diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index b15fa65bb2..81696cd310 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -79,6 +79,11 @@ "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations", "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy", + "redirect_document_id": true }, { "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md", diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index 8e84d077d5..b511fd100f 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -165,7 +165,10 @@ The following image illustrates how MDM applications will show up in the Azure a ### Add cloud-based MDM to the app gallery -You should work with the Azure AD engineering team if your MDM application is cloud-based. The following table shows the required information to create an entry in the Azure AD app gallery. +> [!NOTE] +> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application + +The following table shows the required information to create an entry in the Azure AD app gallery. diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 05c983440b..6012a60ed9 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1,13 +1,13 @@ --- title: Policy CSP - System -description: Learn policy settings that determines whether users can access the Insider build controls in the advanced options for Windows Update. +description: Learn policy settings that determine whether users can access the Insider build controls in the advanced options for Windows Update. ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 08/12/2020 +ms.date: 10/14/2020 ms.reviewer: manager: dansimp --- @@ -212,14 +212,13 @@ The following list shows the supported values: -This policy setting controls whether Microsoft is a processor or controller for Windows diagnostic data collected from devices. +This policy setting opts the device into the Windows enterprise data pipeline. -If you enable this policy and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data. +If you enable this setting, data collected from the device will be opted into the Windows enterprise data pipeline. -If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device. +If you disable or don't configure this setting, all data from the device will be collected and processed in accordance with our policies for the Windows standard data pipeline. ->[!Note] -> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device. +Configuring this setting does not change the telemetry collection level or the ability of the user to change the level. This setting only applies to the Windows operating system and apps included with Windows, not third-party apps or services running on Windows 10. @@ -234,8 +233,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) - Do not use the Windows Commercial Data Pipeline -- 1 - Use the Windows Commercial Data Pipeline +- 0 (default) - Disabled. +- 1 - Enabled. @@ -245,7 +244,9 @@ The following list shows the supported values: +
+ **System/AllowDeviceNameInDiagnosticData** @@ -488,7 +489,7 @@ The following list shows the supported values: -Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts. +Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally installed fonts. This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled). @@ -509,7 +510,7 @@ ADMX Info: The following list shows the supported values: -- 0 - false - No traffic to fs.microsoft.com and only locally-installed fonts are available. +- 0 - false - No traffic to fs.microsoft.com and only locally installed fonts are available. - 1 - true (default) - There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them. @@ -1605,7 +1606,7 @@ The following list shows the supported values: This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. -To enable this behavior you must complete two steps: +To enable this behavior, you must complete two steps: - + @@ -239,7 +239,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format

The data type is boolean. Supported operation is Get and Replace. **InBoxApps/Welcome/CurrentBackgroundPath** -

Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons). +

Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.

The data type is string. Supported operation is Get and Replace. diff --git a/windows/deployment/update/delivery-optimization-proxy.md b/windows/deployment/update/delivery-optimization-proxy.md index 1c4a8224fc..21e355ea15 100644 --- a/windows/deployment/update/delivery-optimization-proxy.md +++ b/windows/deployment/update/delivery-optimization-proxy.md @@ -54,7 +54,7 @@ With NetworkService (if unable to obtain a user token from a signed-in user): |---------|---------| |Internet Explorer proxy, current user | No | |Internet Explorer proxy, device-wide | Yes | -|netsh proxy | No | +|netsh proxy | Yes | |Both Internet Explorer proxy (current user) *and* netsh proxy | Yes, netsh proxy is used | |Both Internet Explorer proxy (device-wide) *and* netsh proxy | Yes, netsh proxy is used | @@ -76,4 +76,4 @@ However, you can set the Connected Cache server to use an unauthenticated proxy. - [How can I configure Proxy AutoConfigURL Setting using Group Policy Preference (GPP)?](https://docs.microsoft.com/archive/blogs/askie/how-can-i-configure-proxy-autoconfigurl-setting-using-group-policy-preference-gpp) - [How to use GPP Registry to uncheck automatically detect settings? ](https://docs.microsoft.com/archive/blogs/askie/how-to-use-gpp-registry-to-uncheck-automatically-detect-settings) -- [How to configure a proxy server URL and Port using GPP Registry?](https://docs.microsoft.com/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry) \ No newline at end of file +- [How to configure a proxy server URL and Port using GPP Registry?](https://docs.microsoft.com/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry) diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 727ec90959..68b9bc63f3 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -5,7 +5,7 @@ manager: laurawi description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. ms.prod: w10 ms.mktglfcycl: deploy -ms.collection: M365initiative-coredeploy +ms.collection: m365initiative-coredeploy audience: itpro author: jaimeo ms.localizationpriority: medium diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 77c469b79d..d6edc9cf57 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium ms.author: jaimeo ms.collection: - M365-modern-desktop -- M365initiative-coredeploy +- m365initiative-coredeploy ms.topic: article --- @@ -137,7 +137,7 @@ If you set up Delivery Optimization to create peer groups that include devices a Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80. -**What are the requirements if I use a proxy?