Merge branch 'WDAM-CU-Mar-pre-flight-iawilt-working' of https://github.com/Microsoft/win-cpub-itpro-docs into WDAM-CU-Mar-pre-flight-iawilt-working

windows/keep-secure/WDAV-working/configure-block-at-first-sight-windows-defender-antivirus.md

@@ -1,7 +1,7 @@
 ---
 title: Enable Block at First Sight to detect malware in seconds
-description: In Windows 10 the Block at First Sight feature determines and blocks new malware variants in seconds. You can enable the feature with Group Policy.
-keywords: scan, BAFS, malware, first seen, first sight, cloud, MAPS, defender
+description: Enable the Block at First sight feature to detect and block malware within seconds, and validate that it is configured correctly.
+keywords: scan, BAFS, malware, first seen, first sight, cloud, defender
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -16,7 +16,7 @@ author: iaanw
 
 
 
-# Configure the Block at First Sight feature
+# Enable and validate the Block at First Sight feature
 
 **Applies to**
 
@@ -56,7 +56,7 @@ In many cases this process can reduce the response time to new malware from hour
 > Suspicious file downloads requiring additional backend processing to reach a determination will be locked by Windows Defender on the first machine where the file is encountered, until it is finished uploading to the backend. Users will see a longer "Running security scan" message in the browser while the file is being uploaded. This might result in what appear to be slower download times for some files.
 
 
-## Confirm Block at First Sight is enabled
+## Confirm and validate Block at First Sight is enabled
 
 Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender deployments in enterprise networks.
 
@@ -112,6 +112,36 @@ You can confirm that Block at First Sight is enabled in Windows Settings. The fe
 
 2.	Confirm that **Cloud-based Protection** and **Automatic sample submission** are switched to **On**.
 
+### Validate Block at First Sight is working
+
+Tthere are two scenarios that fall into the Block at First Sight feature:
+<EFBFBD>	Scenario 1: Windows Defender AV cloud-based protection is able to determine the file is malware or clean based on data sent from the endpoint 
+<EFBFBD>	Scenario 2: Windows Defender AV needs to process the file in the cloud-based protection back-end to reach a verdict
+ 
+You can validate Scenario 1 by downloading and attempting to save a sample test file from http://aka.ms/ioavtest.
+
+If BLock at First Sight is configured correctly, you wil lreceive a notification from Windows Defender AV and, depending on your browser, a notice that says the file contained a virus and was deleted.
+
+The Windows Defender AV notification:
+malware-detected
+
+The notification in Edge:
+bafs-edge
+
+
+The notification in Internet Explorer:
+bafs-ie
+
+
+
+The notification in Chrome: 
+chrome-ie
+
+
+
+ - if everything is configured correctly Windows Defender Cloud Protection will determine the file is malware (without needing a copy of the file) and block it based purely on metadata sent to the cloud. 
+
+
 ## Disable Block at First Sight
 
 > [!WARNING]

windows/keep-secure/WDAV-working/configure-cloud-block-timeout-period-windows-defender-antivirus.md

@@ -1,6 +1,6 @@
 ---
 title: Configure the cloud block timeout period
-description: You can configure how long Windows Defender Antivirus will block a file from running while waiting for a cloud determination
+description: You can configure how long Windows Defender Antivirus will block a file from running while waiting for a cloud determination.
 keywords: windows defender antivirus, antimalware, security, defender, cloud, timeout, block, period, seconds
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security

windows/keep-secure/WDAV-working/configure-network-connections-windows-defender-antivirus.md

@@ -1,6 +1,6 @@
 ---
 title: Configure and test Windows Defender Antivirus network connections
-description: Configure and test your connection to the Windows Defender Antivirus cloud
+description: Configure and test your connection to the Windows Defender Antivirus cloud-delivered protection service.
 keywords: windows defender antivirus, antimalware, security, defender, cloud, aggressiveness, protection level
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security

windows/keep-secure/WDAV-working/enable-cloud-protection-windows-defender-antivirus.md

@@ -1,6 +1,6 @@
 ---
-title: Enable cloud-delivered antivirus protection in Windows Defender Antivirus (Windows 10)
-description: Enable cloud-delivered protection in Windows Defender Antivirus
+title: Enable cloud-delivered protection in Windows Defender Antivirus
+description: Enable cloud-delivered protection to benefit from fast and advanced protection features.
 keywords: windows defender antivirus, antimalware, security, defender, cloud, block at first sight
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security

windows/keep-secure/WDAV-working/specify-cloud-protection-level-windows-defender-antivirus.md

@@ -1,6 +1,6 @@
 ---
-title: Specify cloud protection level in Windows Defender Antivirus
-description: Set the aggressiveness of cloud-delivered protection in Windows Defender Antivirus
+title: Specify cloud-delivered protection level in Windows Defender Antivirus
+description: Set the aggressiveness of cloud-delivered protection in Windows Defender Antivirus.
 keywords: windows defender antivirus, antimalware, security, defender, cloud, aggressiveness, protection level
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security

windows/keep-secure/WDAV-working/utilize-microsoft-cloud-protection-windows-defender-antivirus.md

@@ -24,10 +24,12 @@ author: iaanw
 
 Cloud-delivered protection for Windows Defender Antivirus, also referred to as Microsoft Advanced Protection Service (MAPS), provides you with strong, fast protection in addition to our standard real-time protection.
 
