From 77d59ec66f7edee3a8ef9cfc35c14ee37d716772 Mon Sep 17 00:00:00 2001 From: lomayor Date: Tue, 28 May 2019 11:20:09 -0700 Subject: [PATCH 01/52] Update alerts-queue.md --- .../microsoft-defender-atp/alerts-queue.md | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md index da4a174d2c..5d013d5737 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md @@ -63,6 +63,30 @@ So, for example: - An alert about malware detected while executing which can pose a threat not only to the individual machine but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High". - Suspicious behavioral alerts which were not blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations. +#### Understanding alert categories +We've redefined the alert categories to align to the [enterprise attack tactics](https://attack.mitre.org/tactics/enterprise/) in the [MITRE ATT&CK matrix](https://attack.mitre.org/). New category names apply to all new alerts. Existing alerts will retain the previous category names. + +The table below lists the current categories and how they generally map to previous categories. + +| New category | Previous categories | Detected threat activity or component | +|----------------------|----------------------|-------------| +| Collection | - | Locating and collecting data for exfiltration | +| Command and control | CommandAndControl | Connecting to attacker-controlled network infrastructure to relay data or receive commands | +| Credential access | CredentialTheft | Obtaining valid credentials to extend control over devices and other resources in the network | +| Defense evasion | - | Avoiding security controls by, for example, turning off security apps, deleting implants, and running rootkits | +| Discovery | Reconnaissance, WebFingerprinting | Gathering information about important devices and resources, such as administrator computers, domain controllers, and file servers | +| Execution | Delivery, MalwareDownload | Launching attacker tools and malicious code, including RATs and backdoors | +| Exfiltration | Exfiltration | Extracting data from the network to an external, attacker-controlled location | +| Exploit | Exploit | Exploit code and possible exploitation activity | +| Initial access | SocialEngineering, WebExploit, DocumentExploit | Gaining initial entry to the target network, usually involving password-guessing, exploits, or phishing emails | +| Lateral movement | LateralMovement, NetworkPropagation | Moving between devices in the target network to reach critical resources or gain network persistence | +| Malware | Malware, Backdoor, Trojan, TrojanDownloader, CredentialStealing, Weaponization, RemoteAccessTool | Backdoors, trojans, and other types of malicious code | +| Persistence | Installation, Persistence | Creating autostart extensibility points (ASEPs) to remain active and survive system restarts | +| Privilege escalation | PrivilegeEscalation | Obtaining higher permission levels for code by running it in the context of a privileged process or account | +| Ransomware | Ransomware | Malware that encrypts files and extorts payment to restore access | +| Suspicious activity | General, None, NotApplicable, EnterprisePolicy, SuspiciousNetworkTraffic | Atypicaly activity that could be malware activity or part of an attack | +| Unwanted software | UnwantedSoftware | Low-reputation apps and apps that impact productivity and the user experience; detected as potentially unwanted applications (PUAs) | + ### Status You can choose to limit the list of alerts based on their status. From 623398c4e362f48690eb56a91acef60082da2dfa Mon Sep 17 00:00:00 2001 From: lomayor Date: Tue, 28 May 2019 11:28:10 -0700 Subject: [PATCH 02/52] Update alerts.md --- .../security/threat-protection/microsoft-defender-atp/alerts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md index 05fcb78399..3817d34a9a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md @@ -46,7 +46,7 @@ status | Enum | Specifies the current status of the alert. Possible values are: investigationState | Nullable Enum | The current state of the investigation. Possible values are: 'Unknown', 'Terminated', 'SuccessfullyRemediated', 'Benign Failed PartiallyRemediated', 'Running', 'PendingApproval', 'PendingResource', 'PartiallyInvestigated', 'TerminatedByUser', 'TerminatedBySystem', 'Queued', 'InnerFailure', 'PreexistingAlert', 'UnsupportedOs', 'UnsupportedAlertType', 'SuppressedAlert' . classification | Nullable Enum | Specification of the alert. Possible values are: 'Unknown', 'FalsePositive', 'TruePositive'. determination | Nullable Enum | Specifies the determination of the alert. Possible values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other'. -category| String | Category of the alert. The property values are: 'None', 'SuspiciousActivity', 'Malware', 'CredentialTheft', 'Exploit', 'WebExploit', 'DocumentExploit', 'PrivilegeEscalation', 'Persistence', 'RemoteAccessTool', 'CommandAndControl', 'SuspiciousNetworkTraffic', 'Ransomware', 'MalwareDownload', 'Reconnaissance', 'WebFingerprinting', 'Weaponization', 'Delivery', 'SocialEngineering', 'CredentialStealing', 'Installation', 'Backdoor', 'Trojan', 'TrojanDownloader', 'LateralMovement', 'ExplorationEnumeration', 'NetworkPropagation', 'Exfiltration', 'NotApplicable', 'EnterprisePolicy' and 'General' . +category| String | Category of the alert. Possible values are: 'Collection', 'Command and control', 'Credential access', 'Defense evasion', 'Discovery', 'Execution', 'Exfiltration', 'Exploit', 'Initial access', 'Lateral movement', 'Malware', 'Persistence', 'Privilege escalation', 'Ransomware', 'Suspicious activity', 'Unwanted software'. detectionSource | string | Detection source. threatFamilyName | string | Threat family. title | string | Alert title. From 0822473b6373acfa359fdae779abc28c4983cdc8 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 6 Jun 2019 14:44:47 -0700 Subject: [PATCH 03/52] add info about actions center for air --- .../microsoft-defender-atp/automated-investigations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index a4e69d1eab..7e77ed48e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -56,7 +56,7 @@ During an Automated investigation, details about each analyzed entity is categor The **Log** tab reflects the chronological detailed view of all the investigation actions taken on the alert. -If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions. +If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions. You can also go to the **Action center** to get an aggregated view all pending actions and manage remediaton actions. It also acts as an audit trail for all Automated investigation actions. ### How an Automated investigation expands its scope From 7de799f287eeb476801c30cc7397b4bd9cc6c61c Mon Sep 17 00:00:00 2001 From: mapalko Date: Tue, 18 Jun 2019 18:19:26 -0700 Subject: [PATCH 04/52] Added note for AAD endpoint needed for ADFS to verify cert requests --- .../hello-for-business/hello-hybrid-cert-whfb-provision.md | 3 +++ .../hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md | 3 +++ 2 files changed, 6 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 4e0e71aa57..8095b29452 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -66,6 +66,9 @@ After a successful key registration, Windows creates a certificate request using The AD FS registration authority verifies the key used in the certificate request matches the key that was previously registered. On a successful match, the AD FS registration authority signs the certificate request using its enrollment agent certificate and sends it to the certificate authority. +> [!NOTE] +> In order for AD FS to verify the key used in the certificate request, it needs to be able to access the https://enterpriseregistration.windows.net endpoint. + The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current user’s certificate store. Once this process completes, the Windows Hello for Business provisioning workflow informs the user that they can use their PIN to sign-in through the Windows Action Center.

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index da3bf064e5..c4d3011a16 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -28,6 +28,9 @@ The Windows Server 2016 Active Directory Federation Server Certificate Registrat The Windows Hello for Business Authentication certificate template is configured to only issue certificates to certificate requests that have been signed with an enrollment agent certificate. +> [!NOTE] +> In order for AD FS to verify user certificate requests for Windows Hello for Business, it needs to be able to access the https://enterpriseregistration.windows.net endpoint. + ### Configure the Registration Authority Sign-in the AD FS server with *Domain Admin* equivalent credentials. From a163d35183cbfa1b7cd3fcb8f24e223f916d77e1 Mon Sep 17 00:00:00 2001 From: mapalko Date: Tue, 18 Jun 2019 18:58:07 -0700 Subject: [PATCH 05/52] Added notes to PKI sections to call out DC certs needing to be in NTAuth Store --- .../hello-for-business/hello-hybrid-cert-whfb-provision.md | 2 +- .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 8095b29452..eaf63601ae 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -67,7 +67,7 @@ After a successful key registration, Windows creates a certificate request using The AD FS registration authority verifies the key used in the certificate request matches the key that was previously registered. On a successful match, the AD FS registration authority signs the certificate request using its enrollment agent certificate and sends it to the certificate authority. > [!NOTE] -> In order for AD FS to verify the key used in the certificate request, it needs to be able to access the https://enterpriseregistration.windows.net endpoint. +> In order for AD FS to verify the key used in the certificate request, it needs to be able to access the https://enterpriseregistration.windows.net endpoint. The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current user’s certificate store. Once this process completes, the Windows Hello for Business provisioning workflow informs the user that they can use their PIN to sign-in through the Windows Action Center. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 0c6d6de655..bda944c54a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -77,6 +77,8 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities. +>[!NOTE] +>The Domain Controller Certificate must be present in the NTAuth store. By default, Microsoft Enterprise CAs are added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the Domain Controller Certificate is not present in the NTAuth store, user authentication will fail. ### Publish Certificate Templates to a Certificate Authority From 3a68919285e7039d36ae45a12fe3285021f18802 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 19 Jun 2019 08:24:18 -0700 Subject: [PATCH 06/52] Cleaned up and added alt text --- .../mdm/policy-csp-cryptography.md | 26 ++++--------------- 1 file changed, 5 insertions(+), 21 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 1921989b07..811f4acfc2 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 05/14/2018 +ms.date: 06/19/2019 ms.reviewer: manager: dansimp --- @@ -18,31 +18,20 @@ manager: dansimp ## Cryptography policies +[Cryptography/AllowFipsAlgorithmPolicy](#CryptographyAllowFipsAlgorithmPolicy) +[Cryptography/TLSCipherSuites](#CryptographyTLSCipherSuites) -<<<<<<< HEAD -* [Cryptography/AllowFipsAlgorithmPolicy](#CryptographyAllowFipsAlgorithmPolicy) -* [Cryptography/TLSCipherSuites](#CryptographyTLSCipherSuites) -======= -* [Cryptography/AllowFipsAlgorithmPolicy](#cryptographyallowfipsalgorithmpolicy) -* [Cryptography/TLSCipherSuites](#cryptographytlsciphersuites) ->>>>>>> master -* [Cryptography/Microsoft Surface Hub](#cryptography-policies-supported-by-microsoft-surface-hub)
-<<<<<<< HEAD -## Cryptography/AllowFipsAlgorithmPolicy -======= ## Cryptography/AllowFipsAlgorithmPolicy ->>>>>>> master |Home|Pro|Business |Enterprise |Education |Mobile |Mobile Enterprise | | :---: | :---: | :---: | :---: | :---: | :---: | :---: | -|![][x] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check]| - +|![No][x] | ![Yes][check] | ![Yes][check] | ![Yes][check] | ![Yes][check] | ![Yes][check] | ![Yes][check]| @@ -77,16 +66,12 @@ The following list shows the supported values: -<<<<<<< HEAD -## Cryptography/TLSCipherSuites -======= ## Cryptography/TLSCipherSuites ->>>>>>> master |Home|Pro|Business |Enterprise |Education |Mobile |Mobile Enterprise | | :---: | :---: | :---: | :---: | :---: | :---: | :---: | -|![][x] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check]| +|![No][x] | ![Yes][check] | ![Yes][check] | ![Yes][check] | ![Yes][check] | ![Yes][check] | ![Yes][check]| @@ -123,6 +108,5 @@ Footnote: - [check]: images/checkmark.png "Check" [x]: images/crossmark.png "X" From 23407cfe92bef8309a3a914295bdc096de463e21 Mon Sep 17 00:00:00 2001 From: v-savila Date: Wed, 19 Jun 2019 09:57:37 -0700 Subject: [PATCH 07/52] add Excel Data Streamer to Ed hub page --- education/images/data-streamer.png | Bin 0 -> 15443 bytes education/index.md | 19 +++++++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 education/images/data-streamer.png diff --git a/education/images/data-streamer.png b/education/images/data-streamer.png new file mode 100644 index 0000000000000000000000000000000000000000..7751ccab1edd94fe102d36e9c13b8d09b32e64e5 GIT binary patch literal 15443 zcmeIZWmHt*yFR=Tk&qCTP)bEYIut}wQIQg)kuH%g>6BE4P>_&DIwYlr?k=Taz+r%) zyYqdvXPy85_vL(e*ZY1vvzBWM%zk#Kc5v}OOX)WCW0V{MEccpB?!W!f*_m@ zf-B%RLx!k)a3HjOrRe}cT#WEP9G47nCkVO&Nk4z8;*zk6BKsCK?8$w~Nz6llOF%&S z<5ZoT>9!2JTABeKOs^EM8jFy>H@`z4Kei`9Jh}g^DP6M&R_J8B-+<2p zTXC@AALtpnfe&sF@|p6e3?jsZ|NHwI*CqIvLqLTC4n8XW2>3?{wx$>G@eT$09(?=~ zY)cLwU%jX#fRE|-v@gR)CG!70{eNHG|Lit0QD(r+*gCt}M}mee1go(SljWlHS#$d5 zwB}C}cdd;Cg;NdmFeenE;A;}&d4)E_3Swt^=qi)KfXrw$LE03#kQ}<(1t%Cplm8YY z>i7DV0ql{ABO?WqwC7vx3IQmRQ0s>h-{b5WtI)>^+OzvkwPceHz*||hcr|LA*CTyj z`0!P{U+UUyki0szV0{Pn+%6?;B06?TPQNSJ#NBE(L_6NczSXE!*!d+ij|UaJ3Jl3p znnd;(*qfq}bk^=v*I_?5VNv63Bcg=ZWb@U$&A0fRYp)W5u<Xlm%)B9lyo4^h6t!^j$^S)g@2@sj>{;wZAciW@lK9I%^2 z#kgXHsOw74&W{XsG7^(@R4IxYIG#O7o+&yOqgJGa1+M)08awZ@C+mbCmi=N5>PH?o zqkou1%FzS=-~qO?4WVWgyGSk!jIx*^s;0ReF8tJD#-&;xZTPP0A-K*Ie4T6%7xiBA zq4#+#xfMmUMMzUr)~5elQ>)$2Ji&(&?*o^owyWvC3!fm`i+QU_8=Z zS7YdzJy~_|NgN?>YKUDbMD4tC@#@UI6mkuM2%=x$LP3aOMDaGaR-Qcp6?R%wnD7$6 zS|N%yE-tQl!PzM=bK$K0vj4anx>bErgpUiAB)ma|rjk_)?4R*aRZ1mInKaNJU@a6`pAgBkVeNnUq-qa~MQQ@5pQacG(Y5FY!{MUHXlqT7+c3a;*OJkxfRS$BBoO|jr30{&y(EL+SN=?|VAikdwU@vw9Y=hx!d%&$~D!^moMGtihD~T=B63hNpLr$ur`h0 zCC-=lm3Q8wArznKqr`9^#V}Gb%Cw{Ynwv>_CAl1hkJc}!+4<{_0#=&S2g|JJ4`#&p z9?4OQm&mpQ%rgHPzKQg@x~*7!Ud&g#{(!O-ftan7Cr}w~o8B#@&l>?Z#d5*J*iI)6?G&L(qUg6arHGVMwqaTJJ4a6f0GX?j2os zy+5=z72jh)Yz;8b#E5~=};Ml?F%*~GjVV{WQ*&i}`R@~fb z-Knl)XHcQAiI^nwuXjxovJ^f%=hZt|?Nmi)+Ib>Pv#i+`@BFr_F9+qvcEtZ{ zTr&hU*lAFbKuqf(2{g@2A7vTHtqmA)87tP;p#v?%f3Hy;`t9`^>?1QVR}g~-(^e$? zBXr`loWCk}t9}9-HMUbSbq|2&V+5rqg}8;St%a?5fFFWHoY{2_m-gP_N=l6$5>928#ZG`;L=sM}E^RrUp zp!B0D{GK$-s%Dj6dcX%kv@qf`dDnFK6|Lnw{bjXXgLrx>MyF_OU_unfIH9m|!%Toa z=|HX`1eDz1C=e{H*(4-%+@HfnOm97-d}f(_Gfz~wq&k(C<84h3KJYm&S+F84qZ;|S zrGxBYXXaTaa^=NDveX&fnyzL*`Y+SJ85Eg?r8K z$){Rlr;X|a=JVgcmQlKis=$F#GyqWcc}`3ze(=_z+CZO}I>>5*p@42!I8R!u$kDrz zMNsXnb?!xPY|t*D!Qtn`$vq~g@bkWl18>r^4c;=zW=C(2H@^?@An0)fcv&(MmiM*` z#l3m8MNAAU=b9Xv04#E4*p;NwD#_)m$tqwX-as*GD^2c)lNTG>ZB?H%*NBcka`;U7 zh?byYT{u?xu}h6i_jf<{%(r!kUzh05X1g5G%i_p8+7GRimK|^)iK-i1mm~;3$v=;K z`!@0n!Z30T*4i$QcZz*HDq-y|=o^d?cobAf=OXT5XT3#0DDomQLOLVqY z){CBu%$2Oqz41guKp^h(Q|zFjqe=Z@gbtFLqQc3Dk~wsqT}Pd)#8(vHgFRo|i=tsSC% zM_Op^u(T(9LK=87x?v+od^TPE(_rcYcf$$EJxqn*ka2jI1N>Ooj zc3(Rm9h+i58~Ig}?C)_zK*?{|aEtxAjYc`QrmkmYvXwQV_r8p>nrd`0a(f&(QWFY% z<8ibe7FU8C#+!KpBW1!3pgQi@<0uF16DOmTqg2i){HV33e`WG&4^&8HFWEhFakyxl z>$fj{@1C~|IwRIQ;#S~%t>f7|I#TQHmO?@?TiCTF?m7PNjozvzC-G+-l=hZ zk(yFW+k@8k3xAV3uWvjHJ}}*z=rurPB8x!&g_Ak@v=bv^Uk4gHPEf~h=1^-p&K-y; zR`RTnT{&RuwB@~mDDBVgJ8=ysy%A1X&kTS?%5UKDDX&_u<%tg0=E5las=%RhyiDO& znN<#*Px`#b3v|GmS8dt}@ag%EB;W`B%PTbDT6E5p(wNtriw(&WgKw1>La8~t+?5P` zTi=6(=TtvEcyC_D*9Et6NTX2JZXL^ z+Ppa}+SEBL`mFimL33aru7TE0+u0dOzyg{*qHdz;{ln^fhir@a?TR}GGX`V{JV zLVM&-fT)5${sR~_R-8G^_npkn7pjJH*a(a|s1IaAu&)@o(AMucJsQRa>kz^R4{v%9 zt7KAh0C@ADY9E>Cju!