mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-20 09:17:25 +00:00
Merge remote-tracking branch 'refs/remotes/origin/master' into live
This commit is contained in:
LizRoss
commit
beadf43aed
@ -23,8 +23,6 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d
|
||||
|
||||
Compatible Surface devices include:
|
||||
|
||||
- Surface Studio
|
||||
|
||||
- Surface Book
|
||||
|
||||
- Surface Pro 4
|
||||
|
||||
@ -48,7 +48,7 @@ The Windows Hello for Business PIN is subject to the same set of IT management p
|
||||
|
||||
## What if someone steals the laptop or phone?
|
||||
|
||||
To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user’s biometrics or guess his or her PIN—and all of this must be done before TPM anti-hammer capabilities lock the device.
|
||||
To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user’s biometrics or guess his or her PIN—and all of this must be done before [TPM anti-hammering](/windows/device-security/tpm/tpm-fundamentals#anti-hammering) protection locks the device.
|
||||
You can provide additional protection for laptops that don't have TPM by enablng BitLocker and setting a policy to limit failed sign-ins.
|
||||
|
||||
**Configure BitLocker without TPM**
|
||||
|
||||
@ -14,6 +14,12 @@ author: jdeckerMS
|
||||
|
||||
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
|
||||
|
||||
## May 2017
|
||||
|
||||
| New or changed topic | Description |
|
||||
| --- | --- |
|
||||
| [ Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added MDM policies for privacy settings. |
|
||||
|
||||
## April 2017
|
||||
|
||||
| New or changed topic | Description |
|
||||
|
||||
@ -89,22 +89,22 @@ See the following table for a summary of the management settings for Windows 10
|
||||
| [17.1 General](#bkmk-general) |  |  |  |  | |
|
||||
| [17.2 Location](#bkmk-priv-location) |  |  |  |  | |
|
||||
| [17.3 Camera](#bkmk-priv-camera) |  |  |  |  | |
|
||||
| [17.4 Microphone](#bkmk-priv-microphone) |  |  | |  | |
|
||||
| [17.5 Notifications](#bkmk-priv-notifications) |  |  | |  | |
|
||||
| [17.4 Microphone](#bkmk-priv-microphone) |  |  |  |  | |
|
||||
| [17.5 Notifications](#bkmk-priv-notifications) |  |  | |  | |
|
||||
| [17.6 Speech, inking, & typing](#bkmk-priv-speech) |  |  |  |  | |
|
||||
| [17.7 Account info](#bkmk-priv-accounts) |  |  | |  | |
|
||||
| [17.8 Contacts](#bkmk-priv-contacts) |  |  | |  | |
|
||||
| [17.9 Calendar](#bkmk-priv-calendar) |  |  | |  | |
|
||||
| [17.10 Call history](#bkmk-priv-callhistory) |  |  | |  | |
|
||||
| [17.11 Email](#bkmk-priv-email) |  |  | |  | |
|
||||
| [17.12 Messaging](#bkmk-priv-messaging) |  |  | |  | |
|
||||
| [17.13 Radios](#bkmk-priv-radios) |  |  | |  | |
|
||||
| [17.14 Other devices](#bkmk-priv-other-devices) |  |  | |  | |
|
||||
| [17.7 Account info](#bkmk-priv-accounts) |  |  |  |  | |
|
||||
| [17.8 Contacts](#bkmk-priv-contacts) |  |  |  |  | |
|
||||
| [17.9 Calendar](#bkmk-priv-calendar) |  |  |  |  | |
|
||||
| [17.10 Call history](#bkmk-priv-callhistory) |  |  |  |  | |
|
||||
| [17.11 Email](#bkmk-priv-email) |  |  |  |  | |
|
||||
| [17.12 Messaging](#bkmk-priv-messaging) |  |  |  |  | |
|
||||
| [17.13 Radios](#bkmk-priv-radios) |  |  |  |  | |
|
||||
| [17.14 Other devices](#bkmk-priv-other-devices) |  |  |  |  | |
|
||||
| [17.15 Feedback & diagnostics](#bkmk-priv-feedback) |  |  |  |  | |
|
||||
| [17.16 Background apps](#bkmk-priv-background) |  | | | | |
|
||||
| [17.17 Motion](#bkmk-priv-motion) |  |  | |  | |
|
||||
| [17.18 Tasks](#bkmk-priv-tasks) |  |  | |  | |
|
||||
| [17.19 App Diagnostics](#bkmk-priv-diag) |  |  | |  | |
|
||||
| [17.16 Background apps](#bkmk-priv-background) |  |  |  | | |
|
||||
| [17.17 Motion](#bkmk-priv-motion) |  |  |  |  | |
|
||||
| [17.18 Tasks](#bkmk-priv-tasks) |  |  |  |  | |
|
||||
| [17.19 App Diagnostics](#bkmk-priv-diag) |  |  |  |  | |
|
||||
| [18. Software Protection Platform](#bkmk-spp) | |  |  |  | |
|
||||
| [19. Sync your settings](#bkmk-syncsettings) |  |  |  |  | |
|
||||
| [20. Teredo](#bkmk-teredo) | |  | |  |  |
|
||||
@ -204,6 +204,7 @@ For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server