**: You must allow Byte Range requests. See [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update) for details. +**What are the requirements if I use a proxy?**: For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](https://docs.microsoft.com/windows/deployment/update/delivery-optimization-proxy). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update). **What hostnames should I allow through my firewall to support Delivery Optimization?**: @@ -193,6 +193,7 @@ If you don’t see any bytes coming from peers the cause might be one of the fol - Clients aren’t able to reach the Delivery Optimization cloud services. - The cloud service doesn’t see other peers on the network. - Clients aren’t able to connect to peers that are offered back from the cloud service. +- None of the computers on the network are getting updates from peers. ### Clients aren't able to reach the Delivery Optimization cloud services. @@ -204,7 +205,6 @@ If you suspect this is the problem, try these steps: 3. If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**. - ### The cloud service doesn't see other peers on the network. If you suspect this is the problem, try these steps: @@ -223,6 +223,15 @@ If you suspect this is the problem, try a Telnet test between two devices on the 2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success. +### None of the computers on the network are getting updates from peers + +If you suspect this is the problem, check Delivery Optimization settings that could limit participation in peer caching. Check whether the following settings in assigned group policies, local group policies, are MDM policies are too restrictive: + +- Minimum RAM (inclusive) allowed to use peer caching +- Minimum disk size allowed to use peer caching +- Enable peer caching while the device connects using VPN. +- Allow uploads when the device is on battery while under the set battery level + diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md index 2dc3cc3ff3..f473a704b2 100644 --- a/windows/deployment/update/waas-integrate-wufb.md +++ b/windows/deployment/update/waas-integrate-wufb.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage author: jaimeo ms.localizationpriority: medium ms.author: jaimeo -ms.collection: M365initiative-coredeploy +ms.collection: m365initiative-coredeploy manager: laurawi ms.topic: article --- diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index 1ee1fa50de..737657aea5 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -9,7 +9,7 @@ ms.author: jaimeo ms.reviewer: manager: laurawi ms.topic: article -ms.collection: M365initiative-coredeploy +ms.collection: m365initiative-coredeploy --- # Prepare servicing strategy for Windows 10 updates diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 6f780e8656..5c22b5cd47 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage author: jaimeo ms.localizationpriority: medium ms.author: jaimeo -ms.collection: M365initiative-coredeploy +ms.collection: m365initiative-coredeploy manager: laurawi ms.topic: article --- diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index f1d655d44b..445b6d5c18 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -158,11 +158,11 @@ To check and repair system files: ### Repair unsigned drivers -Drivers that are not properly signed can block the upgrade process. Drivers might not be properly signed if you: +[Drivers](https://docs.microsoft.com/windows-hardware/drivers/gettingstarted/what-is-a-driver-) are files ending in *.dll or *.sys that are used to communicate with hardware components. Because drivers are so important, they are cryptographically signed to ensure they are genuine. Drivers with a *.sys extension that are not properly signed frequently block the upgrade process. Drivers might not be properly signed if you: - Disabled driver signature verification (highly not recommended). - A catalog file used to sign a driver is corrupt or missing. -Catalog files are used to sign drivers. If a catalog file is corrupt or missing, the driver will appear to be unsigned, even though it should be signed. This can cause the upgrade process to fail. To restore the catalog file, reinstall the driver or copy the catalog file from another device. You might need to analyze another device to determine the catalog file that is associated with the unsigned driver. All drivers should be signed to ensure the upgrade process works. + Catalog files (files with a *.cat extension) are used to sign drivers. If a catalog file is corrupt or missing, the driver will appear to be unsigned, even though it should be signed. To restore the catalog file, reinstall the driver or copy the catalog file from another device. You might need to analyze another device to determine the catalog file that is associated with the unsigned driver. All drivers should be signed to ensure the upgrade process works. To check your system for unsigned drivers: @@ -178,7 +178,7 @@ To check your system for unsigned drivers: 7. After the scanning process is complete, if you see **Your files have been scanned and verified as digitally signed** then you have no unsigned drivers. Otherwise, you will see **The following files have not been digitally signed** and a list will be provided with name, location, and version of all unsigned drivers. 8. To view and save a log file, click **Advanced**, and then click **View Log**. Save the log file if desired. 