$+48kpZ(5dmCa}{^aHpQY+oj8ow=Pg<@+&1~W05U2}9bzqK zvab5CQOdT+aZ72CZ)*rOkJnm~RMUiGyyrd0$J(U-1(bbFTw{iIWWz$(=fn}ySj5@7 zJzJSjRoXa)t{6)T|&LvRxO)bbOcm`n1iK!I_XGx<< z&~TvvR0$-+NFn0^LIyV{f%l2x^Nf21Pva=IeZTKS$OwxSch7i`Rpjud`J=7r$_d^Y zHL6h0pjq~@HZdiGPGveu=<~;NA985%HSFr&5p>@-a%3yQ4W$a`$N0y&d1q$pLW?mU z3cU8LvB=kw54tXg^mA*@pW{F}uVFAz)i%PHu=M9Q}+5|RK-Hjy+vG_Zk#h5c13{)l%xp?Ce~%IfpHL`p{q(FYc8 z{_$=54;H6Gz9{gr(s~|m8ZVWCSHUXa6+i~v{5j}K$}{?_hJk+C^^OO&?44j@#P#^H zmQ2p!+LAnyPdFG{GEUn_93Nlhs#sIb&`<-c&qotSc?s;^Oa*uL*Lzf@*2#a?2dh?3 zMhD);nhauIbDUVWcel5p5SBmDG=b0`}sR^IlV5$8RfoU1eFJ6zsuozRt*jPAP}X0tA?vH5vYBjw#g z#btXEYQZ5Zg5S zpxWJIyq3XzgXi^ao%rFh7L%b%FQGd#r^X}@1=o$oUap3YO1-fN)0wr(oab+g$$M)= z0|==swrif#B4vrG>s`88ngH%KdE_hCQ0atvcR&nvTm?3_?U=)lF* z3N0f0>BVoC98&|=uhW#zUFT^F`vYH!0aVb2yUp&{{j{g65;~u*@o-gyHJa45cJ)-A zo@5sPe$k~sOwA3zT7E%ZPKGLQs<{_YW|twp*Bi+v_GtIzw@pI0xe=MXN86xkOWS_W zqo#kC%Z-Wsao2Nu@|N4kn#07|@l>@bcCGe~x}fKA2~UaBE0+)G2vWW8gw!^5)-NA> zZ$EY*`7d^l^p-)&Pgtu3Tu#cxPdkhlJ1-RJ*e z)!=f`e6@KmMnQP@3FM;{f_<0R|F+DzaJ#grvkDC`Ep-InNdX8VAVz%HEvt{$iu+?B<-lno@cow zdWLk8oz>Iti7ej!eiU?s__LNuAcereEdB{%kxe!VFqGnp3S*r+s-KFLwm^Z|9A%G>P~@{JqHgZ-SU(_`H-=#@oV}KH$A@pW z_-uU)qC5ochNd#;Mrb3P>YLMA+1jZ2+S-fgS^UX%&*TrCWssQhPCL=u16{4q7XyM^8xxj)%;b{ClCd(?!AgfKKi8x|dA$oDb{5wh>o6OU3h zK2Es?s&q4wM5}4JEWSDV=VWu;LNtsM;y1p@GiFm?U%1XwFrg7cOQXlA@4vrhAxf=Q z6O-I^+Q(k2M|~*+M)4FJPG(%g`nhe5~1;C4cN`Q?hhFjK!&(8r3t z8j%EXSM8DJS^yMW>wn2L9Ex8oq~?c(-%SUZ;XMM>Keizl^l=wju^l0jOUs2kTz_Qf zeMo+G*#}*5S3h;mZC$Rxr8`vJpS(;GX;pyZGs_5Y5>c5Y_G9|EOip|SR^qWU=qAQG zbam{R#yLa-%3HeHwArW-(jYcnFEG+Zv6bG8ki-DzZHR5u9bZOVqv!B=;S9LLxv-9; zK-&=M&sbM;b2E~IKF<<@mzSWMaP+EVJ6xG7_d)mQviR52470$g2aRvKPohq?s;P40 zplUQuQqtn+a^|SlcTX?Qj1;U}~Q{xY&L8xKSAK|K2W|k(6mtw4~ zq(yPg z=Y6!s?H%@XS{`%kFB?QhF#5Br_T+;{vX;~yp()w2T{a(|(egkN`Wwh2&BCQ*)CW<6 zx)C==V0t(RE9$_i((@@)c6PMHs>U9)%LbsS!=tfS`-@}HQWV+r_bG1EK;&^yswBSS zaRLmavM_jn9n*p{XR6OuD(49d2g5b5B!*Hy>suV<&yr~_3|&PT#9+rwRf4{lG*J6> zg*7RT0ftQE$;S60bEC-T=-(1P=4i&~ER_W5{RwF3h~~>RVbIIh4O%y78>T9x*s}Ei+A@m+?xX z1r3}n{jBJ3#He_iJYx`ybP}yMR&_CMbdVm!>~jDRM|f9ih;+&JnGwPFjcY~M42xV~ zSlHELNkEC?V>$MP0P2W0@GQ9)oW*4A_8pIDJUv>I9+viT5lI%UVmlRQShOg7F+mY? zsUP4LQoq&^Q$3dqOXi28`gU?_ij9D(qY(dy3!w~E_4>S_&N3u5om&2lQ87eWTV7seH{s_>;wzrR3SB{fu;E)V@1^FL-u@m=<)IBp99`pDVC5oT%161= zG!>*FuhSRUZ0H(1r$<7U5=X~s#4X2*vrs#8n3HF#=Y&z|Kj(WD35qXqUwLPz`9WY9 zv2}86T9Ev8*bC7rR|F6g9-w7ruYc`x+x=|X3<%dr5m{o&`n@P|&bIEL;GMjf5&w-o zoq=@|Eav3WH-u%(lhNIdTJvI!9;D~%YQ_fvZS+yOX+Cy!%>_B=x*vmx~D24_vs=Rs6Nz;;})XCSrX&M5Edg^^MhB6s~dlcOYYBdIyW zkUS^mw}5R1G+}T{&NiP>23yl(169tRIqQW`PngJ)ZNDtl&G9v?06E)K5}T~;+q$f) zie6ZG_w7XnGc-^OTwX#K^{_zU(66!fznh}Y9Kls#>SZnOQrah8biq%B9&sNvii^`F zX`Q>Nwf`4~2m^D#>Woi*rWUq10hzkd=3DFBF~ZwOa~eNJkB~5P-HR-jleJ_iu5bn^YikLf^gs zUjS^MVugc^nja;{B`5&qsZ-|uI|dAXS1LD~#3bmI%X-6MTnuZ8irZdi%QUGu8IQ)j zdBkSVePiSjsWZJcdw700z0#ce%jqcGge!h(Hqtl?&{mYHlqHn%7#3mdc>tWx%p>^u z_F|vhZvr(y4X8Jz?bwG%0lB2dPkLg-GK>pt){wpE=_&5lYt$?8xk&tJ`ux%UI=uB><1hOr{R&iSIN;h#s;b}=c)G|UP9~^*@-<>g@;bz-@b893e)4lG1lGB&EzG$B)?v<7 z616|)+BBxzy|BX*i$B_oE_2MH8 zBNSFf`4co8pOJ@LP7(R1aIf_ zA8r>!D-}PgcYmxkSeecub97oCPxF4fmadTbL|w9bLL{6N@{s|26%f35H9RubciJE7 zk5^oT+AeHz&x;(2%5x*J(h{d4rOmh5@f}?|e7UVHyqTscFN2z9Ve@>8 z19dP0ceU~bK$>roeGwBb?D+?+P^m&Z@ci+|P z-e@X{yOo-G9HN4~1f^8M$s<_B!9r&QS6H`UY^;RIa{R0iofwFx8SqUCv2ig{;N6L| zlbfR14qcm(jkYjt;o+~lILhiH@pKQ}e1i+I^25%+M~>T8vF{_&Pr5F;E*4rf zQModmF1eTES3p|pM*4ndxR}p=ZQq7o@LFi&!m{)ElLTdVJs^rhDZB3%LGnv~nfyVk z4;O*f&8O^~vOH;XH!&@Bct zq}>%$DwGvD%l>gSi59?9BCvqkj>K-InMYzvnM34~9N*$YtRnEDU-NRr7{|SN1=Jsy zh`JB?^GaU0PZ#Qg%)ppL#i{dM1P-Zi0Z8KGzcfCe^HFum+fE&`BV8J;bkncZLE$K9 zpkkDOK@eK>sil9wgarBE+b0~)KK4$nC_+jjJZ8W2WRJwd{4}pByLFzZP4V%rg3L)`{7+Zk}_QJx0e|~mAeMQ?n5;`{o8Bh zmXj3!c!-=Ott~-gRJ_*YnHzwhIs%lzQm7OlIFeAF5@%VMEUUKe4Iw1+XvLqFRd;#+CVcy2+qGA!XSM{!7 zU}%)(FyNAFjtPwv_ELZHB>sFWV)eJzVA)KZFfC|mY<)Ut%fgiOLdkyhQ=EdMc|=~` zOQ+>MkTS0T%jj@jK{)rio>o%0@ml83`PhM?HH+VOYm&(*)g}Gs+mPX4Y{It0b+-NG z?`QVME~}N1HqyE@{a@SMPt=2=ao5z*z-5o&7nigDk5fGVo19!wNpl1HZn$kf?+<`7 z`x*HhG|s0ys>6oFc>SXD3{BE3NilA9vlbYk-zv zVkAu2lYo%NUg5=sZP;8x?L_2CgISLlTXG*RkV)LJVz+<>QtDRyz%(>BTc6js>i#ic zzcn3{`V5OIGtR&IY8y;(7xPmfU{1jd_kzQ6%F*U^;iS@q#?$83D(8N#u_};r!oY&Q z-2e|9*6=sUC)efwu$B{${ei!?Lc<&~dOxlD9}-~fVBVBL@=>vBgviD!Fo^JPU_%p= zogaxY>_4oH-Lo*vFsd2xP*J=j!K8^a?&MW>Z~SE@hI^9<*amM8D3fTQ$C}V_=z1Uh z;xRh@7F_dSYk~?0WAWW>+~1!Rceg(`_(eaZUgSWwBrKY>z*+U!Y9Q30e`K|}b@8VT zSx~7({hKdakc1fF#vM9%(bD%@C7X*)M&2tE(K4izMv>7jYg=2}!FvW<4&C9|#`){2 z6q(+Or`B|gM?1PZNZ;OtqPQm2v$l*8&s=kd34D7g%xsaNtY{z?#+pL|2f zz_bL5_T`j2mk~>?wageJ;O?7401LOO+V~@~ulifM#`@hsN^tnnq zYs+{Z+An_`R+bzle1vY9#yqPR!}y0m5R)8;qv?Ni`#C?iiQ|OESLexm_BAFKT1NAr z`|b+UDjyirN=a!gSvzR=H$2}pZpaf~7G}Tkur0SOWJ|K{wmH7nufG_4=uW*`tOB&X z1ZW%r%2eFmpITS>UWmHid{@}ota|Vy;|>;8v{L7rKn3|Uf&BJGkXJ*y+)Y_6>jsBX z=WAiJcfW_f&wNhIa9-20ehH9J2rzt22a^VvJCG=P^#aapAwo+#OhR~PCn21j4!Dpa z^*(qL$}qL!N!CY3vs`ZK7zcnb@5$|6>1-D}@5aMV!*0dyyLD$a{+^t9&F&|o=}B?T z@tHTf+_tmFEal);neYfuXamah$)*-wv@p>S?d`=J`-PhB{g#?cb9x zWVt(CO>&Xspiiww!_Ih>=}Ib?NdWNgPL#G^E37$UZR&Do{aVMQg-bm|&JR@8wa3#TP=0lIlzPBhI(CNs_q?sKf)s}NJq=L%skvYgR=r+n>AOS70is8 z##)f$|-<8;K{z@6FA6mrZy2fc;rGPrxkM9ri7TZ8EWP z)|G#w3ITu-RhgS>V;X?x*kA%fla7J?Hs(BP2DuaH8y@=mPksMbLOX39)u>fHJ6!*D zqovyC2WXs7F*_?D9r4>3y^;hSh@y*V4=+Rqb3T=TIP-0#6{%P)i@3$!%6Y}1`B*1v zhZ-~esc^_s>=$i^warj@i@x3bNI%m@6E4G6!@GX1VBU^ut_A=sFtQ<04fsD0`7xh< zy(prNnD13)G10S919JJ4J%$30?nZ`{#NM0=CL9L?;0DdK=SG!E;Y=ka$lxeC-ky{) zjr`Fl#VDGfK13k>lj_q!eo6f@vqI>`CEA2?C34w!c4P9S`Fw>u0sx>los+R+MT@wMlh8 z1@Z+=R%NB43d!il3R5=7paA1SDH)*T`C#1srs5flFUxDnzb2-%iFY*7bP@?8xvN%N z&YSOIWuyTHmZqNUZ0BDZsvMmJ<1U>R6ZTuKrv3`&Tdlq?Cdw8P>t)%l39}0rjhF7V z4rJvD5U=i>q$&&-rEAKyCAG~P%$)BTIPV~G*eJ*Zy%y>4>T}i}$pl{^TTb$%2S_{A zwm9T;Iiv5Q*>Bfe;nwZfbOsogE=eXlMDbA<;8KCczc%R{v{pTR74V+{$hGRyY13_& zOg)cjyXIDnpNF07=ZaA*bO0oj2Oha5W^062{@fG9_LN<96fhh%6suOra-1N5Q9aTZ zT+73G-B%{r*LrVI{8XZH>-ZLh2<|roU<0TlP%gc@jJ~a!75$xV%nM+eYQ@Mw$ff`r z)@xou5&z1VhNum5Wp5?^gJ0OJx88Z`4x5*POv#NHW~{KrDiKJ6b%s1@H=Wb<>X)sP zuL2|wJ2N@^;kvu6SCA|Tf0s#N!?SSlz|U8`tF*IUy#^K1x?NE2EzN8>t{uYHR%3Kg z!-}>eq1^`7zoetF%pSh!Z(0XjXUqOrZUbKft!esKeFRUofOK-%1$3?%s z=(1d&whcAfe)iA8Uj_nE2 z6pzbV9$$*ePm_4!bjuqIu>~ikkyNi=1<97G@fF}d?t^+N-Edgpd~Q|}V<^zYsV`#D z)Il2l8NC8eKe;bG6-fSG`S6MQ+3{Stw>|)JJYF5@%|cls*ZOWdsZ(o+mc3t>&u`GK zI4dx|0L^??3}};HwPf@aOUss@fZ?&N!n&Qb67$sva=(^|RKF%LxzyY-ao1pXsW}p& zD^r#9>Z#A6-mGon?ox_m5v?dB<9cpl01QO zl&A<-sBX2jLto>EwTAG(g^{1=pQ2>tu5$TmA?Y6__x4EU^}8@#oH5m2oU~{m*Q1%ZXxf|*zF=Q9bK_mvDWmVHGrI|WphDB7 z8v)5Xj9jvbdwTn`ad@L85PK{RL?Tqoo@P|)FOSpdE+OT|)eq^`fO`>Tk<r0@}Mv;#%$4rh!#ryrl6d$wi90$xG} z==(kbD8P!E(($ZYzb6JvsZztM)=zgmv~Q!5K%Xo8h_2Xot7-6po{Rp3L3+&P@H}{Y zd7SZNv<2Gv6)853wzH$f4o#050RFm_Q1XIpxH7yP#&Y6y+qIjEH~IqsE%wAy41%`d z`dn?;;Iid9t}4?ix^Ou}B|`l0ucnpmT8ft^km#H*wsXB|nT5mIy|R zy=B&~0dj|?<4}N-)8H>@gK1^i$SzcfM(^XZ*`45potaXp`uyW~3(^((v7jt%^xfn0-Pu9alwu=KkAJghXMWNKK#zBI7l)t{04ndWfA_95rQw;r z*lbES?-oCN;2h(5a&P=r<)VaXv69sq#z>a1{iRFLA~RqC z>;()?J8S`1bs(ZP+QCa%F{uup{alN%2_N!4s=$Vg^>4e(9;9B)OhV~M0tUtfoTJqF zNIxW$>T-x;&9O?Nl8O;RUK?g?gW7e#Ojvf#5@^USL4P&iuY$HjZ^ljj_s>T(mtHQ? zuF_{06`vTfFTZ%A>r_|-KiW3SXC7|l=DAawcyrlf)u$C-I^KzO`*Yyj#WZ8yF zKn>eldW7ox$do#v7B-vPse-n$lCN7I@0#d1?b&U#S{~@FT5p{^ONa*@EJ-+r3l|uY zrsuz>3cBgmrx4&@niqM|_dXziY^Wf9ta+W@>3-msOE1}a;ql6(<8TUT4ay7B zmd#ZFIXy@xu3;B&u^}X|Tw|F%>DBTymlE(he!zD-;t$Er;Be;w6MdSAd^dQkb0*Qu ziX*f1zIMVsU}W~ga|+%3E<{wwFHSGLqh+dstLi$(jgsxzZvn|d58nUwI+%qJ$@1BX zKM?2APql000I1e@OPO$jshwphJW>E9AE!+`(TDgr>s_Y;oMDlr{R z<%jz>ilzisy3%nUeM2yu?);$>VA?wB*G)*aLAgri5K}=)e_jPD0lLt~_cIP=FUIu1 z?<)~k*I-@dLVf|;&Jid^Y{`HSl>s|)e0<};WL+N)2F%|~-RyeCrFFTb|6Bw>ci^>Yy2~8S2(_7_zL}$qPr<^2EpiZ^x0V$iM1hr7J2h)nFV|(c=$I{ z`}t{Hcf>rVR*WiIN|^|dhyzT9iY_ZX-H}{{_ zd2powY@q-=D-q=LONA@?Yx}~fNrnQB;#^;{2-lR8VY2a(L%yPAKMcyY6uC-r^kFhR z+EF=%`o0+0W)XIHB7X5brs+!~Zu5&j%#JH#V6%}FAa!)uuCNrdTf0+)z|(}VyIK>Q zWYrS2!F>&AWHh1$J>h;6%mH%{UJpM&1V~YeWPQH@NqknSB9Msbz8oU%;bB+uaN8Da z2Qk`zl$x1YNF%BFL>JG9cv9SZN7cl+%Fd>hCHcIt2#o1Eg(E&<#Lo|NHut!_x@J6C zl}(3siAMv)Uf9`5p4`lAV@^7lP!68E?M_t?w)msbvq|%ejB@o5u59`(!0Z= zP3=;YQk5F7{siu^OSmnSB|M-vd^LvDcehsM*@OI2-Rp-7kH9JiF7^;acA) zmFyw_i(8fO7y$5r2%f^Rno4_}kw(LptMo9l@&>$u3NReCx3LCVT06sr*gWd{ZNUxi zhue^IF{xZngmY@ zDBd%ans26Q{Kd3xbeo}{(_1vpmRC)(V6tewQqSW3dmCE z<~?N(JOhc1)f@gZ-?anv9xOfLyUFl(qK-c=iAm0mRZp@Z$o4XTsgMEKmm&|85up`> zE?A84c?jPV^dAZb{H^~NoBVR+w6@GFry0EVe#glqUtuMpnf7Q81uOUn5KtioqUqe5 zoUvTlyJqmJDIJ{D0Z~`uD;nC=Be7F@OU1V(k*{;gMio-@gp`a4XY+SyHg?Lk5LE XH``J7sAFdz{#p9P>*oc}^nL#yyn(zG literal 0 HcmV?d00001 diff --git a/education/index.md b/education/index.md index 5b3aeb6502..80767cde7f 100644 --- a/education/index.md +++ b/education/index.md @@ -194,6 +194,25 @@ ms.prod: w10 +
  • + +
    +
    +
    +
    +
    + +
    +
    +
    +

    Excel Data Streamer

    +

    Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.

    +
    +
    +
    +
    +     +
    • From a56806a7121e554c50471b4e6bad73e0a16a7357 Mon Sep 17 00:00:00 2001 From: v-savila Date: Wed, 19 Jun 2019 10:47:18 -0700 Subject: [PATCH 08/52] update image path --- education/index.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/education/index.md b/education/index.md index 80767cde7f..bf6f3d20fd 100644 --- a/education/index.md +++ b/education/index.md @@ -144,7 +144,7 @@ ms.prod: w10
    - +
    @@ -163,7 +163,7 @@ ms.prod: w10
    - +
    @@ -182,7 +182,7 @@ ms.prod: w10
    - +
    @@ -235,7 +235,7 @@ ms.prod: w10
    - +
    @@ -254,7 +254,7 @@ ms.prod: w10
    - +
    @@ -273,7 +273,7 @@ ms.prod: w10
    - +
    @@ -292,7 +292,7 @@ ms.prod: w10
    - +
    From a6f2f9bd887239b8e6defc3e499b750a0d24a24f Mon Sep 17 00:00:00 2001 From: v-savila Date: Wed, 19 Jun 2019 11:05:39 -0700 Subject: [PATCH 09/52] update entry for images --- education/docfx.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/education/docfx.json b/education/docfx.json index 5e87a91352..7a2761cf2e 100644 --- a/education/docfx.json +++ b/education/docfx.json @@ -14,7 +14,9 @@ "resource": [ { "files": [ - "**/images/**" + "**/*.png", + "**/*.jpg", + "**/*.svg" ], "exclude": [ "**/obj/**" From 5c747e8d0e1e7bdbd121902204153d541bc60ccd Mon Sep 17 00:00:00 2001 From: v-savila Date: Wed, 19 Jun 2019 11:53:19 -0700 Subject: [PATCH 10/52] update image path to media --- education/index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/education/index.md b/education/index.md index bf6f3d20fd..a48ba62d9f 100644 --- a/education/index.md +++ b/education/index.md @@ -235,7 +235,7 @@ ms.prod: w10
    - +
    @@ -254,7 +254,7 @@ ms.prod: w10
    - +
    @@ -273,7 +273,7 @@ ms.prod: w10
    - +
    @@ -292,7 +292,7 @@ ms.prod: w10
    - +
    From 6f5052d401cf68b1eba2e79afc2f86453cfdc2c2 Mon Sep 17 00:00:00 2001 From: v-savila Date: Wed, 19 Jun 2019 12:10:50 -0700 Subject: [PATCH 11/52] update svg --- education/images/education-partner-aep-2.svg | 2 +- education/images/education-partner-directory-3.svg | 2 +- education/images/education-partner-mepn-1.svg | 2 +- education/images/education-partner-yammer.svg | 2 +- education/index.md | 8 ++++---- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/education/images/education-partner-aep-2.svg b/education/images/education-partner-aep-2.svg index 96ecbf019b..6bf0c2c3ac 100644 --- a/education/images/education-partner-aep-2.svg +++ b/education/images/education-partner-aep-2.svg @@ -1,4 +1,4 @@ - +
    - +
    @@ -254,7 +254,7 @@ ms.prod: w10
    - +
    @@ -273,7 +273,7 @@ ms.prod: w10
    - +
    @@ -292,7 +292,7 @@ ms.prod: w10
    - +
    From 84e64fabb717f28beb8e16affa522729bea4119a Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 19 Jun 2019 14:36:51 -0700 Subject: [PATCH 12/52] Reverted the syntax to match other policy docs --- .../mdm/policy-csp-cryptography.md | 122 +++++++++++++----- 1 file changed, 89 insertions(+), 33 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 811f4acfc2..4aaf66a50c 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -13,25 +13,49 @@ manager: dansimp # Policy CSP - Cryptography + +
    ## Cryptography policies -[Cryptography/AllowFipsAlgorithmPolicy](#CryptographyAllowFipsAlgorithmPolicy) -[Cryptography/TLSCipherSuites](#CryptographyTLSCipherSuites) +
    +
    + Cryptography/AllowFipsAlgorithmPolicy +
    +
    + Cryptography/TLSCipherSuites +
    +
    +
    - -## Cryptography/AllowFipsAlgorithmPolicy +**Cryptography/AllowFipsAlgorithmPolicy** - -|Home|Pro|Business |Enterprise |Education |Mobile |Mobile Enterprise | -| :---: | :---: | :---: | :---: | :---: | :---: | :---: | -|![No][x] | ![Yes][check] | ![Yes][check] | ![Yes][check] | ![Yes][check] | ![Yes][check] | ![Yes][check]| + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck markcheck markcheck markcheck markcheck markcheck mark
    @@ -47,32 +71,53 @@ manager: dansimp Allows or disallows the Federal Information Processing Standard (FIPS) policy. - -GP Info: + + +ADMX Info: - GP English name: *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - + The following list shows the supported values: - 0 (default) – Not allowed. - 1– Allowed. - + + + + + +
    - -## Cryptography/TLSCipherSuites +**Cryptography/TLSCipherSuites** -|Home|Pro|Business |Enterprise |Education |Mobile |Mobile Enterprise | -| :---: | :---: | :---: | :---: | :---: | :---: | :---: | -|![No][x] | ![Yes][check] | ![Yes][check] | ![Yes][check] | ![Yes][check] | ![Yes][check] | ![Yes][check]| - + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck markcheck markcheck markcheck markcheck markcheck mark
    @@ -88,25 +133,36 @@ The following list shows the supported values: Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. + + + + + + + + + + + + + -
    -Footnote: - -- 1 - Added in Windows 10, version 1607. -- 2 - Added in Windows 10, version 1703. -- 3 - Added in Windows 10, version 1709. -- 4 - Added in Windows 10, version 1803. - - -## Cryptography policies supported by Microsoft Surface Hub +## Cryptography policies supported by Microsoft Surface Hub -- [Cryptography/AllowFipsAlgorithmPolicy](#CryptographyAllowFipsAlgorithmPolicy) -- [Cryptography/TLSCipherSuites](#CryptographyTLSCipherSuites) - +- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy) +- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites) + +
    + +Footnotes: + +- 1 - Added in Windows 10, version 1607. +- 2 - Added in Windows 10, version 1703. +- 3 - Added in Windows 10, version 1709. +- 4 - Added in Windows 10, version 1803. +- 5 - Added in Windows 10, version 1809. -[check]: images/checkmark.png "Check" -[x]: images/crossmark.png "X" From 92cceae217abfcc6fd770aecc8b1b21dff29740f Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 19 Jun 2019 14:57:01 -0700 Subject: [PATCH 13/52] updated bookmarks --- .../mdm/policy-configuration-service-provider.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 05e9f8b8a0..0e44c74693 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -738,10 +738,10 @@ The following diagram shows the Policy configuration service provider in tree fo
    - Cryptography/AllowFipsAlgorithmPolicy + Cryptography/AllowFipsAlgorithmPolicy
    - Cryptography/TLSCipherSuites + Cryptography/TLSCipherSuites
