Merge pull request #2161 from MicrosoftDocs/master

Publish 2/27/2020 10:33 AM PST
2025-05-13 13:57:22 +00:00 · 2020-02-27 12:50:12 -06:00 · 2020-02-27 12:50:12 -06:00 · c1f29d099a
commit c1f29d099a
parent e594b3b49c 515a846fb9
13 changed files with 130 additions and 112 deletions
--- a/devices/hololens/hololens-commercial-infrastructure.md
+++ b/devices/hololens/hololens-commercial-infrastructure.md
@ -102,6 +102,7 @@ These steps ensure that your company’s users (or a group of users) can add dev
 > [!NOTE]
 > This step is only necessary if your company plans to manage the HoloLens.
 Ongoing device management will depend on your mobile device management infrastructure.  Most have the same general functionality but the user interface may vary widely.
 1. [CSPs (Configuration Service Providers)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices) allows you to create and deploy management settings for the devices on your network. A list of CSPs for HoloLens can be found [here](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices).
--- a/devices/hololens/hololens-updates.md
+++ b/devices/hololens/hololens-updates.md
@ -67,7 +67,7 @@ To go back to a previous version of HoloLens (1st gen), follow these steps:
 > [!NOTE]
 > If the WDRT doesn't detect your HoloLens, try restarting your PC. If that doesn't work, select **My device was not detected**, select **Microsoft HoloLens**, and then follow the instructions.
-# Use policies to manage updates to HoloLens
+## Use policies to manage updates to HoloLens
 > [!NOTE]
 > HoloLens (1st gen) devices must be [upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md) to manage updates.
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@ -127,11 +127,10 @@ Here is an example:
 <groupmembership>
    <accessgroup desc = "Administrators">
        <member name = "AzureAD\CSPTest@contoso.com" />
        <member name = "CSPTest22306\administrator" />
        <member name = "AzureAD\patlewis@contoso.com" />
        <member name = "S-1-15-1233433-23423432423-234234324"/>
    </accessgroup>
    <accessgroup desc = "testcsplocal">
        <member name = "CSPTEST22306\patlewis" />
        <member name = "AzureAD\CSPTest@contoso.com" />
    </accessgroup>
 </groupmembership>
@ -157,4 +156,3 @@ Footnotes:
 -   6 - Added in Windows 10, version 1903.
 <!--/Policies-->
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@ -8,8 +8,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: dolmont
+ms.author: ellevin
-author: DulceMontemayor
+author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
@ -18,7 +18,9 @@ ms.topic: article
 ---
 # Threat & Vulnerability Management scenarios
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
@ -26,7 +28,9 @@ ms.topic: article
 [!include[Prerelease information](../../includes/prerelease.md)]
 ## Before you begin
 Ensure that your machines:
 - Are onboarded to Microsoft Defender Advanced Threat Protection
 - Run with Windows 10 1709 (Fall Creators Update) or later
@ -47,15 +51,18 @@ Ensure that your machines:
 - Are tagged or marked as co-managed
 ## Reduce your threat and vulnerability exposure
 Threat & Vulnerability Management introduces a new exposure score metric, which visually represents how exposed your machines are to imminent threats.
 The exposure score is continuously calculated on each device in the organization and influenced by the following factors:
 - Weaknesses, such as vulnerabilities discovered on the device
 - External and internal threats such as public exploit code and security alerts
 - Likelihood of the device to get breached given its current security posture
 - Value of the device to the organization given its role and content
 The exposure score is broken down into the following levels:
 - 0–29: low exposure score
 - 30–69: medium exposure score
 - 70–100: high exposure score
@ -66,13 +73,17 @@ To lower down your threat and vulnerability exposure:
 1. Review the **Top security recommendations** from your **Threat & Vulnerability Management dashboard**, and select the first item on the list. The **Security recommendation** page opens.  
-   >>![Top security recommendations](images/tvm_security_recommendations.png)
+   There are two types of recommendations:
-   >[!NOTE]
+   - *Security update* which refers to recommendations that require a package installation
-   > There are two types of recommendations: 
+   - *Configuration change* which refers to recommendations that require a registry or GPO modification
-   > - <i>Security update</i> which refers to recommendations that require a package installation
+
-   > - <i>Configuration</i> change which refers to recommendations that require a registry or GPO modification
+   Always prioritize recommendations that are associated with ongoing threats:
-   > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight ![Threat insight](images/tvm_bug_icon.png) icon and possible active alert ![Possible active alert](images/tvm_alert_icon.png) icon.  
+
   - ![Threat insight](images/tvm_bug_icon.png) Threat insight icon
   - ![Possible active alert](images/tvm_alert_icon.png) Active alert icon
   >![Top security recommendations](images/tvm_security_recommendations.png)
 2. The **Security recommendations** page shows the list of items to remediate. Select the security recommendation that you need to investigate. When you select a recommendation from the list, a fly-out panel will display a description of what you need to remediate, number of vulnerabilities, associated exploits in machines, number of exposed machines and their machine names, business impact, and a list of CVEs. Click **Open software page** option from the flyout panel.  ![Details in security recommendations page](images/tvm_security_recommendations_page.png)
@ -87,7 +98,7 @@ To lower down your threat and vulnerability exposure:
 ## Improve your security configuration
 >[!NOTE]
-> Secure score is now part of Threat & Vulnerability Management as [configuration score](configuration-score.md).