9. Locate drivers in the log file that are unsigned, write down the location and file names. Also write down the catalog that is associated to the driver if it is provided. If the name of a catalog file is not provided you might need to analyze another device that has the same driver with sigverif and sigcheck (described below). -10. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. +10. The next step is to check that the driver reported as unsigned by sigverif.exe has a problem. In some cases, sigverif.exe might not be successful at locating the catalog file used to sign a driver, even though the catalog file exists. To perform a detailed driver check, download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. [Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. To use sigcheck: @@ -208,6 +208,8 @@ To check your system for unsigned drivers: Valid to: 11:46 AM 5/9/2018 (output truncated) ``` + In the example above, the afd.sys driver is properly signed by the catalog file Package_163_for_KB4054518~31bf3856ad364e35~x86~~6.1.1.2.cat. + 13. Optionally, you can generate a list of drivers using driverquery.exe, which is included with Windows. To save a list of signed and unsigned drivers with driverquery, type **driverquery /si > c:\drivers.txt** and press ENTER. See the following example: diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md index 7b104bdcb0..90ab13ce23 100644 --- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md @@ -96,6 +96,7 @@ The following methodology was used to derive the network endpoints: |activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows |adl.windows.com|HTTP|Used for compatibility database updates for Windows |spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile +|cs.dds.microsoft.com|TLSV1.2|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices. ## Windows 10 Pro @@ -161,6 +162,7 @@ The following methodology was used to derive the network endpoints: |activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows |adl.windows.com|HTTP|Used for compatibility database updates for Windows |spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile +|cs.dds.microsoft.com|TLSV1.2|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices. ## Windows 10 Education diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md index e6d36e6967..b5dfff553e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.md +++ b/windows/security/identity-protection/hello-for-business/hello-faq.md @@ -75,6 +75,7 @@ Communicating with Azure Active Directory uses the following URLs: - enterpriseregistration.windows.net - login.microsoftonline.com - login.windows.net +- account.live.com If your environment uses Microsoft Intune, you need these additional URLs: - enrollment.manage.microsoft.com diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md index 6ae2dcfe4c..a5f4583231 100644 --- a/windows/security/threat-protection/intelligence/fileless-threats.md +++ b/windows/security/threat-protection/intelligence/fileless-threats.md @@ -43,7 +43,7 @@ A fully fileless malware can be considered one that never requires writing a fil A compromised device may also have malicious code hiding in device firmware (such as a BIOS), a USB peripheral (like the BadUSB attack), or in the firmware of a network card. All these examples don't require a file on the disk to run, and can theoretically live only in memory. The malicious code would survive reboots, disk reformats, and OS reinstalls. -Infections of this type can be extra difficult deal with because antivirus products usually don’t have the capability to inspect firmware. Even if they did, it would be extremely challenging to detect and remediate threats at this level. This type of fileless malware requires high levels of sophistication and often depends on particular hardware or software configuration. It’s not an attack vector that can be exploited easily and reliably. While dangerous, threats of this type are uncommon and not practical for most attacks. +Infections of this type can be particularly difficult to detect because most antivirus products don’t have the capability to inspect firmware. In cases where a product does have the ability to inspect and detect malicious firmware, there are still significant challenges associated with remediation of threats at this level. This type of fileless malware requires high levels of sophistication and often depends on particular hardware or software configuration. It’s not an attack vector that can be exploited easily and reliably. While dangerous, threats of this type are uncommon and not practical for most attacks. ## Type II: Indirect file activity diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/images/win-security- exp-policy-endpt-security.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/win-security- exp-policy-endpt-security.png new file mode 100644 index 0000000000..e4b306fd92 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-antivirus/images/win-security- exp-policy-endpt-security.png differ diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index c49d6a763f..6cc3ece08f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -1,6 +1,6 @@ --- title: Protect security settings with tamper protection -ms.reviewer: shwjha +ms.reviewer: shwjha, hayhov manager: dansimp description: Use tamper protection to prevent malicious apps from changing important security settings. keywords: malware, defender, antivirus, tamper protection @@ -14,7 +14,7 @@ audience: ITPro author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 10/08/2020 +ms.date: 10/14/2020 --- # Protect security settings with tamper protection @@ -136,22 +136,24 @@ If you're using [version 2006 of Configuration Manager](https://docs.microsoft.c 1. Set up tenant attach. See [Microsoft Endpoint Manager tenant attach: Device sync and device actions](https://docs.microsoft.com/mem/configmgr/tenant-attach/device-sync-actions). -2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and choose **+ Create Policy**. +2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and choose **+ Create Policy**.