    @@ -4381,7 +4381,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials) - [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal) - [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators) -- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptographyallowfipsalgorithmpolicy) +- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy) - [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g) - [Defender/AllowArchiveScanning](./policy-csp-defender.md#defender-allowarchivescanning) - [Defender/AllowBehaviorMonitoring](./policy-csp-defender.md#defender-allowbehaviormonitoring) @@ -5246,8 +5246,8 @@ The following diagram shows the Policy configuration service provider in tree fo - [Camera/AllowCamera](#camera-allowcamera) - [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) -- [Cryptography/AllowFipsAlgorithmPolicy](#cryptographyallowfipsalgorithmpolicy) -- [Cryptography/TLSCipherSuites](#cryptographytlsciphersuites) +- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy) +- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites) - [Defender/AllowArchiveScanning](#defender-allowarchivescanning) - [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring) - [Defender/AllowCloudProtection](#defender-allowcloudprotection) From 1840d06df0ade9b15acc275fc7e5e1279f681f47 Mon Sep 17 00:00:00 2001 From: v-savila Date: Wed, 19 Jun 2019 19:08:39 -0700 Subject: [PATCH 14/52] update icon --- education/images/data-streamer.png | Bin 15443 -> 6090 bytes education/index.md | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/education/images/data-streamer.png b/education/images/data-streamer.png index 7751ccab1edd94fe102d36e9c13b8d09b32e64e5..6473d9da334b1db56398b9f51f8f58175765ee34 100644 GIT binary patch literal 6090 zcmdT|XE>Z)w;m-7(cb8t2ofa9=)EL}-b)fj?;(08M2QwskQrr2h!!nFbR&AS5#`l8 zBYGJ|9nRzXdwzfCy3UV1GuM9hGi%>#uXXRW?gRrp4N7trau5ha`Bd|<5eP&G2YzpY zNq|qn>NQ5-i|m!Ar7sBdi05Vy1QjX;fIy64Pamt81ZD5c>3d|Yhm-E}yC&Wnexd7FhkzvXwSq<#2$R&U= z1KXC(xy|OBWa4}A7bnh(VxUE$+7PV6CG|`2Qg&TzVk4ufg;yO*7WVS+VGfZVAWJY1LJr(6grKz8JTj0n!+&j39`o{6cZr$Tys-T2F-^Nu z)A;0(I+00I9vK@jYfZ)dJ(i|5cQ>?k&TX6ObSOt#N`*Ghj#xL(qedIdp*p*sd@N8v|@Vj8&qf9?Q2JQ+CXw!>FMf9mU zX{z`#wWzwTA3!U|v%Cu0g8TW6g7y7S1gPe~(?ya2&Ov46l7KRAshC#{J$2~g;EAEY zIqTcpvx2wbCGaVByOkf8*5&iF`w1W+5_;XdqIzninOAq!=^!0bosrA7rN7YjT=I2j zOOI7Q;aUQnXRPk)TU;)xUE`aB$Q;m=r-Y)>FONEwt?>5c`;wz8x%cJc(tgkFx}6~V zPdbp1FW8(!g7xKbXZx!?O3*Xv_{#v)1%7{5II@;zuO^R-K0_7bNgkT%cIV3FQefyR;0+>pbK{W1Pl+2bvn1N>sVlI7<-*Hk`} z8K?X&K@Vb432#%BcFcGr85B6xzPa(W*%|(cNz@vYcGj}ScQ&<-y6~)|fEbbiqo14{ zGEAwV*|mjRHO-uru3kp{=b+>s9n!%MU$<>&CPsaP@Ll^jp9uwP772%nZMIHKu6a|d z-xVg-xPv0#I!%1D*f+)5?HH5sYZrv=;Lt73ljea)uEfyf0=@-vzi_W(F;@@fHw&QB zV^DQs>hKAwj+PmbAQZ987|L&-F7LJmFKvIGkNVN`;N2q@v+rrG^T!Z$XG@{%C;-&qDsv@9iwKSQ7t!aIIi}`NgQuW;m*jN&{pSq+0};`yj{exjRO8bItyonlf4c@3dICS zP<5Tb+@*xGrv)#Tq}^{~rUmAH5Io|e1oCYI{P8Zu@B6~|*r0;uqEMMpci-}spd2Z8 zY^SrB>OrNda^aG{tr{+d*wJ1VrLw&km) z8R0u>cCp@$>x+dSs-N_Do7}IxN9DVnUbnz{wv4Jja+wVJm!aXwGMc0~u9DH(F*{4f z;LQ+#w4%T=OJpg8wZb`2lN(oaBDcg(Wdao*>J!>{Bs^X=+MHVdDYABJ=8fdNKZRyqip7L= z&ncf%zxDtKqlk{-B85Jr9P+dH{w?%)P^kfU$tV?p3QP`+{Is+eR)t?QI<;}{T00^o zYqM}AA>?@bX2LvxY8MEi*}Yj+u+pxvX!E?FLqHP{4r?Fm@5$*ERBPyHlEdccmnQH3 zoUs=cZqo!T+3&pNJ^aF>=9C$6Vx_NPC8ppUqsv9Ay{_DINVC_uV~aEEc05YYc_XFO zEfiZ5j~(h8`js+PKzH)NdSjex%u{0dg!7<;U0KOG3Q5DEEh^OOi2GMk1;C(t5eYkHUxkV(X~k1%ALBxZ2jA&so;R3SjqBz< zrP!(s@s)@@x0{?zTJZfQFGA%@FCKZ8)U>o;UC3O2$LV)bdT+)(zgGR)Gz4!Rz;RPz@fVsmBpynRXC$Z z-K*jB^>d~8<1=j^{FC-H^d;=?xUy+;Bzaa>98wW!YY@Jslf)s_8njI6Crn?w>uY}a z+K>hKt(?n)y4@-S;ONUyR>&)Qkw_Bxt;_t$f{!?t0O71|Oxp2~QJ@=Lqfe*z`;!qx z^qS&@lrXi3Gje3aB|oLc#OkM4Kp=Tfe7C4(DNGrfF%)G4oN{CH58q)K3BFv0qkNGd zYRI@I#I<;I)UMYYrut-tQ6nd3%owU)(JovEXGD!)8y2^PE6ms0V1 z$}q&vsA>G|-iF0VIqq{IbBvA+Q#7AQ=@xJQ&*zSFt5&vHkMlY=r-tzlY0PnKQvM#Q zd?JsK9O7u|R|u)5YwrzK=cjhPar#!{hd%;$i4gK&~Ku~8MsL(=2)EA(kTlNjnK7OlJW zff-qMg+(P%2L+}r+~zC&{*NPCLj+zCwNZT@+A!zl5Uy|BD>S3V+VWX$wY{npo3j`8 zm%sHez4DWy>OsVlmWX!;Ren_TX${MPy#DFJMUi{1`^>3N9~$3=DL(>WeyE}IT$s<^ zq!rsM)Y^QEi*5I2H+^qXo&5+XmA;JpNq5vpnb(Ghy^I2>-*q9>v1I9uknrE{S**(n z75o+;SuYx5ajd>kWK?ZB92Wmm%PdH76CLB^?pOzLk6*^grKn*3K7$;ykOz=5q}ob zBdv+d7#%KF6uqZD4|T8Vj#F_T5IeI{0+ z{VbRCV_n?zPGC*}v5)|8yD4L-t6cn&(4?XNX%L>!g2bkRE?WMR5lW~1Xhn|JngYpB zZxUUsBiwIVh$pl*i4>!x3@`vAyDf!{A{cH!Q0fHId6P#r+=06?V*3^$86LQ|ywQBh= zfz`;3u!AN>eNO8Q-w9-RtCS?JpD;;hm{@=(b|9$YG$HLO{NQM5ZFy^99{LO*PvgT@ zoqJ(~LgY7)#<%n1xgiZTEhxIi4kz-jEdn`ZqA}L;;X!4mDHYw^x@w?=JTep2Qls4a z!R4YJ*5uqTsJV|y9RfNL3)}Okh8C2c*sW1*D`@Be07DmLsXR^wSLW>$SOxG=d|VG{ zp0|cx_u_w^Wa1j((T_4?M#~Nqf$i>|?L^DpcvFS8_(Oejc$tQyFO%~~Iie{7`MMO~ z6BU1_~*?-*Yf$~sP)0!%978qADKBX0w`eBKJWt>5T^U9q5xARz>!TUmEDH2wILAa z;-#Q}Q%_4KMd(uDVFkWP*HqliqHV|>G8l-HM%*^psCPTLK?Xu(i#(m3DDq>6*oH>B z9>3i^G=G$<_~PNvujK32pmPz)J1tDA^%Lvs{xBlHYCkG_BQT8J*{BFx<0QavLcXiF zA1CrU7;v%-G9K?}x&uOq z2c4It3nmQ}7gs2dbP@K6E9IbX!0reNczFA}*Jd@-2TJ_tiv%zsjsB#I+DROesU^^^ zvpyhlw`umCr|Yq=;W1XN3~&B&vo!J%i#W$tol!63 zMhP+xu6cz$6jH*&f+NU$zxKTU@Ta!^9($Jb@}Zw$CH_s` z6{pE`rP`D?B{hDXbNfy`D$xQSx$53EP8}**VN<%B6MD5N)UrJ$|E+_~!Uf}^szNT} z$nCp`t%At9ZPaPa>+tXUvG|@3wr6*)|Kvc+RQ{_08b;)i-6|2l+5Nsa%(J}bAEMuJ zTx$9-eys9M6BN{}(D^_KpMAeflE}o;F=I#xdx0PqzFb3~+tQQyTB#0`F4#t|`t5jz zVRVw_@i}XsFRtj1)NRp@sQj%m-ZwaCBan&#@2RH^IgGgGwjlF=b=WWw2S@oW86y12 zPy5QmRIsCwukJSQn?rM=1Z}Mgs)EZLG(-74^!zpD@`L*H4>X74?WBTa2iLXEr$Ykc zgW$oz!J&~Go(R6Yo1|5oMP$K~oZJ@pO%iORIfZi6I9-{;YaLuA;s#s%?(rI@HEwwY zDqsci6?aMclZvR#N6ROez5q06(5sUgShy-v$u3HF6$Nz6hGkMKE~TeE$>DWv?RUhN zz#Er`KdPptkPkfc(CRGN*DspJnJ^Z;)*+_F+8XLs^5IMfY$2UABGvY&m^Ny};_J{; zJ@1mMV;G=hb@#RfFey`Hm9U0GOd)c5emhfa0Txm`TBd{ELzE9G6Y#hf0k~i)TVxfz zJzI(<2=ep^Eyn9U_n|F={CM-#&W_Y%q4@zx1r2`{pO{jXt8;zg@s<9mb#Uqt+&i!A70aw#d zeKsVPG|?6!P2v+Wk~?*Jwa30rR|L4Fr-g0dC4>^T7u2;%D9vG?fKhXd#-Jn5%J$16 zFEdM^J&dS*85LiG0zggT&@k<;YLNeip^KwwYG{g{y-D;ApeVYJ)I>q5XTr(^!58cV z4Ddo=FTtW)MmG4JSB$o&IZD`66g(0|AZ0iG8rPOf}c)i z*Z;tOGB+-yeN9#d02%q1s$}sq_vc!X66Dz3=F)C5xxa>&zpJyV!5xip0HlucXDw&X zes3t^hh#aM#!iu;v*BOb7G*;v)DU?1+{uHlUts!<(M}XWtXq)~BJ=hyiJ=55uEMd{ zKb2&#kK>*a{~8Z(ZRfN|CRAnSVm-)fSvNEXASE(7lf(kQfg}9trx>DX>wA|VK2?hz zLkdOgJ6BoyV9t4Mk&TkM;bF^__*itr<*%0`)6fW?FKB5UdZR9%5C9MosCmB?8hPDRX1#@0T3b}5NtLJ~AG;odPbD%jP4}m&QKWnTX3SP-^#Azfl&eh(V zug++knMnL4j(=bM$8@}zo%PeDBFL22h0wG{a@9Qox$0h~Q2H-xP8Po5KbJiH%XErq z;q;8o{?^**l`9#22ExyR7#G6yk2tSfeXPD0C-xYD%_15`B=Q+Nb&XuB8dRE)!-}eb z1MwKp5x)x|TmGC|Siw{9>#vrwr2kukwOfKmNurK-s*VzVBOYpV>|HJA1~Py!W9_#F zXOu3^C|=wGt@y0#fxWJS&Qq=tVVCAhC%LD;0Ve4RJl#5Bz(}xo5x41FoU~|g&VJh~ z_ah>4Oudm9g;bwl)0yi@_|`K{SU{MLS<*p3wi6}FBmgP@x{-%Zashof0MIA@>mua; jnc8_{C>aV~x+duCWBg@ic(?_K^Ps0s^d48J+C={k{yuf1 literal 15443 zcmeIZWmHt*yFR=Tk&qCTP)bEYIut}wQIQg)kuH%g>6BE4P>_&DIwYlr?k=Taz+r%) zyYqdvXPy85_vL(e*ZY1vvzBWM%zk#Kc5v}OOX)WCW0V{MEccpB?!W!f*_m@ zf-B%RLx!k)a3HjOrRe}cT#WEP9G47nCkVO&Nk4z8;*zk6BKsCK?8$w~Nz6llOF%&S z<5ZoT>9!2JTABeKOs^EM8jFy>H@`z4Kei`9Jh}g^DP6M&R_J8B-+<2p zTXC@AALtpnfe&sF@|p6e3?jsZ|NHwI*CqIvLqLTC4n8XW2>3?{wx$>G@eT$09(?=~ zY)cLwU%jX#fRE|-v@gR)CG!70{eNHG|Lit0QD(r+*gCt}M}mee1go(SljWlHS#$d5 zwB}C}cdd;Cg;NdmFeenE;A;}&d4)E_3Swt^=qi)KfXrw$LE03#kQ}<(1t%Cplm8YY z>i7DV0ql{ABO?WqwC7vx3IQmRQ0s>h-{b5WtI)>^+OzvkwPceHz*||hcr|LA*CTyj z`0!P{U+UUyki0szV0{Pn+%6?;B06?TPQNSJ#NBE(L_6NczSXE!*!d+ij|UaJ3Jl3p znnd;(*qfq}bk^=v*I_?5VNv63Bcg=ZWb@U$&A0fRYp)W5u<Xlm%)B9lyo4^h6t!^j$^S)g@2@sj>{;wZAciW@lK9I%^2 z#kgXHsOw74&W{XsG7^(@R4IxYIG#O7o+&yOqgJGa1+M)08awZ@C+mbCmi=N5>PH?o zqkou1%FzS=-~qO?4WVWgyGSk!jIx*^s;0ReF8tJD#-&;xZTPP0A-K*Ie4T6%7xiBA zq4#+#xfMmUMMzUr)~5elQ>)$2Ji&(&?*o^owyWvC3!fm`i+QU_8=Z zS7YdzJy~_|NgN?>YKUDbMD4tC@#@UI6mkuM2%=x$LP3aOMDaGaR-Qcp6?R%wnD7$6 zS|N%yE-tQl!PzM=bK$K0vj4anx>bErgpUiAB)ma|rjk_)?4R*aRZ1mInKaNJU@a6`pAgBkVeNnUq-qa~MQQ@5pQacG(Y5FY!{MUHXlqT7+c3a;*OJkxfRS$BBoO|jr30{&y(EL+SN=?|VAikdwU@vw9Y=hx!d%&$~D!^moMGtihD~T=B63hNpLr$ur`h0 zCC-=lm3Q8wArznKqr`9^#V}Gb%Cw{Ynwv>_CAl1hkJc}!+4<{_0#=&S2g|JJ4`#&p z9?4OQm&mpQ%rgHPzKQg@x~*7!Ud&g#{(!O-ftan7Cr}w~o8B#@&l>?Z#d5*J*iI)6?G&L(qUg6arHGVMwqaTJJ4a6f0GX?j2os zy+5=z72jh)Yz;8b#E5~=};Ml?F%*~GjVV{WQ*&i}`R@~fb z-Knl)XHcQAiI^nwuXjxovJ^f%=hZt|?Nmi)+Ib>Pv#i+`@BFr_F9+qvcEtZ{ zTr&hU*lAFbKuqf(2{g@2A7vTHtqmA)87tP;p#v?%f3Hy;`t9`^>?1QVR}g~-(^e$? zBXr`loWCk}t9}9-HMUbSbq|2&V+5rqg}8;St%a?5fFFWHoY{2_m-gP_N=l6$5>928#ZG`;L=sM}E^RrUp zp!B0D{GK$-s%Dj6dcX%kv@qf`dDnFK6|Lnw{bjXXgLrx>MyF_OU_unfIH9m|!%Toa z=|HX`1eDz1C=e{H*(4-%+@HfnOm97-d}f(_Gfz~wq&k(C<84h3KJYm&S+F84qZ;|S zrGxBYXXaTaa^=NDveX&fnyzL*`Y+SJ85Eg?r8K z$){Rlr;X|a=JVgcmQlKis=$F#GyqWcc}`3ze(=_z+CZO}I>>5*p@42!I8R!u$kDrz zMNsXnb?!xPY|t*D!Qtn`$vq~g@bkWl18>r^4c;=zW=C(2H@^?@An0)fcv&(MmiM*` z#l3m8MNAAU=b9Xv04#E4*p;NwD#_)m$tqwX-as*GD^2c)lNTG>ZB?H%*NBcka`;U7 zh?byYT{u?xu}h6i_jf<{%(r!kUzh05X1g5G%i_p8+7GRimK|^)iK-i1mm~;3$v=;K z`!@0n!Z30T*4i$QcZz*HDq-y|=o^d?cobAf=OXT5XT3#0DDomQLOLVqY z){CBu%$2Oqz41guKp^h(Q|zFjqe=Z@gbtFLqQc3Dk~wsqT}Pd)#8(vHgFRo|i=tsSC% zM_Op^u(T(9LK=87x?v+od^TPE(_rcYcf$$EJxqn*ka2jI1N>Ooj zc3(Rm9h+i58~Ig}?C)_zK*?{|aEtxAjYc`QrmkmYvXwQV_r8p>nrd`0a(f&(QWFY% z<8ibe7FU8C#+!KpBW1!3pgQi@<0uF16DOmTqg2i){HV33e`WG&4^&8HFWEhFakyxl z>$fj{@1C~|IwRIQ;#S~%t>f7|I#TQHmO?@?TiCTF?m7PNjozvzC-G+-l=hZ zk(yFW+k@8k3xAV3uWvjHJ}}*z=rurPB8x!&g_Ak@v=bv^Uk4gHPEf~h=1^-p&K-y; zR`RTnT{&RuwB@~mDDBVgJ8=ysy%A1X&kTS?%5UKDDX&_u<%tg0=E5las=%RhyiDO& znN<#*Px`#b3v|GmS8dt}@ag%EB;W`B%PTbDT6E5p(wNtriw(&WgKw1>La8~t+?5P` zTi=6(=TtvEcyC_D*9Et6NTX2JZXL^ z+Ppa}+SEBL`mFimL33aru7TE0+u0dOzyg{*qHdz;{ln^fhir@a?TR}GGX`V{JV zLVM&-fT)5${sR~_R-8G^_npkn7pjJH*a(a|s1IaAu&)@o(AMucJsQRa>kz^R4{v%9 zt7KAh0C@ADY9E>Cju!$+48kpZ(5dmCa}{^aHpQY+oj8ow=Pg<@+&1~W05U2}9bzqK zvab5CQOdT+aZ72CZ)*rOkJnm~RMUiGyyrd0$J(U-1(bbFTw{iIWWz$(=fn}ySj5@7 zJzJSjRoXa)t{6)T|&LvRxO)bbOcm`n1iK!I_XGx<< z&~TvvR0$-+NFn0^LIyV{f%l2x^Nf21Pva=IeZTKS$OwxSch7i`Rpjud`J=7r$_d^Y zHL6h0pjq~@HZdiGPGveu=<~;NA985%HSFr&5p>@-a%3yQ4W$a`$N0y&d1q$pLW?mU z3cU8LvB=kw54tXg^mA*@pW{F}uVFAz)i%PHu=M9Q}+5|RK-Hjy+vG_Zk#h5c13{)l%xp?Ce~%IfpHL`p{q(FYc8 z{_$=54;H6Gz9{gr(s~|m8ZVWCSHUXa6+i~v{5j}K$}{?_hJk+C^^OO&?44j@#P#^H zmQ2p!+LAnyPdFG{GEUn_93Nlhs#sIb&`<-c&qotSc?s;^Oa*uL*Lzf@*2#a?2dh?3 zMhD);nhauIbDUVWcel5p5SBmDG=b0`}sR^IlV5$8RfoU1eFJ6zsuozRt*jPAP}X0tA?vH5vYBjw#g z#btXEYQZ5Zg5S zpxWJIyq3XzgXi^ao%rFh7L%b%FQGd#r^X}@1=o$oUap3YO1-fN)0wr(oab+g$$M)= z0|==swrif#B4vrG>s`88ngH%KdE_hCQ0atvcR&nvTm?3_?U=)lF* z3N0f0>BVoC98&|=uhW#zUFT^F`vYH!0aVb2yUp&{{j{g65;~u*@o-gyHJa45cJ)-A zo@5sPe$k~sOwA3zT7E%ZPKGLQs<{_YW|twp*Bi+v_GtIzw@pI0xe=MXN86xkOWS_W zqo#kC%Z-Wsao2Nu@|N4kn#07|@l>@bcCGe~x}fKA2~UaBE0+)G2vWW8gw!^5)-NA> zZ$EY*`7d^l^p-)&Pgtu3Tu#cxPdkhlJ1-RJ*e z)!=f`e6@KmMnQP@3FM;{f_<0R|F+DzaJ#grvkDC`Ep-InNdX8VAVz%HEvt{$iu+?B<-lno@cow zdWLk8oz>Iti7ej!eiU?s__LNuAcereEdB{%kxe!VFqGnp3S*r+s-KFLwm^Z|9A%G>P~@{JqHgZ-SU(_`H-=#@oV}KH$A@pW z_-uU)qC5ochNd#;Mrb3P>YLMA+1jZ2+S-fgS^UX%&*TrCWssQhPCL=u16{4q7XyM^8xxj)%;b{ClCd(?!AgfKKi8x|dA$oDb{5wh>o6OU3h zK2Es?s&q4wM5}4JEWSDV=VWu;LNtsM;y1p@GiFm?U%1XwFrg7cOQXlA@4vrhAxf=Q z6O-I^+Q(k2M|~*+M)4FJPG(%g`nhe5~1;C4cN`Q?hhFjK!&(8r3t z8j%EXSM8DJS^yMW>wn2L9Ex8oq~?c(-%SUZ;XMM>Keizl^l=wju^l0jOUs2kTz_Qf zeMo+G*#}*5S3h;mZC$Rxr8`vJpS(;GX;pyZGs_5Y5>c5Y_G9|EOip|SR^qWU=qAQG zbam{R#yLa-%3HeHwArW-(jYcnFEG+Zv6bG8ki-DzZHR5u9bZOVqv!B=;S9LLxv-9; zK-&=M&sbM;b2E~IKF<<@mzSWMaP+EVJ6xG7_d)mQviR52470$g2aRvKPohq?s;P40 zplUQuQqtn+a^|SlcTX?Qj1;U}~Q{xY&L8xKSAK|K2W|k(6mtw4~ zq(yPg z=Y6!s?H%@XS{`%kFB?QhF#5Br_T+;{vX;~yp()w2T{a(|(egkN`Wwh2&BCQ*)CW<6 zx)C==V0t(RE9$_i((@@)c6PMHs>U9)%LbsS!=tfS`-@}HQWV+r_bG1EK;&^yswBSS zaRLmavM_jn9n*p{XR6OuD(49d2g5b5B!*Hy>suV<&yr~_3|&PT#9+rwRf4{lG*J6> zg*7RT0ftQE$;S60bEC-T=-(1P=4i&~ER_W5{RwF3h~~>RVbIIh4O%y78>T9x*s}Ei+A@m+?xX z1r3}n{jBJ3#He_iJYx`ybP}yMR&_CMbdVm!>~jDRM|f9ih;+&JnGwPFjcY~M42xV~ zSlHELNkEC?V>$MP0P2W0@GQ9)oW*4A_8pIDJUv>I9+viT5lI%UVmlRQShOg7F+mY? zsUP4LQoq&^Q$3dqOXi28`gU?_ij9D(qY(dy3!w~E_4>S_&N3u5om&2lQ87eWTV7seH{s_>;wzrR3SB{fu;E)V@1^FL-u@m=<)IBp99`pDVC5oT%161= zG!>*FuhSRUZ0H(1r$<7U5=X~s#4X2*vrs#8n3HF#=Y&z|Kj(WD35qXqUwLPz`9WY9 zv2}86T9Ev8*bC7rR|F6g9-w7ruYc`x+x=|X3<%dr5m{o&`n@P|&bIEL;GMjf5&w-o zoq=@|Eav3WH-u%(lhNIdTJvI!9;D~%YQ_fvZS+yOX+Cy!%>_B=x*vmx~D24_vs=Rs6Nz;;})XCSrX&M5Edg^^MhB6s~dlcOYYBdIyW zkUS^mw}5R1G+}T{&NiP>23yl(169tRIqQW`PngJ)ZNDtl&G9v?06E)K5}T~;+q$f) zie6ZG_w7XnGc-^OTwX#K^{_zU(66!fznh}Y9Kls#>SZnOQrah8biq%B9&sNvii^`F zX`Q>Nwf`4~2m^D#>Woi*rWUq10hzkd=3DFBF~ZwOa~eNJkB~5P-HR-jleJ_iu5bn^YikLf^gs zUjS^MVugc^nja;{B`5&qsZ-|uI|dAXS1LD~#3bmI%X-6MTnuZ8irZdi%QUGu8IQ)j zdBkSVePiSjsWZJcdw700z0#ce%jqcGge!h(Hqtl?&{mYHlqHn%7#3mdc>tWx%p>^u z_F|vhZvr(y4X8Jz?bwG%0lB2dPkLg-GK>pt){wpE=_&5lYt$?8xk&tJ`ux%UI=uB><1hOr{R&iSIN;h#s;b}=c)G|UP9~^*@-<>g@;bz-@b893e)4lG1lGB&EzG$B)?v<7 z616|)+BBxzy|BX*i$B_oE_2MH8 zBNSFf`4co8pOJ@LP7(R1aIf_ zA8r>!D-}PgcYmxkSeecub97oCPxF4fmadTbL|w9bLL{6N@{s|26%f35H9RubciJE7 zk5^oT+AeHz&x;(2%5x*J(h{d4rOmh5@f}?|e7UVHyqTscFN2z9Ve@>8 z19dP0ceU~bK$>roeGwBb?D+?+P^m&Z@ci+|P z-e@X{yOo-G9HN4~1f^8M$s<_B!9r&QS6H`UY^;RIa{R0iofwFx8SqUCv2ig{;N6L| zlbfR14qcm(jkYjt;o+~lILhiH@pKQ}e1i+I^25%+M~>T8vF{_&Pr5F;E*4rf zQModmF1eTES3p|pM*4ndxR}p=ZQq7o@LFi&!m{)ElLTdVJs^rhDZB3%LGnv~nfyVk z4;O*f&8O^~vOH;XH!&@Bct zq}>%$DwGvD%l>gSi59?9BCvqkj>K-InMYzvnM34~9N*$YtRnEDU-NRr7{|SN1=Jsy zh`JB?^GaU0PZ#Qg%)ppL#i{dM1P-Zi0Z8KGzcfCe^HFum+fE&`BV8J;bkncZLE$K9 zpkkDOK@eK>sil9wgarBE+b0~)KK4$nC_+jjJZ8W2WRJwd{4}pByLFzZP4V%rg3L)`{7+Zk}_QJx0e|~mAeMQ?n5;`{o8Bh zmXj3!c!-=Ott~-gRJ_*YnHzwhIs%lzQm7OlIFeAF5@%VMEUUKe4Iw1+XvLqFRd;#+CVcy2+qGA!XSM{!7 zU}%)(FyNAFjtPwv_ELZHB>sFWV)eJzVA)KZFfC|mY<)Ut%fgiOLdkyhQ=EdMc|=~` zOQ+>MkTS0T%jj@jK{)rio>o%0@ml83`PhM?HH+VOYm&(*)g}Gs+mPX4Y{It0b+-NG z?`QVME~}N1HqyE@{a@SMPt=2=ao5z*z-5o&7nigDk5fGVo19!wNpl1HZn$kf?+<`7 z`x*HhG|s0ys>6oFc>SXD3{BE3NilA9vlbYk-zv zVkAu2lYo%NUg5=sZP;8x?L_2CgISLlTXG*RkV)LJVz+<>QtDRyz%(>BTc6js>i#ic zzcn3{`V5OIGtR&IY8y;(7xPmfU{1jd_kzQ6%F*U^;iS@q#?$83D(8N#u_};r!oY&Q z-2e|9*6=sUC)efwu$B{${ei!?Lc<&~dOxlD9}-~fVBVBL@=>vBgviD!Fo^JPU_%p= zogaxY>_4oH-Lo*vFsd2xP*J=j!K8^a?&MW>Z~SE@hI^9<*amM8D3fTQ$C}V_=z1Uh z;xRh@7F_dSYk~?0WAWW>+~1!Rceg(`_(eaZUgSWwBrKY>z*+U!Y9Q30e`K|}b@8VT zSx~7({hKdakc1fF#vM9%(bD%@C7X*)M&2tE(K4izMv>7jYg=2}!FvW<4&C9|#`){2 z6q(+Or`B|gM?1PZNZ;OtqPQm2v$l*8&s=kd34D7g%xsaNtY{z?#+pL|2f zz_bL5_T`j2mk~>?wageJ;O?7401LOO+V~@~ulifM#`@hsN^tnnq zYs+{Z+An_`R+bzle1vY9#yqPR!}y0m5R)8;qv?Ni`#C?iiQ|OESLexm_BAFKT1NAr z`|b+UDjyirN=a!gSvzR=H$2}pZpaf~7G}Tkur0SOWJ|K{wmH7nufG_4=uW*`tOB&X z1ZW%r%2eFmpITS>UWmHid{@}ota|Vy;|>;8v{L7rKn3|Uf&BJGkXJ*y+)Y_6>jsBX z=WAiJcfW_f&wNhIa9-20ehH9J2rzt22a^VvJCG=P^#aapAwo+#OhR~PCn21j4!Dpa z^*(qL$}qL!N!CY3vs`ZK7zcnb@5$|6>1-D}@5aMV!*0dyyLD$a{+^t9&F&|o=}B?T z@tHTf+_tmFEal);neYfuXamah$)*-wv@p>S?d`=J`-PhB{g#?cb9x zWVt(CO>&Xspiiww!_Ih>=}Ib?NdWNgPL#G^E37$UZR&Do{aVMQg-bm|&JR@8wa3#TP=0lIlzPBhI(CNs_q?sKf)s}NJq=L%skvYgR=r+n>AOS70is8 z##)f$|-<8;K{z@6FA6mrZy2fc;rGPrxkM9ri7TZ8EWP z)|G#w3ITu-RhgS>V;X?x*kA%fla7J?Hs(BP2DuaH8y@=mPksMbLOX39)u>fHJ6!*D zqovyC2WXs7F*_?D9r4>3y^;hSh@y*V4=+Rqb3T=TIP-0#6{%P)i@3$!%6Y}1`B*1v zhZ-~esc^_s>=$i^warj@i@x3bNI%m@6E4G6!@GX1VBU^ut_A=sFtQ<04fsD0`7xh< zy(prNnD13)G10S919JJ4J%$30?nZ`{#NM0=CL9L?;0DdK=SG!E;Y=ka$lxeC-ky{) zjr`Fl#VDGfK13k>lj_q!eo6f@vqI>`CEA2?C34w!c4P9S`Fw>u0sx>los+R+MT@wMlh8 z1@Z+=R%NB43d!il3R5=7paA1SDH)*T`C#1srs5flFUxDnzb2-%iFY*7bP@?8xvN%N z&YSOIWuyTHmZqNUZ0BDZsvMmJ<1U>R6ZTuKrv3`&Tdlq?Cdw8P>t)%l39}0rjhF7V z4rJvD5U=i>q$&&-rEAKyCAG~P%$)BTIPV~G*eJ*Zy%y>4>T}i}$pl{^TTb$%2S_{A zwm9T;Iiv5Q*>Bfe;nwZfbOsogE=eXlMDbA<;8KCczc%R{v{pTR74V+{$hGRyY13_& zOg)cjyXIDnpNF07=ZaA*bO0oj2Oha5W^062{@fG9_LN<96fhh%6suOra-1N5Q9aTZ zT+73G-B%{r*LrVI{8XZH>-ZLh2<|roU<0TlP%gc@jJ~a!75$xV%nM+eYQ@Mw$ff`r z)@xou5&z1VhNum5Wp5?^gJ0OJx88Z`4x5*POv#NHW~{KrDiKJ6b%s1@H=Wb<>X)sP zuL2|wJ2N@^;kvu6SCA|Tf0s#N!?SSlz|U8`tF*IUy#^K1x?NE2EzN8>t{uYHR%3Kg z!-}>eq1^`7zoetF%pSh!Z(0XjXUqOrZUbKft!esKeFRUofOK-%1$3?%s z=(1d&whcAfe)iA8Uj_nE2 z6pzbV9$$*ePm_4!bjuqIu>~ikkyNi=1<97G@fF}d?t^+N-Edgpd~Q|}V<^zYsV`#D z)Il2l8NC8eKe;bG6-fSG`S6MQ+3{Stw>|)JJYF5@%|cls*ZOWdsZ(o+mc3t>&u`GK zI4dx|0L^??3}};HwPf@aOUss@fZ?&N!n&Qb67$sva=(^|RKF%LxzyY-ao1pXsW}p& zD^r#9>Z#A6-mGon?ox_m5v?dB<9cpl01QO zl&A<-sBX2jLto>EwTAG(g^{1=pQ2>tu5$TmA?Y6__x4EU^}8@#oH5m2oU~{m*Q1%ZXxf|*zF=Q9bK_mvDWmVHGrI|WphDB7 z8v)5Xj9jvbdwTn`ad@L85PK{RL?Tqoo@P|)FOSpdE+OT|)eq^`fO`>Tk<r0@}Mv;#%$4rh!#ryrl6d$wi90$xG} z==(kbD8P!E(($ZYzb6JvsZztM)=zgmv~Q!5K%Xo8h_2Xot7-6po{Rp3L3+&P@H}{Y zd7SZNv<2Gv6)853wzH$f4o#050RFm_Q1XIpxH7yP#&Y6y+qIjEH~IqsE%wAy41%`d z`dn?;;Iid9t}4?ix^Ou}B|`l0ucnpmT8ft^km#H*wsXB|nT5mIy|R zy=B&~0dj|?<4}N-)8H>@gK1^i$SzcfM(^XZ*`45potaXp`uyW~3(^((v7jt%^xfn0-Pu9alwu=KkAJghXMWNKK#zBI7l)t{04ndWfA_95rQw;r z*lbES?-oCN;2h(5a&P=r<)VaXv69sq#z>a1{iRFLA~RqC z>;()?J8S`1bs(ZP+QCa%F{uup{alN%2_N!4s=$Vg^>4e(9;9B)OhV~M0tUtfoTJqF zNIxW$>T-x;&9O?Nl8O;RUK?g?gW7e#Ojvf#5@^USL4P&iuY$HjZ^ljj_s>T(mtHQ? zuF_{06`vTfFTZ%A>r_|-KiW3SXC7|l=DAawcyrlf)u$C-I^KzO`*Yyj#WZ8yF zKn>eldW7ox$do#v7B-vPse-n$lCN7I@0#d1?b&U#S{~@FT5p{^ONa*@EJ-+r3l|uY zrsuz>3cBgmrx4&@niqM|_dXziY^Wf9ta+W@>3-msOE1}a;ql6(<8TUT4ay7B zmd#ZFIXy@xu3;B&u^}X|Tw|F%>DBTymlE(he!zD-;t$Er;Be;w6MdSAd^dQkb0*Qu ziX*f1zIMVsU}W~ga|+%3E<{wwFHSGLqh+dstLi$(jgsxzZvn|d58nUwI+%qJ$@1BX zKM?2APql000I1e@OPO$jshwphJW>E9AE!+`(TDgr>s_Y;oMDlr{R z<%jz>ilzisy3%nUeM2yu?);$>VA?wB*G)*aLAgri5K}=)e_jPD0lLt~_cIP=FUIu1 z?<)~k*I-@dLVf|;&Jid^Y{`HSl>s|)e0<};WL+N)2F%|~-RyeCrFFTb|6Bw>ci^>Yy2~8S2(_7_zL}$qPr<^2EpiZ^x0V$iM1hr7J2h)nFV|(c=$I{ z`}t{Hcf>rVR*WiIN|^|dhyzT9iY_ZX-H}{{_ zd2powY@q-=D-q=LONA@?Yx}~fNrnQB;#^;{2-lR8VY2a(L%yPAKMcyY6uC-r^kFhR z+EF=%`o0+0W)XIHB7X5brs+!~Zu5&j%#JH#V6%}FAa!)uuCNrdTf0+)z|(}VyIK>Q zWYrS2!F>&AWHh1$J>h;6%mH%{UJpM&1V~YeWPQH@NqknSB9Msbz8oU%;bB+uaN8Da z2Qk`zl$x1YNF%BFL>JG9cv9SZN7cl+%Fd>hCHcIt2#o1Eg(E&<#Lo|NHut!_x@J6C zl}(3siAMv)Uf9`5p4`lAV@^7lP!68E?M_t?w)msbvq|%ejB@o5u59`(!0Z= zP3=;YQk5F7{siu^OSmnSB|M-vd^LvDcehsM*@OI2-Rp-7kH9JiF7^;acA) zmFyw_i(8fO7y$5r2%f^Rno4_}kw(LptMo9l@&>$u3NReCx3LCVT06sr*gWd{ZNUxi zhue^IF{xZngmY@ zDBd%ans26Q{Kd3xbeo}{(_1vpmRC)(V6tewQqSW3dmCE z<~?N(JOhc1)f@gZ-?anv9xOfLyUFl(qK-c=iAm0mRZp@Z$o4XTsgMEKmm&|85up`> zE?A84c?jPV^dAZb{H^~NoBVR+w6@GFry0EVe#glqUtuMpnf7Q81uOUn5KtioqUqe5 zoUvTlyJqmJDIJ{D0Z~`uD;nC=Be7F@OU1V(k*{;gMio-@gp`a4XY+SyHg?Lk5LE XH``J7sAFdz{#p9P>*oc}^nL#yyn(zG diff --git a/education/index.md b/education/index.md index 4aa0c932f2..b1cce0eedf 100644 --- a/education/index.md +++ b/education/index.md @@ -205,7 +205,7 @@ ms.prod: w10
    -

    Excel Data Streamer

    +

    Data Streamer

    Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.

