diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md index bed077a506..96c9783664 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md @@ -16,9 +16,9 @@ If you’re having problems launching your legacy apps while running Internet Ex **To turn managed browser hosting controls back on** -1. **For x86 systems or for 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**. +1. **For x86 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**. -2. **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**. +2. **For 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**. For more information, see the [Web Applications](https://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page. diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index 13f0987eca..b6470b0c3d 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -22,6 +22,9 @@ For a step-by-step guide for setting up devices to run in kiosk mode, see [Set u > [!Warning] > You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups. +> [!Note] +> If the application calls KeyCredentialManager.IsSupportedAsync when it is running in assigned access mode and it returns false on the first run, invoke the settings screen and select a convenience PIN to use with Windows Hello. This is the settings screen that is hidden by the application running in assigned access mode. You can only use Windows Hello if you first leave assigned access mode, select your convenience pin, and then go back into assigned access mode again. + > [!Note] > The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S. Starting in Windows 10, version 1803, it is also supported in Windows Holographic for Business edition. diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index 22ee108fb4..6a8c928ee7 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -553,7 +553,7 @@ The following code shows sample provisioning XML (presented in the preceding pac - + @@ -562,7 +562,7 @@ The following code shows sample provisioning XML (presented in the preceding pac - + diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index f6626284ef..c51f4ad30a 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -67,7 +67,7 @@ Added in Windows 10, version 1803. This policy allows the IT admin to control wh > [!Note] > MDMWinsOverGP only applies to policies in Policy CSP. It does not apply to other MDM settings with equivalent GP settings that are defined on other configuration service providers. -This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. +This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. Note: This policy doesn’t support the Delete command and doesn’t support setting the value to 0 again after it was previously set to 1. Windows 10 version 1809 will support using the Delete command to set the value to 0 again, if it was previously set to 1. The following list shows the supported values: diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md index 77dea602cf..f5d0d53a0f 100644 --- a/windows/client-management/mdm/reboot-csp.md +++ b/windows/client-management/mdm/reboot-csp.md @@ -30,7 +30,7 @@ The following diagram shows the Reboot configuration service provider management > [!Note]   > If this node is set to execute during a sync session, the device will reboot at the end of the sync session. -

The supported operations are Execute and Get. +

The supported operations are Execute and Get.

**Schedule**

The supported operation is Get.

diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md index e3351b8c80..95f47c5df9 100644 --- a/windows/client-management/mdm/reclaim-seat-from-user.md +++ b/windows/client-management/mdm/reclaim-seat-from-user.md @@ -29,7 +29,7 @@ The **Reclaim seat from user** operation returns reclaimed seats for a user in t -

