Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into autopilot

windows/security/threat-protection/TOC.md

@@ -343,6 +343,7 @@
 ##### Reporting
 ###### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
 ###### [Threat protection reports](windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md)
+###### [Machine health and compliance reports](windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md)
 
 ##### Role-based access control
 ###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/intelligence/coinminer-malware.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 # Coin miners
 

windows/security/threat-protection/intelligence/criteria.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 
 # How Microsoft identifies malware and potentially unwanted applications

windows/security/threat-protection/intelligence/exploits-malware.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 # Exploits and exploit kits
 

windows/security/threat-protection/intelligence/fileless-threats.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 
 # Fileless threats

windows/security/threat-protection/intelligence/macro-malware.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 # Macro malware
 

windows/security/threat-protection/intelligence/malware-naming.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 # Malware names
 

windows/security/threat-protection/intelligence/phishing.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 
 # Phishing

windows/security/threat-protection/intelligence/prevent-malware-infection.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 # Prevent malware infection
 

windows/security/threat-protection/intelligence/ransomware-malware.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 # Ransomware
 

windows/security/threat-protection/intelligence/rootkits-malware.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 # Rootkits
 

windows/security/threat-protection/intelligence/safety-scanner-download.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 # Microsoft Safety Scanner
 

windows/security/threat-protection/intelligence/submission-guide.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 
 # Submit files for analysis

windows/security/threat-protection/intelligence/supply-chain-malware.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 
 # Supply chain attacks

windows/security/threat-protection/intelligence/support-scams.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 # Tech support scams
 

windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 
 # Top scoring in industry tests
@@ -40,9 +41,13 @@ Windows Defender Antivirus is  part of the  [next generation](https://www.youtub
 
 The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the Protection category which has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware").
 
-- November - December 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/december-2018/microsoft-windows-defender-antivirus-4.18-185074/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWusR9) <sup>**Latest**</sup>
+- January - February 2019 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/december-2018/microsoft-windows-defender-antivirus-4.18-185074/) <sup>**Latest**</sup>
 
-    Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 19,956 malware samples. This is the fourth consecutive cycle that Windows Defender Antivirus achieved a perfect score.
+    Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 19,956 malware samples used. This is the fifth consecutive cycle that Windows Defender Antivirus achieved a perfect score.
+
+- November - December 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/december-2018/microsoft-windows-defender-antivirus-4.18-185074/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWusR9)
+
+    Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 19,956 malware samples.
 
 - September - October 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/october-2018/microsoft-windows-defender-antivirus-4.18-184174/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWqOqD)
 

windows/security/threat-protection/intelligence/trojans-malware.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 
 # Trojans

windows/security/threat-protection/intelligence/understanding-malware.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: conceptual
+search.appverid: met150
 ---
 # Understanding  malware & other threats
 

windows/security/threat-protection/intelligence/unwanted-software.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 # Unwanted software
 

windows/security/threat-protection/intelligence/worms-malware.md

@@ -12,6 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance  
 ms.topic: article
+search.appverid: met150
 ---
 
 # Worms

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -333,6 +333,7 @@
 #### Reporting
 ##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
 ##### [Threat protection reports](threat-protection-reports-windows-defender-advanced-threat-protection.md)
+##### [Machine health and compliance reports](machine-reports-windows-defender-advanced-threat-protection.md)
 