    From 41500b2269385ad836283ca8f2e6148df42d9901 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 20 Jun 2019 17:12:45 -0700 Subject: [PATCH 15/52] new action center topic --- windows/security/threat-protection/TOC.md | 1 + .../microsoft-defender-atp/TOC.md | 1 + .../auto-investigation-action-center.md | 54 ++++++++++++++++++ .../microsoft-defender-atp/evaluate-atp.md | 5 +- .../images/action-center.png | Bin 0 -> 21487 bytes .../manage-auto-investigation.md | 32 +---------- 6 files changed, 60 insertions(+), 33 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/action-center.png diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 3946fe4807..7fbe04c2fc 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -72,6 +72,7 @@ #### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) ##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md) +#####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md) #### [Secure score](microsoft-defender-atp/overview-secure-score.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/TOC.md b/windows/security/threat-protection/microsoft-defender-atp/TOC.md index 0f9409ab26..e8ce0c9dd9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/TOC.md +++ b/windows/security/threat-protection/microsoft-defender-atp/TOC.md @@ -75,6 +75,7 @@ ### [Automated investigation and remediation](automated-investigations.md) #### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md) +#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md) ### [Secure score](overview-secure-score.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md new file mode 100644 index 0000000000..1527dff194 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -0,0 +1,54 @@ +--- +title: Manage actions related to automated investigation and remediation +description: Use the action center to manage actions related to automated investigation and response +keywords: action, center, autoir, automated, investigation, response, remediation +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Manage actions related to automated investigation and remediation + +The Action center aggregates all investigations that require an action for an investigation to proceed or be completed. + +![Image of Action center page](images/action-center.png) + +The action center consists of two main tabs: +- Pending actions - Displays a list of ongoing investigations that require attention. A recommended action is presented to the analyst, which they can approve or reject. +- History - Acts as an audit log for: + - All actions taken by AutoIR or approved by an analyst with ability to undo actions that support this capability (for example, quarantine file). + - All commands ran and remediation actions applied in Live Response with ability to undo actions that support this capability. + - Remediation actions applied by Windows Defender AV with ability to undo actions that support this capability. + + + + +Use the Customize columns drop-down menu to select columns that you'd like to show or hide. + +From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages. + + +>[!NOTE] +>The tab will only appear if there are pending actions for that category. + +### Approve or reject an action +You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed. + +Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed. + +From the panel, you can click on the Open investigation page link to see the investigation details. + +You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. + +##Related topics +- [Automated investigation and investigation](automated-investigations.md) +- [Learn about the automated investigations dashboard](manage-auto-investigation.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md index 1abeaeef86..1939474a15 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md @@ -1,8 +1,8 @@ --- title: Evaluate Microsoft Defender Advanced Threat Protection ms.reviewer: -description: -keywords: +description: Evaluate the different security capabilities in Microsoft Defender ATP. +keywords: attack surface reduction, evaluate, next, generation, protection search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -16,7 +16,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/10/2018 --- # Evaluate Microsoft Defender ATP diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/action-center.png b/windows/security/threat-protection/microsoft-defender-atp/images/action-center.png new file mode 100644 index 0000000000000000000000000000000000000000..02ad4445e66c71c394405614490de9e1f9f6daf1 GIT binary patch literal 21487 zcmeEucR1VM|EPXiv}RjHY0;`tyY{AAQCsX$C5YH0YImWfXc2pFiNuWA(DFg;nZydM z6%wQN=0^Mb{&)Yn_jjM?KF_`9dGa`Uz0doc*Lm&pdY$;FudBgG$4N&;Ma8K3?6Dyg z)dd6<)j6h%G!)3wqy%rupG%(4%zdb+*!a&r=QIuZep7(7zM48uXlH4zu`37`wQ9Zj z1A1cS`vBtW?BPvSg6erj0WtVeK#zew_TC^*Uyz4870adDcPMbWGx#G9Pk(Qald~^X zDRYk!1J79z8+ywZPFN;EQKqQ#)^Wkh>Grw;Kx)6d3K__aWZ)K&tK2cjW&Jd*tEf26XqO+UZGb zrod>wS=@1sS*h|=y;Ig4usAMUs< z2mA$Of9&q<#nwk#pHYU=zP%|w;~%A+d-uQ5n=NHT2uCI@^&8lc26t_c<#JHBztjGV zS}3x-|72=7GNsP2gU?!K&L60Hv*4Dx@v^U5caUaS2mjJ}B*7%tuJCg^Dvk%RILf|8 zUfCvBk8RX99l1Bhz-|a+OSK8U( z1Ww;5I47ppXj6m?T*lDZZu$j}SH{x#sRzD=vjE8nD#3|1r!#fCDKR`lO|wHys?)Mo zZGZ7R`nlBt&r5^FyEzXTH9Y`V3AlXASkbMrz@m)X#ymu%?K8YlUp35QlU4gzuPGUx z_S`U!-F9|n9Y;HcuV$f5XuJ4J!o&}PB^bG`Bf+7&f!5eAIlLaN7NEf|sp-c==`ww) ztYa8P>EKDCl#~>DYUsgiB@c|Kdhrhesky^+h@H}IV-z2Hv25`NV^<%n2H0Gt>c<4o zI34MK=doqyQfVWR=xdHa^8LJ7tx~W)j3;I1v$-8EPId5@1nr8zq4loQHrBlPY4#dR z-=7v2NiYR{h9_X#;$}D-h5syb>sxv|6*$N(Ts%l66CIz79y(}rNEol>}+S(WIu->*<%&lq0 zZ`TswzbejeM~HlNeFlT1>yI@&vG`o`bV8eHsV;xhGNO1QTQW7sHWUKaHY(P`f!a(a z>R#lqaF1k!kZk>D5J5n3J=4NX*;=y;mwMY{ytyW9?{?=t zG*A3mYFUUW&VP^rUxV&;izEH_xcPyNQ*YMxa;~~*2R?3%+#zE_V}@kW45f6_w)XVY z*hdwECv^zBFtyO&NCEZ6K{frxcW!BTK6aPhjg!>%jd)ID>jo3O3G(WTDWBB6XQ`#` zhd*jEImT;d+@k$Y%n6~vkltRVu8k2wYMi+_euL$7xWC9$_RmiBnMoszzn!5qIGDDf zAY+5jKs{Av4F4JjUvijVsSv%a`bz; zXuuknG5&3?@9=#~FnnXV7VRFpYgj5mB!#ui#)$*AdH@z`;Dm$YCbTQ2|E=%fyfy2U z-E5l!?W}Rr3ISHj?XGnB<@1T^*-tz~2UL$k%DOGb)6Qk!Et<*lHlh8`u>ZP?@dX$4 z6b)Bn!LN*RcX3*~66QH2UcX2qQa@@KGk9V5)XjG%s!|9dRn=${R#i9;)7U8^Mhia@ z@QASNZ>^_ZW!`~(NVsZ*4zft+RYF&zuUC0&9wl*`?6Sp0vV%Z1wRIIuHTdk82*bD` z-)t)v7G>M+_zqKUo(E!BAzodhBsD}Mg{}=I5||~`i#@hUWyL8HAd*;4!v}+;4%_}*kKu!f)GpqU z@IepoczoDs;96-o(Op>~tNB;z!gk)h3{Gg&j=RP=T$L*B`G7RgskXe=CUN{x+TXPnOyy00F%dt_IE%+=*lzm| zo=Ep5vXWT9!W|Hv4%vMp&)oo35suEk-@#V`eE*O$=x27ucysHH?IF0Kc)>2aWqX3m zw-O(7T-)_*8EQR})9|*h`9AwtWO0EA1W=s+QgfOchmT|4-Y%?!nRsnne!_QH{;bn< zT*7}b#LRYrtY077B`sJI=(z1Ov0N@T`|A}c0Ekz@U-*NeOsNIMfcme2qcOH-{yWCo z-I*4xS2bXE{1q6uQ&aXiH4P-b!tl41) zd%HTtllag)UrNIsH5jX(5=%JOf8S6tX?nmxULAg&1Iwea9&AA7zbu)PUQrOX_Bq(s z7PCU(Oh-+cJv#78a8E$CmzF)yd$b zLmQHJ;&wFK8YB6`4r+5l0QIqv-B9?$+l(rxzx;I;Rbwu1aHK*Gbl(8VJ7i9rl5VKkA<#ceYU zL%@O6tDIw6!?4_^-&ekUy3SwK;h7((3TKeSGV z1Ti4g1`n`1%D=+e;k)Q2(cwpfkCewwj-6q+(3i<0>uhaLCf>%sC353u^mO;ktTkN( zh?gIC=oX7BKJBm!7p^Jb3(lWgib4}6NFtH2%&*3c{OCnFlXn3lcEBRBXTNq;3O*8C z%kbZOG&wVq;ml00>bElpA1fiLjSf}Xit;J6WM0j2v>Cn4@naj??a1@v3a44)uMS|l z#rySrT*WLl(Cm^mx0?G^LGR+SCT^{z1wNcGRV%734Ji}&vkT`7O<{m6*TDnpn$SD$ zE5yw@9fCW@OOFR=ZIP*NBjD74;due|f>F7+u3B=K`ZTIpymGP1BW9dfGEm{6hD`+Y zFHMEI`ih{V8jhx>97N=;LHo8#@AFxJ906<7Y9^%x=DRvk@owAw;3F>PrTKKd?OuaG zM!lOuPKr@m_&NivF&lC8VqqW;_xQJ20LO(eVY?F}&Pg1%nVT*y*lSQL`6$lBeKfa! zXJxo4_^^6ySj?iC#IIA|7<)k2PPUmgTD5pSVx|*?F*dBPX}+iHr&9e)F^hXZlIWOJ za%)zRaDyGuTo7vQG5Zm+G~UaWDx@JYys?eFq$#KcTc3)6NkhI`GYdeC=rw7jc?L5s z`6L+V7e3l~kDOUN7n~Rm&)-vb*^=fVMFhY_{u0eh?UOkm=V;f&xt4E9X`4J&5x&o; zG?l-|t%rDl@O2GtQab`C@Nz}Fj3;j|cI&~9P6W~Jry*_@GMZ^@{&(-xxJaY8YhwVl z@+YX3`8KV9!BI8A2@1PHjErt` z2Jz#`vfI)4Yndw6ddQQ99o?}cqi)_{mvyPos2Wo63T!p($B|hjw_Cd%m!jl1$JmE)F---21R5SX zlFYLz$_e7t!K;+kaZ)Z@j1Un4IrL2FphO;$st7hPX9@eMqV>BL3v!UAA-(lTK~Y0Z zi4NiI2xveQ=#WoZUv~^c`z7#~Jkhqk;)qinHrj@^|HFvc`8s~hDzuLtCl*_(Z?b?$ z&3Kj65aFv&-V_n6bsjTWY3<=mQLycncOb33Q=NPwao5;Sz)5&^KLX+udpT*o--GbL zZecwjs8b24$!!%Y*7;E8*`&fuz&xB_c%b@*W zQSFNO%gzRumKzBpOdQ1>b1o{v#e#&NJRVKEcg5ZvFkL zKYfvsbvSF6@BRPY|I0KuVly!xo?*ShZL-h4tr4Bps0$Q4LeofyN?*IeU6{f)(VAE9 zBXiH?^}+%-lE{h=dm`OB3v=9-0fqCnIQ^Ijy1uY+{f{JN3puY&&nP*6%WuA0xqT_P z3J9|?KTducvYlsw@hnn0@Oxr&yc^*GS>Eec8oN(MNG#;@vhwXqIei=oXC7RYe3I&p zTC@1;+(#tTBLK|?_zx!yV|*p2_aUn47A&S1q!l?s>)yVf&Qx`y+Z(xQ+&%I?e-?io zik(dcJZQKrs%2OKT|=w-GVyCK4fMr92m9goZ7rchDZvP#mVzid%06y102}<&eSMXE6O`@WI0lT`fGxiA zIu3AL`Gcm+rvR=Om@R~%=55k|ZX6_K^~QR#wA|tzGL%6*4F;O?QYJ)sq%O`Xd^vE>(gXT(Lxi^$Qmx;S93LM zKWXPimvx-Qa(~jymYI?4%Sr%?>9vyV@@Lc{S0OOIl&4GRvy+~1Tc3#G1G@$cbsB}C z5qFgxVQwcaysSOaLcrw1SLPh4aqPgf%&pJ7_60pE_V)m}Zsu)~(Yc|w|Lnv0ddMox zqJED3sd)*zjmQ@z0)qTdB;j-mF&;9dU(mx-_T!djb5^bwwa4Nh+Hz|!pPOW7TZvs^ zb|HNRQ^KR>>HM#AZo(&4oCA4}!NWL`S$B?>X5gqv_(4hQDGfM?G{p&?!%Rw`)iA5` zIGYN?@Gzma+3Gr%MCp=uc_IZMV>Ce+2`UqomN8hmbQ`9Z8o%}2H965$#Nch`dQh**BE0bFKH*+U*nId2A51yyl1UT$mhYaf$xTyA2h7`;Wgok#v3-P;wz&z zyWU_4V;0kVQ^quk-bjvh^A=`CGU?zFelvs#poYNhm%H9!8Y2rnS9se#iO|gvp4x`- zb!>!FJ&)@#h{W>ETgExaX(z%u4QGVE0RCve>u^Iozw-%OX)z@K;9_w)spm`_MeJG8 zMzl%55Tv$CRpdf1P_%N!Aq;O0ZbMGy3C8RfSv6lYXxZT9A8p)y!WVeyE5k!&Yx9Wh zWLZ8*W4%?eFI%t;=|`-X+=CYkf7tjf>qx~BcI^K8_>jDi*`5urQhHzgS?eS(LvR8S z95`zW&LA3%Ax9c8`LSxl8ht_VhdgZa8IBpMNry{L)J5j*!S}!cc3*~A3KC#bw5n?Z zLdI?8mJX1>kTui{=Oa<0-RnZ&sM16gV0e3R;CVvZUp2T7C!WKJP%jlGH;z2z5%O<& z6rku6RpUCA{i%9M%fevBp5xcSELYA@6Mw1_=!=w`>p)k%A9#F1P`Ao`8-U_5cdVN% z@K{5^-!&&KBZIhfF4?nMrk4s1Gn65L;e`(EAYVr7i$GF|GjOT1je{Q>*s4GpaC2PV&)qMTSzfPGqtrOtdsiz0)7 znSN{CM)#@im24cElxL==WK|H?X%~61_E={yh?P(AX&jwFOR@s1AhW^ax>@&7M;(du zvd?q3`+&Rx+WprA_V1k-e`x4<*4CzW!SWC7sY0N-y1IQOlmJo=s`^jQ1E6Y11h@5# z9FF>a7ya&blwNBk#o~nE%^ux4s|`?5>7P=3__6A@gOtvO<=bMTyR?LxIFn}Fr4{qj z%0yQsxZJv5aVQHtoMM>bJKG{NH2y0M$;oX8%b)gjF3K`3BrRbz0OCtWxL=Vearu{O zrx(2=zEzzW0YM=n!{x8MI)aG5CN=uC`|CgJQeC`QUtiBC|Lv>>Kxz6cEr0W(R2LZj zn|q%YPVUZSO)xDr^5`Ap6~Epp0!tV!&NsU+yZl`{ef#LD3D7chgh(5*p-X#Y%k|J$w7 zzZ?Ev=}{^L9kDzf|EUyERsUzMpZ`0v{`b7=JT=OCw#C=d!*&H?qhf90Lcd7uD0-@q zIT4+}EwGp(Qc8SeL$TS2=hXOz$X`}EUnuDAaPE1Cn5cRuBeG_&?ViASPT`Pxsm#xJ z@b?aS&3SjTDOl^(tb^)EiSXGwuLYLMhu9K8Cm$Uf_R_~i{j{b}Yf}WGOHllpDMK9s zKjt|neY4n_m8`x)P#&$7VHbzq^GC7r=)kW(w%=ZKG_3ZJ~A(Eaoa_Zwn6=1s; zfv2k+{tX?;hs4)Km;0b9WoUINooB-$t&IWVDBt?_=nwm zXwEB>Jw*Ocak1eKJv`W1+_W&98@zbmj3NUA4%DEbfpMs9rC;DiyXS-YeQXzfmyXZE zB6z8~6|UpMi!QZ4wk@S$wk_>#B|})hjUl(ruPmAFE9y4{eQN(??S2v2ouCGVcM0T! zHh-fksZB4XPE2V(V^gszo8y>HIHAM7F3e96C+}NgiX>!Sj0wiYzQOhv068m`10k6G z+JIbQ7~@qw$uljw&$83XtiJf|&G^x=p8C-YvN}3d`QQm817^$roOFDbkeZtNC~RVD zNe^wcSkzyQ{H>1}A@&#)ZdH6C$vWB38{Hrln~q#BNa|vv(}*?*SbEwU9ce6aI6WD? zI$x)|#wx3k#$cqK6l+jc(TxV}U*C?59I2bT79CZI4!2MitMm?rTv4%#y{<<4*5h8c z1A1{fW<#zC71p4~tV~?Wn-EN{hK_k-A+U?r3c6nH@N|tC{c8QnIv&5te0=P-6VO^g zYa&m(R1eHrL=TY~w`HH|^ItKccrF<`b+G*}Q;P)qQ_J0gT=w7+e??e-ujO`FuIUOY zU6A-$?qspPdT3r7jq}ZNUo+|z&R`#F7nFBFb^ExpkNU_dWu?`aREj?@_O@#R#jL-b zT*)O=^hI~e_DS}eO;A^O)q8b!GXPSJ{OxRA%*4Akk5FVk#tSOV4EA4f_~2A+%%p4T zESs}JqMw>mAYs8>rm3*zpuV)DfT2Tb=i9&bmuEmc^@st##_16jX7Nqc@`EL5u|Us; zsqtX_CaZ-^OoQ;rmqQ1O#*vezyG938J2aN-EziwxUnanH&H9NhHUxAG|+UK#Zi$#c0*(kZ8z;($vSvSTls0i5;vcneq~NHGu2 zVW%4|{T3^CDb3d6J+n;CEvaPO6#lNz)CvCZA4t>UKLmE${mEeKG=vWx3fug*b{NU- zFTO%nHAy)jyh^n`X0U#@v4K{kY(z=RkViExsm%Pm+w8b&pO5cxg>{|Iuq%<;9~K4G zj04aoX);r2<1^*TSlv`CX;32`mbSTp_Q%~aXIGoAXVv`eiHURi`cq!Bu#4?>+Cm*F zbp5@d&St;^@^xkrvnqz|73ZuPkZykaTrzsJzG;lqa4%>4TNgXHNbzB`jLtpeV0H1c z=rNyKpW{Nb5yI*NDq|;M>)E_qS;j)$=k1!f!i)v1Hw z0LX2f!(qi3e{1B5(gkLGD@%TuhpTVRLvQA{w0%<5W(?e@FXs!;mTui10kcocY5Sl{ zyzDARl9V;S1hX|h;2fi}zwbtQ1Zv6XI|#va2pe@UK}1Af)g|d8y`ReyE6nAvE5}t& zhii5`6?X!kj5V;BsNxEAe6CiPgXa$eO`1svN9*Klq^cF(mV_2HK!L1R(g9Hh|Mo7<@i7Ei}yrY*;*Au{Ct zJUD%+@H_bXz#h`5!_@CL`3K+NlJA5+{;5ZY7!(Er4e>iC^@~W+BE(F@?z-A+J03lt z^sMUBd1Kl$3Ow(Ng5HQ1P?@RwT?LVsqR}P!6bU4kj#rh1N5aJM!}I`ilO=C4OLD`> z&tHDv?25*CaM%8h2gA2UcBXAZQu1FiV)CSMlzrY&56YiAz)^MAFupA# zwMcs12mRXE6bk1)loFj?GLvtL!9?Ia^DZ)z@#Dyv-v}+dM#(PMZs%O`>fM+5%<_4~ z?yBD80Is0C0}i!mI8DkQm)q=$F*Q^F8-P76;OhC(^HfyX zoa{CMZ`_ejd|xzPRLl4VN1)c6hFU;hEXb`~7qoX_S^_?>sFj~P-wpfJVDQuj1VY0t zZ0YkQAGdcM%8gG~Chj0`&K4u7!amHCM7#MLwJylFvfaaxyDMJ+-#M4mkii;G_`A)J zg!S9m#hfbR63}mRuu)eD!kv>lw{0vkg*H#V>}_pHW0;DdsgG(HqKIiY(hTa}&ej z8uU1fR}PCB*laL?3`5nROC>>g`&=7e+pfzo0LI(kM(#AY zACSvAG{iQ=fn;ipsKJceue~&%FSuD}ir)WJOKmcwZp5yc*N(8&ppfsT<%@0KB@Hcc zMfjEPNzQ(q%;S^uQW)H`2e8Lyp82(lRmdZD#^a68TCvAZGh#zT$YtWj{WeKjZj;1n z^l15N2_fv0U<~~v#YxKwklIKdP7>JLzVNi6c|B0h>hO#(WPODfSJIGO%xzh}XN27S zQu~d>KnLe5@h8(`-KR}CD=jP_rr2+!-!=W$stO-6^HpzjhnXyG6jhg#UBy;wjqRsK zi(lE(KV%ke#EnhG($~6=+zI~FJ!*M>$9eBEVmEI;wcweUWk^u~^BNq=r4zFMwfN;v z*CZUM2-%-Ep1xa*JajjnTS~IE{zfj7Y)4GOupz|9t)fjAQqDW=6Lq5=aP=N+4tQfe zH#}26dNAIU7ZrXKmMvT^VTY_GnM38OU~Qw81UDMzlrFlc!xOOPS$`I zbFc=tQ#@y7Ko-*t0RRmEFZ?~i@;m;AR}W#ZV~nf3OTpEL(LT>DJr4vH>By?Y@Dw#L zPMs!nRFtWBt+A0jzOTG1s0;!gK@sv-x|MlGEw=VIuV19Af3nNGl7HUTZ}4;TWbS9_ z8OGT5KN3ULzY|iR>+tfr z#AsZ&rD#KAwks35La@gz{Cgo?C{8>0Bcfq7N{+ zH?#~}7RwRG zPW>*>tVEDuDjw87LhveU!x+@`)b@(+h1#Tcg&1v3Ky18P0G~(A!c#y~8BJeTS=%9w ztynZYG24coYi(aGz@amkQ+|BUhAZD3i+L(rnuobMIfcN6)+7r|iuFbtOCV;wQf-#( zi#HKfXu&Q8R3frx91c~D>8Cz43n;u)CHq|lU3ue0mIfs}%akY+4>b>LL2PcdXEmJa?*rJ*Ktc;gad4 zp>xf{$L$5a6{m;DMo+V4lgAV^Fo}?@oO!N3lN(9F*-qk% z#ciq*BY4X$UvlV#^Yjmq8wKJ#LBG$5omCQ23llk2c#V(s0#c3;w%Y6`ruHAv{B%#y0m8Kn&55Z8_7F@Yr^zE+U+ zvnaqT++{Lgd((XG>w0xw3&myj8=us;MN|E2n)J>mQu0i#GMharFFbJ-T(MWgL(%)s zi`$$&C~8uNX-Z{1bvt)U-`w#%=&{Ae+K*1Z>v>;?xSC_bU&WdQ@?>yN7AQOfDXc!l|q zc=rgtjrX;HgvKlAOYZn}bN@S+p~y?DJ$)yEds) zx;5v28v_d{WeM+aIfm&l2CL*ua3~=GeRKkjQ*bCw22THr)xPmFlXraG7Bji ze?Oj^(l`6#1d(*828*EQqKE*4wn>E)<@TP9Bf4Xb!CX|Dp`(D@aI@di@x72*y;)bf zasBC}#5YlCtA>&5WYC0KRL(Lf^j8{4a%8ZaiBc3Hlh5iWN<8s#JDgJztL*XZD_)34 z|9&z)tdW5guCUEJwF^lJX;q~718T?SeFSYl=9%IP1k3yNT;O*6v{w)3&YKRLIQPTz z{cHRa0SNAhAl>iLB}KW9xYW(eWqiyMb4^DrZF=Ji8T4RS8LcwbKGV{NvR+TV(8cw{ zX;r(Kei~XqR%d?f9Y{!R5$tAYa{`Fli_lUXN$?3g?HZq9OHI1#RsmpPnYGG9eibhX zaGwhiGge#?>7Pb&qqx3?)&{CiQxC|<1erk!F9701{W&6|rL-6BwmCMDymMaaMENO} z1PMHC5Wa0qy*ZOV@VFpwdCD-i`d7ShTwT{#?@taL@8cJJ>G?-@C#ts|3jqs@Y;6g; z$@K9KiRQ!frl6O_*ObeiQFm)}@^v=2)&BZdNjD`vnthm~3&$dSS9GXK&&1ZxD0*VS z!X_X$K}z(w9w(1-ZQG8Lb7lqNiBbIzKcn0bL|88K@#s6FD!%Sdx4UAz zZa&&9=!DrB!05Sr;^<8Hgh!?@^XT`NYw7A%qFV0G>-80KdXawv}^;3iEDaiL(r3pv# zh^R;CU5*7S;XnX{}Sz=B#2y|w8Tn|{A@G8`w&2wm>MUv~sm z^_1Ve6*f0Q^GWM|anzI&k*YBpo4CpDz(1bIuaoYsa7Cy1Xj+7#!*>m0Z~Sw9bKo)F zR_-NH`Q0r_MMOdnWlDk%yjDGVG=`xVSou_Xf9L-+tgt=NER>Knu=Pb3T1=g5%Y=5Xe0ztAE9Ln@~hC~B6)jp zdKZwBUN32dy`sPV+_cLl;acwdd5Xk0$wbLQ?Njo5l#J_bMjKhiNwSZH+JerFJ$%-2 zTEix?zk|xx*823uF#Pys`;I)nk?@$M;VwPbuKiGS#r|%B#m)P-xvXMsjA-L`KbN!u z=(be~=!`O^UO|5DoQUXh8~XoJ6g6+tK~uj!t2lB!XmULlTUp&3!q(tt>IDm4iyuJD zZP=qwBLJJ$oGzTWtn}BUn*?@@T&RyoQooRb1?Q+b^dX~Io?EDmyNO*&&WAQrK#gw( z@lm&Mr`le5PE^jc+y$!1>&?xGbg+pObUR89%HRx$0^iQ+U!QEAz@)GJ<1CeWi1}CU zv`BqNsUXy?ZzwdNZShpx4cbl(sIjGwESS-Z^lVhH1#$pA_8po(z*itu$4S)0m$)+H zs{yd^k%pKZWsqXKt@*E|_hY#!zsg8()+fUE6uF7m0G(}KsM@U8$hVuUMMC~;j7tgp zZ7K%-J?{mCgX@zLgLWEA71}TSR?7M^AqgUYVb}O6cXh>5=VZz+^M8^QdRg#*;U8mMF@f$n7Lzu@KOCx|2u`FbD8r;q$z$ag}(t-zUQIniUWTlwsLJ>(xUR zZQ(|Sh3<$%K)d_9*2-&`+>f8$&}OfXHj@iqfgoS~Oe-i=X;7%cspNFc3j!)EXr8<; z{<Z>>mX0u}IN#_U-Gh7A^oPkN@H1tb%L3cAyxefjLu{+(_yBd|p-QJI~jD zb=G{W*aX}fOC1sC&fWX%V5!ZJ6e9Mg@S5`L(KS0;Q5i2-#Dg+$X^taj!`7cdykqAM zy=FSEK!nin3HaaHkL!`l%vE?vT`ZI0oQ>bEgxKy9x)hyrOUL$0@s-w=YrkH>6Pq)w z23F+{)OJ-_Cr35od|OiUn46qY?!oYHrEGm!hvog%1d zBZHWp6B*4Y`+PGgWukV<#B*a#Qx=RXo$AsUhHU&0 z98Yevrqz2!w0c#5A_vB!nu;sHkcBGQ^^n{pYDoozzY>azV5Nwoq|07^`;wMs87hXj zc@eH}n~H8Q2|mzDtKl{%y8BkRxxA3n=^zw9&Az6PW=7GC{K2rBc*=?8TT1p+t8liO zEEs}3V02!#Nbj_2Owg)%^Y8JLHM28cB1et#Mam7C+_T@UQF(?J@BYb?Q2MVWC^dL8 z@jqYhTmLz#QXbrT@qex-vkNRVD$>RJsh*)jY11w6I}uHYwSd20sVEm_ld9`Wo5&Q3 zP}*yOHR<;MmO}J@O30o&O8y%T(VIsb-4e2WKCAU7`xzMXD#s8ZS}Og}i-^}$1~w<^ z$G$Ulx+h0fx*19U#b4<@zI}?sV#+9`wXgKoMslCb0uNa_+*_7UAqK$6Lc* z$G%5(ySCT#GKNZwincZ-ninG?*C4C)MAFwyiIK99V{$n1F6Fg8rSzzOE87jTrHGMA0Js@O`6=M*DkDsKR7j|qm;|a``zOk}(M7yJqTzTg^c3Nh znVp@@N!%ZcNCZCU1&b3+n-2idn>Y7Qo>8c{&@w%u(Et4rEjYc%e=}8LGq}WO(@{2Q zwwoXuy3)GmC>Ww-Fsst^yP&UWdDo}Eq~1DK!td@j(7Gdri!!&In>f;o+jdIXZ32y; zbYil??{^DlpF5*xR;s1P;m`8~f4sg<=0-Ua4{ASZWv(;+V5w;Kq?niLo8DBgppj4~ zJ!d25xuVi)<2;t9nLFOh{JO>=A(`q3w#%f0gFVC5M;}>Kb+t8ZvI{^ZA-015#Fi0r z(U1*d7G&lEg(yc6<#f*X)w#+}w1e=ggjAJzJIqGc%igrzYWL>g^3|JC#zOt4dF_>Y zN4w2xSiAWym{Law{ma>D>3)?vn&TDr5#5{0(BUp zHo(M!6!cX_4CYB@01VeJF2PnN>hDtR@!lKvqb^sEy@6Z(4?%toKQeHAPtg2oo_C77%y}1Og#r4nIp1va*UyZEW&Oh6@phr2f_W1|}Bp zu_{NGN!3|a4i4-n_FUh^3}sv7l3tIenoVjVoI>UP54%Cx!XhF_uguv~q~c>m|H_3o zUxSz8Mk;~boW%74OI?3||LD!hpYvallE!}G2TM*_OC3C+TP5lA5?}S3PYG*ql{NAi zKi-zZIp5JR>7S-~pd`1=&-mejoJh^&9a`r9#CnNT^l32UCy{;Rozxyesc7O5P_LjnueVX4T~6z)rW~JBU@M z+Y-IO0hz1K9&c@IF+=-SUhC{}`4jGq02ZFTsHY4(C`BJ4Y0Qb;c~F}k(#em6CqQQY z4Fw0ky%%~Cgfy#Y+28AyX!Z>^e-y!lEw^iR0dV)ZQySDbbl)Mf*PL{+RyOX$ zv34q`RWUX%hO%AX^)_UBw?e}kr5d*d7ELJ)4ayI>DuoYA8uZ8Z0vaPg?QY(oTuy3V z@-vkE6l!Y)+V{B*rz%z{l1QRpSh9)D$bj_qRyb3{Qq?_HefP#u>qLDqUvKhyJ`;~( zuC@h0wOPiyXI8-pVw&V*K=u2*`)eDO)1b(fmKF?+z|$MJGE?8@)qDWZN12V)Mr(^( zVwMfYc~4`ZG|!k-?isjE)L_X7Q&S;%5%9a0FAuaUsqe>p>rgF@%U>>aP4f0=D5*UY z%xyA$zZyf^q?j#&`mH)Q)*RYAUbC&DVCm^u-c5!M>tI;9xlys|Cw1-K@};(ALd@!- zoowFzS1C}Sc2a<~ntm%hGD}27?R2BNY;hYPBD<&Or4+RHp=a(h6r zKlAvEy~M-TE1vb16dhlS4O&b0AjV__>}EWtFjfm`fgWmHbI_`!J{ObiLg64CJ+mKf z4JkkExs(VrHa1%<%{%gyCccuoJs-`XBp{G9 zQtty>x#`#c%IW7^xet-)3{^{yC@lTytEv44@iR1+%`2-iAfm#ezNkjI35y#P=i)oI zV+?3&`!bZ%-z0dc zvvzvEprX2(d-i_;C|Z)puRH<9M0dc9Io{3_i6vR}8`5KYN`-t918qogsID}wJAU$J zRL|g`MO@8uyI;Th>;pB&rL2RzM07Ibtm)&7WF*&bQzn9ju)iAT4qcVsi>>uBh&Yqf zZLA35SUS8vb7aTr8r9bvAdJ0zAYUowej9!j8WtAD>Ay=5@27Og-{fhnGDXD10Csjc zRRu;A;i)PxgqmREQ_j=wAS`R$#rq*-oQ}EqjUc$G4sT2AS7`4h`z&~Wy@N+YS!80C z%*irr>qG1_0D(%h5t14|@hi-s15lo~72zfX0>@2cexb_IhcmlHb1KxQ==M8n#+PXQ z2#d0|EVHHxHjfb8B=+M)YhOc-54K6;Xhb;UjY4tjh5_o!SkjpEP(cB#0{tehE!=o) zeD?6pG?>`O)dz}UJJ;?{=>8%cn&X!+JM~Xq*4VNu_UDvE8_O<^rrqRn%sdy8{U&># z2WCH9$*;*`VbK{=5rEbPUz??Fv{$r8e4)4xRb0m)ojtyfaucSm7NtO76K%&yX%8D_ zoQt%#RKX5nU|;gW+9=`%FD}>5Q1XK&`p8vhj#l#9p0NXu0aK_Y`=tW*JPBnDpore2 zO^3Z^-|KIC77S-n93m?$EIM)=>i=!Oj)GshM9AL7-b`5|WxrL=n)gB?V%RTtG}4iv z1{zusinVN`r2Cf>acAlfaGeO7GmLQnug@y9D?wIECAzz=ac~q^EBnDcn!5s4#_NsN zTQ%;gtLsq|!aI?NgM(iiT0=3JzWcx=?Kp~om@~|3jbQQ*B1BINQ>Ii3TGU5RaB>Dj zcX&_MhlV_-h|qMi+oX>UhSav%*Jl+Q!GAdqW^47U%!^S#6V%nGL#LE z*V`9$X=!iw)=u9QRhg`}GJ925#iSbeG=M>#VC&Hd{q*&BERnxNOIx&qe0MBH+WxnT zRbPD5aZld{FRIbTvbw8F3ZYLM=B9X;D!V0yYo~+A8|isqJGVMoo7Gsv=8F6@3A2k+ z>PUgRe--Y4Uhi0dmo(-SeeSb{n$)zkxRzmgPJYv#1w!0p&wbV;5fv3HGQP~m+{pw- z!_W5#j)l_3wMN7`6H(UU4`7cBhh_s->k~Lz;o}x{o;fx_>raUG9eV)Vko^Kw(}4@| z1v#eUb)%T&26o@Y5=?IoKHtgqZ$6)dCyfk6<@?Hk6q_S%|E(v8SCb-35WkjU;dzC( z@!A%(CjFUT#BWE=ng%+326`ZQ#~zmYO?Q@hKWLDlTwodhc?rMjMe$KqiGJ1YU*-&X z^!#{ysxN<;s}xJJh5AQZFW)3M^WMozKbJK7c5pCv=5(SFKU&RW7UOCDWR81 z{bsE7)_sISLc+O~=5mr)?PGR6XQ2xNZpPvU7wmygyr})(RM$PW|EG=K%{Z zUN2-LlJiTn5l4`Hm`)%Kl(8;yHEPvIf!I^8qdZ`=A7azllcLz4qKG6O9fY3r_n21= zXR_4mf6uK!(^$8|!|!OQea0mwR)gL^?PYfAm0rDQUfOrqsQdKsDKK!Q+xz#o5Rj|$ z;-(!yxIj~8ylUDjgNy5+|83T>IfBLbL(bb+)KaK5rAVxokzlN)ZF##7)RW_RcSTZX zcy6vFJ_h^P?c;kZX=tepArF))G&vxn)6T};U14wgOv--}f>yFusPNZDi^A{X9|6jI z_=oM$(muH5>f@WrJ7H^U9h!GXw#N#p6CS&ZKMS-8GlxH1LDa|vPjW{B1yU^D*CkQWXxzcAPAzdlapv>fJY451L4nFuNsUS~?(t`2=&8l?|?1>q`14 z!Oz_|xKnRy>z9$P7OaFgoWKOu8k?A;a)aI76T7;!RFj2;h2tn4kh{A;>04Au#e*`c zWEuZR?x*Gm#;z{MWJ;>5)QW>8TI=r3A&>m_$9YX~HZ3hJeonEWM|S~N?#$RAU&4kA zL9ynD%b(;MZ7?+TtWXxd%Q;ny6*Su zzFyb;zLjni{E7D=p9X<2f}xxd*iq3gfw<27&CD7FiBG))E>~Da3CA;Sa2YWvX-W61 zZyF{XpSi4vG^?$nn$tuOW7UzA=g+za|Xwry+)>5!dsQ_=l;+YK#1gM4zkLQ&D(H&2r&&mHD@ol4uK z(e1Nb2%1~MpF$(k(a_nZy+ZlgB4v&b!m)ANT>r`L)GuF7E*X23$#nGgTJz%j$~`^F z{CuXx6My2>z(9nZ-E^2|fh3_L%CiJW+U%<)KVmKR4s8wjC#0I$i0jsy>Ta&Et4)*= zsXblgCb#I>=Ia~`d%UM0*t-?#l~Gewt1)I$oqxhs#~g)%({bOIiAK0`$K;sSXz{MM zF-OesXdJ%}(`N%@gURd5QyzibX-;po77|H(90wQ+ryOR+_US!o7eNA?^*^O=zAui^F7ef}foL1ysIqVOV~1#rjo2A&s}{l+iG9Y3cpl4uXiz-+ z+4M%hE{3Sbb0wcOM zL&ewDt99$^Qv}A^rQR@S!RFf9&^y-D7SV_RYgtIn&K_$p+s?n9$JrWn19k7&%aGa< z|3MdtB=qU}`!n!@t&jy0{j}ru-$eY>=EBvw#j!d2g;ZPN{TFuT_OC2f1zbF2p0t6PNos>YFz2>NvLy_GlvSz!?D*Le7yX`Y`?$IBP2Xo~_aB`Dg0G9OIrL(2 z^Y51y$Q4)b?z~RXNC?_Wh{NHSu~oocKG32<*8-V)4ajlj~%vJ>d{+e1XDJD@OldLmVUH~XUhN=y;O8#Q09n7KNXEYF_YGAYWjbEfbqtB z^!a(?>x-eo3n4oY8aXPn>Rwl2tRLoxs ztsZkUAS!T>>SDv>xd#Z+v!jvEZ$u}_=-xqE!OL_)EL4`;=xb62zE+9oZ8o)pU=40f*l~}uS3rcusS{|#3{(&Jse*LktX;&CHS_> zPJc|dxf$SXomcnbht{G^)&bW}ta3`2bhn+9&SWLylH$%%OQOF1`1?#4b@N9T$#MEGphj8ovDnYcUU7m8;Td*3^KC7bYcrs%C{e@TJdO zExQ)2uI|mP~?Nrx|k=iu~C(NZK75zXrdT<9`HgK@@MG?g4~ZVGpoTcor5LI zIQFmZ(%-rs`&UkD^bVAT9XjK~KrhrYF3LJIxJI3KtiHKZ=X>cI&%@Hn%3E}x_u|h3 z_@Uyf+d*H{L)LPGrETTTpUb8Sqpxe;?YN+oJ8K%YH4>KIk<&P7ynZ#f>rE`EvIJYV zHBZF9Y*=^G@}GQ8aac>yVQd@Qw`^NT9E{dyBh;u5bLMq_-~Ya4AbL+mX*hzsr>+=- z0q@KF{iqXC3{ptz_CWW&r=r?IPkVS9Qn2+DT3z;yX+s9~)A-q9Fum|2q`gn5Z}r_p zDIcLK``4~$IWwf*K>SCP`?&R2kWjc|U|(MzXaC77D-zGgm+l2CZ;Wg%bS+1WD26$4 z%W3BG?krxTdpCOd?m$I>8o!of%JNkfm38owl#+_bQ^z2D@TXr`bI-P2E?+2qc)r~4 zOybQ9n+_PNYSPlGo;XqmVA@gH4;fC1c#6|Jkfkh=p@$D!@zb(`N=jWiAD)MNJHBxq zU1^8fuj%t{kvxW6zznDJkIT@=pKQVEl~@m*NxSn{hxlS$D`a4xmCil#KeOa-C~PP< zE6a0zj%`te$W8M`wYNxj(aOAPncI7XCuaB-SvCR(eurnna<}%bc^mkj9i(l4d;j4> z>g{o6oElbWwbvwSIJdC(7&M`$ZjLf6M@mVvjFRiIa+=B|G+%p)On=5l1sKhn55D4u z#2CUHlwp~s%)R16s$%Cvje7o1FRbdNp@`1<8l z=lehh*S0p)hJR|5L6cpfczSw5D6Stawol(RLwQ}iKnQX1H#OJ%l2f(fSQkDh`g0{k*Z@AuKi00*M! zunj1BxMn(r){^GaBKZ6jylNOPso-Xa*SI=4g-WSlp1hN){f3;!yLAW57HTZ04T`pQ zd@2=}9{jyJ7nN~faP~=5-iZu?>Qr~Q(iDqOhtrkV*H!GH$(%C6Gs(!ZiDy#OHDp?D zdisB9mbO9tg@Afeup*jZaP**N@uzp?H7h zNK7lJs#-jYuJkY1Eq`?x`Jm$rA)w(e{cRF4`k`SWBBigNFv=!WNL>}QQ+L2Uaa56G z0heBFedj`SZ_)kz{T1L5731Q?s=ypVukgE*7}$YUDj%({qd%yya#MH0Bh0&ZeiH3e z!G8MkG-r6{DfP?V2QLD{d(e(Ru>|r4Dl5CRENmRUoj)S8%S~0$+ijPS+@(kWBKzx4 ziQ`Xq_X3E>FRJLTM~(mcJ@L`?T`mA1k-ylOzY1#qm+DrI9L9Kh&d&S(XWc?VOK??? V1VuQ#u4A{s*uY$$dc)=MzX907(K7%5 literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 4db5431253..1edf8dcca8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -162,37 +162,9 @@ If there are pending actions on an Automated investigation, you'll see a pop up ![Image of pending actions](images/pending-actions.png) -When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**. +When you click on the pending actions link, you'll be taken to the Action center. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Action center**. For more information, see [Action center](auto-investigation-action-center.md). -The pending actions view aggregates all investigations that require an action for an investigation to proceed or be completed. - -![Image of pending actions page](images/atp-pending-actions-list.png) - -Use the Customize columns drop-down menu to select columns that you'd like to show or hide. - -From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages. - -Pending actions are grouped together in the following tabs: -- Quarantine file -- Remove persistence -- Stop process -- Expand pivot -- Quarantine service - ->[!NOTE] ->The tab will only appear if there are pending actions for that category. - -### Approve or reject an action -You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed. - -Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed. - -![Image of pending action selected](images/atp-pending-actions-file.png) - -From the panel, you can click on the Open investigation page link to see the investigation details. - -You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. - ## Related topic - [Investigate Microsoft Defender ATP alerts](investigate-alerts.md) +- [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md) From 16c13a5131887ea3e635a4178a484352c12278d1 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Fri, 21 Jun 2019 13:30:42 -0700 Subject: [PATCH 16/52] Update surface-hub-2s-manage-intune.md Updating links per feedback --- devices/surface-hub/surface-hub-2s-manage-intune.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/devices/surface-hub/surface-hub-2s-manage-intune.md b/devices/surface-hub/surface-hub-2s-manage-intune.md index 6c4f69a022..3648f8453f 100644 --- a/devices/surface-hub/surface-hub-2s-manage-intune.md +++ b/devices/surface-hub/surface-hub-2s-manage-intune.md @@ -35,11 +35,11 @@ Select Windows 10 Team for preset device restriction settings for Surface Hub an ![Set device restrictions for Surface Hub 2S.](images/sh2-set-intune3.png)
    -These settings include user experience and app behavior, Azure Log Analytics registration, Maintenance windows configuration, Session settings, and Miracast settings. For a complete list of configuration service providers (CSPs) for the Windows 10 Team operating system, see [Surface Hub CSPs in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/surfacehub-csp) +These settings include user experience and app behavior, Azure Log Analytics registration, Maintenance windows configuration, Session settings, and Miracast settings. For a complete list of available Windows 10 Team settings, see [SurfaceHub CSP](https://docs.microsoft.com/windows/client-management/mdm/surfacehub-csp). -## Additional supported configuration service providers +## Additional supported configuration service providers (CSPs) -For addtional supported CSPs, see [SurfaceHub CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/configuration-service-provider-reference#surfacehubcspsuppor). +For addtional supported CSPs, see [Surface Hub CSPs in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#surfacehubcspsupport). ## Quality of Service (QoS) settings From 10e9cade83b263625ba7e766b221cab07cc41292 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Fri, 21 Jun 2019 13:36:16 -0700 Subject: [PATCH 17/52] Update surface-hub-2s-manage-intune.md Updates links per feedback --- devices/surface-hub/surface-hub-2s-manage-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/surface-hub-2s-manage-intune.md b/devices/surface-hub/surface-hub-2s-manage-intune.md index 3648f8453f..1853f3264d 100644 --- a/devices/surface-hub/surface-hub-2s-manage-intune.md +++ b/devices/surface-hub/surface-hub-2s-manage-intune.md @@ -39,7 +39,7 @@ These settings include user experience and app behavior, Azure Log Analytics reg ## Additional supported configuration service providers (CSPs) -For addtional supported CSPs, see [Surface Hub CSPs in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#surfacehubcspsupport). +For additional supported CSPs, see [Surface Hub CSPs in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#surfacehubcspsupport). ## Quality of Service (QoS) settings From 0e5cacdc262bee2fe7838e0011d47cc2d9d858df Mon Sep 17 00:00:00 2001 From: jcaparas Date: Fri, 21 Jun 2019 13:55:10 -0700 Subject: [PATCH 18/52] space --- .../auto-investigation-action-center.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md index 1527dff194..8945fc0931 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -49,6 +49,6 @@ From the panel, you can click on the Open investigation page link to see the inv You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. -##Related topics +## Related topics - [Automated investigation and investigation](automated-investigations.md) -- [Learn about the automated investigations dashboard](manage-auto-investigation.md) \ No newline at end of file +- [Learn about the automated investigations dashboard](manage-auto-investigation.md) From e2ee2e7797151f07ec482e07793913d08292c7ea Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Fri, 21 Jun 2019 15:19:55 -0700 Subject: [PATCH 19/52] New content added --- ...er-disable-machine-account-password-changes.md | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md index bc76ebc546..86d631fb52 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md @@ -38,8 +38,19 @@ Verify that the **Domain member: Disable machine account password changes** opti ### Best practices -1. Do not enable this policy setting. Machine account passwords are used to establish secure channel communications between members and domain controllers and between the domain controllers within the domain. After it is established, the secure channel transmits sensitive information that is necessary for making authentication and authorization decisions. -2. Do not use this policy setting in an attempt to support dual-boot scenarios that use the same machine account. If you want to dual-boot installations that are joined to the same domain, give the two installations different computer names. This policy setting was added to the Windows operating system to make it easier for organizations that stockpile pre-built computers that are put into production months later; those devices do not have to be rejoined to the domain. +1. Do not enable this policy setting. Machine account passwords are used to establish secure channel communications between members and domain controllers and between the domain controllers within the domain. After it is established, the secure channel transmits sensitive information that is necessary for making authentication and authorization decisions. +2. Do not use this policy setting in an attempt to support dual-boot scenarios that use the same machine account. If you want to dual-boot installations that are joined to the same domain, give the two installations different computer names. This policy setting was added to the Windows operating system to make it easier for organizations that stockpile pre-built computers that are put into production months later; those devices do not have to be rejoined to the domain. + +There might be situations where you may think about using the setting, like: +* Non-persistent VDI domain members that are rolled back to the base image after each invocation. An updated password would be lost on roll-back. +* Embedded devices that have write access to the OS volume disabled. So an updated password would not be persisted. + +For both situations in case you are using this approach, we would strongly suggest to plan for a password change when using the setting and configure the deployment to retain this updated OS image or, in the embedded scenario, allow the write to the OS volume. To facilitate the update to the machine account password locally, trigger the update using this command: + +``` +Nltest /sc_change_pwd: +``` + ### Location From 15b9d8e455797c9f1f414457d062448c33c5574d Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Fri, 21 Jun 2019 15:31:10 -0700 Subject: [PATCH 20/52] Added/changed content --- .../domain-member-maximum-machine-account-password-age.