POST

+

DELETE

https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}

diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md index 543252e8f2..9ead93e55b 100644 --- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md +++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md @@ -50,6 +50,9 @@ When the ADMX policies are imported, the registry keys to which each policy is w > [!Warning] > Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. +> [!NOTE] +> Settings that cannot be configured using custom policy ingestion have to be set by pushing the appropriate registry keys directly (for example, by using PowerShell script). + ## Ingesting an app ADMX file The following ADMX file example shows how to ingest a Win32 or Desktop Bridge app ADMX file and set policies from the file. The ADMX file defines eight policies. diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md index 436a96f0a8..79761a6c5d 100644 --- a/windows/configuration/kiosk-prepare.md +++ b/windows/configuration/kiosk-prepare.md @@ -57,6 +57,9 @@ Logs can help you [troubleshoot issues](multi-app-kiosk-troubleshoot.md) kiosk i In addition to the settings in the table, you may want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, whether from an update or power outage, you can sign in the assigned access account manually or you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device do not prevent automatic sign in. +>[!NOTE] +>If you are using a Windows 10 and later device restriction CSP to set "Preferred Azure AD tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile. + >[!TIP] >If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML. diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md index 582639b74e..57bdd0311c 100644 --- a/windows/deployment/update/waas-delivery-optimization-reference.md +++ b/windows/deployment/update/waas-delivery-optimization-reference.md @@ -79,7 +79,7 @@ Additional options available that control the impact Delivery Optimization has o - [Max Upload Bandwidth](#max-upload-bandwidth) controls the Delivery Optimization upload bandwidth usage. - [Monthly Upload Data Cap](#monthly-upload-data-cap) controls the amount of data a client can upload to peers each month. - [Minimum Background QoS](#minimum-background-qos) lets administrators guarantee a minimum download speed for Windows updates. This is achieved by adjusting the amount of data downloaded directly from Windows Update or WSUS servers, rather than other peers in the network. -- [Maximum Foreground Download Bandwidth](#maximum-foreground-download-bandwidth) specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. +- [Maximum Foreground Download Bandwidth](#maximum-foreground-download-bandwidth) specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. - [Maximum Background Download Bandwidth](#maximum-background-download-bandwidth) specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. - [Set Business Hours to Limit Background Download Bandwidth](#set-business-hours-to-limit-background-download-bandwidth) specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. - [Set Business Hours to Limit Foreground Download Bandwidth](#set-business-hours-to-limit-foreground-download-bandwidth) specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index 13c1dce96d..ee8f3c4fde 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -42,6 +42,9 @@ When **Configure Automatic Updates** is enabled in Group Policy, you can enable - **Turn off auto-restart for updates during active hours** prevents automatic restart during active hours. - **No auto-restart with logged on users for scheduled automatic updates installations** prevents automatic restart when a user is signed in. If a user schedules the restart in the update notification, the device will restart at the time the user specifies even if a user is signed in at the time. This policy only applies when **Configure Automatic Updates** is set to option **4-Auto download and schedule the install**. +> [!NOTE] +> When using Remote Desktop Protocol connections, only active RDP sessions are considered as logged on users. Devices that do not have locally logged on users, or active RDP sessions, will be restarted. + You can also use Registry, to prevent automatic restarts when a user is signed in. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4** and enable **NoAutoRebootWithLoggedOnUsers**. As with Group Policy, if a user schedules the restart in the update notification, it will override this setting. For a detailed description of these registry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart). @@ -159,8 +162,9 @@ In the Group Policy editor, you will see a number of policy settings that pertai >[!NOTE] >You can only choose one path for restart behavior. -> >If you set conflicting restart policies, the actual restart behavior may not be what you expected. +>When using RDP, only active RDP sessions are considered as logged on users. + ## Registry keys used to manage restart The following tables list registry values that correspond to the Group Policy settings for controlling restarts after updates in Windows 10. diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md index ea9214c57b..9942044960 100644 --- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md +++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md @@ -86,7 +86,7 @@ If you have devices that appear in other solutions, but not Device Health (the D 3. Verify that the Commercial ID is present in the device's registry. For details see [https://gpsearch.azurewebsites.net/#13551](https://gpsearch.azurewebsites.net/#13551). 4. Confirm that devices have opted in to provide diagnostic data by checking in the registry that **AllowTelemetry** is set to 2 (Enhanced) or 3 (Full) in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** (or **HKLM\Software\Policies\Microsoft\Windows\DataCollection**, which takes precedence if set). 5. Verify that devices can reach the endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). Also check settings for SSL inspection and proxy authentication; see [Configuring endpoint access with SSL inspection](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started#configuring-endpoint-access-with-ssl-inspection) for more information. -6. Remove the Device Health (appears as DeviceHealthProd on some pages) from your Log Analytics workspace +6. Add the Device Health solution back to your Log Analytics workspace. 7. Wait 48 hours for activity to appear in the reports. 8. If you need additional troubleshooting, contact Microsoft Support. diff --git a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md index 3eff878d63..b7b51ae981 100644 --- a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md +++ b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md @@ -29,10 +29,10 @@ In order to use the direct connection scenario, set the parameter **ClientProxy= This is the first and most simple proxy scenario. The WinHTTP stack was designed for use in services and does not support proxy autodetection, PAC scripts or authentication. In order to set the WinHTTP proxy system-wide on your computers, you need to -•Use the command netsh winhttp set proxy \:\ -•Set ClientProxy=System in runconfig.bat +- Use the command netsh winhttp set proxy \:\ +- Set ClientProxy=System in runconfig.bat -The WinHTTP scenario is most appropriate for customers who use a single proxy or f. If you have more advanced proxy requirements, refer to Scenario 3. +The WinHTTP scenario is most appropriate for customers who use a single proxy. If you have more advanced proxy requirements, refer to Scenario 3. If you want to learn more about proxy considerations on Windows, see [Understanding Web Proxy Configuration](https://blogs.msdn.microsoft.com/ieinternals/2013/10/11/understanding-web-proxy-configuration/). diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md index dd8545387c..2fea892b96 100644 --- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md +++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md @@ -133,11 +133,9 @@ If you have already established a KMS infrastructure in your organization for an 1. Download and install the correct update for your current KMS host operating system. Restart the computer as directed. 2. Request a new KMS host key from the Volume Licensing Service Center. 3. Install the new KMS host key on your KMS host. -4. Activate the new KMS host key by running the slmrg.vbs script. +4. Activate the new KMS host key by running the slmgr.vbs script. For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590). ## See also - [Volume Activation for Windows 10](volume-activation-windows-10.md) -  - diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 923bfedcb3..58d06760a9 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -194,7 +194,7 @@ See the following table for a summary of the management settings for Windows Ser See the following table for a summary of the management settings for Windows Server 2016 Server Core. | Setting | Group Policy | Registry | Command line | -| - | :-: | :-: | :-: | :-: | :-: | +| - | :-: | :-: | :-: | | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [6. Font streaming](#font-streaming) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | @@ -209,7 +209,7 @@ See the following table for a summary of the management settings for Windows Ser See the following table for a summary of the management settings for Windows Server 2016 Nano Server. | Setting | Registry | Command line | -| - | :-: | :-: | :-: | :-: | :-: | +| - | :-: | :-: | | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | | | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | | | [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | @@ -508,11 +508,11 @@ To turn off Insider Preview builds for Windows 10: | Registry Key | Registry path | |------------------------------------------------------|-----------------------------------------------------------------------------------------------------| -| Turn on Suggested Sites| HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites
REG_DWORD: Enabled
**Set Value to: 0**| -| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer
REG_DWORD: AllowServicePoweredQSA
**Set Value to: 0**| -| Turn off the auto-complete feature for web addresses | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\CurrentVersion\\Explorer\\AutoComplete
REG_SZ: AutoSuggest
Set Value to: **no** | -| Turn off browser geolocation | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Geolocation
REG_DWORD: PolicyDisableGeolocation
**Set Value to: 1** | -| Prevent managing SmartScreen filter | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter
REG_DWORD: EnabledV9
**Set Value to: 0** | +| Turn on Suggested Sites| HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites
REG_DWORD: Enabled
**Set Value to: 0**| +| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer
REG_DWORD: AllowServicePoweredQSA
**Set Value to: 0**| +| Turn off the auto-complete feature for web addresses |HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\CurrentVersion\\Explorer\\AutoComplete
REG_SZ: AutoSuggest
Set Value to: **no** | +| Turn off browser geolocation | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Geolocation
REG_DWORD: PolicyDisableGeolocation
**Set Value to: 1** | +| Prevent managing SmartScreen filter | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter
REG_DWORD: EnabledV9
**Set Value to: 0** | There are more Group Policy objects that are used by Internet Explorer: @@ -527,10 +527,10 @@ You can also use Registry keys to set these policies. | Registry Key | Registry path | |------------------------------------------------------|-----------------------------------------------------------------------------------------------------| -| Choose whether employees can configure Compatibility View. | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation
REG_DWORD: DisableSiteListEditing
**Set Value to 1**| -| Turn off the flip ahead with page prediction feature | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\FlipAhead
REG_DWORD: Enabled
**Set Value to 0**| -| Turn off background synchronization for feeds and Web Slices | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds
REG_DWORD: BackgroundSyncStatus
**Set Value to 0**| -| Allow Online Tips | HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer
REG_DWORD: AllowOnlineTips
**Set Value to 0 (zero)**| +| Choose whether employees can configure Compatibility View. | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation
REG_DWORD: DisableSiteListEditing
**Set Value to 1**| +| Turn off the flip ahead with page prediction feature | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\FlipAhead
REG_DWORD: Enabled
**Set Value to 0**| +| Turn off background synchronization for feeds and Web Slices | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds
REG_DWORD: BackgroundSyncStatus
**Set Value to 0**| +| Allow Online Tips | HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer
REG_DWORD: AllowOnlineTips
**Set Value to 0**| To turn off the home page, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank**. @@ -634,6 +634,8 @@ To disable the Microsoft Account Sign-In Assistant: - Apply the Accounts/AllowMicrosoftAccountSignInAssistant MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on. + -or- + - Change the **Start** REG_DWORD registry setting in **HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\wlidsvc** to a value of **4**. @@ -1857,10 +1859,6 @@ You can disconnect from the Microsoft Antimalware Protection Service. - Use the registry to set the REG_DWORD value **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SpyNetReporting** to **0 (zero)**. - -and- - -- Delete the registry setting **named** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Updates**. - -OR- - For Windows 10 only, apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index e3ea1030dd..b0d3c9f294 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,6 +32,8 @@ sections: - type: markdown text: " + + @@ -66,11 +68,21 @@ sections:
" +- title: May 2019 +- items: + - type: markdown + text: " +
SummaryOriginating updateStatusDate resolved
Latest cumulative update (KB 4495667) installs automatically
Reports that the optional cumulative update (KB 4495667) installs automatically.