|
||||
3. On the **Network Retrieval** tab, select the **Define these policy settings** check box.
|
||||
4. Clear the **Automatically update certificates in the Microsoft Root Certificate Program (recommended)** check box, and then click **OK**.
|
||||
|
||||
|
||||
On Windows Server 2016 Nano Server:
|
||||
|
||||
- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, called **DisableRootAutoUpdate**, with a value of 1.
|
||||
@ -308,7 +309,7 @@ To turn off Find My Device:
|
||||
|
||||
- Turn off the feature in the UI
|
||||
|
||||
-or
|
||||
-or-
|
||||
|
||||
- Disable the Group Policy: **Computer Configuration** > **Administrative Template** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**
|
||||
|
||||
@ -422,7 +423,11 @@ You can also use registry entries to set these Group Policies.
|
||||
| Turn off the flip ahead with page prediction feature | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\FlipAhead!Enabled <br /> REG_DWORD: 0|
|
||||
| Turn off background synchronization for feeds and Web Slices | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds!BackgroundSyncStatus <br/> REG_DWORD:0 |
|
||||
|
||||
To turn off the home page, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**
|
||||
To turn off the home page, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank**.
|
||||
|
||||
To configure the First Run Wizard, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Prevent running First Run wizard**, and set it to **Go directly to home page**.
|
||||
|
||||
To configure the behavior for a new tab, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Specify default behavior for a new tab**, and set it to **about:blank**.
|
||||
|
||||
### <a href="" id="bkmk-ie-activex"></a>8.1 ActiveX control blocking
|
||||
|
||||
@ -479,11 +484,14 @@ To prevent communication to the Microsoft Account cloud authentication service.
|
||||
- Apply the Group Policy: **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options** > **Accounts: Block Microsoft Accounts** and set it to **Users can't add Microsoft accounts**.
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting called **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System!NoConnectedUser**, with a value of 3.
|
||||
To disable the Microsoft Account Sign-In Assistant:
|
||||
|
||||
- Apply the Accounts/AllowMicrosoftAccountSignInAssistant MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
|
||||
|
||||
- Change the Start REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\wlidsvc** to a value of **4**.
|
||||
|
||||
|
||||
### <a href="" id="bkmk-edge"></a>12. Microsoft Edge
|
||||
|
||||
@ -521,7 +529,7 @@ Alternatively, you can configure the Microsoft Group Policies using the followin
|
||||
|
||||
| Policy | Registry path |
|
||||
| - | - |
|
||||
| Configure Autofill | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!Use FormSuggest <br/ > REG_SZ: **about:blank** |
|
||||
| Configure Autofill | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!Use FormSuggest <br/ > REG_SZ: **no** |
|
||||
| Configure Do Not Track | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!DoNotTrack<br/> REG_DWORD: 1 |
|
||||
| Configure Password Manager | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!FormSuggest Passwords<br /> REG_SZ: **no** |
|
||||
| Configure search suggestions in Address bar | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes!ShowSearchSuggestionsGlobal <br /> REG_DWORD: 0|
|
||||
@ -1004,7 +1012,15 @@ To turn off **Let apps use my microphone**:
|
||||
|
||||
- Set the **Select a setting** box to **Force Deny**.
|
||||
|
||||
-or-
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsAccessMicrophone MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmicrophone), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMicrophone**, with a value of 2 (two)
|
||||
|
||||
@ -1026,6 +1042,14 @@ To turn off **Let apps access my notifications**:
|
||||
|
||||
- Set the **Select a setting** box to **Force Deny**.