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index a9d641a335..cebb9d780b 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -28,13 +28,15 @@ Describes the best practices, location, values, and security considerations for The **Domain member: Maximum machine account password age** policy setting determines when a domain member submits a password change. -In Active Directory–based domains, each device has an account and password. By default, the domain members submit a password change every 30 days. Increasing this interval significantly, or setting it to **0** so that a device no longer submits a password change, gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts. +In Active Directory–based domains, each device has an account and password. By default, the domain members submit a password change every 30 days. Increasing this interval significantly gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts. For more information, see [Machine Account Password Process](https://blogs.technet.microsoft.com/askds/2009/02/15/machine-account-password-process-2/). +You can use the policy “Domain member: Disable machine account password changes” to disable the password change altogether. Please refer to the discussion for this policy on the feasibility of this approach. + ### Possible values -- User-defined number of days between 0 and 999 +- User-defined number of days between 1 and 999 - Not defined. ### Best practices From 18168d85a89988f62ec539bfa8a180a267397bdb Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Fri, 21 Jun 2019 16:19:31 -0700 Subject: [PATCH 21/52] Revisions to fit changes --- ...main-member-maximum-machine-account-password-age.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index cebb9d780b..88fe5d0bf4 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -28,12 +28,13 @@ Describes the best practices, location, values, and security considerations for The **Domain member: Maximum machine account password age** policy setting determines when a domain member submits a password change. -In Active Directory–based domains, each device has an account and password. By default, the domain members submit a password change every 30 days. Increasing this interval significantly gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts. +In Active Directory–based domains, each device has an account and password. By default, the domain members submit a password change every 30 days. You can extend or reduce this interval. Additionally, you can use the policy **Domain member: Disable machine account password changes** to disable the password change requirement altogether. However, before you consider this option, review the implications as described in [Domain member: Disable machine account password changes](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes). + +> [!IMPORTANT] +> Significantly increasing the password change interval (or disabling password changes) gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts. For more information, see [Machine Account Password Process](https://blogs.technet.microsoft.com/askds/2009/02/15/machine-account-password-process-2/). -You can use the policy “Domain member: Disable machine account password changes” to disable the password change altogether. Please refer to the discussion for this policy on the feasibility of this approach. - ### Possible values - User-defined number of days between 1 and 999 @@ -41,8 +42,7 @@ You can use the policy “Domain member: Disable machine account password change ### Best practices -1. It is often advisable to set **Domain member: Maximum machine account password age** to about 30 days. -Setting the value to fewer days can increase replication and impact domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would impact domain controllers in large organizations with many computers or slow links between sites. +1. It is often advisable to set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and impact domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would impact domain controllers in large organizations with many computers or slow links between sites. 2. Some organizations pre-build computers and then store them for later use or ship them to remote locations. When a computer starts after being offline more than 30 days, the Netlogon service will notice the password age and initiate a secure channel to a domain controller to change it. If the secure channel cannot be established, the computer will not authenticate with the domain. For this reason, some organizations might want to create a special organizational unit (OU) for computers that are prebuilt, and configure the value for this policy setting to a larger number of days. ### Location From e86996aa68b5b5841be9433fa8d9ee7b344224ba Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 21 Jun 2019 16:33:12 -0700 Subject: [PATCH 22/52] Initial page for preferences for MDATP for macOS --- .../microsoft-defender-atp-mac-preferences.md | 317 ++++++++++++++++++ 1 file changed, 317 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md new file mode 100644 index 0000000000..a0c9b83cc8 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -0,0 +1,317 @@ +--- +title: Set preferences for Microsoft Defender ATP for Mac +ms.reviewer: +description: Describes how to configure Microsoft Defender ATP for Mac in enterprises. +keywords: microsoft, defender, atp, mac, management, preferences, enterprise, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Set preferences for Microsoft Defender ATP for Mac + +In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile, which is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users of the devices in your enterprise will not be able to change preferences that are set through this configuration profile. + +This topic describes the structure of this profile (including a recommended profile that you can use to get started) and instructions for how to deploy the profile. + +## Configuration profile structure + +The configuration profile is a .plist file that consists of entries identified by a key (denoting the name of the preference being set), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences. + +The top level of the configuration profile includes product-wide preferences, as well as entries for sub-areas of the product, which are explained in more detail in the next sections. + +### Antivirus engine preferences + +The *antivirusEngine* section of the configuration profile is used to manage the preferences of the antivirus component of the product. + +:---|:--- +**Domain** | com.microsoft.wdav +**Key** | antivirusEngine +**Data type** | Dictionary (nested preference) +**Comments** | See the following sections for a description of the dictionary contents. + +#### Enable / disable real-time protection + +Whether real time protection (scan files as they are accessed) is enabled or not. + +:---|:--- +**Domain** | com.microsoft.wdav +**Key** | enableRealTimeProtection +**Data type** | Boolean +**Possible values** | true (default); false + +#### Scan exclusions + +Entities that have been excluded from scanning. Exclusions can be specified by full paths, extensions or file names. + +:---|:--- +**Domain** | com.microsoft.wdav +**Key** | exclusions +**Data type** | Dictionary (nested preference) +**Comments** | See the following sections for a description of the dictionary contents. + +##### Type of exclusion + +Specifies the type of the excluded content. + +**Domain** | com.microsoft.wdav +**Key** | $type +**Data type** | String +**Possible values** | excludedPath; excludedFileExtension; excludedFileName + +##### Path to excluded content + +Path to file or directory that should be exluded from scanning. + +**Domain** | com.microsoft.wdav +**Key** | path +**Data type** | String +**Possible values** | valid paths +**Comments** | Applicable only if *$type* is *excludedPath* + +##### Path type (file / directory) + +Indicates if the *path* property refers to a file or directory. + +**Domain** | com.microsoft.wdav +**Key** | isDirectory +**Data type** | Boolean +**Possible values** | false (default); true +**Comments** | Applicable only if *$type* is *excludedPath* + +##### Extension excluded from scanning + +Extension of files that should be excluded from scanning. + +**Domain** | com.microsoft.wdav +**Key** | extension +**Data type** | String +**Possible values** | valid file extensions +**Comments** | Applicable only if *$type* is *excludedFileExtension* + +##### Name of excluded content + +Name of file that should be excluded from scanning. + +**Domain** | com.microsoft.wdav +**Key** | name +**Data type** | String +**Possible values** | any string +**Comments** | Applicable only if *$type* is *excludedFileName* + +#### Threat type settings + +The *threatTypeSettings* preference in the antivirus engine is used to control how certain threat types are handled by the product. + +:---|:--- +**Domain** | com.microsoft.wdav +**Key** | threatTypeSettings +**Data type** | Dictionary (nested preference) +**Comments** | See the following sections for a description of the dictionary contents. + +##### Threat type + +Type of the threat for which the behavior is configured. + +**Domain** | com.microsoft.wdav +**Key** | key +**Data type** | String +**Possible values** | potentially_unwanted_application + +##### Action to take + +Action to take when encountering a threat of the the type being configured. Can be: + +- Audit: adds an entry to the log about the threat, but does not report it to the user interface or the security console +- Block: reports the threat to the user interface and the security console and blocks the execution of the threat if real-time protection is turned on +- Off: does not block the threat or report it + +**Domain** | com.microsoft.wdav +**Key** | value +**Data type** | String +**Possible values** | audit (default); block; off + +### Cloud delivered protection preferences + +The *cloudService* entry in the configuration profile is used to configure the cloud driven protection feature of the product. + +:---|:--- +**Domain** | com.microsoft.wdav +**Key** | cloudService +**Data type** | Dictionary (nested preference) +**Comments** | See the following sections for a description of the dictionary contents. + +#### Enable / disable cloud delivered protection + +Whether cloud delivered protection is enabled on the device or not. To improve the security of your sevices, we recommend keeping this feature turned on. + +:---|:--- +**Domain** | com.microsoft.wdav +**Key** | enabled +**Data type** | Boolean +**Possible values** | true (default); false + +#### Diagnostic collection level + +Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by the product to Microsoft. + +:---|:--- +**Domain** | com.microsoft.wdav +**Key** | diagnosticLevel +**Data type** | String +**Possible values** | optional (default); required + +#### Enable / disable automatic sample submissions + +Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. We'll prompt users if the file we need is likely to contain personal information. + +:---|:--- +**Domain** | com.microsoft.wdav +**Key** | automaticSampleSubmission +**Data type** | Boolean +**Possible values** | true (default); false + +## Recommended configuration profile + +To get started, we recommend the following configuration profile for your enterprise in order to take advantage of all of the protection features that Microsoft Defender ATP provides. + +The following configuration profile will: +- Enable real time protection (RTP) +- Enable the blocking of potentially unwanted applications (PUA), which by default are in *audit* (non-blocking) mode +- Enable cloud delivered protection +- Enable automatic sample submission + +``` + + + + + antivirusEngine + + enableRealTimeProtection + + threatTypeSettings + + + key + potentially_unwanted_application + value + block + + + + cloudService + + enabled + + automaticSampleSubmission + + + + +``` + +## Full configuration profile example + +The following configuration profile contains entries for all of the settings described in this document and can be used for more advanced scenarios where you want more control over the product. + +``` + + + + + antivirusEngine + + enableRealTimeProtection + + exclusions + + + $type + excludedPath + isDirectory + + path + /var/log/system.log + + + $type + excludedPath + isDirectory + + path + /home + + + $type + excludedFileExtension + extension + pdf + + + allowedThreats + + eicar + + threatTypeSettings + + + key + potentially_unwanted_application + value + block + + + + cloudService + + enabled + + diagnosticLevel + optional + automaticSampleSubmission + + + + +``` + +## Configuration profile deployment + +Once you've built the configuration profile for your enterprise, you can deploy it through the management console that your enterprise is using. Listed below are steps for deploying this through JAMF and Intune. + +### JAMF deployment + +From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings** and create a new entry with *com.microsoft.wdav* as the preference domain and upload the .plist with the settings. + +**NOTE:** it is important that you enter the correct preference domain, otherwise these preferences might not be recognized by the product. + +### Intune deployment + +1. Open **Manage** > **Device configuration**. Select **Manage** > **Profiles** > **Create Profile**. + +2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select Configure. + +3. Save the .plist with the settings as **com.microsoft.wdav.xml**. + +4. Enter **com.microsoft.wdav** as the **custom configuration profile name**. + +5. Open the configuration profile and upload **com.microsoft.wdav.xml**. This file was created in step 3. + +6. Select **OK**. + +7. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. + +## Resources + +- [Configuration Profile Reference (Apple developer documentation)](https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf) From 88c20d22069a74e45e165122196d618da3b2478a Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 21 Jun 2019 16:45:47 -0700 Subject: [PATCH 23/52] Table adjustments --- .../microsoft-defender-atp-mac-preferences.md | 166 ++++++++++-------- 1 file changed, 94 insertions(+), 72 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index a0c9b83cc8..fc59259235 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -34,99 +34,115 @@ The top level of the configuration profile includes product-wide preferences, as The *antivirusEngine* section of the configuration profile is used to manage the preferences of the antivirus component of the product. -:---|:--- -**Domain** | com.microsoft.wdav -**Key** | antivirusEngine -**Data type** | Dictionary (nested preference) -**Comments** | See the following sections for a description of the dictionary contents. +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | antivirusEngine | +| **Data type** | Dictionary (nested preference) | +| **Comments** | See the following sections for a description of the dictionary contents. | #### Enable / disable real-time protection Whether real time protection (scan files as they are accessed) is enabled or not. -:---|:--- -**Domain** | com.microsoft.wdav -**Key** | enableRealTimeProtection -**Data type** | Boolean -**Possible values** | true (default); false +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | enableRealTimeProtection | +| **Data type** | Boolean | +| **Possible values** | true (default); false | #### Scan exclusions Entities that have been excluded from scanning. Exclusions can be specified by full paths, extensions or file names. -:---|:--- -**Domain** | com.microsoft.wdav -**Key** | exclusions -**Data type** | Dictionary (nested preference) -**Comments** | See the following sections for a description of the dictionary contents. +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | exclusions | +| **Data type** | Dictionary (nested preference) | +| **Comments** | See the following sections for a description of the dictionary contents. | ##### Type of exclusion Specifies the type of the excluded content. -**Domain** | com.microsoft.wdav -**Key** | $type -**Data type** | String -**Possible values** | excludedPath; excludedFileExtension; excludedFileName +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | $type | +| **Data type** | String | +| **Possible values** | excludedPath; excludedFileExtension; excludedFileName | ##### Path to excluded content Path to file or directory that should be exluded from scanning. -**Domain** | com.microsoft.wdav -**Key** | path -**Data type** | String -**Possible values** | valid paths -**Comments** | Applicable only if *$type* is *excludedPath* +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | path | +| **Data type** | String | +| **Possible values** | valid paths | +| **Comments** | Applicable only if *$type* is *excludedPath* | ##### Path type (file / directory) Indicates if the *path* property refers to a file or directory. -**Domain** | com.microsoft.wdav -**Key** | isDirectory -**Data type** | Boolean -**Possible values** | false (default); true -**Comments** | Applicable only if *$type* is *excludedPath* +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | isDirectory | +| **Data type** | Boolean | +| **Possible values** | false (default); true | +| **Comments** | Applicable only if *$type* is *excludedPath* | ##### Extension excluded from scanning Extension of files that should be excluded from scanning. -**Domain** | com.microsoft.wdav -**Key** | extension -**Data type** | String -**Possible values** | valid file extensions -**Comments** | Applicable only if *$type* is *excludedFileExtension* +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | extension | +| **Data type** | String | +| **Possible values** | valid file extensions | +| **Comments** | Applicable only if *$type* is *excludedFileExtension* | ##### Name of excluded content Name of file that should be excluded from scanning. -**Domain** | com.microsoft.wdav -**Key** | name -**Data type** | String -**Possible values** | any string -**Comments** | Applicable only if *$type* is *excludedFileName* +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | name | +| **Data type** | String | +| **Possible values** | any string | +| **Comments** | Applicable only if *$type* is *excludedFileName* | #### Threat type settings The *threatTypeSettings* preference in the antivirus engine is used to control how certain threat types are handled by the product. -:---|:--- -**Domain** | com.microsoft.wdav -**Key** | threatTypeSettings -**Data type** | Dictionary (nested preference) -**Comments** | See the following sections for a description of the dictionary contents. +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | threatTypeSettings | +| **Data type** | Dictionary (nested preference) | +| **Comments** | See the following sections for a description of the dictionary contents. | ##### Threat type Type of the threat for which the behavior is configured. -**Domain** | com.microsoft.wdav -**Key** | key -**Data type** | String -**Possible values** | potentially_unwanted_application +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | key | +| **Data type** | String | +| **Possible values** | potentially_unwanted_application | ##### Action to take @@ -136,50 +152,56 @@ Action to take when encountering a threat of the the type being configured. Can - Block: reports the threat to the user interface and the security console and blocks the execution of the threat if real-time protection is turned on - Off: does not block the threat or report it -**Domain** | com.microsoft.wdav -**Key** | value -**Data type** | String -**Possible values** | audit (default); block; off +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | value | +| **Data type** | String | +| **Possible values** | audit (default); block; off | ### Cloud delivered protection preferences The *cloudService* entry in the configuration profile is used to configure the cloud driven protection feature of the product. -:---|:--- -**Domain** | com.microsoft.wdav -**Key** | cloudService -**Data type** | Dictionary (nested preference) -**Comments** | See the following sections for a description of the dictionary contents. +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | cloudService | +| **Data type** | Dictionary (nested preference) | +| **Comments** | See the following sections for a description of the dictionary contents. | #### Enable / disable cloud delivered protection Whether cloud delivered protection is enabled on the device or not. To improve the security of your sevices, we recommend keeping this feature turned on. -:---|:--- -**Domain** | com.microsoft.wdav -**Key** | enabled -**Data type** | Boolean -**Possible values** | true (default); false +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | enabled | +| **Data type** | Boolean | +| **Possible values** | true (default); false | #### Diagnostic collection level Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by the product to Microsoft. -:---|:--- -**Domain** | com.microsoft.wdav -**Key** | diagnosticLevel -**Data type** | String -**Possible values** | optional (default); required +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | diagnosticLevel | +| **Data type** | String | +| **Possible values** | optional (default); required | #### Enable / disable automatic sample submissions Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. We'll prompt users if the file we need is likely to contain personal information. -:---|:--- -**Domain** | com.microsoft.wdav -**Key** | automaticSampleSubmission -**Data type** | Boolean -**Possible values** | true (default); false +||| +|:---|:---| +| **Domain** | com.microsoft.wdav | +| **Key** | automaticSampleSubmission | +| **Data type** | Boolean | +| **Possible values** | true (default); false | ## Recommended configuration profile From 9b788d1f7c9738fc22785638af1129991efbc004 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 21 Jun 2019 16:49:21 -0700 Subject: [PATCH 24/52] Spacing --- .../microsoft-defender-atp-mac-preferences.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index fc59259235..1e5c79356f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -20,7 +20,7 @@ ms.topic: conceptual # Set preferences for Microsoft Defender ATP for Mac -In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile, which is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users of the devices in your enterprise will not be able to change preferences that are set through this configuration profile. +In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile, which is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users in your enterprise will not be able to change preferences that are set through this configuration profile. This topic describes the structure of this profile (including a recommended profile that you can use to get started) and instructions for how to deploy the profile. @@ -50,7 +50,7 @@ Whether real time protection (scan files as they are accessed) is enabled or not | **Domain** | com.microsoft.wdav | | **Key** | enableRealTimeProtection | | **Data type** | Boolean | -| **Possible values** | true (default); false | +| **Possible values** | true (default)
    false | #### Scan exclusions @@ -72,7 +72,7 @@ Specifies the type of the excluded content. | **Domain** | com.microsoft.wdav | | **Key** | $type | | **Data type** | String | -| **Possible values** | excludedPath; excludedFileExtension; excludedFileName | +| **Possible values** | excludedPath
    excludedFileExtension
    excludedFileName | ##### Path to excluded content @@ -95,7 +95,7 @@ Indicates if the *path* property refers to a file or directory. | **Domain** | com.microsoft.wdav | | **Key** | isDirectory | | **Data type** | Boolean | -| **Possible values** | false (default); true | +| **Possible values** | false (default)
    true | | **Comments** | Applicable only if *$type* is *excludedPath* | ##### Extension excluded from scanning @@ -157,7 +157,7 @@ Action to take when encountering a threat of the the type being configured. Can | **Domain** | com.microsoft.wdav | | **Key** | value | | **Data type** | String | -| **Possible values** | audit (default); block; off | +| **Possible values** | audit (default)
    block
    off | ### Cloud delivered protection preferences @@ -179,7 +179,7 @@ Whether cloud delivered protection is enabled on the device or not. To improve t | **Domain** | com.microsoft.wdav | | **Key** | enabled | | **Data type** | Boolean | -| **Possible values** | true (default); false | +| **Possible values** | true (default)
    false | #### Diagnostic collection level @@ -190,7 +190,7 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de | **Domain** | com.microsoft.wdav | | **Key** | diagnosticLevel | | **Data type** | String | -| **Possible values** | optional (default); required | +| **Possible values** | optional (default)
    required | #### Enable / disable automatic sample submissions @@ -201,7 +201,7 @@ Determines whether suspicious samples (that are likely to contain threats) are s | **Domain** | com.microsoft.wdav | | **Key** | automaticSampleSubmission | | **Data type** | Boolean | -| **Possible values** | true (default); false | +| **Possible values** | true (default)
