mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 21:37:22 +00:00
Dani Halfin
GitHub
commit
bf66f11ace
@ -90,5 +90,5 @@ Import-Module LyncOnlineConnector
|
||||
$SfBSession = New-CsOnlineSession -Credential (Get-Credential)
|
||||
Import-PSSession $SfBSession -AllowClobber
|
||||
Enable the Skype for Business meeting room
|
||||
Enable-CsMeetingRoom -Identity account@YourDomain.com -RegistrarPoo(Get-CsTenant).Registrarpool -SipAddressType EmailAddress
|
||||
Enable-CsMeetingRoom -Identity account@YourDomain.com -RegistrarPool(Get-CsTenant).Registrarpool -SipAddressType EmailAddress
|
||||
```
|
||||
|
||||
@ -17,14 +17,6 @@ ms.date: 07/25/2019
|
||||
|
||||
The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There is no user interface shown for apps that are blocked.
|
||||
|
||||
> **Note**
|
||||
> When you create a list of allowed apps, all [inbox apps](#inboxappsandcomponents) are also blocked, and you must include them in your list of allowed apps. Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need.
|
||||
>
|
||||
> In Windows 10 Mobile, when you create a list of allowed apps, the [settings app that rely on splash apps](#settingssplashapps) are blocked. To unblock these apps, you must include them in your list of allowed apps.
|
||||
>
|
||||
> Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node.
|
||||
|
||||
|
||||
The following diagram shows the AppLocker configuration service provider in tree format.
|
||||
|
||||
|
||||
@ -39,6 +31,9 @@ Defines restrictions for applications.
|
||||
> When you create a list of allowed apps, all [inbox apps](#inboxappsandcomponents) are also blocked, and you must include them in your list of allowed apps. Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need.
|
||||
>
|
||||
> In Windows 10 Mobile, when you create a list of allowed apps, the [settings app that rely on splash apps](#settingssplashapps) are blocked. To unblock these apps, you must include them in your list of allowed apps.
|
||||
>
|
||||
> Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node.
|
||||
|
||||
|
||||
Additional information:
|
||||
|
||||
@ -363,7 +358,8 @@ The product name is first part of the PackageFullName followed by the version nu
|
||||
|
||||
The following list shows the apps that may be included in the inbox.
|
||||
|
||||
> **Note** This list identifies system apps that ship as part of Windows that you can add to your AppLocker policy to ensure proper functioning of the operating system. If you decide to block some of these apps, we recommend a thorough testing before deploying to your production environment. Failure to do so may result in unexpected failures and can significantly degrade the user experience.
|
||||
> [!NOTE]
|
||||
> This list identifies system apps that ship as part of Windows that you can add to your AppLocker policy to ensure proper functioning of the operating system. If you decide to block some of these apps, we recommend a thorough testing before deploying to your production environment. Failure to do so may result in unexpected failures and can significantly degrade the user experience.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1072,7 +1072,7 @@ The following list shows the supported values:
|
||||
- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709)
|
||||
- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709)
|
||||
- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted).
|
||||
- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903)
|
||||
- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the Semi-annual Channel and Semi-annual Channel (Targeted) into a single Semi-annual Channel with a value of 16)
|
||||
|
||||
<!--/SupportedValues-->
|
||||
<!--/Policy-->
|
||||
|
||||
@ -47,6 +47,7 @@ Three features enable Start and taskbar layout control:
|
||||
- In Windows Configuration Designer, you use the **Policies/Start/StartLayout** setting to provide the contents of the .xml file that defines the Start and taskbar layout.
|
||||
|
||||
<span id="escape"/>
|
||||
|
||||
## Prepare the Start layout XML file
|
||||
|
||||
The **Export-StartLayout** cmdlet produces an XML file. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout section to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout section to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters.
|
||||
|
||||
@ -9,7 +9,8 @@ ms.prod: w10
|
||||
ms.mktglfcycl: plan
|
||||
ms.pagetype: appcompat
|
||||
ms.sitesec: library
|
||||
audience: itpro
author: greg-lindsay
|
||||
audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.date: 04/19/2017
|
||||
ms.topic: article
|
||||
---
|
||||
@ -67,14 +68,9 @@ A compatibility mode includes a set of compatibility fixes and must be deployed
|
||||
|
||||
3. Select each of the available compatibility fixes to include in your custom-compatibility mode and then click **>**.
|
||||
|
||||
**Important**
|
||||
If you are unsure which compatibility fixes to add, you can click **Copy Mode**. The **Select Compatibility Mode** dialog box appears and enables you to select from the preloaded compatibility modes. After you select a compatibility mode and click **OK**, any compatibility fixes that are included in the preloaded compatibility mode will be automatically added to your custom-compatibility mode.
|
||||
|
||||
|
||||
|
||||
~~~
|
||||
If you have any compatibility fixes that require additional parameters, you can select the fix, and then click **Parameters**. The **Options for <Compatibility\_Fix\_Name>** dialog box appears, enabling you to update the parameter fields.
|
||||
~~~
|
||||
> [!IMPORTANT]
|
||||
> If you are unsure which compatibility fixes to add, you can click **Copy Mode**. The **Select Compatibility Mode** dialog box appears and enables you to select from the preloaded compatibility modes. After you select a compatibility mode and click **OK**, any compatibility fixes that are included in the preloaded compatibility mode will be automatically added to your custom-compatibility mode.
|
||||
> If you have any compatibility fixes that require additional parameters, you can select the fix, and then click **Parameters**. The **Options for <Compatibility\_Fix\_Name>** dialog box appears, enabling you to update the parameter fields.