|
||||
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsAccessNotifications MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessnotifications), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessNotifications**, with a value of 2 (two)
|
||||
@ -1088,6 +1112,14 @@ To turn off **Let apps access my name, picture, and other account info**:
|
||||
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsAccessAccountInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessaccountinfo), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessContacts**, with a value of 2 (two).
|
||||
|
||||
To turn off **Choose the apps that can access your account info**:
|
||||
@ -1108,6 +1140,14 @@ To turn off **Choose apps that can access contacts**:
|
||||
|
||||
- Set the **Select a setting** box to **Force Deny**.
|
||||
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsAccessContacts MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscontacts), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
### <a href="" id="bkmk-priv-calendar"></a>17.9 Calendar
|
||||
|
||||
In the **Calendar** area, you can choose which apps have access to an employee's calendar.
|
||||
@ -1124,6 +1164,14 @@ To turn off **Let apps access my calendar**:
|
||||
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsAccessCalendar MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscalendar), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessCalendar**, with a value of 2 (two).
|
||||
|
||||
To turn off **Choose apps that can access calendar**:
|
||||
@ -1144,7 +1192,15 @@ To turn off **Let apps access my call history**:
|
||||
|
||||
- Set the **Select a setting** box to **Force Deny**.
|
||||
|
||||
-or-
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsAccessCallHistory MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscallhistory), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessCallHistory**, with a value of 2 (two).
|
||||
|
||||
@ -1162,7 +1218,15 @@ To turn off **Let apps access and send email**:
|
||||
|
||||
- Set the **Select a setting** box to **Force Deny**.
|
||||
|
||||
-or-
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsAccessEmail MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessemail), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessEmail**, with a value of 2 (two).
|
||||
|
||||
@ -1182,6 +1246,14 @@ To turn off **Let apps read or send messages (text or MMS)**:
|
||||
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsAccess<Messaging MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmessaging), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMessaging**, with a value of 2 (two).
|
||||
|
||||
To turn off **Choose apps that can read or send messages**:
|
||||
@ -1204,6 +1276,14 @@ To turn off **Let apps control radios**:
|
||||
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsAccessRadios MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessradios), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessRadios**, with a value of 2 (two).
|
||||
|
||||
|
||||
@ -1225,6 +1305,14 @@ To turn off **Let apps automatically share and sync info with wireless devices t
|
||||
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsSyncWithDevices MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappssyncwithdevices), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsSyncWithDevices**, with a value of 2 (two).
|
||||
|
||||
To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
|
||||
@ -1336,6 +1424,15 @@ To turn off **Let apps run in the background**:
|
||||
|
||||
- Set the **Select a setting** box to **Force Deny**.
|
||||
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsRunInBackground MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessruninbackground), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
|
||||
### <a href="" id="bkmk-priv-motion"></a>17.17 Motion
|
||||
|
||||
In the **Motion** area, you can choose which apps have access to your motion data.
|
||||
@ -1350,6 +1447,14 @@ To turn off **Let Windows and your apps use your motion data and collect motion
|
||||
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsAccessMotion MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmotion), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMotion**, with a value of 2 (two).
|
||||
|
||||
### <a href="" id="bkmk-priv-tasks"></a>17.18 Tasks
|
||||
@ -1366,6 +1471,14 @@ To turn this off:
|
||||
|
||||
- Set the **Select a setting** box to **Force Deny**.
|
||||
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsAccessTasks MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesstasks), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
### <a href="" id="bkmk-priv-diag"></a>17.19 App Diagnostics
|
||||
|
||||
In the **App diagnostics** area, you can choose which apps have access to your diagnostic information.
|
||||
@ -1378,6 +1491,15 @@ To turn this off:
|
||||
|
||||
- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access dignostic information about other apps**
|
||||
|
||||
-or-
|
||||
|
||||
- Apply the Privacy/LetAppsGetDiagnosticInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsgetdiagnosticinfo), where:
|
||||
|
||||
- **0**. User in control
|
||||
- **1**. Force allow
|
||||
- **2**. Force deny
|
||||
|
||||
|
||||
### <a href="" id="bkmk-spp"></a>18. Software Protection Platform
|
||||
|
||||
Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
|
||||
@ -1563,7 +1685,7 @@ If you're running Windows 10, version 1607 or later, you only need to enable the
|
||||
|
||||
-or-
|
||||
|
||||
- Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsSpotlightFeatures**, with a value of 1 (one).