    false | ## Recommended configuration profile From c31d376f962669bed129741337feda4d93de3a17 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 21 Jun 2019 16:56:08 -0700 Subject: [PATCH 25/52] Warning for deployment --- .../microsoft-defender-atp-mac-preferences.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index 1e5c79356f..9567b6c75e 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -148,9 +148,9 @@ Type of the threat for which the behavior is configured. Action to take when encountering a threat of the the type being configured. Can be: -- Audit: adds an entry to the log about the threat, but does not report it to the user interface or the security console -- Block: reports the threat to the user interface and the security console and blocks the execution of the threat if real-time protection is turned on -- Off: does not block the threat or report it +- *Audit*: adds an entry to the log about the threat, but does not report it to the user interface or the security console +- *Block*: reports the threat to the user interface and the security console and blocks the execution of the threat if real-time protection is turned on +- *Off*: does not block the threat or report it ||| |:---|:---| @@ -316,7 +316,8 @@ Once you've built the configuration profile for your enterprise, you can deploy From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings** and create a new entry with *com.microsoft.wdav* as the preference domain and upload the .plist with the settings. -**NOTE:** it is important that you enter the correct preference domain, otherwise these preferences might not be recognized by the product. +>[!WARNING] +>It is important that you enter the correct preference domain, otherwise these preferences might not be recognized by the product. ### Intune deployment @@ -334,6 +335,9 @@ From the JAMF console, open **Computers** > **Configuration Profiles**, navigate 7. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. +>[!WARNING] +>It is important that you enter the correct custom configuration profile name, otherwise these preferences might not be recognized by the product. + ## Resources - [Configuration Profile Reference (Apple developer documentation)](https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf) From bc0553ce313c3cb5d6076791576fb5c1adff2cd9 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Fri, 21 Jun 2019 18:13:08 -0700 Subject: [PATCH 26/52] Edited to accommodate new content --- ...-disable-machine-account-password-changes.md | 17 +++++++++-------- ...mber-maximum-machine-account-password-age.md | 2 +- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md index 86d631fb52..59a0363cc9 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md @@ -40,17 +40,18 @@ Verify that the **Domain member: Disable machine account password changes** opti 1. Do not enable this policy setting. Machine account passwords are used to establish secure channel communications between members and domain controllers and between the domain controllers within the domain. After it is established, the secure channel transmits sensitive information that is necessary for making authentication and authorization decisions. 2. Do not use this policy setting in an attempt to support dual-boot scenarios that use the same machine account. If you want to dual-boot installations that are joined to the same domain, give the two installations different computer names. This policy setting was added to the Windows operating system to make it easier for organizations that stockpile pre-built computers that are put into production months later; those devices do not have to be rejoined to the domain. +3. You may consider using this policy setting in particular environments, such as the following: + + - Non-persistent Virtual Desktop Infrastructure implementations. In such implementations, each session starts from a read-only base image. + - Embedded devices that do not have write access to the OS volume. -There might be situations where you may think about using the setting, like: -* Non-persistent VDI domain members that are rolled back to the base image after each invocation. An updated password would be lost on roll-back. -* Embedded devices that have write access to the OS volume disabled. So an updated password would not be persisted. + In either of these cases, a password change that was made during normal operations would be lost as soon as the session ends. We strongly recommend that you plan password changes for maintenance windows. Add the password changes to the updates and modifications that Windows performs during maintenance windows. To trigger a password update on a particular OS volume, use the following command: -For both situations in case you are using this approach, we would strongly suggest to plan for a password change when using the setting and configure the deployment to retain this updated OS image or, in the embedded scenario, allow the write to the OS volume. To facilitate the update to the machine account password locally, trigger the update using this command: - -``` -Nltest /sc_change_pwd: -``` + ``` + Nltest /sc_change_pwd: + ``` + In this command, **\** represents the domain of the local computer. ### Location diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index 88fe5d0bf4..d34b8a9ce6 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -28,7 +28,7 @@ Describes the best practices, location, values, and security considerations for The **Domain member: Maximum machine account password age** policy setting determines when a domain member submits a password change. -In Active Directory–based domains, each device has an account and password. By default, the domain members submit a password change every 30 days. You can extend or reduce this interval. Additionally, you can use the policy **Domain member: Disable machine account password changes** to disable the password change requirement altogether. However, before you consider this option, review the implications as described in [Domain member: Disable machine account password changes](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes). +In Active Directory–based domains, each device has an account and password. By default, the domain members submit a password change every 30 days. You can extend or reduce this interval. Additionally, you can use the policy **Domain member: Disable machine account password changes** to disable the password change requirement altogether. However, before you consider this option, review the implications as described in [Domain member: Disable machine account password changes](domain-member-disable-machine-account-password-changes.md). > [!IMPORTANT] > Significantly increasing the password change interval (or disabling password changes) gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts. From 485f50a48bfdaa898b54e2f61f43d7fef2183d1c Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Fri, 21 Jun 2019 18:28:14 -0700 Subject: [PATCH 27/52] Added link --- .../domain-member-disable-machine-account-password-changes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md index 59a0363cc9..1ce56378e4 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md @@ -51,7 +51,7 @@ Verify that the **Domain member: Disable machine account password changes** opti Nltest /sc_change_pwd: ``` - In this command, **\** represents the domain of the local computer. + In this command, **\** represents the domain of the local computer. For more information about maintenance windows and non-persistent VDI implementations, see [Optimizing Windows 10, version 1803, for a Virtual Desktop Infrastructure (VDI) role: VDI optimization principles: Non-Persistent VDI](/windows-server/remote/remote-desktop-services/rds-vdi-recommendations-1803#vdi-optimization-principles). ### Location From eaf7b97185199f26c35416f3e5dd72596c6eb210 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 09:47:11 -0700 Subject: [PATCH 28/52] Minor updates --- .../microsoft-defender-atp-mac-preferences.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index 9567b6c75e..72915e7619 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -76,7 +76,7 @@ Specifies the type of the excluded content. ##### Path to excluded content -Path to file or directory that should be exluded from scanning. +Used to exclude content from scanning by full file path. ||| |:---|:---| @@ -98,9 +98,9 @@ Indicates if the *path* property refers to a file or directory. | **Possible values** | false (default)
    true | | **Comments** | Applicable only if *$type* is *excludedPath* | -##### Extension excluded from scanning +##### File extension excluded from scanning -Extension of files that should be excluded from scanning. +Used to exclude content from scanning by file extension. ||| |:---|:---| @@ -112,7 +112,7 @@ Extension of files that should be excluded from scanning. ##### Name of excluded content -Name of file that should be excluded from scanning. +Used to exclude content from scanning by file name. ||| |:---|:---| @@ -148,9 +148,9 @@ Type of the threat for which the behavior is configured. Action to take when encountering a threat of the the type being configured. Can be: -- *Audit*: adds an entry to the log about the threat, but does not report it to the user interface or the security console -- *Block*: reports the threat to the user interface and the security console and blocks the execution of the threat if real-time protection is turned on -- *Off*: does not block the threat or report it +- **Audit**: adds an entry to the log about the threat, but does not report it to the user interface or the security console +- **Block**: reports the threat to the user interface and the security console and protects the device against this type of threat +- **Off**: does not block the threat and does not report it to the log or security console ||| |:---|:---| @@ -194,7 +194,7 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de #### Enable / disable automatic sample submissions -Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. We'll prompt users if the file we need is likely to contain personal information. +Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. We'll prompt users if the file being submitted is likely to contain personal information. ||| |:---|:---| @@ -314,10 +314,10 @@ Once you've built the configuration profile for your enterprise, you can deploy ### JAMF deployment -From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings** and create a new entry with *com.microsoft.wdav* as the preference domain and upload the .plist with the settings. +From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings** and create a new entry with *com.microsoft.wdav* as the preference domain and upload the .plist produced using the steps described earlier in this document. >[!WARNING] ->It is important that you enter the correct preference domain, otherwise these preferences might not be recognized by the product. +>It is important that you enter the correct preference domain (*com.microsoft.wdav*), otherwise the preferences might not be recognized by the product. ### Intune deployment @@ -325,7 +325,7 @@ From the JAMF console, open **Computers** > **Configuration Profiles**, navigate 2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select Configure. -3. Save the .plist with the settings as **com.microsoft.wdav.xml**. +3. Save the .plist produced using the steps described earlier in this document as **com.microsoft.wdav.xml**. 4. Enter **com.microsoft.wdav** as the **custom configuration profile name**. From 896cc1f51c124b785edbad1b00605dcaaed5e87a Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 10:46:00 -0700 Subject: [PATCH 29/52] Add more info on archive bombs --- .../microsoft-defender-atp-mac-preferences.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index 72915e7619..bfb9e7d141 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -142,7 +142,7 @@ Type of the threat for which the behavior is configured. | **Domain** | com.microsoft.wdav | | **Key** | key | | **Data type** | String | -| **Possible values** | potentially_unwanted_application | +| **Possible values** | potentially_unwanted_application
    archive_bomb | ##### Action to take @@ -209,7 +209,9 @@ To get started, we recommend the following configuration profile for your enterp The following configuration profile will: - Enable real time protection (RTP) -- Enable the blocking of potentially unwanted applications (PUA), which by default are in *audit* (non-blocking) mode +- Specify how the following threat types are handled: + - **Potentially unwanted applications (PUA)** are blocked + - **Archive bombs** (file with a very high compression rate) are audited to the product logs - Enable cloud delivered protection - Enable automatic sample submission @@ -230,6 +232,12 @@ The following configuration profile will: value block + + key + archive_bomb + value + audit + cloudService @@ -293,6 +301,12 @@ The following configuration profile contains entries for all of the settings des value block + + key + archive_bomb + value + audit + cloudService From 6512ff8f7982a956906baaca3d07c9752281d164 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 24 Jun 2019 11:06:52 -0700 Subject: [PATCH 30/52] adding statement about licenses for WDAV per Charles --- .../windows-defender-antivirus/troubleshoot-reporting.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md index 81599231f8..a194696c88 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md +++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md @@ -11,7 +11,6 @@ ms.pagetype: security ms.localizationpriority: medium author: dansimp ms.author: dansimp -ms.date: 09/03/2018 ms.reviewer: manager: dansimp --- @@ -22,7 +21,9 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues. +You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the [Microsoft Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx). + +When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of devices or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you might encounter problems or issues. Typically, the most common indicators of a problem are: - You only see a small number or subset of all the devices you were expecting to see @@ -52,7 +53,9 @@ In order for devices to properly show up in Update Compliance, you have to meet > - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 diagnostic data must be set to the Enhanced level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level). > - It has been 3 days since all requirements have been met -If the above pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us. +“You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the Microsoft Defender ATP portal (https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see Windows 10 product licensing options" + +If the above pre-requisites have all been met, you might need to proceed to the next step to collect diagnostic information and send it to us. > [!div class="nextstepaction"] > [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance.md) From aae2dabce503e2458dbe44dfa4ef001525e4b632 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 24 Jun 2019 11:42:09 -0700 Subject: [PATCH 31/52] removing arch posters until they can be updated --- windows/deployment/TOC.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md index 57fb6fe644..dc75df4d5f 100644 --- a/windows/deployment/TOC.md +++ b/windows/deployment/TOC.md @@ -1,5 +1,4 @@ # [Deploy and update Windows 10](https://docs.microsoft.com/windows/deployment) -## [Architectural planning posters for Windows 10](windows-10-architecture-posters.md) ## [Deploy Windows 10 with Microsoft 365](deploy-m365.md) ## [What's new in Windows 10 deployment](deploy-whats-new.md) ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) From 4e35255901007abfe33b4da998b80531af6ce50f Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 13:19:34 -0700 Subject: [PATCH 32/52] Try out different formatting --- .../microsoft-defender-atp-mac-preferences.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index bfb9e7d141..609e571bb1 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -63,7 +63,7 @@ Entities that have been excluded from scanning. Exclusions can be specified by f | **Data type** | Dictionary (nested preference) | | **Comments** | See the following sections for a description of the dictionary contents. | -##### Type of exclusion +**Type of exclusion** Specifies the type of the excluded content. @@ -74,7 +74,7 @@ Specifies the type of the excluded content. | **Data type** | String | | **Possible values** | excludedPath
    excludedFileExtension
    excludedFileName | -##### Path to excluded content +**Path to excluded content** Used to exclude content from scanning by full file path. @@ -86,7 +86,7 @@ Used to exclude content from scanning by full file path. | **Possible values** | valid paths | | **Comments** | Applicable only if *$type* is *excludedPath* | -##### Path type (file / directory) +**Path type (file / directory)** Indicates if the *path* property refers to a file or directory. @@ -98,7 +98,7 @@ Indicates if the *path* property refers to a file or directory. | **Possible values** | false (default)
    true | | **Comments** | Applicable only if *$type* is *excludedPath* | -##### File extension excluded from scanning +**File extension excluded from scanning** Used to exclude content from scanning by file extension. @@ -110,7 +110,7 @@ Used to exclude content from scanning by file extension. | **Possible values** | valid file extensions | | **Comments** | Applicable only if *$type* is *excludedFileExtension* | -##### Name of excluded content +**Name of excluded content** Used to exclude content from scanning by file name. @@ -133,7 +133,7 @@ The *threatTypeSettings* preference in the antivirus engine is used to control h | **Data type** | Dictionary (nested preference) | | **Comments** | See the following sections for a description of the dictionary contents. | -##### Threat type +**Threat type** Type of the threat for which the behavior is configured. @@ -144,7 +144,7 @@ Type of the threat for which the behavior is configured. | **Data type** | String | | **Possible values** | potentially_unwanted_application
    archive_bomb | -##### Action to take +**Action to take** Action to take when encountering a threat of the the type being configured. Can be: @@ -215,7 +215,7 @@ The following configuration profile will: - Enable cloud delivered protection - Enable automatic sample submission -``` +```xml @@ -255,7 +255,7 @@ The following configuration profile will: The following configuration profile contains entries for all of the settings described in this document and can be used for more advanced scenarios where you want more control over the product. -``` +```xml From 5d3a9dd44cb6f47db5f2017546dd5511b1ee6abd Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 24 Jun 2019 13:29:05 -0700 Subject: [PATCH 33/52] removing posters until updated --- .../windows-10-architecture-posters.md | 27 ------------------- 1 file changed, 27 deletions(-) delete mode 100644 windows/deployment/windows-10-architecture-posters.md diff --git a/windows/deployment/windows-10-architecture-posters.md b/windows/deployment/windows-10-architecture-posters.md deleted file mode 100644 index f0245f7e83..0000000000 --- a/windows/deployment/windows-10-architecture-posters.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -title: Deploy Windows 10 - architectural posters -description: Provides architural planning posters for Windows 10 in the enterprise -ms.prod: w10 -ms.author: greg-lindsay -author: greg-lindsay -ms.date: 09/28/2017 -ms.reviewer: -manager: laurawi -ms.tgt_pltfrm: na -ms.topic: article -ms.localizationpriority: medium ---- -# Architectural planning posters for Windows 10 - -You can download the following posters for architectural information about deploying Windows 10 in the enterprise. - -- [Deploy Windows 10 - Clean installation](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf) - Learn about the options and steps for a new installation of Windows 10. -- [Deploy Windows 10 - In-place upgrade](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf) - Learn about the steps to upgrade from a previous version of Windows. -- [Deploy Windows 10 - Windows Autopilot](https://github.com/MicrosoftDocs/windows-itpro-docs/blob/master/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf) - Learn how you can set up and pre-configure Windows 10 devices. -- [Deploy Windows 10 - Windows servicing](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/WindowsServicing.pdf) - Learn how to keep Windows up to date. -- [Deploy Windows 10 - Protection solutions](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/ProtectionSolutions.pdf) - Learn about the two tiers of protection available for Windows 10 devices. From 26a9cc21920e2c136d0bf01c3b24d446988079eb Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 24 Jun 2019 13:34:36 -0700 Subject: [PATCH 34/52] adding redir --- .openpublishing.redirection.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 1fe80284d7..0c4909bd02 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15038,6 +15038,11 @@ "redirect_document_id": true }, { +"source_path": "windows/deployment/windows-10-architecture-posters.md", +"redirect_url": "/windows/deployment/windows-10-deployment-scenarios", +"redirect_document_id": true +}, +{ "source_path": "windows/device-security/index.md", "redirect_url": "/windows/security/threat-protection", "redirect_document_id": true From 110f441e4ef77d218057b912cbcfc83fd6507791 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 13:55:56 -0700 Subject: [PATCH 35/52] Minor wording update --- .../microsoft-defender-atp-mac-preferences.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index 609e571bb1..633baf9a77 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -65,7 +65,7 @@ Entities that have been excluded from scanning. Exclusions can be specified by f **Type of exclusion** -Specifies the type of the excluded content. +Specifies the type of content excluded from scanning. ||| |:---|:---| From 3396f53b83c5f7873f27058876cda5157a39a883 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 15:45:48 -0700 Subject: [PATCH 36/52] Try to change casing --- .../microsoft-defender-atp-mac-preferences.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index 633baf9a77..5cd8cf407c 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -215,7 +215,7 @@ The following configuration profile will: - Enable cloud delivered protection - Enable automatic sample submission -```xml +```XML @@ -255,7 +255,7 @@ The following configuration profile will: The following configuration profile contains entries for all of the settings described in this document and can be used for more advanced scenarios where you want more control over the product. -```xml +```XML From b018962d96e5056957bb83ea6f9b36a207d1d915 Mon Sep 17 00:00:00 2001 From: mapalko Date: Mon, 24 Jun 2019 16:48:33 -0700 Subject: [PATCH 37/52] DC documentation changes --- .../hello-hybrid-cert-whfb-settings-pki.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 6e3126b3c7..3a8ba5db87 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -55,7 +55,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e 7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list. Select **RSA** from the **Algorithm name** list. Type **2048** in the **Minimum key size** text box. Select **SHA256** from the **Request hash** list. Click **OK**. 8. Close the console. -#### Configure Certificate Suspeding for the Domain Controller Authentication (Kerberos) Certificate Template +#### Configure Certificate Superseding for the Domain Controller Authentication (Kerberos) Certificate Template Many domain controllers may have an existing domain controller certificate. The Active Directory Certificate Services provides a default certificate template for domain controllers--the domain controller certificate template. Later releases provided a new certificate template--the domain controller authentication certificate template. These certificate templates were provided prior to update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the **KDC Authentication** extension. @@ -77,6 +77,9 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities. +>[!NOTE] +>The Domain Controller Certificate must be present in the NTAuth store. By default, Microsoft Enterprise CAs are added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the Domain Controller Certificate is not present in the NTAuth store, user authentication will fail. + ### Enrollment Agent certificate template Active Directory Federation Server used for Windows Hello for Business certificate enrollment performs its own certificate life-cycle management. Once the registration authority is configured with the proper certificate template, the AD FS server attempts to enroll the certificate on the first certificate request or when the service first starts. @@ -183,6 +186,7 @@ Sign-in to the certificate authority or management workstation with _Enterprise 4. Right-click the **Domain Controller** certificate template in the content pane and select **Delete**. Click **Yes** on the **Disable certificate templates** window. 5. Repeat step 4 for the **Domain Controller Authentication** and **Kerberos Authentication** certificate templates. + ### Section Review > [!div class="checklist"] > * Domain Controller certificate template From 5b7c9bc2ac185650dbc4f4f444b172105e348953 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 19:11:33 -0700 Subject: [PATCH 38/52] Initial draft for privacy in MDATP for Mac --- .../microsoft-defender-atp-mac-privacy.md | 258 ++++++++++++++++++ 1 file changed, 258 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md new file mode 100644 index 0000000000..7c0a29768e --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md @@ -0,0 +1,258 @@ +--- +title: Privacy in Microsoft Defender ATP for Mac +ms.reviewer: +description: Describes privacy controls, how to configure policy settings that impact privacy and information about the diagnostic data collected in Microsoft Defender ATP for Mac. +keywords: microsoft, defender, atp, mac, privacy, diagnostic +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Privacy in Microsoft Defender ATP for Mac + +Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Microsoft Defender ATP for Mac. + +This topic describes the privacy controls available within the product, how to manage these controls with policy settings and more details on the data events that are collected. + +## Overview of privacy controls in Microsoft Defender ATP for Mac + +This section describes the privacy controls for the different types of data collected by Microsoft Defender ATP for Mac. + +### Diagnostic data + +Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. + +Some diagnostic data is required, while some diagnostic data is optional. We give you the ability to choose whether to send us required or optional diagnostic data through the use of privacy controls, such as policy settings for organizations. + +There are two levels of diagnostic data for Microsoft Defender ATP client software that you can choose from: + +* **Required** The minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and performing as expected on the device it’s installed on. + +* **Optional** Additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and remediate issues. + +By default, both optional and required diagnostic data is sent to Microsoft. + +### Cloud delivered protection data + +Cloud delivered protection is used to provide increased and faster protection with access to the latest protection data in the cloud. + +Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides very important protection against malware on your endpoints and across your network. + +### Sample data + +Sample data is used to improve the protection capabilities of the product, by sending Microsoft suspicious samples. When the sample being collected is likely to contain personal information, the user is prompted for consent before sending it. + +## Manage privacy controls with policy settings + +If you're an IT administrator, you might be interested in configuring these controls at the enterprise level. + +The privacy controls for the various type of data described in the previous section are described in detail in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md). + +As with any new policy settings, you should carefully test them out in a limited, controlled environment to ensure the settings you configure have the desired effect before you implement the policy settings more widely in your organization. + +## Diagnostic data events + +This section describes what is considered required diagnostic data and what is considered optional diagnostic data, along with a description of the events and fields that are collected. + +### Data fields that are common for all events +There is some information about events that is common to all events, regardless of category or data subtype. + +The following fields are considered common for all events: + +| Field | Description | +| ----------------------- | ----------- | +| platform | The broad classification of the platform on which the app is running. Allows us to identify on which platforms an issue may be occurring so that we can correctly prioritize the issue. | +| machine_guid | Unique identifier associated with the device. Allows us to identify whether issues are impacting a select set of installs and how many users are impacted. | +| sense_guid | Unique identifier associated with the device. Allows us to identify whether issues are impacting a select set of installs and how many users are impacted. | +| org_id | Unique identifier associated with the enterprise that the device belongs to. Allows us to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. | +| hostname | Local machine name (without DNS suffix). Allows us to identify whether issues are impacting a select set of installs and how many users are impacted. | +| product_guid | Unique identifier of the product. Allows us to differentiate issues impacting different flavors of the product. | +| app_version | Version of the Microsoft Defender ATP for Mac application. Allows us to identify which versions of the product are showing an issue so that we can correctly prioritize it.| +| sig_version | Version of security intelligence database. Allows us to identify which versions of the security intelligence are showing an issue so that we can correctly prioritize it. | +| supported_compressions | List of compression algorithms supported by the application, e.g. `['gzip']`. Allows us to understand what types of compressions can be used when communicating with the application. | +| release_ring | Ring that the device is associated with (e.g. Insider Fast, Insider Slow, Production). Allows us to identify on which release ring an issue may be occurring so that we can correctly prioritize the issue. | + + +### Required diagnostic data + +**Required diagnostic data** is the minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and performing as expected on the device it’s installed on. + +Required diagnostic data helps to identify problems with Microsoft Defender ATP that may be related to a device or software configuration. For example, it can help determine if an Microsoft Defender ATP feature crashes more frequently on a particular operating system version, with newly introduced features, or when certain Microsoft Defender ATP features are disabled. Required diagnostic data helps us detect, diagnose, and fix these problems more quickly so the impact to users or organizations is reduced. + +#### Software setup and inventory data events + +##### Microsoft Defender ATP installation / uninstallation + +The following fields are collected: + +| Field | Description | +| ---------------- | ----------- | +| correlation_id | Unique identifier associated with the installation. | +| version | Version of the package being installed. | +| severity | Severity of the message (e.g. Informational). | +| code | Code describing the operation. | +| text | Additional information associated with the product installation. | + +##### Microsoft Defender ATP configuration + +The following fields are collected: + +| Field | Description | +| --------------------------------------------------- | ----------- | +| antivirus_engine.enable_real_time_protection | Whether real time protection is enabled on the device or not. | +| cloud_service.enabled | Whether cloud delivered protection is enabled on the device or not. | +| cloud_service.timeout | Timeout when communicating with the Microsoft Defender ATP cloud. | +| cloud_service.heartbeat_interval | Interval between consecutive heartbeats sent by the product to the cloud. | +| cloud_service.service_uri | URI used to communicate with the cloud. | +| cloud_service.diagnostic_level | Diagnostic level of the device (required, optional). | +| cloud_service.automatic_sample_submission | Whether automatic sample submission is turned on or not. | +| features.