See details >		OS Build 17763.475

May 03, 2019
KB4495667		Resolved
May 08, 2019
03:37 PM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809

See details >		OS Build 17763.437

April 09, 2019
KB4493509		Resolved
May 08, 2019
03:30 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 17763.379

March 12, 2019
KB4489899		Resolved
KB4495667		May 03, 2019
12:40 PM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

See details >		OS Build 17763.404

April 02, 2019
KB4490481		Resolved
KB4493509		April 09, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Resolved
KB4493509		April 09, 2019
10:00 AM PT
+ +
DetailsOriginating updateStatusHistory
Latest cumulative update (KB 4495667) installs automatically
Due to a servicing side issue some users were offered KB4495667 (optional update) automatically and rebooted devices. This issue has been mitigated.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution:: This issue has been mitigated on the servicing side to prevent auto installing of this update. Customers do not need to take any action.

Back to top		OS Build 17763.475

May 03, 2019
KB4495667		Resolved
Resolved:
May 08, 2019
03:37 PM PT

Opened:
May 05, 2019
12:01 PM PT
+ " + - title: April 2019 - items: - type: markdown text: " +
DetailsOriginating updateStatusHistory
System may be unresponsive after restart if ArcaBit antivirus software installed
ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).

Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue for affected platforms. For more information, see the ArcaBit support article.

Resolution: This issue has been resolved. ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Resolved
Resolved:
May 08, 2019
03:30 PM PT

Opened:
April 09, 2019
10:00 AM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Resolution: This issue was resolved in KB4493509.

Back to top		OS Build 17763.404

April 02, 2019
KB4490481		Resolved
KB4493509		Resolved:
April 09, 2019
10:00 AM PT

Opened:
April 02, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index bc2c08ed65..2b50998415 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -65,13 +65,13 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + + @@ -92,9 +92,9 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Latest cumulative update (KB 4495667) installs automatically
Reports that the optional cumulative update (KB 4495667) installs automatically.

See details >		OS Build 17763.475

May 03, 2019
KB4495667		Mitigated
May 05, 2019
12:01 PM PT
Devices with some Asian language packs installed may receive an error
After installing the KB4493509 devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_F

See details >		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
May 03, 2019
10:59 AM PT
Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007
Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive an error.

See details >		OS Build 17763.379

March 12, 2019
KB4489899		Mitigated
May 02, 2019
04:47 PM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

See details >		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
April 25, 2019
02:00 PM PT
Issue using PXE to start a device from WDS
Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

See details >		OS Build 17763.379

March 12, 2019
KB4489899		Mitigated
April 09, 2019
10:00 AM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Mitigated
April 09, 2019
10:00 AM PT
Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Microsoft has identified issues with certain new Intel display drivers, which accidentally turn on unsupported features in Windows.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Mitigated
March 15, 2019
12:00 PM PT
Latest cumulative update (KB 4495667) installs automatically
Reports that the optional cumulative update (KB 4495667) installs automatically.

See details >		OS Build 17763.475

May 03, 2019
KB4495667		Resolved
May 08, 2019
03:37 PM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809

See details >		OS Build 17763.437

April 09, 2019
KB4493509		Resolved
May 08, 2019
03:30 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 17763.379

March 12, 2019
KB4489899		Resolved
KB4495667		May 03, 2019
12:40 PM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

See details >		OS Build 17763.404

April 02, 2019
KB4490481		Resolved
KB4493509		April 09, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Resolved
KB4493509		April 09, 2019
10:00 AM PT
- +
DetailsOriginating updateStatusHistory
Latest cumulative update (KB 4495667) installs automatically
Due to a servicing side issue some users were offered 4495667 (optional update) automatically. This issue has been mitigated.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Next steps: This issue has been mitigated on the servicing side to prevent auto installing of this update. Customers do not need to take any action.

Back to top		OS Build 17763.475

May 03, 2019
KB4495667		Mitigated
Last updated:
May 05, 2019
12:01 PM PT

Opened:
May 05, 2019
12:01 PM PT
Devices with some Asian language packs installed may receive an error
After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround:
  1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
  2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
  1. Go to Settings app -> Recovery.
  2. Click on Get Started under \"Reset this PC\" recovery option.
  3. Select \"Keep my Files\".
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
Last updated:
May 03, 2019
10:59 AM PT

Opened:
May 02, 2019
04:36 PM PT
Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007
When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\"
 
Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround: You can use another browser, such as Internet Explorer to print your documents.
 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.379

March 12, 2019
KB4489899		Mitigated
Last updated:
May 02, 2019
04:47 PM PT

Opened:
May 02, 2019
04:47 PM PT
Latest cumulative update (KB 4495667) installs automatically
Due to a servicing side issue some users were offered KB4495667 (optional update) automatically and rebooted devices. This issue has been mitigated.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution:: This issue has been mitigated on the servicing side to prevent auto installing of this update. Customers do not need to take any action.