|
||||
- Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsSpotlightFeatures**, with a value of 1 (one).
|
||||
|
||||
If you're not running Windows 10, version 1607 or later, you can use the other options in this section.
|
||||
|
||||
@ -1591,7 +1713,7 @@ If you're not running Windows 10, version 1607 or later, you can use the other o
|
||||
> This will only take effect if the policy is applied before the first logon. If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, you can apply this policy: **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Do not display the lock screen**. Alternatively, you can create a new REG\_SZ registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization!LockScreenImage**, with a value of **C:\\windows\\web\\screen\\lockscreen.jpg** and create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization!LockScreenOverlaysDisabled**, with a value of 1 (one).
|
||||
|
||||
|
||||
- **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Do not show Windows tips**.
|
||||
- **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Do not show Windows tips**.
|
||||
|
||||
-or-
|
||||
|
||||
@ -1599,9 +1721,9 @@ If you're not running Windows 10, version 1607 or later, you can use the other o
|
||||
|
||||
- **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off Microsoft consumer experiences**.
|
||||
|
||||
-or-
|
||||
-or-
|
||||
|
||||
- Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsConsumerFeatures**, with a value of 1 (one).
|
||||
- Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsConsumerFeatures**, with a value of 1 (one).
|
||||
|
||||
For more info, see [Windows Spotlight on the lock screen](windows-spotlight.md).
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ The Windows 10 operating system introduces a new way to build, deploy, and servi
|
||||
|
||||
## Building
|
||||
|
||||
Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features — a scenario that doesn’t work in today’s rapidly changing world, a world in which new security, management, and deployment capabilities are necessary to address challenges. Windows as a service will deliver smaller feature updates two to three times per year to help address these issues.
|
||||
Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features — a scenario that doesn’t work in today’s rapidly changing world, a world in which new security, management, and deployment capabilities are necessary to address challenges. Windows as a service will deliver smaller feature updates two times per year, around March and September, to help address these issues.
|
||||
|
||||
In the past, when Microsoft developed new versions of Windows, it typically released technical previews near the end of the process, when Windows was nearly ready to ship. With Windows 10, new features will be delivered to the [Windows Insider community](https://insider.windows.com/) as soon as possible — during the development cycle, through a process called *flighting* — so that organizations can see exactly what Microsoft is developing and start their testing as soon as possible.
|
||||
|
||||
@ -53,7 +53,7 @@ Device compatibility in Windows 10 is also very strong; new hardware is not need
|
||||
|
||||
## Servicing
|
||||
|
||||
Traditional Windows servicing has included several release types: major revisions (e.g., the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10, there are two release types: feature updates that add new functionality two to three times per year, and quality updates that provide security and reliability fixes at least once a month.
|
||||
Traditional Windows servicing has included several release types: major revisions (e.g., the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10, there are two release types: feature updates that add new functionality twice per year, and quality updates that provide security and reliability fixes at least once a month.
|
||||
|
||||
With Windows 10, organizations will need to change the way they approach deploying updates. Servicing branches are the first way to separate users into deployment groups for feature and quality updates. With the introduction of servicing branches comes the concept of a [deployment ring](waas-deployment-rings-windows-10-updates.md), which is simply a way to categorize the combination of a deployment group and a servicing branch to group devices for successive waves of deployment. For more information about developing a deployment strategy that leverages servicing branches and deployment rings, see [Plan servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md).
|
||||
|
||||
@ -64,7 +64,10 @@ To align with this new update delivery model, Windows 10 has three servicing bra
|
||||
|
||||
### Feature updates
|
||||
|
||||
With Windows 10, Microsoft will package new features into feature updates that can be deployed using existing management tools. Because feature updates are delivered more frequently than with previous Windows releases — two to three times per year rather than every 3–5 years — changes will be in bite-sized chunks rather than all at once and end user readiness time much shorter.
|
||||
With Windows 10, Microsoft will package new features into feature updates that can be deployed using existing management tools. Because feature updates are delivered more frequently than with previous Windows releases — twice per year, around March and September, rather than every 3–5 years — changes will be in bite-sized chunks rather than all at once and end user readiness time much shorter.