 #### Role-based access control
 ##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,82 @@
+---
+title: Machine health and compliance report in Windows Defender ATP
+description: Track machine health state detections, antivirus status, OS platform, and Windows 10 versions using the machine health and compliance report
+keywords: health state, antivirus, os platform, windows 10 version, version, health, compliance, state
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Machine health and compliance report in Windows Defender ATP
+ 
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+ 
+[!include[Prerelease information](prerelease.md)]
+ 
+The machines status report provides high-level information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, and Windows 10 versions.
+ 
+ 
+The dashboard is structured into two sections:
+ ![Image of the machine report](images/machine-reports.png)
+ 
+Section | Description 
+:---|:---
+1 | Machine trends
+2 | Machine summary (current day)
+ 
+ 
+ 
+By default, the machine trends displays machine information from the 30-day period ending in the latest full day. To gain better perspective on trends occurring in your organization, you can fine-tune the reporting period by adjusting the time period shown. To adjust the time period, select a time range from the drop-down options:
+ 
+- 30 days
+- 3 months
+- 6 months
+- Custom
+ 
+While the machines trends shows trending machine information, the machine summary shows machine information scoped to the current day.
+ 
+The machine trends section allows you to drill down to the machines list with the corresponding filter applied to it. For example, clicking on the Inactive bar in the Sensor health state card will bring you the machines list with results showing only machines whose sensor status is inactive. 
+ 
+ 
+ 
+ 
+## Machine attributes
+The report is made up of cards that display the following machine attributes:
+ 
+- **Health state**: shows information about the sensor state on devices, providing an aggregated view of devices that are active, experiencing impaired communications, inactive, or where no sensor data is seen.
+  
+- **Antivirus status for active Windows 10 machines**: shows the number of machines and status of Windows Defender Antivirus.
+    
+- **OS platforms**: shows the distribution of OS platforms that exists within your organization. 
+ 
+- **Windows 10 versions**: shows the distribution of Windows 10 machines and their versions in your organization.
+ 
+ 
+ 
+## Filter data
+ 
+Use the provided filters to include or exclude machines with certain attributes.
+
+You can select multiple filters to apply from the machine attributes. 
+ 
+>[!NOTE]
+>These filters apply to **all** the cards in the report.
+ 
+For example, to show data about Windows 10 machines with Active sensor health state:
+ 
+1. Under **Filters > Sensor health state > Active**.
+2. Then select **OS platforms > Windows 10**.
+3. Select **Apply**.
+
+

windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md

@@ -43,7 +43,7 @@ By default, the alert trends display alert information from the 30-day period en
 - 6 months
 - Custom
 
-While the alerts trends shows trending information alerts, the alert summary shows alert information scoped to the current day.
+While the alert trends shows trending alert information, the alert summary shows alert information scoped to the current day.
 
  The alert summary allows you to drill down to a particular alert queue with the corresponding filter applied to it. For example, clicking on the EDR bar in the Detection sources card will bring you the alerts queue with results showing only alerts generated from EDR detections. 
 

windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md

@@ -23,6 +23,13 @@ ms.topic: conceptual
 
 Here are the new features in the latest release of Windows Defender ATP as well as security features in Windows 10 and Windows Server.
 
+## March 2019
+### In preview
+The following capability are included in the February 2019 preview release. 
+
+- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection) <BR> The machine health and compliance report provides high-level information about the devices in your organization. 
+
+
 ## February 2019
 The following capabilities are generally available (GA).
 - [Incidents](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/incidents-queue) <BR> Incident is a new entity in Windows Defender ATP that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats. 

windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md

@@ -12,7 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 04/02/2019
 ---
 
 # Assign Security Group Filters to the GPO
@@ -23,7 +23,8 @@ ms.date: 04/19/2017
 
 To make sure that your GPO is applied to the correct computers, use the Group Policy Management MMC snap-in to assign security group filters to the GPO.
 
->**Important:**  This deployment guide uses the method of adding the Domain Computers group to the membership group for the main isolated domain after testing is complete and you are ready to go live in production. To make this method work, you must prevent any computer that is a member of either the boundary or encryption zone from applying the GPO for the main isolated domain. For example, on the GPOs for the main isolated domain, deny Read and Apply Group Policy permissions to the membership groups for the boundary and encryption zones.
+>[!IMPORTANT]
+>This deployment guide uses the method of adding the Domain Computers group to the membership group for the main isolated domain after testing is complete and you are ready to go live in production. To make this method work, you must prevent any computer that is a member of either the boundary or encryption zone from applying the GPO for the main isolated domain. For example, on the GPOs for the main isolated domain, deny Read and Apply Group Policy permissions to the membership groups for the boundary and encryption zones.
 
  
 
@@ -47,7 +48,8 @@ Use the following procedure to add a group to the security filter on the GPO tha
 
 3.  In the details pane, under **Security Filtering**, click **Authenticated Users**, and then click **Remove**.
 
-    >**Note:**  You must remove the default permission granted to all authenticated users and computers to restrict the GPO to only the groups you specify.
+    >[!NOTE]
+    >You must remove the default permission granted to all authenticated users and computers to restrict the GPO to only the groups you specify. If the GPO contains User settings, and the **Authenticated Users** group is removed, and new security filtering is added using a security group that only contains user accounts, the GPO can fail to apply. Details and various workarounds are mentioned in this [Microsoft blog](https://techcommunity.microsoft.com/t5/Core-Infrastructure-and-Security/Who-broke-my-user-GPOs/ba-p/258781). 
 
 4.  Click **Add**.