Back to top		OS Build 17763.475

May 03, 2019
KB4495667		Resolved
Resolved:
May 08, 2019
03:37 PM PT

Opened:
May 05, 2019
12:01 PM PT
" @@ -103,7 +103,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493509
 
Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).

Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue for affected platforms. For more information, see the ArcaBit support article.

Resolution: This issue has been resolved. ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Resolved
Resolved:
May 08, 2019
03:30 PM PT

Opened:
April 09, 2019
10:00 AM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Resolution: This issue was resolved in KB4493509.

Back to top		OS Build 17763.404

April 02, 2019
KB4490481		Resolved
KB4493509		Resolved:
April 09, 2019
10:00 AM PT

Opened:
April 02, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index a15923a007..ef1b22e4bf 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,10 +60,10 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ - @@ -85,9 +85,9 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Mitigated
May 08, 2019
03:29 PM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Mitigated
May 03, 2019
08:50 AM PT
Authentication may fail for services after the Kerberos ticket expires
Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

See details >		March 12, 2019
KB4489878		Mitigated
April 25, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Mitigated
April 25, 2019
02:00 PM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Mitigated
April 25, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Mitigated
April 25, 2019
02:00 PM PT
Devices may not respond at login or Welcome screen if running certain Avast software
Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

See details >		April 09, 2019
KB4493472		Resolved
April 25, 2019
02:00 PM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		January 08, 2019
KB4480970		Resolved
KB4493472		April 09, 2019
10:00 AM PT
+ -
DetailsOriginating updateStatusHistory
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493472		Mitigated
Last updated:
May 08, 2019
03:29 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493472		Mitigated
Last updated:
May 03, 2019
08:50 AM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493472		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493472		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client:  Windows 8.1; Windows 7 SP1
  • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Guidance for McAfee customers can be found in the following McAfee support articles: 
Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information.

Back to top		April 09, 2019
KB4493472		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
Devices may not respond at login or Welcome screen if running certain Avast software
Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install KB4493472 and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1 
Resolution: Avast has released emergency updates to address this issue. For more information and AV update schedule, see the Avast support KB article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 75805707fb..e159932ae6 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,10 +60,10 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ - @@ -86,9 +86,9 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493446		Mitigated
May 08, 2019
03:29 PM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493446		Mitigated
May 03, 2019
08:50 AM PT
Issue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

See details >		March 12, 2019
KB4489881		Mitigated
April 25, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493446		Mitigated
April 25, 2019
02:00 PM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493446		Mitigated
April 25, 2019
02:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

See details >		January 08, 2019
KB4480963		Mitigated
April 25, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Mitigated
April 18, 2019
05:00 PM PT
Devices may not respond at login or Welcome screen if running certain Avast software
Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

See details >		April 09, 2019
KB4493446		Resolved
April 25, 2019
02:00 PM PT
+ -
DetailsOriginating updateStatusHistory
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493446		Mitigated
Last updated:
May 08, 2019
03:29 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493446		Mitigated
Last updated:
May 03, 2019
08:50 AM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493446		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493446		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client:  Windows 8.1; Windows 7 SP1
  • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Guidance for McAfee customers can be found in the following McAfee support articles:  
Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information. 