|
||||
|
||||
>[!TIP]
|
||||
> The feature update cadence has been aligned with Office 365 ProPlus updates. Starting with this falls' update, both Windows and Office will deliver their major updates semi-annually, around March and September. See [upcoming changes to Office 365 ProPlus update management](https://support.office.com/article/Overview-of-the-upcoming-changes-to-Office-365-ProPlus-update-management-78b33779-9356-4cdf-9d2c-08350ef05cca) for more information about changes to Office update management.
|
||||
|
||||
### Quality updates
|
||||
|
||||
@ -97,7 +100,7 @@ When Microsoft officially releases a feature update for Windows 10, that update
|
||||
|
||||
### Current Branch for Business
|
||||
|
||||
Organizations typically prefer to have a testing cycle before broadly deploying new features to business users. For Windows 10, most pilot testing will be done using the CB servicing branch. In contrast, the CBB servicing branch is typically used for broad deployment. Windows 10 clients in the CBB servicing branch receive the same build of Windows 10 as those in the CB servicing branch, just at a later time. CB releases are transitioned to CBB after about 4 months, indicating that Microsoft, independent software vendors (ISVs), partners, and customers believe that the release is ready for broad deployment. Therefore, CB and CBB have an inherent “staging” effect. Both of these branches have a purpose in the overall deployment process for an enterprise, providing another layer of testing capabilities in addition to the traditional phased deployment methods to specific groups of machines. Microsoft will support two CBB builds at a time, plus a 60 day grace period. Each feature update release will be supported and updated for a minimum of 18 months.
|
||||
Organizations typically prefer to have a testing cycle before broadly deploying new features to business users. For Windows 10, most pilot testing will be done using the CB servicing branch. In contrast, the CBB servicing branch is typically used for broad deployment. Windows 10 clients in the CBB servicing branch receive the same build of Windows 10 as those in the CB servicing branch, just at a later time. CB releases are transitioned to CBB after about 4 months, indicating that Microsoft, independent software vendors (ISVs), partners, and customers believe that the release is ready for broad deployment. Therefore, CB and CBB have an inherent “staging” effect. Both of these branches have a purpose in the overall deployment process for an enterprise, providing another layer of testing capabilities in addition to the traditional phased deployment methods to specific groups of machines. Each feature update release will be supported and updated for 18 months from the time of its release.
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
@ -126,7 +129,7 @@ LTSB is available only in the Windows 10 Enterprise LTSB edition. This build of
|
||||
|
||||
For many IT pros, gaining visibility into feature updates early—before they’re available to the CB servicing branch—can be both intriguing and valuable for future end user communications as well as provide additional prestaging for CB machines. With Windows 10, feature flighting enables Windows Insiders to consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds of Windows 10 helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft. Also, as flighted builds get closer to their release to CB, organizations can test their deployment on test devices for compatibility validation.
|
||||
|
||||
Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about how to sign up for the Windows Insider Program and enroll test devices, go to [https://insider.windows.com](https://insider.windows.com).
|
||||
Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about the Windows Insider Program for Business, go to [Windows Insider Program for Business](waas-windows-insider-for-business.md).
|
||||
|
||||
>[!NOTE]
|
||||
>Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub app.
|
||||
|
||||
@ -74,7 +74,7 @@ The TPM Group Policy settings in the following list are located at:
|
||||
|
||||
This policy setting allows you to manage the maximum number of authorization failures for the TPM for all standard users. If the total number of authorization failures for all users equals the duration that is set for the policy, all users are prevented from sending commands to the TPM that require authorization.
|
||||
|
||||
For information about mitigating dictionary attacks that use the lockout settings, see [TPM fundamentals](tpm-fundamentals.md#how-the-tpm-mitigates-dictionary-attacks).
|
||||
For information about mitigating dictionary attacks that use the lockout settings, see [TPM fundamentals](tpm-fundamentals.md#anti-hammering).
|
||||
|
||||
## Use the TPM cmdlets
|
||||
|
||||
|
||||
@ -47,7 +47,7 @@ The following sections provide an overview of the technologies that support the
|
||||
|
||||
- [TPM Key Attestation](#key-attestation)
|
||||
|
||||
- [How the TPM mitigates dictionary attacks](#how-the-tpm-mitigates-dictionary-attacks)
|
||||
- [Anti-hammering](#anti-hammering)
|
||||
|
||||
The following topic describes the TPM Services that can be controlled centrally by using Group Policy settings:
|
||||
[TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md).