-3. Configure tamper protection as part of the new policy. + - In the **Platform** list, select **Windows 10 and Windows Server (ConfigMgr)**. + + - In the **Profile** list, select **Windows Security experience (preview)**.
+ + The following screenshot illustrates how to create your policy: -4. Deploy the policy to your device collection. + :::image type="content" source="images/win-security- exp-policy-endpt-security.png" alt-text="Windows security experience in Endpoint Manager"::: + +3. Deploy the policy to your device collection. Need help? See the following resources: -- [Antivirus policy for endpoint security in Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-security-antivirus-policy) - - [Settings for the Windows Security experience profile in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/antivirus-security-experience-windows-settings) - [Tech Community Blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin) -- [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy) - ## View information about tampering attempts @@ -161,7 +163,7 @@ When a tampering attempt is detected, an alert is raised in the [Microsoft Defen ![Microsoft Defender Security Center](images/tamperattemptalert.png) -Using [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) capabilities in Microsoft Defender ATP, your security operations team can investigate and address such attempts. +Using [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) capabilities in Microsoft Defender for Endpoint, your security operations team can investigate and address such attempts. ## Review your security recommendations @@ -179,7 +181,7 @@ To learn more about Threat & Vulnerability Management, see [Threat & Vulnerabili ### To which Windows OS versions is configuring tamper protection is applicable? -Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). +Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). If you are using Configuration Manager, version 2006 with tenant attach, tamper protection can be extended to Windows Server 2019. See [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy). @@ -189,13 +191,13 @@ No. Third-party antivirus offerings will continue to register with the Windows S ### What happens if Microsoft Defender Antivirus is not active on a device? -Tamper protection will not have any impact on such devices. +Devices that are onboarded to Microsoft Defender for Endpoint will have Microsoft Defender Antivirus running in passive mode. Tamper protection will continue to protect the service and its features. ### How can I turn tamper protection on/off? If you are a home user, see [Turn tamper protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine). -If you are an organization using [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See the following sections of this article: +If you are an organization using [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See the following sections of this article: - [Turn tamper protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune) @@ -216,9 +218,9 @@ Some sample Microsoft Defender Antivirus settings: Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\\
Value `DisableRealtimeMonitoring` = 0 -### For Microsoft Defender ATP E5, is configuring tamper protection in Intune targeted to the entire organization only? +### For Microsoft Defender for Endpoint, is configuring tamper protection in Intune targeted to the entire organization only? -Configuring tamper protection in Intune can be targeted to your entire organization as well as to specific devices and user groups. +Configuring tamper protection in Intune or Microsoft Endpoint Manager can be targeted to your entire organization as well as to specific devices and user groups. ### Can I configure Tamper Protection in Microsoft Endpoint Configuration Manager? @@ -226,9 +228,9 @@ If you are using tenant attach, you can use Microsoft Endpoint Configuration Man ### I have the Windows E3 enrollment. Can I use configuring tamper protection in Intune? -Currently, configuring tamper protection in Intune is only available for customers who have [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). +Currently, configuring tamper protection in Intune is only available for customers who have [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). -### What happens if I try to change Microsoft Defender ATP settings in Intune, Microsoft Endpoint Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device? +### What happens if I try to change Microsoft Defender for Endpoint settings in Intune, Microsoft Endpoint Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device? You won’t be able to change the features that are protected by tamper protection; such change requests are ignored. @@ -236,9 +238,9 @@ You won’t be able to change the features that are protected by tamper protecti No. Local admins cannot change or modify tamper protection settings. -### What happens if my device is onboarded with Microsoft Defender ATP and then goes into an off-boarded state? +### What happens if my device is onboarded with Microsoft Defender for Endpoint and then goes into an off-boarded state? -In this case, tamper protection status changes, and this feature is no longer applied. +If a device is off-boarded from Microsoft Defender for Endpoint, tamper protection is turned on, which is the default state for unmanaged devices. ### Will there be an alert about tamper protection status changing in the Microsoft Defender Security Center? @@ -254,6 +256,6 @@ In addition, your security operations team can use hunting queries, such as the [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) -[Get an overview of Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) +[Get an overview of Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) -[Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection](why-use-microsoft-defender-antivirus.md) +[Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md index 23418c880c..6edfd475aa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 3d0596a066..b70734bf7c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md index 4c894c657b..d2d946c3fb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md