Back to top		April 09, 2019
KB4493446		Mitigated
Last updated:
April 18, 2019
05:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
Devices may not respond at login or Welcome screen if running certain Avast software
Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install KB4493446 and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1 
Resolution: Avast has released emergency updates to address this issue. For more information and AV update schedule, see the Avast support KB article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md index 1dabe3c95d..6f0dbf9f41 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.md +++ b/windows/security/identity-protection/hello-for-business/hello-faq.md @@ -15,7 +15,7 @@ ms.topic: article localizationpriority: medium ms.date: 08/19/2018 --- -# Windows Hello for Business Frequently Ask Questions +# Windows Hello for Business Frequently Asked Questions **Applies to** - Windows 10 @@ -27,7 +27,7 @@ Windows Hello for Business is the modern, two-factor credential for Windows 10. Microsoft is committed to its vision of a world without passwords. We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication. Microsoft recommends customers using Windows 10 and convenience PINs should move to Windows Hello for Business. New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. ## Can I deploy Windows Hello for Business using System Center Configuration Manager? -Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no long be supported after November 2018. +Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no longer be supported after November 2018. ## How many users can enroll for Windows Hello for Business on a single Windows 10 computer? The maximum number of supported enrollments on a single Windows 10 computer is 10. That enables 10 users to each enroll their face and up to 10 fingerprints. While we support 10 enrollments, we will strongly encourage the use of Windows Hello security keys for the shared computer scenario when they become available. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index bf17a84426..84d389751b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -141,7 +141,7 @@ These procedures configure NTFS and share permissions on the web server to allow 1. On the web server, open **Windows Explorer** and navigate to the **cdp** folder you created in step 3 of [Configure the Web Server](#configure-the-web-server). 2. Right-click the **cdp** folder and click **Properties**. Click the **Sharing** tab. Click **Advanced Sharing**. -3. Select **Share this folder**. Type **cdp$** in **Share name:**. Click **Permissions**. +3. Select **Share this folder**. Type **cdp$** in **Share name**. Click **Permissions**. ![cdp sharing](images/aadj/cdp-sharing.png) 4. In the **Permissions for cdp$** dialog box, click **Add**. 5. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, click **Object Types**. In the **Object Types** dialog box, select **Computers**, and then click **OK**. @@ -280,10 +280,10 @@ A **Trusted Certificate** device configuration profile is how you deploy trusted 1. Sign-in to the [Microsoft Azure Portal](https://portal.azure.com) and select **Microsoft Intune**. 2. Click **Device configuration**. In the **Device Configuration** blade, click **Create profile**. ![Intune Create Profile](images/aadj/intune-create-device-config-profile.png) -3. In the **Create profle** blade, type **Enterprise Root Certificate** in **Name**. Provide a description. Select **Windows 10 and later** from the **Platform** list. Select **Trusted certificate** from the **Profile type** list. Click **Configure**. +3. In the **Create profile** blade, type **Enterprise Root Certificate** in **Name**. Provide a description. Select **Windows 10 and later** from the **Platform** list. Select **Trusted certificate** from the **Profile type** list. Click **Configure**. 4. In the **Trusted Certificate** blade, use the folder icon to browse for the location of the enterprise root certificate file you created in step 8 of [Export Enterprise Root certificate](#export-enterprise-root-certificate). Click **OK**. Click **Create**. ![Intune Trusted Certificate Profile](images/aadj/intune-create-trusted-certificate-profile.png) -5. In the **Enterprise Root Certificate** blade, click **Assignmnets**. In the **Include** tab, select **All Devices** from the **Assign to** list. Click **Save**. +5. In the **Enterprise Root Certificate** blade, click **Assignments**. In the **Include** tab, select **All Devices** from the **Assign to** list. Click **Save**. ![Intune Profile assignment](images/aadj/intune-device-config-enterprise-root-assignment.png) 6. Sign out of the Microsoft Azure Portal. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 6b4a465a9c..8179a617a8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -27,10 +27,10 @@ Hybrid environments are distributed systems that enable organizations to use on- The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include: * [Directories](#directories) -* [Public Key Infrastucture](#public-key-infrastructure) +* [Public Key Infrastructure](#public-key-infrastructure) * [Directory Synchronization](#directory-synchronization) * [Federation](#federation) -* [MultiFactor Authentication](#multifactor-authentication) +* [Multifactor Authentication](#multifactor-authentication) * [Device Registration](#device-registration) ## Directories ## @@ -57,7 +57,7 @@ Review these requirements and those from the Windows Hello for Business planning ## Public Key Infrastructure ## The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows 10 devices to trust the domain controller. -Certificate trust deployments need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users. When using Group Policy, hybrid certificate trust deployment use the Windows Server 2016 Active Directory Federation Server (AS FS) as a certificate registration authority. +Certificate trust deployments need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users. When using Group Policy, hybrid certificate trust deployment uses the Windows Server 2016 Active Directory Federation Server (AD FS) as a certificate registration authority. The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012. @@ -96,7 +96,7 @@ The AD FS farm used with Windows Hello for Business must be Windows Server 2016 ## Multifactor Authentication ## Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords. The provisioning process lets a user enroll in Windows Hello for Business using their username and password as one factor. but needs a second factor of authentication. -Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication service or they can use multifactor authentication provides by Windows Server 2016 Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multifactor authentication into AD FS. +Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication service, or they can use multifactor authentication provides by Windows Server 2016 Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multifactor authentication into AD FS. ### Section Review > [!div class="checklist"] @@ -119,7 +119,7 @@ Hybrid certificate trust deployments need the device write back feature. Authen
### Next Steps ### -Follow the Windows Hello for Business hybrid certificate trust deployment guide. For proof-of-concepts, labs, and new installations, choose the **New Installation Basline**. +Follow the Windows Hello for Business hybrid certificate trust deployment guide. For proof-of-concepts, labs, and new installations, choose the **New Installation Baseline**. If your environment is already federated, but does not include Azure device registration, choose **Configure Azure Device Registration**. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index e295b98d48..22b4bd30cd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -18,7 +18,7 @@ ms.date: 08/19/2018 # Hybrid Windows Hello for Business Provisioning **Applies to** -- Windows10, version 1703 or later +- Windows 10, version 1703 or later - Hybrid deployment - Certificate trust @@ -55,17 +55,17 @@ The remainder of the provisioning includes Windows Hello for Business requesting > The following is the enrollment behavior prior to Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889). > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. -> **This synchronization latency delays the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources. +> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources. > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization. > [!NOTE] -> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning. With this update, users no longer need to wait for Azure AD Connect to sync their public key on-premises. Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completeling the provisioning. The update needs to be installed on the federation servers. +> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning. With this update, users no longer need to wait for Azure AD Connect to sync their public key on-premises. Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completing the provisioning. The update needs to be installed on the federation servers. After a successful key registration, Windows creates a certificate request using the same key pair to request a certificate. Windows send the certificate request to the AD FS server for certificate enrollment. The AD FS registration authority verifies the key used in the certificate request matches the key that was previously registered. On a successful match, the AD FS registration authority signs the certificate request using its enrollment agent certificate and sends it to the certificate authority. -The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current users certificate store. Once this process completes, the Windows Hello for Business provisioning workflow informs the user they can use their PIN to sign-in through the Windows Action Center. +The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current user’s certificate store. Once this process completes, the Windows Hello for Business provisioning workflow informs the user that they can use their PIN to sign-in through the Windows Action Center.