|
||||
@ -85,17 +85,17 @@ For a TPM to be usable by a trusted application, it must contain an endorsement
|
||||
|
||||
TPM key attestation allows a certification authority to verify that a private key is actually protected by a TPM and that the TPM is one that the certification authority trusts. Endorsement keys which have been proven valid can be used to bind the user identity to a device. Moreover, the user certificate with a TPM attested key provides higher security assurance backed up by the non-exportability, anti-hammering, and isolation of keys provided by a TPM.
|
||||
|
||||
## How the TPM mitigates dictionary attacks
|
||||
## Anti-hammering
|
||||
|
||||
When a TPM processes a command, it does so in a protected environment, for example, a dedicated microcontroller on a discrete chip or a special hardware-protected mode on the main CPU. A TPM can be used to create a cryptographic key that is not disclosed outside the TPM, but is able to be used in the TPM after the correct authorization value is provided.
|
||||
|
||||
TPMs have dictionary attack logic that is designed to prevent brute force attacks that attempt to determine authorization values for using a key. The basic approach is for the TPM to allow only a limited number of authorization failures before it prevents more attempts to use keys and locks. Providing a failure count for individual keys is not technically practical, so TPMs have a global lockout when too many authorization failures occur.
|
||||
TPMs have anti-hammering protection that is designed to prevent brute force attacks, or more complex dictionary attacks, that attempt to determine authorization values for using a key. The basic approach is for the TPM to allow only a limited number of authorization failures before it prevents more attempts to use keys and locks. Providing a failure count for individual keys is not technically practical, so TPMs have a global lockout when too many authorization failures occur.
|
||||
|
||||
Because many entities can use the TPM, a single authorization success cannot reset the TPM’s dictionary attack logic. This prevents an attacker from creating a key with a known authorization value and then using it to reset the TPM’s dictionary attack logic. Generally TPMs are designed to forget about authorization failures after a period of time so the TPM does not enter a lockout state unnecessarily. A TPM owner password can be used to reset the TPM’s lockout logic.
|
||||
Because many entities can use the TPM, a single authorization success cannot reset the TPM’s anti-hammering protection. This prevents an attacker from creating a key with a known authorization value and then using it to reset the TPM’s protection. Generally, TPMs are designed to forget about authorization failures after a period of time so the TPM does not enter a lockout state unnecessarily. A TPM owner password can be used to reset the TPM’s lockout logic.
|
||||
|
||||
### TPM 2.0 dictionary attack behavior
|
||||
### TPM 2.0 anti-hammering
|
||||
|
||||
TPM 2.0 has well defined dictionary attack logic behavior. This is in contrast to TPM 1.2 for which the dictionary attack logic was set by the manufacturer, and the logic varied widely throughout the industry.
|
||||
TPM 2.0 has well defined anti-hammering behavior. This is in contrast to TPM 1.2 for which the anti-hammering protection was implemented by the manufacturer, and the logic varied widely throughout the industry.
|
||||
|
||||
> [!WARNING]
|
||||
> For the purposes of this topic, Windows 8 Certified Hardware also pertains to Windows 8.1 systems. The following references to “Windows” include these supported Windows versions.
|
||||
@ -106,7 +106,7 @@ Attempts to use a key with an authorization value for the next two hours would n
|
||||
|
||||
Windows 8 Certification does not require TPM 2.0 systems to forget about authorization failures when the system is fully powered off or when the system has hibernated. Windows does require that authorization failures are forgotten when the system is running normally, in a sleep mode, or in low power states other than off. If a Windows system with TPM 2.0 is locked, the TPM leaves lockout mode if the system is left on for two hours.
|
||||
|
||||
The dictionary attack logic for TPM 2.0 can be fully reset immediately by sending a reset lockout command to the TPM and providing the TPM owner password. By default, Windows automatically provisions TPM 2.0 and stores the TPM owner password for use by system administrators.
|
||||
The anti-hammering protection for TPM 2.0 can be fully reset immediately by sending a reset lockout command to the TPM and providing the TPM owner password. By default, Windows automatically provisions TPM 2.0 and stores the TPM owner password for use by system administrators.