index b1ca5d6277..0a77813dd2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs ms.date: 09/24/2020 diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 4d6b8f369b..ef999e9cca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -17,7 +17,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs ms.custom: AIR diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md index 1dde7195b9..8d29204276 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md @@ -17,7 +17,7 @@ ms.custom: - edr ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint --- # Behavioral blocking and containment diff --git a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md index 94b228841a..52e97e1b70 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md @@ -17,7 +17,7 @@ ms.custom: - edr ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint --- # Client behavioral blocking diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md index 82e701c6e9..2f52d63533 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md @@ -40,7 +40,7 @@ You'll need to know the exact Linux distros and macOS versions that are compatib You'll need to take the following steps to onboard non-Windows devices: 1. Select your preferred method of onboarding: - - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-atp-mac). + - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac). - For other non-Windows devices choose **Onboard non-Windows devices through third-party integration**. 1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md index b6a1734953..23f1b28355 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 8d3133a0cf..12c3637695 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index e0044d7767..b5679d1756 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -18,7 +18,7 @@ ms.custom: ms.date: 08/21/2020 ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint --- # Endpoint detection and response (EDR) in block mode diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md index 60fa3bbb66..4d724bc3ca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md index 6d68413d04..1b20360ecd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md index 79ea086abc..37ca52cd85 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md index 1a81d14c1a..7bd899fd9b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md index 3ea4a81ef3..f5c2fcb4ce 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md index 9248b00bc1..419b64c153 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md index 6ad54fdad1..fb1109d764 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md index 0c27dfa596..5419c76996 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md index 67e50c3db9..7593f22e63 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigation.md b/windows/security/threat-protection/microsoft-defender-atp/investigation.md index 74aab18e01..87bac34185 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index 3e1d3e88ec..abb45e662b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index 589ac8f728..be3fe61fbf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md index 18efc534bd..04c810e52c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual hideEdit: true --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md new file mode 100644 index 0000000000..4a18d89818 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md @@ -0,0 +1,78 @@ +--- +title: Microsoft Defender ATP for iOS note on Privacy +ms.reviewer: +description: Describes the Microsoft Defender ATP for iOS Privacy +keywords: microsoft, defender, atp, iOS, license, terms, application, use, installation, service, feedback, scope, +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: sunasing +author: sunasing +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +hideEdit: true +--- + +# Microsoft Defender ATP for iOS - Privacy information + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for iOS](microsoft-defender-atp-ios.md) + +>[!NOTE] +> Microsoft Defender ATP for iOS uses a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. Microsoft or your organization **does not see your browsing activity**. + +Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP. + +Information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected and to support the service. + +## Required data + +Required data consists of data that is necessary to make Microsoft Defender ATP for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. Here's a list of the types of data being collected: + +### Web page / Network information + +- Connection information +- Protocol type (such as HTTP, HTTPS, etc.) + +### Device and account information + +- Device information such as date & time, iOS version, CPU info, and Device identifier +- Device identifier is one of the below: + - Wi-Fi adapter MAC address + - Randomly generated globally unique identifier (GUID) + +- Tenant, Device, and User information + - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory. + - Azure tenant ID - GUID that identifies your organization within Azure Active Directory + - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted + - User Principal Name – Email ID of the user + +### Product and service usage data + +- App package info, including name, version, and app upgrade status +- Actions performed in the app +- Crash report logs generated by iOS +- Memory usage data + +## Optional data + +Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself. + +Optional diagnostic data includes: + +- App, CPU, and network usage +- Features configured by the admin + +**Feedback Data** is collected through in-app feedback provided by the user. + +- The user’s email address, if they choose to provide it +- Feedback type (smile, frown, idea) and any feedback comments submitted by the user + +[More on Privacy](https://aka.ms/mdatpiosprivacystatement) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md index 8b27316acf..39f57d1213 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual hideEdit: true --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index 40e11bc1ae..8bee109c6f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index