|
||||
|
||||
4. After you are done selecting the compatibility fixes to include, click **OK**.
|
||||
|
||||
|
||||
@ -90,7 +90,7 @@ With Windows 10, Microsoft will package new features into feature updates that c
|
||||
|
||||
Monthly updates in previous Windows versions were often overwhelming because of the sheer number of updates available each month. Many organizations selectively chose which updates they wanted to install and which they didn’t, and this created countless scenarios in which organizations deployed essential security updates but picked only a subset of non-security fixes.
|
||||
|
||||
In Windows 10, rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators will see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes patching simpler and ensures that customers’ devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from patching. The left side of Figure 1 provides an example of Windows 7 devices in an enterprise and what their current patch level might look like. On the right is what Microsoft’s test environment devicess contain. This drastic difference is the basis for many compatibility issues and system anomalies related to Windows updates.
|
||||
In Windows 10, rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators will see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes patching simpler and ensures that customers’ devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from patching. The left side of Figure 1 provides an example of Windows 7 devices in an enterprise and what their current patch level might look like. On the right is what Microsoft’s test environment devices contain. This drastic difference is the basis for many compatibility issues and system anomalies related to Windows updates.
|
||||
|
||||
**Figure 1**
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ ms.topic: article
|
||||
Create custom detection rules from [Advanced hunting](overview-hunting.md) queries to automatically check for threat indicators and generate alerts whenever these indicators are found.
|
||||
|
||||
>[!NOTE]
|
||||
>To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
|
||||
>To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. For the detection rule to work properly and create alerts, the query must return in each row a set of MachineId, ReportId, EventTime which match to an actual event in advanced hunting.
|
||||
|
||||
1. In the navigation pane, select **Advanced hunting**.
|
||||
|
||||
|
||||
@ -42,7 +42,7 @@ There are specific network-connectivity requirements to ensure your endpoints ca
|
||||
2. Select **All services > Intune**.
|
||||
3. In the **Intune** pane, select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
|
||||
4. Select **Properties**, select **Settings: Configure**, and then select **Windows Defender Antivirus**.
|
||||
5. On the **Cloud-delivered protection** switch, select **Enable**.
|
||||
5. On the **Cloud-delivered protection** switch, select **Not configured**.
|
||||
6. In the **Prompt users before sample submission** dropdown, select **Send all data without prompting**.
|
||||
7. In the **Submit samples consent** dropdown, select one of the following:
|
||||
|
||||
|
||||
@ -148,7 +148,7 @@ realTimeProtectionEnabled : true
|
||||
mdatp --health orgId
|
||||
```
|
||||
|
||||
2. Install the configuration file on a client machine:
|
||||
2. Run the Python script to install the configuration file:
|
||||
|
||||
```bash
|
||||
/usr/bin/python WindowsDefenderATPOnboarding.py
|
||||
|
||||
@ -55,7 +55,7 @@ The following table lists the services and their associated URLs that your netwo
|
||||
| ---------------------------------------- | ----------------------- |
|
||||
| Common URLs for all locations | x.cp.wd.microsoft.com <br/> cdn.x.cp.wd.microsoft.com <br/> eu-cdn.x.cp.wd.microsoft.com <br/> wu-cdn.x.cp.wd.microsoft.com <br/> *.blob.core.windows.net <br/> officecdn-microsoft-com.akamaized.net |
|
||||
| European Union | europe.x.cp.wd.microsoft.com |
|
||||
| United Kingdon | unitedkingdom.x.cp.wd.microsoft.com |
|
||||
| United Kingdom | unitedkingdom.x.cp.wd.microsoft.com |
|
||||
| United States | unitedstates.x.cp.wd.microsoft.com |
|
||||
|
||||
Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
|
||||
|
||||
@ -267,7 +267,7 @@ This rule blocks processes through PsExec and WMI commands from running, to prev
|
||||
>[!WARNING]
|
||||
>Only use this rule if you're managing your devices with [Intune](https://docs.microsoft.com/intune) or another MDM solution. This rule is incompatible with management through [System Center Configuration Manager](https://docs.microsoft.com/sccm) because this rule blocks WMI commands the SCCM client uses to function correctly.
|
||||
|
||||
This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019, SCCM CB 1802
|
||||
This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019
|
||||
|
||||
Intune name: Process creation from PSExec and WMI commands
|
||||
|
||||
@ -297,7 +297,7 @@ This rule prevents Outlook from creating child processes. It protects against so
|
||||
>[!NOTE]
|
||||
>This rule applies to Outlook and Outlook.com only.
|
||||
|
||||
This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019, SCCM CB 1810
|
||||
This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019
|
||||
|
||||
Intune name: Process creation from Office communication products (beta)
|
||||
|
||||
@ -309,11 +309,11 @@ GUID: 26190899-1602-49e8-8b27-eb1d0a1ce869
|
||||
|
||||
Through social engineering or exploits, malware can download and launch additional payloads and break out of Adobe Reader. This rule prevents attacks like this by blocking Adobe Reader from creating additional processes.
|
||||
|
||||
This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019, SCCM CB 1810
|
||||
This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019
|
||||
|
||||
Intune name: Process creation from Adobe Reader (beta)
|
||||
|
||||
SCCM name: Not applicable
|
||||
SCCM name: Not yet available
|
||||
|
||||
GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
|
||||
|
||||
@ -321,6 +321,8 @@ GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
|
||||
|
||||
Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden. With this rule, admins can prevent threats that abuse WMI to persist and stay hidden in WMI repository.
|
||||
|
||||
This rule was introduced in: Windows 10 1903, Windows Server 1903
|
||||
|
||||
Intune name: Block persistence through WMI event subscription
|
||||
|
||||
SCCM name: Not yet available
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 242 KiB After Width: | Height: | Size: 203 KiB |
Loading…
x
Reference in New Issue
Block a user