\[optional feature name\] | List of preview features, along with whether they are enabled or not. | + +#### Product and service performance data events + +##### Kernel extension statistics + +The following fields are collected: + +| Field | Description | +| ---------------- | ----------- | +| version | Version of Microsoft Defender ATP for Mac. | +| instance_id | Unique identifier generated on kernel extension startup. | +| trace_level | Trace level of the kernel extension. | +| ipc.connects | Number of connection requests received by the kernel extension. | +| ipc.rejects | Number of connection requests rejected by the kernel extension. | +| ipc.connected | Whether there is any active connection to the kernel extension. | + +#### Support data + +##### Diagnostic logs + +Diagnostic logs are collected only with the user's consent as part of the feedback submission feature. The following files are collected as part of the support logs: + +- All files under */Library/Logs/Microsoft/mdatp/* +- Subset of files under */Library/Application Support/Microsoft/Defender/* that are created and used by Microsoft Defender ATP for Mac +- Subset of files under */Library/Managed Preferences* that are used by Microsoft Defender ATP for Mac + +### Optional diagnostic data + +**Optional diagnostic data** is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. + +If you choose to send us optional diagnostic data, required diagnostic data is also included. + +Examples of optional diagnostic data include data we collect about product configuration (e.g. number of exclusions set on the device) and product performance (aggregate measures about the performance of components of the product). + +#### Software setup and inventory data events + +##### Microsoft Defender ATP configuration + +The following fields are collected: + +| Field | Description | +| -------------------------------------------------- | ----------- | +| connection_retry_timeout | Connection retry timeout when communication with the cloud. | +| file_hash_cache_maximum | Size of the product cache. | +| crash_upload_daily_limit | Limit of crash logs uploaded daily. | +| antivirus_engine.exclusions[].is_directory | Whether the exclusion from scanning is a directory or not. | +| antivirus_engine.exclusions[].path | Path that was excluded from scanning. | +| antivirus_engine.exclusions[].extension | Extension excluded from scanning. | +| antivirus_engine.exclusions[].name | Name of the file excluded from scanning. | +| antivirus_engine.scan_cache_maximum | Size of the product cache. | +| antivirus_engine.maximum_scan_threads | Maximum number of threads used for scanning. | +| antivirus_engine.threat_restoration_exclusion_time | Timeout before a file restored from the quarantine can be detected again. | +| filesystem_scanner.full_scan_directory | Full scan directory. | +| filesystem_scanner.quick_scan_directories | List of directories used in quick scan. | +| edr.latency_mode | Latency mode used by the detection and response component. | +| edr.proxy_address | Proxy address used by the detection and response component. | + +##### Microsoft Auto-Update configuration + +The following fields are collected: + +| Field | Description | +| --------------------------- | ----------- | +| how_to_check | Determines how product updates are checked (e.g. automatic, manual). | +| channel_name | Update channel associated with the device. | +| manifest_server | Server used for downloading updates. | +| update_cache | Location of the cache used to store updates. | + +### Product and service usage + +#### Diagnostic log upload started report + +The following fields are collected: + +| Field | Description | +| ---------------- | ----------- | +| sha256 | SHA256 identifier of the support log. | +| size | Size of the support log. | +| original_path | Path to the support log (always under */Library/Application Support/Microsoft/Defender/wdavdiag/*). | +| format | Format of the support log. | + +#### Diagnostic log upload completed report + +The following fields are collected: + +| Field | Description | +| ---------------- | ----------- | +| request_id | Correlation ID for the support log upload request. | +| sha256 | SHA256 identifier of the support log. | +| blob_sas_uri | URI used by the application to upload the support log. | + +#### Product and service performance data events + +##### Unexpected application exit (crash) + +Unexpected application exits and the state of the application when that happens. + +##### Kernel extension statistics + +The following fields are collected: + +| Field | Description | +| ------------------------------ | ----------- | +| pkt_ack_timeout | All properties below are aggregated numerical values, representing count of events that happened since kernel extension startup. | +| pkt_ack_conn_timeout | | +| ipc.ack_pkts | | +| ipc.nack_pkts | | +| ipc.send.ack_no_conn | | +| ipc.send.nack_no_conn | | +| ipc.send.ack_no_qsq | | +| ipc.send.nack_no_qsq | | +| ipc.ack.no_space | | +| ipc.ack.timeout | | +| ipc.ack.ackd_fast | | +| ipc.ack.ackd | | +| ipc.recv.bad_pkt_len | | +| ipc.recv.bad_reply_len | | +| ipc.recv.no_waiter | | +| ipc.recv.copy_failed | | +| ipc.kauth.vnode.mask | | +| ipc.kauth.vnode.read | | +| ipc.kauth.vnode.write | | +| ipc.kauth.vnode.exec | | +| ipc.kauth.vnode.del | | +| ipc.kauth.vnode.read_attr | | +| ipc.kauth.vnode.write_attr | | +| ipc.kauth.vnode.read_ex_attr | | +| ipc.kauth.vnode.write_ex_attr | | +| ipc.kauth.vnode.read_sec | | +| ipc.kauth.vnode.write_sec | | +| ipc.kauth.vnode.take_own | | +| ipc.kauth.vnode.denied | | +| ipc.kauth.file_op.mask | | +| ipc.kauth_file_op.open | | +| ipc.kauth.file_op.close | | + +## Resources + +- [Privacy at Microsoft](https://privacy.microsoft.com/) From 4d26fe7a379d4b0952e30f900e3c367b24e6d939 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 19:25:13 -0700 Subject: [PATCH 39/52] Add more info at the top of the page --- .../microsoft-defender-atp-mac-preferences.md | 3 +++ .../windows-defender-antivirus/microsoft-defender-atp-mac.md | 2 ++ 2 files changed, 5 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index 5cd8cf407c..bf85527a38 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -20,6 +20,9 @@ ms.topic: conceptual # Set preferences for Microsoft Defender ATP for Mac +>[!IMPORTANT] +>This topic contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](microsoft-defender-atp-mac-resources.md#configuring-from-the-command-line) page. + In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile, which is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users in your enterprise will not be able to change preferences that are set through this configuration profile. This topic describes the structure of this profile (including a recommended profile that you can use to get started) and instructions for how to deploy the profile. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 6794868296..79866deb5d 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -55,6 +55,8 @@ In general you'll need to take the following steps: Whichever method you choose, you will first need to visit the onboarding page in the Microsoft Defender ATP portal. +Once installed, you can configure the product in your enterprise using the steps in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md). + ### Prerequisites You should have beginner-level experience in macOS and BASH scripting. You must have administrative privileges on the machine. From be37f69c6dc5f1db7b0b58bada04b46fa0b059ba Mon Sep 17 00:00:00 2001 From: "Nisha Mittal (Wipro Ltd.)" Date: Mon, 24 Jun 2019 19:36:02 -0700 Subject: [PATCH 40/52] BreadCrumb Changes for required navigation --- windows/release-information/TOC.md | 70 +++++++++---------- .../release-information/breadcrumb/toc.yml | 10 ++- windows/release-information/docfx.json | 2 +- 3 files changed, 45 insertions(+), 37 deletions(-) diff --git a/windows/release-information/TOC.md b/windows/release-information/TOC.md index 735c4e5527..c905dea447 100644 --- a/windows/release-information/TOC.md +++ b/windows/release-information/TOC.md @@ -1,36 +1,36 @@ # [Windows 10 release information](index.md) -## [Message center](windows-message-center.yml) -## Version 1903 -### [Known issues and notifications](status-windows-10-1903.yml) -### [Resolved issues](resolved-issues-windows-10-1903.yml) -## Version 1809 and Windows Server 2019 -### [Known issues and notifications](status-windows-10-1809-and-windows-server-2019.yml) -### [Resolved issues](resolved-issues-windows-10-1809-and-windows-server-2019.yml) -## Version 1803 -### [Known issues and notifications](status-windows-10-1803.yml) -### [Resolved issues](resolved-issues-windows-10-1803.yml) -## Version 1709 -### [Known issues and notifications](status-windows-10-1709.yml) -### [Resolved issues](resolved-issues-windows-10-1709.yml) -## Version 1703 -### [Known issues and notifications](status-windows-10-1703.yml) -### [Resolved issues](resolved-issues-windows-10-1703.yml) -## Version 1607 and Windows Server 2016 -### [Known issues and notifications](status-windows-10-1607-and-windows-server-2016.yml) -### [Resolved issues](resolved-issues-windows-10-1607.yml) -## Version 1507 -### [Known issues and notifications](status-windows-10-1507.yml) -### [Resolved issues](resolved-issues-windows-10-1507.yml) -## Previous versions -### Windows 8.1 and Windows Server 2012 R2 -#### [Known issues and notifications](status-windows-8.1-and-windows-server-2012-r2.yml) -####[Resolved issues](resolved-issues-windows-8.1-and-windows-server-2012-r2.yml) -### Windows Server 2012 -#### [Known issues and notifications](status-windows-server-2012.yml) -####[Resolved issues](resolved-issues-windows-server-2012.yml) -### Windows 7 and Windows Server 2008 R2 -#### [Known issues and notifications](status-windows-7-and-windows-server-2008-r2-sp1.yml) -####[Resolved issues](resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml) -### Windows Server 2008 SP2 -#### [Known issues and notifications](status-windows-server-2008-sp2.yml) -####[Resolved issues](resolved-issues-windows-server-2008-sp2.yml) \ No newline at end of file +# [Message center](windows-message-center.yml) +# Version 1903 +## [Known issues and notifications](status-windows-10-1903.yml) +## [Resolved issues](resolved-issues-windows-10-1903.yml) +# Version 1809 and Windows Server 2019 +## [Known issues and notifications](status-windows-10-1809-and-windows-server-2019.yml) +## [Resolved issues](resolved-issues-windows-10-1809-and-windows-server-2019.yml) +# Version 1803 +## [Known issues and notifications](status-windows-10-1803.yml) +## [Resolved issues](resolved-issues-windows-10-1803.yml) +# Version 1709 +## [Known issues and notifications](status-windows-10-1709.yml) +## [Resolved issues](resolved-issues-windows-10-1709.yml) +# Version 1703 +## [Known issues and notifications](status-windows-10-1703.yml) +## [Resolved issues](resolved-issues-windows-10-1703.yml) +# Version 1607 and Windows Server 2016 +## [Known issues and notifications](status-windows-10-1607-and-windows-server-2016.yml) +## [Resolved issues](resolved-issues-windows-10-1607.yml) +# Version 1507 +## [Known issues and notifications](status-windows-10-1507.yml) +## [Resolved issues](resolved-issues-windows-10-1507.yml) +# Previous versions +## Windows 8.1 and Windows Server 2012 R2 +### [Known issues and notifications](status-windows-8.1-and-windows-server-2012-r2.yml) +###[Resolved issues](resolved-issues-windows-8.1-and-windows-server-2012-r2.yml) +## Windows Server 2012 +### [Known issues and notifications](status-windows-server-2012.yml) +### [Resolved issues](resolved-issues-windows-server-2012.yml) +## Windows 7 and Windows Server 2008 R2 +### [Known issues and notifications](status-windows-7-and-windows-server-2008-r2-sp1.yml) +### [Resolved issues](resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml) +## Windows Server 2008 SP2 +### [Known issues and notifications](status-windows-server-2008-sp2.yml) +### [Resolved issues](resolved-issues-windows-server-2008-sp2.yml) \ No newline at end of file diff --git a/windows/release-information/breadcrumb/toc.yml b/windows/release-information/breadcrumb/toc.yml index 61d8fca61e..5c9f236497 100644 --- a/windows/release-information/breadcrumb/toc.yml +++ b/windows/release-information/breadcrumb/toc.yml @@ -1,3 +1,11 @@ - name: Docs tocHref: / - topicHref: / \ No newline at end of file + topicHref: / + items: + - name: Windows + tocHref: /windows + topicHref: /windows/windows-10 + items: + - name: Release information + tocHref: /windows/release-information/ + topicHref: /windows/release-information/index diff --git a/windows/release-information/docfx.json b/windows/release-information/docfx.json index a91619d79b..5bab1ca43c 100644 --- a/windows/release-information/docfx.json +++ b/windows/release-information/docfx.json @@ -35,7 +35,7 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "breadcrumb_path": "/windows/release-information/breadcrumb/toc.json", "ms.prod": "w10", "ms.date": "4/30/2019", "titleSuffix": "Windows Release Information", From 00093ae45c3d6301a95dc4297e54211ab17af5f0 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 19:40:43 -0700 Subject: [PATCH 41/52] Improve wording on sample submission --- .../microsoft-defender-atp-mac-privacy.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md index 7c0a29768e..ad45ba6b75 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md @@ -50,7 +50,9 @@ Enabling the cloud-delivered protection service is optional, however it is highl ### Sample data -Sample data is used to improve the protection capabilities of the product, by sending Microsoft suspicious samples. When the sample being collected is likely to contain personal information, the user is prompted for consent before sending it. +Sample data is used to improve the protection capabilities of the product, by sending Microsoft suspicious samples so they can be analyzed. Enabling automatic sample submission is optional. + +When this feature is enabled and the sample being collected is likely to contain personal information, the user is prompted for consent. ## Manage privacy controls with policy settings From 6a2c0851f2507f80db86c2786838559692030c61 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 19:59:14 -0700 Subject: [PATCH 42/52] Formatting --- .../microsoft-defender-atp-mac-privacy.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md index ad45ba6b75..f7925886c3 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md @@ -93,7 +93,7 @@ Required diagnostic data helps to identify problems with Microsoft Defender ATP #### Software setup and inventory data events -##### Microsoft Defender ATP installation / uninstallation +**Microsoft Defender ATP installation / uninstallation** The following fields are collected: @@ -105,7 +105,7 @@ The following fields are collected: | code | Code describing the operation. | | text | Additional information associated with the product installation. | -##### Microsoft Defender ATP configuration +**Microsoft Defender ATP configuration** The following fields are collected: @@ -122,7 +122,7 @@ The following fields are collected: #### Product and service performance data events -##### Kernel extension statistics +**Kernel extension statistics** The following fields are collected: @@ -137,7 +137,7 @@ The following fields are collected: #### Support data -##### Diagnostic logs +**Diagnostic logs** Diagnostic logs are collected only with the user's consent as part of the feedback submission feature. The following files are collected as part of the support logs: @@ -155,7 +155,7 @@ Examples of optional diagnostic data include data we collect about product confi #### Software setup and inventory data events -##### Microsoft Defender ATP configuration +**Microsoft Defender ATP configuration** The following fields are collected: @@ -176,7 +176,7 @@ The following fields are collected: | edr.latency_mode | Latency mode used by the detection and response component. | | edr.proxy_address | Proxy address used by the detection and response component. | -##### Microsoft Auto-Update configuration +**Microsoft Auto-Update configuration** The following fields are collected: @@ -212,11 +212,11 @@ The following fields are collected: #### Product and service performance data events -##### Unexpected application exit (crash) +**Unexpected application exit (crash)** Unexpected application exits and the state of the application when that happens. -##### Kernel extension statistics +**Kernel extension statistics** The following fields are collected: From 65c479e11f6d128d3218cd277b97f5d260b05532 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 20:34:17 -0700 Subject: [PATCH 43/52] Update title --- .../microsoft-defender-atp-mac-privacy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md index f7925886c3..72650bfdcc 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md @@ -1,5 +1,5 @@ --- -title: Privacy in Microsoft Defender ATP for Mac +title: Privacy for Microsoft Defender ATP for Mac ms.reviewer: description: Describes privacy controls, how to configure policy settings that impact privacy and information about the diagnostic data collected in Microsoft Defender ATP for Mac. keywords: microsoft, defender, atp, mac, privacy, diagnostic @@ -18,7 +18,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- -# Privacy in Microsoft Defender ATP for Mac +# Privacy for Microsoft Defender ATP for Mac Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Microsoft Defender ATP for Mac. From ba9334c30d79bddf9f670fedf05fbff042efee0c Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 21:35:38 -0700 Subject: [PATCH 44/52] Fixes to improve the scorecard --- .../microsoft-defender-atp-mac-preferences.md | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index bf85527a38..fb45bfadcb 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -23,15 +23,15 @@ ms.topic: conceptual >[!IMPORTANT] >This topic contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](microsoft-defender-atp-mac-resources.md#configuring-from-the-command-line) page. -In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile, which is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users in your enterprise will not be able to change preferences that are set through this configuration profile. +In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile. This profile is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users in your enterprise are not able to change preferences that are set through this configuration profile. This topic describes the structure of this profile (including a recommended profile that you can use to get started) and instructions for how to deploy the profile. ## Configuration profile structure -The configuration profile is a .plist file that consists of entries identified by a key (denoting the name of the preference being set), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences. +The configuration profile is a .plist file that consists of entries identified by a key (which denotes the name of the preference being set), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences. -The top level of the configuration profile includes product-wide preferences, as well as entries for sub-areas of the product, which are explained in more detail in the next sections. +The top level of the configuration profile includes product-wide preferences and entries for subareas of the product, which are explained in more detail in the next sections. ### Antivirus engine preferences @@ -46,7 +46,7 @@ The *antivirusEngine* section of the configuration profile is used to manage the #### Enable / disable real-time protection -Whether real time protection (scan files as they are accessed) is enabled or not. +Whether real-time protection (scan files as they are accessed) is enabled or not. ||| |:---|:---| @@ -57,7 +57,7 @@ Whether real time protection (scan files as they are accessed) is enabled or not #### Scan exclusions -Entities that have been excluded from scanning. Exclusions can be specified by full paths, extensions or file names. +Entities that have been excluded from being scanned. Exclusions can be specified by full paths, extensions, or file names. ||| |:---|:---| @@ -68,7 +68,7 @@ Entities that have been excluded from scanning. Exclusions can be specified by f **Type of exclusion** -Specifies the type of content excluded from scanning. +Specifies the type of content excluded from being scanned. ||| |:---|:---| @@ -79,7 +79,7 @@ Specifies the type of content excluded from scanning. **Path to excluded content** -Used to exclude content from scanning by full file path. +Used to exclude content from being scanned by full file path. ||| |:---|:---| @@ -101,9 +101,9 @@ Indicates if the *path* property refers to a file or directory. | **Possible values** | false (default)
    true | | **Comments** | Applicable only if *$type* is *excludedPath* | -**File extension excluded from scanning** +**File extension excluded from being scanned** -Used to exclude content from scanning by file extension. +Used to exclude content from being scanned by file extension. ||| |:---|:---| @@ -115,7 +115,7 @@ Used to exclude content from scanning by file extension. **Name of excluded content** -Used to exclude content from scanning by file name. +Used to exclude content from being scanned by file name. ||| |:---|:---| @@ -149,11 +149,11 @@ Type of the threat for which the behavior is configured. **Action to take** -Action to take when encountering a threat of the the type being configured. Can be: +Action to take when coming across a threat of the type specified above. Can be: -- **Audit**: adds an entry to the log about the threat, but does not report it to the user interface or the security console +- **Audit**: adds an entry to the log about the threat, but will not report it to the user interface or the security console - **Block**: reports the threat to the user interface and the security console and protects the device against this type of threat -- **Off**: does not block the threat and does not report it to the log or security console +- **Off**: will not block the threat and will not report it to the log or security console ||| |:---|:---| @@ -175,7 +175,7 @@ The *cloudService* entry in the configuration profile is used to configure the c #### Enable / disable cloud delivered protection -Whether cloud delivered protection is enabled on the device or not. To improve the security of your sevices, we recommend keeping this feature turned on. +Whether cloud delivered protection is enabled on the device or not. To improve the security of your services, we recommend keeping this feature turned on. ||| |:---|:---| @@ -197,7 +197,7 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de #### Enable / disable automatic sample submissions -Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. We'll prompt users if the file being submitted is likely to contain personal information. +Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. Users will be prompted if the file being submitted is likely to contain personal information. ||| |:---|:---| @@ -208,13 +208,13 @@ Determines whether suspicious samples (that are likely to contain threats) are s ## Recommended configuration profile -To get started, we recommend the following configuration profile for your enterprise in order to take advantage of all of the protection features that Microsoft Defender ATP provides. +To get started, we recommend the following configuration profile for your enterprise to take advantage of all protection features that Microsoft Defender ATP provides. The following configuration profile will: -- Enable real time protection (RTP) +- Enable real-time protection (RTP) - Specify how the following threat types are handled: - **Potentially unwanted applications (PUA)** are blocked - - **Archive bombs** (file with a very high compression rate) are audited to the product logs + - **Archive bombs** (file with a high compression rate) are audited to the product logs - Enable cloud delivered protection - Enable automatic sample submission @@ -256,7 +256,7 @@ The following configuration profile will: ## Full configuration profile example -The following configuration profile contains entries for all of the settings described in this document and can be used for more advanced scenarios where you want more control over the product. +The following configuration profile contains entries for all settings described in this document and can be used for more advanced scenarios where you want more control over the product. ```XML @@ -327,11 +327,11 @@ The following configuration profile contains entries for all of the settings des ## Configuration profile deployment -Once you've built the configuration profile for your enterprise, you can deploy it through the management console that your enterprise is using. Listed below are steps for deploying this through JAMF and Intune. +Once you've built the configuration profile for your enterprise, you can deploy it through the management console that your enterprise is using. The following sections provide instructions on how to deploy this profile using JAMF and Intune. ### JAMF deployment -From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings** and create a new entry with *com.microsoft.wdav* as the preference domain and upload the .plist produced using the steps described earlier in this document. +From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings**. Create an entry with *com.microsoft.wdav* as the preference domain and upload the .plist produced earlier. >[!WARNING] >It is important that you enter the correct preference domain (*com.microsoft.wdav*), otherwise the preferences might not be recognized by the product. @@ -342,7 +342,7 @@ From the JAMF console, open **Computers** > **Configuration Profiles**, navigate 2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select Configure. -3. Save the .plist produced using the steps described earlier in this document as **com.microsoft.wdav.xml**. +3. Save the .plist produced earlier as **com.microsoft.wdav.xml**. 4. Enter **com.microsoft.wdav** as the **custom configuration profile name**. From 763622bd9fc58bb7b0136b4fb8a0387981c16f9a Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 22:00:26 -0700 Subject: [PATCH 45/52] Try to rephrase action to take --- .../microsoft-defender-atp-mac-preferences.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index fb45bfadcb..288275c972 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -149,11 +149,11 @@ Type of the threat for which the behavior is configured. **Action to take** -Action to take when coming across a threat of the type specified above. Can be: +Action to take when coming across a threat of the type specified in the preceding section. Can be: -- **Audit**: adds an entry to the log about the threat, but will not report it to the user interface or the security console -- **Block**: reports the threat to the user interface and the security console and protects the device against this type of threat -- **Off**: will not block the threat and will not report it to the log or security console +- **Audit**: your device is not protected against this type of threat, but an entry about the threat is logged. +- **Block**: your device is protected against this type of threat and you are notified in the user interface and the security console. +- **Off**: your device is not protected against this type of threat and nothing is logged. ||| |:---|:---| From 89fd41672c47c58cb518f8e8c87e2c8e84fb6614 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 24 Jun 2019 22:35:57 -0700 Subject: [PATCH 46/52] More scorecard updates --- .../microsoft-defender-atp-mac-preferences.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md index 288275c972..fd571e3bb9 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md @@ -23,13 +23,13 @@ ms.topic: conceptual >[!IMPORTANT] >This topic contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](microsoft-defender-atp-mac-resources.md#configuring-from-the-command-line) page. -In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile. This profile is deployed using the management tool of your choice. Preferences managed by the enterprise take precedence over the ones set by the local user on the device. In other words, users in your enterprise are not able to change preferences that are set through this configuration profile. +In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile. This profile is deployed from management tool of your choice. Preferences managed by the enterprise take precedence over the ones set locally on the device. In other words, users in your enterprise are not able to change preferences that are set through this configuration profile. This topic describes the structure of this profile (including a recommended profile that you can use to get started) and instructions for how to deploy the profile. ## Configuration profile structure -The configuration profile is a .plist file that consists of entries identified by a key (which denotes the name of the preference being set), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences. +The configuration profile is a .plist file that consists of entries identified by a key (which denotes the name of the preference), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences. The top level of the configuration profile includes product-wide preferences and entries for subareas of the product, which are explained in more detail in the next sections. @@ -57,7 +57,7 @@ Whether real-time protection (scan files as they are accessed) is enabled or not #### Scan exclusions -Entities that have been excluded from being scanned. Exclusions can be specified by full paths, extensions, or file names. +Entities that have been excluded from the scan. Exclusions can be specified by full paths, extensions, or file names. ||| |:---|:---| @@ -68,7 +68,7 @@ Entities that have been excluded from being scanned. Exclusions can be specified **Type of exclusion** -Specifies the type of content excluded from being scanned. +Specifies the type of content excluded from the scan. ||| |:---|:---| @@ -79,7 +79,7 @@ Specifies the type of content excluded from being scanned. **Path to excluded content** -Used to exclude content from being scanned by full file path. +Used to exclude content from the scan by full file path. ||| |:---|:---| @@ -101,9 +101,9 @@ Indicates if the *path* property refers to a file or directory. | **Possible values** | false (default)
