft Defender Antivirus reporting](troubleshoot-reporting.md)

9
windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md
View File

@ -36,7 +36,7 @@ MpCmdRun.exe [command] [-options]
```
Here's an example:
```
MpCmdRun.exe -scan -2
MpCmdRun.exe -Scan -ScanType 2
```
| Command | Description |
@ -44,7 +44,7 @@ MpCmdRun.exe -scan -2
| `-?` **or** `-h` | Displays all available options for this tool |
| `-Scan [-ScanType [0\|1\|2\|3]] [-File <path> [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout <days>] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. CpuThrottling will honor the configured CPU throttling from policy |
| `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing |
| `-GetFiles` | Collects support information |
| `-GetFiles [-SupportLogLocation <path>]` | Collects support information. See '[collecting diagnostic data](collect-diagnostic-data.md)' |
| `-GetFilesDiagTrack` | Same as `-GetFiles`, but outputs to temporary DiagTrack folder |
| `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set |
| `-RemoveDefinitions [-DynamicSignatures]` | Removes only the dynamically downloaded Security intelligence |
@ -58,5 +58,6 @@ MpCmdRun.exe -scan -2
## Related topics
- [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md)
- [Windows Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
- [Reference topics for collecting diagnostic data](collect-diagnostic-data.md)
- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)

23
windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
View File

@ -58,11 +58,32 @@ All our updates contain:
* serviceability improvements
* integration improvements (Cloud, MTP)
<br/>
<details>
<summary> May-2020 (Platform: 4.18.2005.4 | Engine: 1.1.17100.2)</summary>
&ensp;Security intelligence update version: **1.317.20.0**
&ensp;Released: **May 26, 2020**
&ensp;Platform: **4.18.2005.4**
&ensp;Engine: **1.1.17100.2**
&ensp;Support phase: **Security and Critical Updates**
### What's new
* Improved logging for scan events
* Improved user mode crash handling.
* Added event tracing for Tamper protection
* Fixed AMSI Sample submission
* Fixed AMSI Cloud blocking
* Fixed Security update install log
### Known Issues
No known issues
<br/>
</details>
<details>
<summary> April-2020 (Platform: 4.18.2004.6 | Engine: 1.1.17000.2)</summary>
&ensp;Security intelligence update version: **TBD**
&ensp;Security intelligence update version: **1.315.12.0**
&ensp;Released: **April 30, 2020**
&ensp;Platform: **4.18.2004.6**
&ensp;Engine: **1.1.17000.2**

13
windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md
View File

@ -23,9 +23,9 @@ manager: dansimp
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
> [!IMPORTANT]
> On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
> On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance was removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
You can use Windows Defender Antivirus with Update Compliance. Youll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the [Microsoft Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx).
You can use Windows Defender Antivirus with Update Compliance. Youll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com), which is also referred to as the Microsoft Defender Advanced Threat Protection portal).To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx). To learn more about onboarding devices, see [Onboarding tools and methods for Windows 10 machines](../microsoft-defender-atp/configure-endpoints.md).
When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of devices or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you might encounter problems or issues.
@ -57,17 +57,12 @@ In order for devices to properly show up in Update Compliance, you have to meet
> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 diagnostic data must be set to the Enhanced level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level).
> - It has been 3 days since all requirements have been met
You can use Windows Defender Antivirus with Update Compliance. Youll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the Microsoft Defender ATP portal (https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see Windows 10 product licensing options"
You can use Windows Defender Antivirus with Update Compliance. Youll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you must use the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com), which is also referred to as the Microsoft Defender Advanced Threat Protection portal). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx). To learn more about onboarding devices, see [Onboarding tools and methods for Windows 10 machines](../microsoft-defender-atp/configure-endpoints.md).
If the above prerequisites have all been met, you might need to proceed to the next step to collect diagnostic information and send it to us.
> [!div class="nextstepaction"]
> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance.md)
> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data.md)
## Related topics

26
windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md
View File

@ -1,6 +1,6 @@
---
title: "Why you should use Windows Defender Antivirus together with Microsoft Defender Advanced Threat Protection"
description: "For best results, use Windows Defender Antivirus together with your other Microsoft offerings."
title: "Why you should use Microsoft Defender Antivirus together with Microsoft Defender Advanced Threat Protection"
description: "For best results, use Microsoft Defender Antivirus together with your other Microsoft offerings."
keywords: windows defender, antivirus, third party av
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
@ -18,31 +18,31 @@ ms.reviewer:
manager: dansimp
---
# Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection
# Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
Windows Defender Antivirus is the next-generation protection component of [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) (Microsoft Defender ATP).
Microsoft Defender Antivirus is the next-generation protection component of [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) (Microsoft Defender ATP).
Although you can use a non-Microsoft antivirus solution with Microsoft Defender ATP, there are advantages to using Windows Defender Antivirus together with Microsoft Defender ATP. Not only is Windows Defender Antivirus an excellent next-generation antivirus solution, but combined with other Microsoft Defender ATP capabilities, such as [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations), you get better protection that's coordinated across products and services.