|
||||
|
||||
In some enterprise situations, the TPM owner authorization value is configured to be stored centrally in Active Directory, and it is not stored on the local system. An administrator can launch the TPM MMC and choose to reset the TPM lockout time. If the TPM owner password is stored locally, it is used to reset the lockout time. If the TPM owner password is not available on the local system, the administrator needs to provide it. If an administrator attempts to reset the TPM lockout state with the wrong TPM owner password, the TPM does not allow another attempt to reset the lockout state for 24 hours.
|
||||
|
||||
@ -114,12 +114,12 @@ TPM 2.0 allows some keys to be created without an authorization value associate
|
||||
|
||||
### Rationale behind the Windows 8.1 and Windows 8 defaults
|
||||
|
||||
Windows relies on the TPM 2.0 dictionary attack protection for multiple features. The defaults that are selected for Windows 8 balance trade-offs for different scenarios.
|
||||
Windows relies on the TPM 2.0 anti-hammering protection for multiple features. The defaults that are selected for Windows 8 balance trade-offs for different scenarios.
|
||||
For example, when BitLocker is used with a TPM plus PIN configuration, it needs the number of PIN guesses to be limited over time. If the computer is lost, someone could make only 32 PIN guesses immediately, and then only one more guess every two hours. This totals about 4415 guesses per year. This makes a good standard for system administrators to determine how many PIN characters to use for BitLocker deployments.
|
||||
|
||||
The Windows TPM-based smart card, which is a virtual smart card, can be configured to allow sign in to the system. In contrast with physical smart cards, the sign-in process uses a TPM-based key with an authorization value. The following list shows the advantages of virtual smart cards:
|
||||
|
||||
- Physical smart cards can enforce lockout for only the physical smart card PIN, and they can reset the lockout after the correct PIN is entered. With a virtual smart card, the TPM’s dictionary attack is not reset after a successful authentication. The allowed number of authorization failures before the TPM enters lockout includes many factors.
|
||||
- Physical smart cards can enforce lockout for only the physical smart card PIN, and they can reset the lockout after the correct PIN is entered. With a virtual smart card, the TPM’s anti-hammering protection is not reset after a successful authentication. The allowed number of authorization failures before the TPM enters lockout includes many factors.
|
||||
|
||||
- Hardware manufacturers and software developers have the option to use the security features of the TPM to meet their requirements.
|
||||
|
||||
|
||||
@ -94,7 +94,7 @@
|
||||
##### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md)
|
||||
##### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
|
||||
### [Configure Windows Defender Antivirus features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
|
||||
#### [Utilize Microsoft cloud-provided protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
|
||||
#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
|
||||
##### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md)
|
||||
##### [Specify the cloud-delivered protection level](windows-defender-antivirus\specify-cloud-protection-level-windows-defender-antivirus.md)
|
||||
##### [Configure and validate network connections](windows-defender-antivirus\configure-network-connections-windows-defender-antivirus.md)
|
||||
|
||||
@ -51,10 +51,10 @@ The following table lists the services and their associated URLs that your netwo
|
||||
</tr>
|
||||
<tr style="vertical-align:top">
|
||||
<td>
|
||||
Windows Defender Antivirus cloud-based protection service, also referred to as Microsoft Active Protection Service (MAPS)
|
||||
Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)
|
||||
</td>
|
||||
<td>
|
||||
Used by Windows Defender Antivirus to provide cloud-based protection
|
||||
Used by Windows Defender Antivirus to provide cloud-delivered protection
|
||||
</td>
|
||||
<td>
|
||||
*.wdcp.microsoft.com*<br />
|
||||
|
||||
@ -41,7 +41,7 @@ author: iaanw
|
||||
|
||||
You can enable or disable Windows Defender Antivirus cloud-delivered protection with Group Policy, System Center Configuration Manager, PowerShell cmdlets, Microsoft Intune, or on individual clients in the Windows Defender Security Center app.
|
||||
|
||||
See [Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for an overview of Windows Defender Antivirus cloud-based protection.
|
||||
See [Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for an overview of Windows Defender Antivirus cloud-delivered protection.
|
||||
|
||||
There are specific network-connectivity requirements to ensure your endpoints can connect to the cloud-delivered protection service. See [Configure and validate network connections for Windows Defender AV](configure-network-connections-windows-defender-antivirus.md) for more details.