bb7ea0b659..3012e87c2c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 29d00b8682..2cc5610a4c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index 5329ff85b5..68fe2b6926 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md index 4623b9404c..e2944beb87 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md index f8a1528015..58b9c14323 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index 0c0540d5fd..7c779b7d9d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md index 5b58e7360d..d3b7796378 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index cf4c908330..3406767afa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 14bdaf18cd..15d0e69c78 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index 22da390046..8390f37105 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro mms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md index 75b74c04c6..dd01c882b0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md index 4ee52d6643..8e290c8ff5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 7a94346bfa..3eeb408c4d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md index 6f531869c4..59d65172e9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md index 70327e5dbc..3f720e90e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md index 8a12f3b24a..a1fd86434f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- @@ -197,7 +197,7 @@ To approve the system extensions: 9. As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Download `netfilter.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig), save it as netext.xml and deploy it using the same steps as in the previous sections. -10. To allow Defender and Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. +10. To allow Microsoft Defender ATP for Mac and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. 11. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index 9f1df1d2eb..b02fdd72d5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md index d889ac46d6..1e43a13d07 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md index 2905fb1e88..04cb07cd04 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md index d043bfc33d..ffd3980a4a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md index fb8ad38590..a56afd0ef7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md index f0e31f2f99..ec94cef29a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md index a721605327..42d1a1e3fd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md index d2c603c8a2..266a05a30f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 787970e267..83030035f2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- @@ -46,6 +46,9 @@ If you can reproduce a problem, increase the logging level, run the system for s 3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. + > [!TIP] + > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the directory where diagnostic logs are saved, pass `--path [directory]` to the below command, replacing `[directory]` with the desired directory. + ```bash sudo mdatp diagnostic create ``` @@ -99,7 +102,7 @@ Important tasks, such as controlling product settings and triggering on-demand s |Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action audit` | |Configuration|Turn on/off passiveMode |`mdatp config passive-mode --value enabled [enabled/disabled]` | |Diagnostics |Change the log level |`mdatp log level set --level [error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create` | +|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [directory]` | |Health |Check the product's health |`mdatp health` | |Health |Check for a spefic product attribute |`mdatp health --field [attribute: healthy/licensed/engine_version...]` | |Protection |Scan a path |`mdatp scan custom --path [path]` | diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md index da8701705a..fdad212625 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md index 78aef5a5d7..f4a32380f3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md index fb981aa16e..d369e94d36 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md index 090950a69c..a05f815303 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md index edaed64d2b..385a3fddb2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index fc8f955180..f53075c405 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ROBOTS: noindex,nofollow --- @@ -64,7 +64,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender >JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed. >As such, the following steps provide a workaround that involve signing the configuration profile. -1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` +1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` using a text editor: ```xml @@ -127,21 +127,38 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender ``` -2. Verify that the above file was copied correctly. From the Terminal, run the following command and verify that it outputs `OK`: +2. Verify that the above file was copied correctly by running the `plutil` utility in the Terminal: ```bash - $ plutil -lint com.microsoft.network-extension.mobileconfig - com.microsoft.network-extension.mobileconfig: OK + $ plutil -lint /com.microsoft.network-extension.mobileconfig ``` -3. Follow the instructions on [this page](https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority) to create a signing certificate using JAMF’s built-in certificate authority - -4. After the certificate is created and installed to your device, run the following command from the Terminal: + For example, if the file was stored in Documents: ```bash - $ security cms -S -N "" -i com.microsoft.network-extension.mobileconfig -o com.microsoft.network-extension.signed.mobileconfig + $ plutil -lint ~/Documents/com.microsoft.network-extension.mobileconfig ``` + + Verify that the command outputs `OK`. + + ```bash + /com.microsoft.network-extension.mobileconfig: OK + ``` + +3. Follow the instructions on [this page](https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority) to create a signing certificate using JAMF’s built-in certificate authority. +4. After the certificate is created and installed to your device, run the following command from the Terminal to sign the file: + + ```bash + $ security cms -S -N "" -i /com.apple.webcontent-filter.mobileconfig -o /com.microsoft.network-extension.signed.mobileconfig + ``` + + For example, if the certificate name is **SigningCertificate** and the signed file is going to be stored in Documents: + + ```bash + $ security cms -S -N "SigningCertificate" -i ~/Documents/com.apple.webcontent-filter.