Although you can use a non-Microsoft antivirus solution with Microsoft Defender ATP, there are advantages to using Microsoft Defender Antivirus together with Microsoft Defender ATP. Not only is Microsoft Defender Antivirus an excellent next-generation antivirus solution, but combined with other Microsoft Defender ATP capabilities, such as [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations), you get better protection that's coordinated across products and services.
## 11 reasons to use Windows Defender Antivirus together with Microsoft Defender ATP
## 11 reasons to use Microsoft Defender Antivirus together with Microsoft Defender ATP
| |Advantage |Why it matters |
|--|--|--|
|1|Antivirus signal sharing |Microsoft applications and services share signals across your enterprise organization, providing a stronger single platform. See [Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP](https://www.microsoft.com/security/blog/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). |
|2|Threat analytics and your configuration score |Windows Defender Antivirus collects underlying system data used by [threat analytics](../microsoft-defender-atp/threat-analytics.md) and [configuration score](../microsoft-defender-atp/configuration-score.md). This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture. |
|3|Performance |Microsoft Defender ATP is designed to work with Windows Defender Antivirus, so you get better performance when you use these offerings together. [Evaluate Windows Defender Antivirus](evaluate-microsoft-defender-antivirus.md) and [Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md).|
|4|Details about blocked malware |More details and actions for blocked malware are available with Windows Defender Antivirus and Microsoft Defender ATP. [Understand malware & other threats](../intelligence/understanding-malware.md).|
|2|Threat analytics and your configuration score |Microsoft Defender Antivirus collects underlying system data used by [threat analytics](../microsoft-defender-atp/threat-analytics.md) and [configuration score](../microsoft-defender-atp/configuration-score.md). This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture. |
|3|Performance |Microsoft Defender ATP is designed to work with Microsoft Defender Antivirus, so you get better performance when you use these offerings together. [Evaluate Microsoft Defender Antivirus](evaluate-windows-defender-antivirus.md) and [evaluate Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md).|
|4|Details about blocked malware |More details and actions for blocked malware are available with Microsoft Defender Antivirus and Microsoft Defender ATP. [Understand malware & other threats](../intelligence/understanding-malware.md).|
|5|Network protection |Your organization's security team can protect your network by blocking specific URLs and IP addresses. [Protect your network](../microsoft-defender-atp/network-protection.md).|
|6|File blocking |Your organization's security team can block specific files. [Stop and quarantine files in your network](../microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network).|
|7|Attack Surface Reduction |Your organization's security team can reduce your vulnerabilities (attack surfaces), giving attackers fewer ways to perform attacks. Attack surface reduction uses cloud protection for a number of rules. [Reduce attack surfaces with attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction).|
|7|Attack Surface Reduction |Your organization's security team can reduce your vulnerabilities (attack surfaces), giving attackers fewer ways to perform attacks. Attack surface reduction uses cloud protection for a number of rules. [Get an overview of attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction).|
|8|Auditing events |Auditing event signals are available in [endpoint detection and response capabilities](../microsoft-defender-atp/overview-endpoint-detection-response.md). (These signals are not available with non-Microsoft antivirus solutions.) |
|9|Geographic data |Compliant with ISO 270001 and data retention, geographic data is provided according to your organization's selected geographic sovereignty. See [Compliance offerings: ISO/IEC 27001:2013 Information Security Management Standards](https://docs.microsoft.com/microsoft-365/compliance/offering-iso-27001). |
|10|File recovery via OneDrive |If you are using Windows Defender Antivirus together with [Office 365](https://docs.microsoft.com/Office365/Enterprise), and your device is attacked by ransomware, your files are protected and recoverable. [OneDrive Files Restore and Windows Defender take ransomware protection one step further](https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/OneDrive-Files-Restore-and-Windows-Defender-takes-ransomware/ba-p/188001).|
|11|Technical support |By using Microsoft Defender ATP together with Windows Defender Antivirus, you have one company to call for technical support. [Troubleshoot service issues](../microsoft-defender-atp/troubleshoot-mdatp.md) and [review event logs and error codes with Windows Defender Antivirus](troubleshoot-microsoft-defender-antivirus.md). |
|10|File recovery via OneDrive |If you are using Microsoft Defender Antivirus together with [Microsoft 365](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview), and your device is attacked by ransomware, your files are protected and recoverable. [OneDrive Files Restore and Windows Defender take ransomware protection one step further](https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/OneDrive-Files-Restore-and-Windows-Defender-takes-ransomware/ba-p/188001).|
|11|Technical support |By using Microsoft Defender ATP together with Microsoft Defender Antivirus, you have one company to call for technical support. [Troubleshoot service issues](../microsoft-defender-atp/troubleshoot-mdatp.md) and [review event logs and error codes with Microsoft Defender Antivirus](troubleshoot-windows-defender-antivirus.md). |
## Learn more

2
windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
View File

@ -26,7 +26,7 @@ ms.topic: article
## API description
Retrieves a collection of Alerts.
<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
<br>The OData's ```$filter``` query is supported on: ```alertCreationTime```, ```incidentId```, ```InvestigationId```, ```status```, ```severity``` and ```category``` properties.
<br>The OData's ```$filter``` query is supported on: ```alertCreationTime```, ```lastUpdateTime```, ```incidentId```,```InvestigationId```, ```status```, ```severity``` and ```category``` properties.
<br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)