@@ -73,9 +73,9 @@ The certificate authority validates the certificate was signed by the registrati ## Follow the Windows Hello for Business hybrid certificate trust deployment guide 1. [Overview](hello-hybrid-cert-trust.md) -2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md) +2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md) 3. [New Installation Baseline](hello-hybrid-cert-new-install.md) 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md) 5. [Configure Windows Hello for Business policy settings](hello-hybrid-cert-whfb-settings-policy.md) -6. Sign-in and Provision(*You are here*) +6. Sign-in and Provision (*You are here*) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index 3d78b7a719..f127c06ae9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -23,7 +23,7 @@ ms.date: 08/19/2018 - Certificate trust -You're environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model. +Your environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model. > [!IMPORTANT] > If your environment is not federated, review the [New Installation baseline](hello-hybrid-cert-new-install.md) section of this deployment document to learn how to federate your environment for your Windows Hello for Business deployment. @@ -44,7 +44,7 @@ For the most efficient deployment, configure these technologies in order beginni ## Follow the Windows Hello for Business hybrid certificate trust deployment guide 1. [Overview](hello-hybrid-cert-trust.md) -2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md) +2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md) 3. [New Installation Baseline](hello-hybrid-cert-new-install.md) 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md) 5. Configure Windows Hello for Business settings (*You are here*) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 3f858bbcb9..263963d4db 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -19,7 +19,7 @@ ms.date: 11/29/2018 # Trusted Platform Module Technology Overview **Applies to** -- Windows 10 +- Windows 10 - Windows Server 2016 - Windows Server 2019 @@ -53,13 +53,13 @@ Certificates can be installed or created on computers that are using the TPM. Af Automated provisioning in the TPM reduces the cost of TPM deployment in an enterprise. New APIs for TPM management can determine if TPM provisioning actions require physical presence of a service technician to approve TPM state change requests during the boot process. -Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry. +Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry. The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md). ## New and changed functionality -For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module). +For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module). ## Device health attestation @@ -78,7 +78,7 @@ Some things that you can check on the device are: ## Supported versions for device health attestation -| TPM version | Windows 10 | Windows Server 2016 | Windows Server 2019 | +| TPM version | Windows 10 | Windows Server 2016 | Windows Server 2019 | |-------------|-------------|---------------------|---------------------| | TPM 1.2 | >= ver 1607 | >= ver 1607 | Yes | | TPM 2.0 | Yes | Yes | Yes | @@ -87,5 +87,12 @@ Some things that you can check on the device are: ## Related topics - [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics) -- [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule) -- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations) +- [Details on the TPM standard](https://www.microsoft.com/en-us/research/project/the-trusted-platform-module-tpm/) (has links to features using TPM) +- [TPM Base Services Portal](https://docs.microsoft.com/en-us/windows/desktop/TBS/tpm-base-services-portal) +- [TPM Base Services API](https://docs.microsoft.com/en-us/windows/desktop/api/_tbs/) +- [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule) +- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations) +- [Azure device provisioning: Identity attestation with TPM](https://azure.microsoft.com/en-us/blog/device-provisioning-identity-attestation-with-tpm/) +- [Azure device provisioning: A manufacturing timeline for TPM devices](https://azure.microsoft.com/en-us/blog/device-provisioning-a-manufacturing-timeline-for-tpm-devices/) +- [Windows 10: Enabling vTPM (Virtual TPM)](https://social.technet.microsoft.com/wiki/contents/articles/34431.windows-10-enabling-vtpm-virtual-tpm.aspx) +- [How to Multiboot with Bitlocker, TPM, and a Non-Windows OS](https://social.technet.microsoft.com/wiki/contents/articles/9528.how-to-multiboot-with-bitlocker-tpm-and-a-non-windows-os.aspx) \ No newline at end of file diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 06d1375468..3b01319d95 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -39,7 +39,7 @@ You can create an app protection policy in Intune either with device enrollment ## Prerequisites -Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Azure Active Directory (Azure AD). MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery depends on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM. +Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Azure Active Directory (Azure AD). MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery relies on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM. ## Configure the MDM or MAM provider diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index e65fbfe36a..7c749be104 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -277,7 +277,7 @@ ######## [Stop and quarantine file](windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md) ######## [Initiate investigation (preview)](windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md) -####### [Indicators (preview)](windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md) +####### [Indicators](windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md) ######## [Submit Indicator](windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md) ######## [List Indicators](windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) ######## [Delete Indicator](windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) @@ -322,14 +322,14 @@ ###### [Get CVE-KB map](windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) -##### API for custom alerts -###### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md) -###### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md) -###### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md) -###### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +##### API for custom alerts (Deprecated) +###### [Enable the custom threat intelligence application (Deprecated)](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Use the threat intelligence API to create custom alerts (Deprecated)](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Create custom threat intelligence alerts (Deprecated)](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md) +###### [PowerShell code examples (Deprecated)](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md) +###### [Python code examples (Deprecated)](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md) +###### [Experiment with custom threat intelligence alerts (Deprecated)](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Troubleshoot custom threat intelligence issues (Deprecated)](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) ##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md) @@ -388,7 +388,7 @@ ######## [Create and manage machine tags](windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md) ##### APIs -###### [Enable Threat intel](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Enable Threat intel (Deprecated)](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md) ###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md) #####Rules diff --git a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md index 7cd6b91162..95a0914890 100644 --- a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md +++ b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md @@ -38,26 +38,11 @@ Constant: SeIncreaseBasePriorityPrivilege ### Best practices -- Allow the default value, Administrators and Window Manager/Window Manager Group, as the only accounts responsible for controlling process scheduling priorities. +- Retain the default value as the only accounts responsible for controlling process scheduling priorities. ### Location Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment - -### Default values - -By default this setting is Administrators on domain controllers and on stand-alone servers. - -The following table lists the actual and effective default policy values. Default values are also listed on the policy’s property page. - -| Server type or GPO | Default value | -| - | - | -| Default Domain Policy| Not defined| -| Default Domain Controller Policy| Not defined| -| Stand-Alone Server Default Settings | Administrators and Window Manager/Window Manager Group| -| Domain Controller Effective Default Settings | Administrators and Window Manager/Window Manager Group| -| Member Server Effective Default Settings | Administrators and Window Manager/Window Manager Group| -| Client Computer Effective Default Settings | Administrators and Window Manager/Window Manager Group|   ## Policy management @@ -97,3 +82,4 @@ None. Restricting the **Increase scheduling priority** user right to members of ## Related topics - [User Rights Assignment](user-rights-assignment.md) +- [Increase scheduling priority for Windows Server 2012 and earlier](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn221960(v%3dws.11)) diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md index 1cb8fce44c..25b4ede41d 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md @@ -36,6 +36,6 @@ Your environment needs the following software to run Windows Defender Applicatio |Software|Description| |--------|-----------| -|Operating system|Windows 10 Enterprise edition, version 1709 or higher
Windows 10 Professional edition, version 1803 or higher
Windows 10 Professional for Workstations edition, version 1803 or higher
Windows 10 Professional Education edition version 1803 or higher
Windows 10 Education edition, version 1903 or higher| +|Operating system|Windows 10 Enterprise edition, version 1709 or higher
Windows 10 Professional edition, version 1803 or higher
Windows 10 Professional for Workstations edition, version 1803 or higher
Windows 10 Professional Education edition version 1803 or higher
Windows 10 Education edition, version 1903 or higher
Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with WDAG for Professional editions. | |Browser|Microsoft Edge and Internet Explorer| |Management system
(only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)