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig + ``` + 5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.microsoft.network-extension.signed.mobileconfig` when prompted for the file. ## Intune diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md index 2f83c71bf8..86a435cc65 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ROBOTS: noindex,nofollow --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md index c67b6de1e3..740aaacb77 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index c3c24ac819..ca4617cc28 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- @@ -43,6 +43,17 @@ ms.topic: conceptual > 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md). > 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update. +## 101.09.50 + +- This product version has been validated on macOS Big Sur 11 beta 9 +- The new syntax for the `mdatp` command-line tool is now the default one. For more information on the new syntax, see [Resources for Microsoft Defender ATP for Mac](mac-resources.md#configuring-from-the-command-line) + + > [!NOTE] + > The old command-line tool syntax will be removed from the product on **January 1st, 2021**. + +- Extended `mdatp diagnostic create` with a new parameter (`--path [directory]`) that allows the diagnostic logs to be saved to a different directory +- Performance improvements & bug fixes + ## 101.09.49 - User interface improvements to differentiate exclusions that are managed by the IT administrator versus exclusions defined by the local user diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index fe448008b1..ab130cb910 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ms.date: 09/15/2020 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md index d60924e1fc..458c0798ce 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md index aefc151c14..04dc76e4e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md index bcdc9ac3e3..4b4a872950 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md index be494de5b9..118ea48672 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 667e35238c..ea21452763 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 5a96df370a..06899fd04e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md index 0e6a5a3770..e04a02313b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md index fe2daca8e4..4aed901842 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index 0fab8add04..3e712cd6f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -61,7 +61,7 @@ For detailed licensing information, see the [Product Terms site](https://www.mic For more information on the array of features in Windows 10 editions, see [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare). -For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://go.microsoft.com/fwlink/p/?linkid=2069559). +For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://wfbdevicemanagementprod.blob.core.windows.net/windowsforbusiness/Windows10_CommercialEdition_Comparison.pdf). ## Browser requirements Access to Microsoft Defender ATP is done through a browser, supporting the following browsers: diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index 6ec6e5ba57..4443433ac4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md index 3a52dc1d5f..55fe2974c7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ms.date: 5/1/2020 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md index 0aff954d23..a40530476f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md index 0af52385dc..bdb20dff52 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md index 1be7e019e4..86dbfb50a0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Event timeline - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index ad34d33afc..77b4642f92 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index 087609d893..eca2eff41e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Threat and vulnerability management dashboard insights diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index ddebda2984..1773f17654 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Exposure score - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md index 7578763d5b..59c5598a86 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Microsoft Secure Score for Devices diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 847425a5c6..96e22571c0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Remediation activities and exceptions - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 7aa0b7c039..723a90bded 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Security recommendations - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index d87740df9c..13d0634456 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Software inventory - threat and vulnerability management @@ -28,7 +28,7 @@ ms.topic: conceptual >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -The software inventory in threat and vulnerability management is a list of all the software in your organization. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices. +The software inventory in threat and vulnerability management is a list of all the software in your organization with known vulnerabilities. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices. ## How it works diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index f142e959a4..4de1a79a1e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- # Supported operating systems and platforms - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index 27a8549bbe..523a9d850b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Weaknesses found by threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index ef2b779d74..38c6bd4b37 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ---

ErrorContext valueStage where error occuredStage where error occurred Description and suggestions