Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

2025-06-22 13:53:39 +00:00 · 2020-08-07 17:58:17 +00:00
parent 92acd48641 38699ad92a
commit bdd1d5923b
34 changed files with 23 additions and 2196 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
@ -51,15 +51,15 @@ Add the following JAMF payload to grant Full Disk Access to the Microsoft Defend

    ![Privacy Preferences Policy Control](images/mac-system-extension-privacy.png)

-### Web Content Filtering Policy
+### Network Extension Policy

-A web content filtering policy is needed to run the network extension. Add the following web content filtering policy:
+As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.

 >[!NOTE]
 >JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.
->As such, the following steps provide a workaround that involve signing the web content filtering configuration profile.
+>As such, the following steps provide a workaround that involve signing the configuration profile.

-1. Save the following content to your device as `com.apple.webcontent-filter.mobileconfig`
+1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig`

    ```xml
    <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
@ -74,7 +74,7 @@ A web content filtering policy is needed to run the network extension. Add the f
            <key>PayloadIdentifier</key>
            <string>DA2CC794-488B-4AFF-89F7-6686A7E7B8AB</string>
            <key>PayloadDisplayName</key>
-            <string>Microsoft Defender ATP Content Filter</string>
+            <string>Microsoft Defender ATP Network Extension</string>
            <key>PayloadDescription</key>
            <string/>
            <key>PayloadVersion</key>
@ -97,7 +97,7 @@ A web content filtering policy is needed to run the network extension. Add the f
                    <key>PayloadIdentifier</key>
                    <string>CEBF7A71-D9A1-48BD-8CCF-BD9D18EC155A</string>
                    <key>PayloadDisplayName</key>
-                    <string>Approved Content Filter</string>
+                    <string>Approved Network Extension</string>
                    <key>PayloadDescription</key>
                    <string/>
                    <key>PayloadVersion</key>
@ -107,7 +107,7 @@ A web content filtering policy is needed to run the network extension. Add the f
                    <key>FilterType</key>
                    <string>Plugin</string>
                    <key>UserDefinedName</key>
-                    <string>Microsoft Defender ATP Content Filter</string>
+                    <string>Microsoft Defender ATP Network Extension</string>
                    <key>PluginBundleID</key>
                    <string>com.microsoft.wdav</string>
                    <key>FilterSockets</key>
@ -125,8 +125,8 @@ A web content filtering policy is needed to run the network extension. Add the f
 2. Verify that the above file was copied correctly. From the Terminal, run the following command and verify that it outputs `OK`:

    ```bash
-    $ plutil -lint com.apple.webcontent-filter.mobileconfig
-    com.apple.webcontent-filter.mobileconfig: OK
+    $ plutil -lint com.microsoft.network-extension.mobileconfig
+    com.microsoft.network-extension.mobileconfig: OK
    ```

 3. Follow the instructions on [this page](https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority) to create a signing certificate using JAMF’s built-in certificate authority
@ -134,10 +134,10 @@ A web content filtering policy is needed to run the network extension. Add the f
 4. After the certificate is created and installed to your device, run the following command from the Terminal:

    ```bash
-    $ security cms -S -N "<certificate name>" -i com.apple.webcontent-filter.mobileconfig -o com.apple.webcontent-filter.signed.mobileconfig
+    $ security cms -S -N "<certificate name>" -i com.microsoft.network-extension.mobileconfig -o com.microsoft.network-extension.signed.mobileconfig
    ```

-5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.apple.webcontent-filter.signed.mobileconfig` when prompted for the file.
+5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.microsoft.network-extension.signed.mobileconfig` when prompted for the file.

 ## Intune

@ -162,7 +162,7 @@ To approve the system extensions:

 ### Create and deploy the Custom Configuration Profile

-The following configuration profile enables the web content filter and grants Full Disk Access to the Endpoint Security system extension. 
+The following configuration profile enables the network extension and grants Full Disk Access to the Endpoint Security system extension. 

 Save the following content to a file named **sysext.xml**:

@ -202,7 +202,7 @@ Save the following content to a file named **sysext.xml**:
                <key>PayloadIdentifier</key>
                <string>CEBF7A71-D9A1-48BD-8CCF-BD9D18EC155A</string>
                <key>PayloadDisplayName</key>
-                <string>Approved Content Filter</string>
+                <string>Approved Network Extension</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
@ -212,7 +212,7 @@ Save the following content to a file named **sysext.xml**:
                <key>FilterType</key>
                <string>Plugin</string>
                <key>UserDefinedName</key>
-                <string>Microsoft Defender ATP Content Filter</string>
+                <string>Microsoft Defender ATP Network Extension</string>
                <key>PluginBundleID</key>
                <string>com.microsoft.wdav</string>
                <key>FilterSockets</key>
@ -265,10 +265,10 @@ Save the following content to a file named **sysext.xml**:

 Verify that the above file was copied correctly. From the Terminal, run the following command and verify that it outputs `OK`:

-    ```bash
-    $ plutil -lint sysext.xml
-    sysext.xml: OK
-    ```
+```bash
+$ plutil -lint sysext.xml
+sysext.xml: OK
+```

 To deploy this custom configuration profile:

--- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
@ -28,7 +28,7 @@ Web content filtering is part of [Web protection](web-protection-overview.md) ca

 You can configure policies across your device groups to block certain categories, effectively preventing users within specified device groups from accessing URLs that are associated with the category. For any category that's not blocked, they are automatically audited i.e. your users will be able to access the URLs without disruption and you will continue to gather access statistics to help create a more custom policy decision. If an element on the page you’re viewing is making calls to a resource which is blocked, your users will see a block notification.

-Web content filtering is available on the major web browsers, with blocks performed by SmartScreen (Edge) and Network Protection (Chrome and Firefox). See the prerequisites section for more information about browser support.
+Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Edge) and Network Protection (Chrome and Firefox). See the prerequisites section for more information about browser support.

 To summarize the benefits:

@ -49,7 +49,7 @@ Before trying out this feature, make sure you have the following:
 - Windows 10 Enterprise E5 license
 - Access to Microsoft Defender Security Center portal
 - Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update. 
-Note that if SmartScreen is not turned on, Network Protection will take over the blocking. This requires [enabling Network Protection](enable-network-protection.md) on the device.
+Note that if Windows Defender SmartScreen is not turned on, Network Protection will take over the blocking. This requires [enabling Network Protection](enable-network-protection.md) on the device.

 ## Data handling

@ -123,7 +123,7 @@ Use the time range filter at the top left of the page to select a time period. Y
 ## Errors and issues

 ### Limitations and known issues in this preview
- Only Edge is supported if your device's OS configuraiton is Server (cmd > Systeminfo > OS Configuration). This is because Network Protection is only supported in Inspect mode on Server devices which is responsible for securing traffic across Chrome/Firefox.
+- Only Edge is supported if your device's OS configuration is Server (cmd > Systeminfo > OS Configuration). This is because Network Protection is only supported in Inspect mode on Server devices which is responsible for securing traffic across Chrome/Firefox.

 - Unassigned devices will have incorrect data shown within the report. In the Report details > Device groups pivot, you may see a row with a blank Device Group field. This group contains your unassigned devices in the interim before they get put into your specified group. The report for this row may not contain an accurate count of devices or access counts.