**-OR-**

[System Center Configuration Manager](https://docs.microsoft.com/sccm/)

**-OR-**

[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)

**-OR-**

Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.| diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index d3ade96a48..e4b73d3c01 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -277,7 +277,7 @@ ####### [Stop and quarantine file](stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md) ####### [Initiate investigation (preview)](initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md) -###### [Indicators (preview)](ti-indicator-windows-defender-advanced-threat-protection-new.md) +###### [Indicators](ti-indicator-windows-defender-advanced-threat-protection-new.md) ####### [Submit Indicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) ####### [List Indicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) ####### [Delete Indicator](delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) diff --git a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md index 8968b3b2cf..76b8e8448b 100644 --- a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md @@ -15,7 +15,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 12/04/2018 --- # Overview of Automated investigations @@ -34,8 +33,10 @@ The Automated investigations list shows all the investigations that have been in Entities are the starting point for Automated investigations. When an alert contains a supported entity for Automated investigation (for example, a file) that resides on a machine that has a supported operating system for Automated investigation then an Automated investigation can start. >[!NOTE] ->Currently, Automated investigation only supports Windows 10, version 1803 or later. ->Some investigation playbooks, like memory investigations, require Windows 10, version 1809 or later. +>Currently, Automated investigation only supports the following OS versions: +>- Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/en-us/help/4493441/windows-10-update-kb4493441)) or later +>- Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/en-us/help/4493464/windows-10-update-kb4493464)) or later +>- Later versions of Windows 10 The alerts start by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view. diff --git a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md index bc9982d2ae..ed9d8771ab 100644 --- a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md @@ -15,10 +15,9 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 04/24/2018 --- -# Create custom alerts using the threat intelligence (TI) application program interface (API) +# Create custom alerts using the threat intelligence (TI) application program interface (API) (Deprecated) **Applies to:** @@ -26,7 +25,6 @@ ms.date: 04/24/2018 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) You can define custom alert definitions and indicators of compromise (IOC) using the threat intelligence API. Creating custom threat intelligence alerts allows you to generate specific alerts that are applicable to your organization. diff --git a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md index 49545c0428..f4d43bad11 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md @@ -15,17 +15,17 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 04/24/2018 --- -# Enable the custom threat intelligence API in Windows Defender ATP +# Enable the custom threat intelligence API in Windows Defender ATP (Deprecated) **Applies to:** - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - +>[!TIP] +>This topic has been deprecated. See [Indicators](ti-indicator-windows-defender-advanced-threat-protection-new.md) for the updated content. >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 3e8ba14f02..81f2798656 100644 --- a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -18,7 +18,7 @@ ms.topic: article ms.date: 11/09/2017 --- -# Experiment with custom threat intelligence (TI) alerts +# Experiment with custom threat intelligence (TI) alerts (Deprecated) **Applies to:** diff --git a/windows/security/threat-protection/windows-defender-atp/manage-indicators.md b/windows/security/threat-protection/windows-defender-atp/manage-indicators.md index db76c00fda..46f6939d8e 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-indicators.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-indicators.md @@ -22,7 +22,6 @@ ms.topic: article **Applies to:** - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -[!include[Prerelease information](prerelease.md)] >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md index 66420af797..e3ad482c9c 100644 --- a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# PowerShell code examples for the custom threat intelligence API +# PowerShell code examples for the custom threat intelligence API (Deprecated) **Applies to:** - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index 934fbed168..1556c307d3 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -23,7 +23,6 @@ ms.topic: conceptual - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities. >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-abovefoldlink) @@ -31,8 +30,9 @@ The Windows Defender ATP service is constantly being updated to include new feat Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. -For more information on capabilities that are generally available or in preview, see [What's new in Windows Defender](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp). -) +For more information on capabilities that are generally available, see [What's new in Windows Defender](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp). + + ## Turn on preview features You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available. @@ -43,6 +43,32 @@ Turn on the preview experience setting to be among the first to try upcoming fea 2. Toggle the setting between **On** and **Off** and select **Save preferences**. +## Preview features +The following features are included in the preview release: + +- [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt)
A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. + + +- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection) The machine health and compliance report provides high-level information about the devices in your organization. + +- [Information protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview)
+Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. +Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. + + >[!NOTE] + >Partially available from Windows 10, version 1809. + +- [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration)
Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines. + + >[!NOTE] + >Available from Windows 10, version 1809 or later. + +- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019)
Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. + +- [Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. + + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md index c64fd1617c..721ea4c889 100644 --- a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md @@ -17,11 +17,9 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Python code examples for the custom threat intelligence API +# Python code examples for the custom threat intelligence API (Deprecated) **Applies to:** - - - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md index 96753d16e3..a1b40f334b 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.collection: M365-security-compliance ms.topic: troubleshooting --- -# Troubleshoot custom threat intelligence issues +# Troubleshoot custom threat intelligence issues (Deprecated) **Applies to:** - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md index be38700ccf..410ee5f85b 100644 --- a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md @@ -17,12 +17,13 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Use the threat intelligence API to create custom alerts +# Use the threat intelligence API to create custom alerts (Deprecated) **Applies to:** - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - +>[!TIP] +>This topic has been deprecated. See [Indicators](ti-indicator-windows-defender-advanced-threat-protection-new.md) for the updated content. >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index 8ce696c455..00babf863c 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -21,49 +21,38 @@ ms.topic: conceptual **Applies to:** - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Here are the new features in the latest release of Windows Defender ATP as well as security features in Windows 10 and Windows Server. +The following features are generally available (GA) in the latest release of Windows Defender ATP as well as security features in Windows 10 and Windows Server. + + +For more information preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection). ## May 2019 -The following capability is generally available (GA). - [Threat protection reports](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection)