|
||||
|
||||
|
||||
@ -33,7 +33,7 @@ author: iaanw
|
||||
|
||||
Windows Defender AV uses both [cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloaded protection updates to provide protection. These protection updates are also known as "definitions" or "signature updates".
|
||||
|
||||
The cloud-based protection is “always-on” and requires an active connection to the Internet to function, while the protection updates generally occur once a day (although this can be configured).
|
||||
The cloud-delivered protection is “always-on” and requires an active connection to the Internet to function, while the protection updates generally occur once a day (although this can be configured).
|
||||
|
||||
There are two components to managing protection updates - where the updates are downloaded from, and when updates are downloaded and applied.
|
||||
|
||||
|
||||
@ -33,7 +33,7 @@ You can also apply [Windows security baselines](https://technet.microsoft.com/en
|
||||
|
||||
Windows Defender AV uses both [cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) (also called the Microsoft Advanced Protection Service or MAPS) and periodically downloaded protection updates to provide protection. These protection updates are also known as "definitions" or "signature updates".
|
||||
|
||||
The cloud-based protection is “always-on” and requires an active connection to the Internet to function, while the protection updates generally occur once a day (although this can be configured). See the [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection.
|
||||
The cloud-delivered protection is “always-on” and requires an active connection to the Internet to function, while the protection updates generally occur once a day (although this can be configured). See the [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection.
|
||||
|
||||
|
||||
## Product updates
|
||||
@ -49,5 +49,5 @@ Topic | Description
|
||||
[Manage how protection updates are downloaded and applied](manage-protection-updates-windows-defender-antivirus.md) | Protection updates can be delivered through a number of sources.
|
||||
[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) | You can schedule when protection updates should be downloaded.
|
||||
[Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next log on.
|
||||
[Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-based protection events.
|
||||
[Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events.
|
||||
[Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md)| You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines.
|
||||
|
||||
@ -33,7 +33,7 @@ Enabling cloud-delivered protection helps detect and block new malware - even if
|
||||
|
||||
Cloud-delivered protection is enabled by default, however you may need to re-enable it if it has been disabled as part of previous organizational policies.
|
||||
|
||||
The following table describes the differences in cloud-based protection between recent versions of Windows and System Center Configuration Manager.
|
||||
The following table describes the differences in cloud-delivered protection between recent versions of Windows and System Center Configuration Manager.
|
||||
|
||||
|
||||
Feature | Windows 8.1 (Group Policy) | Windows 10, version 1607 (Group Policy) | Windows 10, version 1703 (Group Policy) | Configuration manager 2012 | Configuration manager (current branch) | Microsoft Intune
|
||||
@ -54,4 +54,4 @@ You can also [configure Windows Defender AV to automatically receive new protect
|
||||
[Specify the cloud-delivered protection level](specify-cloud-protection-level-windows-defender-antivirus.md) | You can specify the level of protection offered by the cloud with Group Policy and System Center Configuration Manager. The protection level will affect the amount of information shared with the cloud and how aggressively new files are blocked.
|
||||
[Configure and validate network connections for Windows Defender Antivirus](configure-network-connections-windows-defender-antivirus.md) | There are certain Microsoft URLs that your network and endpoints must be able to connect to for cloud-delivered protection to work effectively. This topic lists the URLs that should be allowed via firewall or network filtering rules, and instructions for confirming your network is properly enrolled in cloud-delivered protection.
|
||||
[Configure the Block at First Sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) | The Block at First Sight feature can block new malware within seconds, without having to wait hours for a traditional signature. You can enable and configure it with System Center Configuration Manager and Group Policy.
|
||||
[Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md) | Windows Defender Antivirus can block suspicious files from running while it queries our cloud-based protection service. You can configure the amount of time the file will be prevented from running with System Center Configuration Manager and Group Policy.
|
||||
[Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md) | Windows Defender Antivirus can block suspicious files from running while it queries our cloud-delivered protection service. You can configure the amount of time the file will be prevented from running with System Center Configuration Manager and Group Policy.
|
||||
@ -27,7 +27,7 @@ localizationpriority: high
|
||||
|
||||
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
|
||||
|
||||
Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see (Windows Defender ATP for Windows 10 Creators Update)[https://technet.microsoft.com/en-au/windows/mt782787].
|
||||
Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see [Windows Defender ATP for Windows 10 Creators Update](https://technet.microsoft.com/en-au/windows/mt782787).
|
||||
|
||||
Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user