diff --git a/windows/deployment/update/images/update-compliance-wdav-assessment.png b/windows/deployment/update/images/update-compliance-wdav-assessment.png index 28b6de40b7..266c5b7210 100644 Binary files a/windows/deployment/update/images/update-compliance-wdav-assessment.png and b/windows/deployment/update/images/update-compliance-wdav-assessment.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-overview.png b/windows/deployment/update/images/update-compliance-wdav-overview.png new file mode 100644 index 0000000000..977478fb74 Binary files /dev/null and b/windows/deployment/update/images/update-compliance-wdav-overview.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-prot-status.png b/windows/deployment/update/images/update-compliance-wdav-prot-status.png index 8fb768030f..2c6c355ca4 100644 Binary files a/windows/deployment/update/images/update-compliance-wdav-prot-status.png and b/windows/deployment/update/images/update-compliance-wdav-prot-status.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-query-not-assessed.png b/windows/deployment/update/images/update-compliance-wdav-query-not-assessed.png new file mode 100644 index 0000000000..733bfb6ae7 Binary files /dev/null and b/windows/deployment/update/images/update-compliance-wdav-query-not-assessed.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-status-add-filter.png b/windows/deployment/update/images/update-compliance-wdav-status-add-filter.png index a4a9d770da..d914960a7a 100644 Binary files a/windows/deployment/update/images/update-compliance-wdav-status-add-filter.png and b/windows/deployment/update/images/update-compliance-wdav-status-add-filter.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-status-filter-apply.png b/windows/deployment/update/images/update-compliance-wdav-status-filter-apply.png index bc4eeb434e..7d8021b02e 100644 Binary files a/windows/deployment/update/images/update-compliance-wdav-status-filter-apply.png and b/windows/deployment/update/images/update-compliance-wdav-status-filter-apply.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-status-filter.png b/windows/deployment/update/images/update-compliance-wdav-status-filter.png index 7dd857d81b..cd500c2cb3 100644 Binary files a/windows/deployment/update/images/update-compliance-wdav-status-filter.png and b/windows/deployment/update/images/update-compliance-wdav-status-filter.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-status-log.png b/windows/deployment/update/images/update-compliance-wdav-status-log.png index 964859c1ee..30e2e2352f 100644 Binary files a/windows/deployment/update/images/update-compliance-wdav-status-log.png and b/windows/deployment/update/images/update-compliance-wdav-status-log.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-status-query.png b/windows/deployment/update/images/update-compliance-wdav-status-query.png index 696556924a..c7d1a436fe 100644 Binary files a/windows/deployment/update/images/update-compliance-wdav-status-query.png and b/windows/deployment/update/images/update-compliance-wdav-status-query.png differ diff --git a/windows/deployment/update/images/update-compliance-wdav-threat-status.png b/windows/deployment/update/images/update-compliance-wdav-threat-status.png index b904a73b58..ada9c09bbf 100644 Binary files a/windows/deployment/update/images/update-compliance-wdav-threat-status.png and b/windows/deployment/update/images/update-compliance-wdav-threat-status.png differ diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index 9f15faeaf1..08daf13df1 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -42,6 +42,7 @@ The first blade of OMS Update Compliance is the General **OS Update Overview** b ![OS Update Overview](images/uc-11.png) + This blade is divided into three sections: - Device Summary: - Needs Attention Summary @@ -143,7 +144,13 @@ Devices are evaluated by OS Version (e.g., 1607) and the count of how many are C ## Windows Defender Antivirus Assessment -If you're using [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) to protect devices in your organization, you can use this section to review the overall status of key protection features, including the number of devices that have [always-on real-time protection](/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) and [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus) enabled. +You'll notice some new tiles in the Overview blade which provide a summary of Windows Defender AV-related issues, highlighted in the following screenshot. + +![verview blade showing a summary of key Windows Defender Antivirus issues](images/update-compliance-wdav-overview.png) + +The **AV Signature** chart shows the number of devices that either have up-to-date [protection updates (also known as signatures or definitions)](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus), while the **Windows Defender AV Status** tile indicates the percentage of all assessed devices that are not updated and do not have real-time protection enabled. The Windows Defender Antivirus Assessment section provides more information that lets you investigate potential issues. + +If you're using [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) to protect devices in your organization and have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus), you can use this section to review the overall status of key protection features, including the number of devices that have [always-on real-time protection](/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) and up-to-date definitions. There are two blades in the Windows Defender AV Assessment section: @@ -156,7 +163,7 @@ The **Protection Status** blade shows three key measurements: 1. How many devices have old or current signatures (also known as protection updates or definitions) 2. How many devices have the core Windows Defender AV always-on scanning feature enabled, called real-time protection -3. How many devices are in the **Not assessed** state, indicating a 3rd party antivirus product is running on those devices, or the device has not been seen by Windows Defender AV for more than 7 days + ![Windows Defender Antivirus protection status in Update Compliance](images/update-compliance-wdav-prot-status.png) @@ -164,20 +171,20 @@ See the [Manage Windows Defender AV updates and apply baselines](/windows/threat The **Threats Status** blade shows the following measurements: -1. Number of devices that have threats that have been remediated (removed or quarantined on the device) -2. Number of devices that have threats where remediation was not successful (this may indicate a manual reboot or clean is required) -3. Number of devices that require a reboot or other action to complete remediation +1. How many devices that have threats that have been remediated (removed or quarantined on the device) +2. How many devices that have threats where remediation was not successful (this may indicate a manual reboot or clean is required) + ![Windows Defender Antivirus threat status in Update Compliance](images/update-compliance-wdav-threat-status.png) Devices can be in multiple states at once, as one device may have multiple threats, some of which may or may not be remediated. > [!IMPORTANT] -> The data reported in Update Compliance can be delayed by up to 24 hours. Devices that are listed as requiring further action may continue to have that status even if the further action has been completed and remediation was successful. +> The data reported in Update Compliance can be delayed by up to 24 hours. See the [Customize, initiate, and review the results of Windows Defender AV scans and remediation](/windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus) topic for more information on how to perform scans and other manual remediation tasks. -As with other blades in Update Compliance, clicking on a specific measurement or item will open the associated query that you can use to investigate individual devices and issues, described below. +As with other blades in Update Compliance, clicking on a specific measurement or item will open the associated query that you can use to investigate individual devices and issues, as described below. ### Investigate individual devices and threats @@ -187,12 +194,18 @@ Click on any of the status measurements to be taken to a pre-built log query tha ![Sample Windows Defender AV query in Update Compliance](images/update-compliance-wdav-status-log.png) +You can also find a pre-built query on the main Update Compliance screen, under the **Queries** blade, that lists devices that have not been assessed for Windows Defender AV. + +![Overview blade showing a summary of key Windows Defender Antivirus issues](images/update-compliance-wdav-query-not-assessed.png) -You can further filter the query by clicking any of the measurement labels for each incident, changing the values in the query filter pane, and then clicking **Apply**. + + + +You can further filter queries by clicking any of the measurement labels for each incident, changing the values in the query filter pane, and then clicking **Apply**. ![Click the Apply button on the left pane](images/update-compliance-wdav-status-filter-apply.png)