The threat protection report provides high-level information about alerts generated in your organization. - [Microsoft Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)
Microsoft Threat Experts is the new managed threat hunting service in Windows Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365. +- [Indicators](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new)
APIs for indicators are now generally available. + + +- [Interoperability](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/partner-applications)
Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform. + ## April 2019 -The following capability is generally available (GA). - - [Microsoft Threat Experts Targeted Attack Notification capability](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts#targeted-attack-notification)
Microsoft Threat Experts' Targeted Attack Notification alerts are tailored to organizations to provide as much information as can be quickly delivered thus bringing attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion. - [Microsoft Defender ATP API](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/use-apis)
Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. -### In preview -The following capabilities are included in the April 2019 preview release. - -- [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt)
A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. - -- [Interoperability](https://docs.microsoft.com/windows/security/threat-protection/partner-applications)
Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform. - -## March 2019 -### In preview -The following capability are included in the March 2019 preview release. - -- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection) The machine health and compliance report provides high-level information about the devices in your organization. - ## February 2019 -The following capabilities are generally available (GA). - [Incidents](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/incidents-queue)
Incident is a new entity in Windows Defender ATP that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats. - [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)
Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor. ## October 2018 -The following capabilities are generally available (GA). - - [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
All Attack surface reduction rules are now supported on Windows Server 2019. - [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)
Controlled folder access is now supported on Windows Server 2019. @@ -91,28 +80,6 @@ Threat Analytics is a set of interactive reports published by the Windows Defend - [Configure CPU priority settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus) for Windows Defender Antivirus scans. -### In preview -The following capabilities are included in the October 2018 preview release. - -For more information on how to turn on preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection). - -- [Information protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview)
-Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. -Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. - - >[!NOTE] - >Partially available from Windows 10, version 1809. - -- [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration)
Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines. - - >[!NOTE] - >Available from Windows 10, version 1809 or later. - -- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019)
Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. - -- [Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. - ## March 2018 - [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 5bfe2c6ba4..bb88fb2b62 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/02/2019 +ms.date: 05/07/2019 --- # Reduce attack surfaces with attack surface reduction rules @@ -20,9 +20,12 @@ ms.date: 04/02/2019 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + Attack surface reduction rules help prevent behaviors malware often uses to infect computers with malicious code. You can set attack surface reduction rules for computers running Windows 10, version 1709 or later, Windows Server 2016 1803 or later, or Windows Server 2019. -To use attack surface reduction rules, you need a Windows 10 Enterprise E3 license or higher. A Windows E5 license gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the M365 Security Center. These advanced capabilities aren't available with an E3 license, but you can use attack surface reduction rule events in Event Viewer to help facilitate deployment. +To use attack surface reduction rules, you need a Windows 10 Enterprise license. If you have a Windows E5 license, it gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the Microsoft 365 Security Center. These advanced capabilities aren't available with an E3 license or with Windows 10 Enterprise without subsciption, but you can use attack surface reduction rule events in Event Viewer to help facilitate deployment. Attack surface reduction rules target behaviors that malware and malicious apps typically use to infect computers, including: @@ -79,6 +82,7 @@ Block process creations originating from PSExec and WMI commands | d1e49aac-8f56 Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 | Supported Block Office communication application from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869 | Supported Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c | Supported +Block persistence through WMI event subscription | e6db77e5-3df2-4cf1-b95a-636979351e5b | Not supported Each rule description indicates which apps or file types the rule applies to. In general, the rules for Office apps apply to only Word, Excel, PowerPoint, and OneNote, or they apply to Outlook. Except where specified, attack surface reduction rules don't apply to any other Office apps. @@ -264,6 +268,15 @@ SCCM name: Not applicable GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c +### Block persistence through WMI event subscription + +Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden. With this rule, admins can prevent threats that abuse WMI to persist and stay hidden in WMI repository. + +Intune name: Block persistence through WMI event subscription + +SCCM name: Not yet available + +GUID: e6db77e5-3df2-4cf1-b95a-636979351e5b ## Related topics diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index 204fad8ca0..6dbb17c57d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/26/2019 +ms.date: 05/08/2019 --- # Customize attack surface reduction rules @@ -20,6 +20,9 @@ ms.date: 04/26/2019 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients. This topic describes how to customize attack surface reduction rules by [excluding files and folders](#exclude-files-and-folders) or [adding custom text to the notification](#customize-the-notification) alert that appears on a user's computer. @@ -59,6 +62,7 @@ Block process creations originating from PSExec and WMI commands | d1e49aac-8f56 Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 Block Office communication applications from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869 Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c +Block persistence through WMI event subscription | e6db77e5-3df2-4cf1-b95a-636979351e5b See the [attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md index 05037553e3..bf18867655 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md @@ -11,6 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic +ms.date: 05/07/2019 --- # Customize controlled folder access @@ -24,14 +25,14 @@ Controlled folder access helps you protect valuable data from malicious apps and This topic describes how to customize the following settings of the controlled folder access feature with the Windows Security app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs): - [Add additional folders to be protected](#protect-additional-folders) -- [Add apps that should be allowed to access protected folders](#allow-specifc-apps-to-make-changes-to-controlled-folders) +- [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders) >[!WARNING] >Controlled folder access monitors apps for activities that may be malicious. Sometimes it might block a legitimate app from making legitimate changes to your files. > >This may impact your organization's productivity, so you may want to consider running the feature in [audit mode](audit-windows-defender-exploit-guard.md) to fully assess the feature's impact. - ## Protect additional folders +## Protect additional folders Controlled folder access applies to a number of system folders and default locations, including folders such as Documents, Pictures, Movies, and Desktop. @@ -41,7 +42,6 @@ Adding other folders to controlled folder access can be useful, for example, if You can also enter network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). - You can use the Windows Security app or Group Policy to add and remove additional protected folders. ### Use the Windows Security app to protect additional folders