+
+
 >[!NOTE] 
 >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional signature updates.
 
-Enabling cloud-delivered protection helps detect and block new malware <EFBFBD> even if the malware has never been seen before <EFBFBD> without needing to wait for a traditionally delivered definition update to block it. Definition updates can take hours to prepare and deliver; our cloud service can deliver updated protection in seconds. 
+Enabling cloud-delivered protection helps detect and block new malware - even if the malware has never been seen before - without needing to wait for a traditionally delivered definition update to block it. Definition updates can take hours to prepare and deliver; our cloud service can deliver updated protection in seconds. 
 
 Cloud-delivered protecton is enabled by default, however you may need to re-enable it if it has been disabled as part of previous organizational policies.
 
@@ -35,7 +37,7 @@ The following table describes the differences in cloud-based protection between
 
 
 Feature | Windows 8.1 (Group Policy) | Windows 10, version 1607 (Group Policy) | Windows 10, version 1703 (Group Policy) | Configuration manager 2012 | Configuration manager (current branch) | Microsoft Intune
----|---|---|---|---|
+---|---|---|---|---|---|---
 Cloud-protection service label | Microsoft Advanced Protection Service | Microsoft Advanced Protection Service | Cloud-based Protection | NA | Cloud protection service | Microsoft Advanced Protection Service
 Reporting level (MAPS membership level) | Basic, Advanced | Advanced | Advanced | Dependent on Windows version | Dependent on Windows version | Dependent on Windows version
 Block at first sight availability | No | Yes | Yes | Not configurable | Configurable | No
@@ -53,44 +55,3 @@ Cloud block timeout period | No | No | Configurable | Not configurable | Configu
 
 
 
-## Manage cloud-based protection
-
-Windows Defender offers improved cloud-based protection and threat intelligence for endpoint protection clients using the Microsoft Active Protection Service. Read more about the Microsoft Active Protection Service community in [Join the Microsoft Active Protection Service community](http://windows.microsoft.com/windows-8/join-maps-community).
-
-You can enable or disable the Microsoft Active Protection Service using *Group Policy* settings and administrative template files.
-
-More information on deploying administrative template files for Windows Defender is available in the article [Description of the Windows Defender Group Policy administrative template settings](https://support.microsoft.com/kb/927367).
-
-The Microsoft Active Protection Service can be configured with the following *Group Policy* settings:
-
-1.  Open the **Group Policy Editor**.
-2.  In the **Local Computer Policy** tree, expand **Computer Configuration**, then **Administrative Templates**, then **Windows Components**, then **Windows Defender**.
-3.  Click on **MAPS**.
-4.  Double-click on **Join Microsoft MAPS**.
-5.  Select your configuration option from the **Join Microsoft MAPS** list.
-
-    >**Note:**<2A><>Any settings modified on an endpoint will be overridden by the administrator's policy setting.
-    <20>
-Use the Windowsdefender.adm *Group Policy* template file to control the policy settings for Windows Defender in Windows<77>10:
-
-Policy setting: **Configure Microsoft SpyNet Reporting**
-
-Registry key name: **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\SpyNet\\SpyNetReporting**
-
-Policy description: **Adjusts membership in Microsoft Active Protection Service**
-
-You can also configure preferences using the following PowerShell parameters:
-
--   Turn Microsoft Active Protection Service off: *Set-MpPreference -MAPSReporting 0*
--   Turn Microsoft Active Protection Service on: *Set-MpPreference -MAPSReporting 2*
-
-Read more about this in:
-
--   [Scripting with Windows PowerShell](https://technet.microsoft.com/library/bb978526.aspx)
--   [Defender Cmdlets](https://technet.microsoft.com/library/dn433280.aspx)
-
->**Note:**<2A><>Any information that Windows Defender collects is encrypted in transit to our servers, and then stored in secure facilities. Microsoft takes several steps to avoid collecting any information that directly identifies you, such as your name, email address, or account ID.
-<EFBFBD>
-Read more about how to manage your privacy settings in [Setting your preferences for Windows 10 services](http://windows.microsoft.com/windows-10/services-setting-preferences).
-
-