+> Secure score is now part of Threat & Vulnerability Management as [Configuration score](configuration-score.md).
 You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your configuration score improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities.
@ -96,13 +107,14 @@ You can improve your security configuration when you remediate issues from the s
   >![Configuration score widget](images/tvm_config_score.png)
 2. Select the first item on the list. The flyout panel will open with a description of the security controls issue, a short description of the potential risk, insights, configuration ID, exposed machines, and business impact. Click **Remediation options**.
   ![Security controls related security recommendations](images/tvm_security_controls.png)
 3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to the email that you can send to your IT Administrator for follow-up.
   >![Request remediation](images/tvm_request_remediation.png).
-   >You will see a confirmation message that the remediation task has been created.
+   You will see a confirmation message that the remediation task has been created.
   >![Remediation task creation confirmation](images/tvm_remediation_task_created.png)
 4. Save your CSV file.
@ -113,6 +125,7 @@ You can improve your security configuration when you remediate issues from the s
 6. Review the machine **Configuration score** widget again. The number of the security controls issues will decrease. When you click **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be listed there anymore, and your configuration score should increase.
 ## Request a remediation 
 >[!NOTE]
 >To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on.
@ -134,6 +147,7 @@ See [Use Intune to remediate vulnerabilities identified by Microsoft Defender AT
 >If your request involves remediating more than 10,000 machines, we can only send 10,000 machines for remediation to Intune.
 ## File for exception
 With Threat & Vulnerability Management, you can create exceptions for recommendations, as an alternative to a remediation request.
 There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons.
@ -142,7 +156,6 @@ Exceptions can be created for both *Security update* and *Configuration change*
 When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list.
 1. Navigate to the **Security recommendations** page under the **Threat & Vulnerability Management** section menu.
 2. Click the top-most recommendation. A flyout panel opens with the recommendation details.
@ -183,24 +196,27 @@ DeviceName=any(DeviceName) by DeviceId, AlertId
 ```
-## Conduct an inventory of software or software versions which have reached their end-of-life
+## Conduct an inventory of software or software versions which have reached end-of-support (EOS)
 End-of-life for software or software versions means that they will no longer be supported nor serviced. When you use software or software versions which have reached their end-of-life, you're exposing your organization to security vulnerabilities, legal, and financial risks. 
-It is crucial for you as Security and IT Administrators to work together and ensure that your organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem. 
+End-of-support (otherwise known as end-of-life) for software or software versions means that they will no longer be supported or serviced. When you use software or software versions which have reached end-of-support, you're exposing your organization to security vulnerabilities, legal, and financial risks.
 It is crucial for Security and IT Administrators to work together and ensure that the organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem.
 To conduct an inventory of software or software versions which have reached end-of-support:
 To conduct an inventory of software or software versions which have reached their end of life:
 1. From the Threat & Vulnerability Management menu, navigate to **Security recommendations**.
-2. Go to the **Filters** panel and select **Software uninstall** from **Remediation Type** options if you want to see the list of software recommendations associated with software which have reached their end-of-life (tagged as **EOL software**). Select **Software update** from **Remediation Type** options if you want to see the list of software recommendations associated with software and software versions which have reached their end-of-life (tagged as **EOL versions installed**). 
+2. Go to the **Filters** panel and select **Software uninstall** from **Remediation Type** options to see the list of software recommendations associated with software which have reached end of support (tagged as **EOS software**).
-3. Select a software that you'd like to investigate. A fly-out screen opens where you can select **Open software page**.
+3. Select **Software update** from **Remediation Type** options to see the list of software recommendations associated with software and software versions which have reached end-of-support (tagged as **EOS versions installed**).
 4. Select software that you'd like to investigate. A fly-out screen opens where you can select **Open software page**.
 ![Screenshot of Security recommendation for a software that reached its end of life page](images/secrec_flyout.png)
-4. In the **Software page** select the **Version distribution** tab to know which versions of the software have reached their end-of-life, and how many vulnerabilities were discovered in it.
+5. In the **Software page** select the **Version distribution** tab to know which versions of the software have reached their end-of-support, and how many vulnerabilities were discovered in it.
-![Screenshot of software details for a software that reached its end of life](images/secrec_sw_details.png) 
+![Screenshot of software details for a software that reached its end of support](images/secrec_sw_details.png)
 After you have identified which software and software versions are vulnerable due to its end-of-life status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. See [Remediation and exception](tvm-remediation.md) for details.
 After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. See [Remediation and exception](tvm-remediation.md) for details.
 ## Related topics
 - [Supported operating systems and platforms](tvm-supported-os.md)
 - [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
 - [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
@ -83,6 +83,9 @@ Learn more at https://www.cyren.com/products/url-filtering.
 Cyren is offering a 60-day free trial for all Microsoft Defender ATP customers. To sign up, please follow the steps below from the portal.
 >[!NOTE]
 >Make sure to add the URL you get redirected to by the signup process to the list of approved domains. 
 >[!NOTE]
 >A user with AAD app admin/global admin permissions is required to complete these steps.