    true | | **Comments** | Applicable only if *$type* is *excludedPath* | -**File extension excluded from being scanned** +**File extension excluded from the scan** -Used to exclude content from being scanned by file extension. +Used to exclude content from the scan by file extension. ||| |:---|:---| @@ -115,7 +115,7 @@ Used to exclude content from being scanned by file extension. **Name of excluded content** -Used to exclude content from being scanned by file name. +Used to exclude content from the scan by file name. ||| |:---|:---| @@ -197,7 +197,7 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de #### Enable / disable automatic sample submissions -Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. Users will be prompted if the file being submitted is likely to contain personal information. +Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. You are prompted if the submitted file is likely to contain personal information. ||| |:---|:---| From 86ae0d0f0015cc078b52a0b6a4ba62a621f150e3 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 25 Jun 2019 09:42:16 -0700 Subject: [PATCH 47/52] Minor update --- .../microsoft-defender-atp-mac-privacy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md index 72650bfdcc..f181548ca9 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md @@ -58,7 +58,7 @@ When this feature is enabled and the sample being collected is likely to contain If you're an IT administrator, you might be interested in configuring these controls at the enterprise level. -The privacy controls for the various type of data described in the previous section are described in detail in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md). +The privacy controls for the various type of data described in the preceding section are described in detail in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md). As with any new policy settings, you should carefully test them out in a limited, controlled environment to ensure the settings you configure have the desired effect before you implement the policy settings more widely in your organization. @@ -222,7 +222,7 @@ The following fields are collected: | Field | Description | | ------------------------------ | ----------- | -| pkt_ack_timeout | All properties below are aggregated numerical values, representing count of events that happened since kernel extension startup. | +| pkt_ack_timeout | All of the following properties are aggregated numerical values, representing count of events that happened since kernel extension startup. | | pkt_ack_conn_timeout | | | ipc.ack_pkts | | | ipc.nack_pkts | | From 4640102008ea0cd74d086375146c9f5eb989916e Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 25 Jun 2019 10:33:36 -0700 Subject: [PATCH 48/52] fix two deploy sections and authorship --- windows/whats-new/ltsc/index.md | 3 +- .../ltsc/whats-new-windows-10-2015.md | 6 +- .../ltsc/whats-new-windows-10-2016.md | 6 +- .../ltsc/whats-new-windows-10-2019.md | 62 +++++++++---------- 4 files changed, 35 insertions(+), 42 deletions(-) diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md index 5e5fc5b59d..c89b8110a0 100644 --- a/windows/whats-new/ltsc/index.md +++ b/windows/whats-new/ltsc/index.md @@ -6,7 +6,6 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay -ms.date: 12/27/2018 ms.localizationpriority: low ms.topic: article --- @@ -42,7 +41,7 @@ With the LTSC servicing model, customers can delay receiving feature updates and >[!IMPORTANT] >The Long Term Servicing Channel is not intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows 10 provides customers with access to a deployment option for their special-purpose devices and environments. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC does not change for the lifetime of the release, over time there might be some external tools that do not continue to provide legacy support. See [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). -For detailed information about Windows 10 servicing, see [Overview of Windows as a service](/windows/deployment/update/waas-overview.md). +For detailed information about Windows 10 servicing, see [Overview of Windows as a service](/windows/deployment/update/waas-overview). ## See Also diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index c20bd31308..581fc39b20 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -1,14 +1,14 @@ --- title: What's new in Windows 10 Enterprise 2015 LTSC ms.reviewer: -manager: dansimp -ms.author: macapara +manager: laurawi +ms.author: greglin description: New and updated IT Pro content about new features in Windows 10 Enterprise 2015 LTSC (also known as Windows 10 Enterprise 2015 LTSB). keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2015 LTSC"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: mjcaparas +author: greg-lindsay ms.localizationpriority: low ms.topic: article --- diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md index dfa92423f4..ebf6fb48d9 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md @@ -1,14 +1,14 @@ --- title: What's new in Windows 10 Enterprise 2016 LTSC ms.reviewer: -manager: dansimp -ms.author: macapara +manager: laurawi +ms.author: greglin description: New and updated IT Pro content about new features in Windows 10 Enterprise 2016 LTSC (also known as Windows 10 Enterprise 2016 LTSB). keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2016 LTSC"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: mjcaparas +author: greg-lindsay ms.localizationpriority: low ms.topic: article --- diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index c60b88f548..30a9dc9254 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -1,14 +1,14 @@ --- title: What's new in Windows 10 Enterprise 2019 LTSC ms.reviewer: -manager: dansimp -ms.author: macapara +manager: laurawi +ms.author: greglin description: New and updated IT Pro content about new features in Windows 10 Enterprise 2019 LTSC (also known as Windows 10 Enterprise 2019 LTSB). keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2019 LTSC"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: mjcaparas +author: greg-lindsay ms.localizationpriority: low ms.topic: article --- @@ -279,33 +279,6 @@ To learn more about Autopilot self-deploying mode and to see step-by-step instru IT Pros can use Autopilot Reset to quickly remove personal files, apps, and settings. A custom login screen is available from the lock screen that enables you to apply original settings and management enrollment (Azure Active Directory and device management) so that devices are returned to a fully configured, known, IT-approved state and ready to use. For more information, see [Reset devices with Autopilot Reset](https://docs.microsoft.com/education/windows/autopilot-reset). -## Sign-in - -### Faster sign-in to a Windows 10 shared pc - -If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc) in a flash! - -**To enable fast sign-in:** -1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise 2019 LTSC. -2. Set the Policy CSP, and the **Authentication** and **EnableFastFirstSignIn** policies to enable fast sign-in. -3. Sign-in to a shared PC with your account. You'll notice the difference! - - ![fast sign-in](../images/fastsignin.png "fast sign-in") - -### Web sign-in to Windows 10 - -Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing “web sign-in,” a new way of signing into your Windows PC. Web Sign-in enables Windows logon support for non-ADFS federated providers (e.g.SAML). - -**To try out web sign-in:** -1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs). -2. Set the Policy CSP, and the Authentication and EnableWebSignIn polices to enable web sign-in. -3. On the lock screen, select web sign-in under sign-in options. -4. Click the “Sign in” button to continue. - -![Web sign-in](../images/websignin.png "web sign-in") - -## Deployment - ### MBR2GPT.EXE MBR2GPT.EXE is a new command-line tool introduced with Windows 10, version 1703 and also available in Windows 10 Enterprise 2019 LTSC (and later versions). MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS). @@ -316,10 +289,6 @@ Additional security features of Windows 10 that are enabled when you boot in UEF For details, see [MBR2GPT.EXE](/windows/deployment/mbr-to-gpt). -### Windows Autopilot - -Information about Windows Autopilot support for LTSC 2019 is pending. - ### DISM The following new DISM commands have been added to manage feature updates: @@ -372,6 +341,31 @@ Portions of the work done during the offline phases of a Windows update have bee SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available. +## Sign-in + +### Faster sign-in to a Windows 10 shared pc + +If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc) in a flash! + +**To enable fast sign-in:** +1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise 2019 LTSC. +2. Set the Policy CSP, and the **Authentication** and **EnableFastFirstSignIn** policies to enable fast sign-in. +3. Sign-in to a shared PC with your account. You'll notice the difference! + + ![fast sign-in](../images/fastsignin.png "fast sign-in") + +### Web sign-in to Windows 10 + +Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing “web sign-in,” a new way of signing into your Windows PC. Web Sign-in enables Windows logon support for non-ADFS federated providers (e.g.SAML). + +**To try out web sign-in:** +1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs). +2. Set the Policy CSP, and the Authentication and EnableWebSignIn polices to enable web sign-in. +3. On the lock screen, select web sign-in under sign-in options. +4. Click the “Sign in” button to continue. + +![Web sign-in](../images/websignin.png "web sign-in") + ## Windows Analytics ### Upgrade Readiness From 58ed2a0f40695671368320b1c0ba62ff2ce46d8d Mon Sep 17 00:00:00 2001 From: lomayor Date: Tue, 25 Jun 2019 11:02:49 -0700 Subject: [PATCH 49/52] Update manage-alerts.md --- .../microsoft-defender-atp/manage-alerts.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md index 046e0f4f05..093f9b62b0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md @@ -68,13 +68,13 @@ Create custom rules to control when alerts are suppressed, or resolved. You can 2. Select **Create a suppression rule**. - You can create a suppression rule based on the following attributes: + You can create a suppression condition using these attributes. An AND operator is applied between each condition, so suppression occurs only if all conditions are met. - * File hash - * File name - wild card supported - * File path - wild card supported - * IP - * URL - wild card supported + * File SHA1 + * File name - wildcard supported + * Folder path - wildcard supported + * IP address + * URL - wildcard supported 3. Select the **Trigerring IOC**. From 660e31a133ba492d5825f4121bb8c991326803f8 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 25 Jun 2019 13:38:16 -0700 Subject: [PATCH 50/52] Update language --- .../microsoft-defender-atp-mac-privacy.md | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md index f181548ca9..f472606244 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md @@ -36,31 +36,31 @@ Some diagnostic data is required, while some diagnostic data is optional. We giv There are two levels of diagnostic data for Microsoft Defender ATP client software that you can choose from: -* **Required** The minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and performing as expected on the device it’s installed on. +* **Required**: The minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and performing as expected on the device it’s installed on. -* **Optional** Additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and remediate issues. +* **Optional**: Additional data that helps Microsoft make product improvements and provides enhanced information to help us detect, diagnose, and remediate issues. -By default, both optional and required diagnostic data is sent to Microsoft. +By default, both optional and required diagnostic data are sent to Microsoft. ### Cloud delivered protection data Cloud delivered protection is used to provide increased and faster protection with access to the latest protection data in the cloud. -Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides very important protection against malware on your endpoints and across your network. +Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides important protection against malware on your endpoints and across your network. ### Sample data Sample data is used to improve the protection capabilities of the product, by sending Microsoft suspicious samples so they can be analyzed. Enabling automatic sample submission is optional. -When this feature is enabled and the sample being collected is likely to contain personal information, the user is prompted for consent. +When this feature is enabled and the sample that is collected is likely to contain personal information, the user is prompted for consent. ## Manage privacy controls with policy settings -If you're an IT administrator, you might be interested in configuring these controls at the enterprise level. +If you're an IT administrator, you might want to configure these controls at the enterprise level. -The privacy controls for the various type of data described in the preceding section are described in detail in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md). +The privacy controls for the various types of data described in the preceding section are described in detail in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md). -As with any new policy settings, you should carefully test them out in a limited, controlled environment to ensure the settings you configure have the desired effect before you implement the policy settings more widely in your organization. +As with any new policy settings, you should carefully test them out in a limited, controlled environment to ensure the settings that you configure have the desired effect before you implement the policy settings more widely in your organization. ## Diagnostic data events @@ -73,23 +73,23 @@ The following fields are considered common for all events: | Field | Description | | ----------------------- | ----------- | -| platform | The broad classification of the platform on which the app is running. Allows us to identify on which platforms an issue may be occurring so that we can correctly prioritize the issue. | -| machine_guid | Unique identifier associated with the device. Allows us to identify whether issues are impacting a select set of installs and how many users are impacted. | -| sense_guid | Unique identifier associated with the device. Allows us to identify whether issues are impacting a select set of installs and how many users are impacted. | -| org_id | Unique identifier associated with the enterprise that the device belongs to. Allows us to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. | -| hostname | Local machine name (without DNS suffix). Allows us to identify whether issues are impacting a select set of installs and how many users are impacted. | -| product_guid | Unique identifier of the product. Allows us to differentiate issues impacting different flavors of the product. | -| app_version | Version of the Microsoft Defender ATP for Mac application. Allows us to identify which versions of the product are showing an issue so that we can correctly prioritize it.| -| sig_version | Version of security intelligence database. Allows us to identify which versions of the security intelligence are showing an issue so that we can correctly prioritize it. | -| supported_compressions | List of compression algorithms supported by the application, e.g. `['gzip']`. Allows us to understand what types of compressions can be used when communicating with the application. | -| release_ring | Ring that the device is associated with (e.g. Insider Fast, Insider Slow, Production). Allows us to identify on which release ring an issue may be occurring so that we can correctly prioritize the issue. | +| platform | The broad classification of the platform on which the app is running. Allows Microsoft to identify on which platforms an issue may be occurring so that it can correctly be prioritized. | +| machine_guid | Unique identifier associated with the device. Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. | +| sense_guid | Unique identifier associated with the device. Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. | +| org_id | Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. | +| hostname | Local machine name (without DNS suffix). Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. | +| product_guid | Unique identifier of the product. Allows Microsoft to differentiate issues impacting different flavors of the product. | +| app_version | Version of the Microsoft Defender ATP for Mac application. Allows us to identify which versions of the product are showing an issue so that it can correctly be prioritized.| +| sig_version | Version of security intelligence database. Allows Microsoft to identify which versions of the security intelligence are showing an issue so that it can correctly be prioritized. | +| supported_compressions | List of compression algorithms supported by the application, for example `['gzip']`. Allows Microsoft to understand what types of compressions can be used when it communicates with the application. | +| release_ring | Ring that the device is associated with (for example Insider Fast, Insider Slow, Production). Allows Microsoft to identify on which release ring an issue may be occurring so that it can correctly be prioritized. | ### Required diagnostic data **Required diagnostic data** is the minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and performing as expected on the device it’s installed on. -Required diagnostic data helps to identify problems with Microsoft Defender ATP that may be related to a device or software configuration. For example, it can help determine if an Microsoft Defender ATP feature crashes more frequently on a particular operating system version, with newly introduced features, or when certain Microsoft Defender ATP features are disabled. Required diagnostic data helps us detect, diagnose, and fix these problems more quickly so the impact to users or organizations is reduced. +Required diagnostic data helps to identify problems with Microsoft Defender ATP that may be related to a device or software configuration. For example, it can help determine if a Microsoft Defender ATP feature crashes more frequently on a particular operating system version, with newly introduced features, or when certain Microsoft Defender ATP features are disabled. Required diagnostic data helps Microsoft detect, diagnose, and fix these problems more quickly so the impact to users or organizations is reduced. #### Software setup and inventory data events @@ -101,8 +101,8 @@ The following fields are collected: | ---------------- | ----------- | | correlation_id | Unique identifier associated with the installation. | | version | Version of the package being installed. | -| severity | Severity of the message (e.g. Informational). | -| code | Code describing the operation. | +| severity | Severity of the message (for example Informational). | +| code | Code that describes the operation. | | text | Additional information associated with the product installation. | **Microsoft Defender ATP configuration** @@ -111,9 +111,9 @@ The following fields are collected: | Field | Description | | --------------------------------------------------- | ----------- | -| antivirus_engine.enable_real_time_protection | Whether real time protection is enabled on the device or not. | +| antivirus_engine.enable_real_time_protection | Whether real-time protection is enabled on the device or not. | | cloud_service.enabled | Whether cloud delivered protection is enabled on the device or not. | -| cloud_service.timeout | Timeout when communicating with the Microsoft Defender ATP cloud. | +| cloud_service.timeout | Time out when the application communicates with the Microsoft Defender ATP cloud. | | cloud_service.heartbeat_interval | Interval between consecutive heartbeats sent by the product to the cloud. | | cloud_service.service_uri | URI used to communicate with the cloud. | | cloud_service.diagnostic_level | Diagnostic level of the device (required, optional). | @@ -139,7 +139,7 @@ The following fields are collected: **Diagnostic logs** -Diagnostic logs are collected only with the user's consent as part of the feedback submission feature. The following files are collected as part of the support logs: +Diagnostic logs are collected only with the consent of the user as part of the feedback submission feature. The following files are collected as part of the support logs: - All files under */Library/Logs/Microsoft/mdatp/* - Subset of files under */Library/Application Support/Microsoft/Defender/* that are created and used by Microsoft Defender ATP for Mac @@ -147,11 +147,11 @@ Diagnostic logs are collected only with the user's consent as part of the feedba ### Optional diagnostic data -**Optional diagnostic data** is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. +**Optional diagnostic data** is additional data that helps Microsoft make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. If you choose to send us optional diagnostic data, required diagnostic data is also included. -Examples of optional diagnostic data include data we collect about product configuration (e.g. number of exclusions set on the device) and product performance (aggregate measures about the performance of components of the product). +Examples of optional diagnostic data include data Microsoft collects about product configuration (for example number of exclusions set on the device) and product performance (aggregate measures about the performance of components of the product). #### Software setup and inventory data events @@ -182,7 +182,7 @@ The following fields are collected: | Field | Description | | --------------------------- | ----------- | -| how_to_check | Determines how product updates are checked (e.g. automatic, manual). | +| how_to_check | Determines how product updates are checked (for example automatic or manual). | | channel_name | Update channel associated with the device. | | manifest_server | Server used for downloading updates. | | update_cache | Location of the cache used to store updates. | @@ -222,7 +222,7 @@ The following fields are collected: | Field | Description | | ------------------------------ | ----------- | -| pkt_ack_timeout | All of the following properties are aggregated numerical values, representing count of events that happened since kernel extension startup. | +| pkt_ack_timeout | The following properties are aggregated numerical values, representing count of events that happened since kernel extension startup. | | pkt_ack_conn_timeout | | | ipc.ack_pkts | | | ipc.nack_pkts | | From 1c091ae74a0e23f13920cc839d95cc74509103ac Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Tue, 25 Jun 2019 13:44:19 -0700 Subject: [PATCH 51/52] config changes for header --- browsers/edge/docfx.json | 1 - browsers/internet-explorer/docfx.json | 1 - devices/hololens/docfx.json | 1 - devices/surface-hub/docfx.json | 3 --- devices/surface/docfx.json | 2 -- education/docfx.json | 2 -- mdop/docfx.json | 2 -- smb/docfx.json | 1 - store-for-business/docfx.json | 1 - windows/access-protection/docfx.json | 2 -- windows/application-management/docfx.json | 1 - windows/client-management/docfx.json | 1 - windows/configuration/docfx.json | 2 -- windows/deployment/docfx.json | 1 - windows/device-security/docfx.json | 2 -- windows/hub/docfx.json | 2 -- windows/known-issues/docfx.json | 1 - windows/privacy/docfx.json | 1 - windows/security/docfx.json | 2 -- windows/threat-protection/docfx.json | 2 -- windows/whats-new/docfx.json | 2 -- 21 files changed, 33 deletions(-) diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json index 0bd095bc75..5944d644ce 100644 --- a/browsers/edge/docfx.json +++ b/browsers/edge/docfx.json @@ -25,7 +25,6 @@ } ], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/microsoft-edge/deploy/breadcrumb/toc.json", "ROBOTS": "INDEX, FOLLOW", "ms.technology": "microsoft-edge", diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json index 7590327773..153f4be5f1 100644 --- a/browsers/internet-explorer/docfx.json +++ b/browsers/internet-explorer/docfx.json @@ -22,7 +22,6 @@ } ], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/internet-explorer/breadcrumb/toc.json", "ROBOTS": "INDEX, FOLLOW", "ms.author": "shortpatti", diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json index 0652ccd8b0..b19110b8f2 100644 --- a/devices/hololens/docfx.json +++ b/devices/hololens/docfx.json @@ -29,7 +29,6 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/hololens/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json index c5b96ab0fe..857f59487f 100644 --- a/devices/surface-hub/docfx.json +++ b/devices/surface-hub/docfx.json @@ -22,15 +22,12 @@ } ], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/surface-hub/breadcrumb/toc.json", "ROBOTS": "INDEX, FOLLOW", "ms.technology": "windows", "ms.topic": "article", "ms.mktglfcycl": "manage", - "author": "jdeckerms", "ms.sitesec": "library", - "ms.author": "jdecker", "ms.date": "05/23/2017", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json index 207b2119b7..75607e9f4d 100644 --- a/devices/surface/docfx.json +++ b/devices/surface/docfx.json @@ -22,12 +22,10 @@ } ], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/surface/breadcrumb/toc.json", "ROBOTS": "INDEX, FOLLOW", "ms.technology": "windows", "ms.topic": "article", - "ms.author": "jdecker", "ms.date": "05/09/2017", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", diff --git a/education/docfx.json b/education/docfx.json index 7a2761cf2e..c336a4de5b 100644 --- a/education/docfx.json +++ b/education/docfx.json @@ -24,9 +24,7 @@ } ], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "ROBOTS": "INDEX, FOLLOW", - "ms.author": "celested", "audience": "windows-education", "ms.topic": "article", "breadcrumb_path": "/education/breadcrumb/toc.json", diff --git a/mdop/docfx.json b/mdop/docfx.json index 16da1d62ab..f825997a00 100644 --- a/mdop/docfx.json +++ b/mdop/docfx.json @@ -22,13 +22,11 @@ } ], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/microsoft-desktop-optimization-pack/breadcrumb/toc.json", "ROBOTS": "INDEX, FOLLOW", "ms.technology": "mdop", "ms.sitesec": "library", "ms.topic": "article", - "ms.author": "jamiet", "ms.date": "04/05/2017", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", diff --git a/smb/docfx.json b/smb/docfx.json index 5ea640e672..f4e4a7783a 100644 --- a/smb/docfx.json +++ b/smb/docfx.json @@ -29,7 +29,6 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/smb/breadcrumb/toc.json", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json index 87b1471707..10be832452 100644 --- a/store-for-business/docfx.json +++ b/store-for-business/docfx.json @@ -32,7 +32,6 @@ "externalReference": [], "globalMetadata": { "breadcrumb_path": "/microsoft-store/breadcrumb/toc.json", - "uhfHeaderId": "MSDocsHeader-WindowsIT", "ms.author": "trudyha", "ms.technology": "windows", "ms.topic": "article", diff --git a/windows/access-protection/docfx.json b/windows/access-protection/docfx.json index c24fcaa1ed..57281ea6e2 100644 --- a/windows/access-protection/docfx.json +++ b/windows/access-protection/docfx.json @@ -31,11 +31,9 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", - "ms.author": "justinha", "_op_documentIdPathDepotMapping": { "./": { "depot_name": "MSDN.win-access-protection", diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json index c2200ff029..f7c9b35003 100644 --- a/windows/application-management/docfx.json +++ b/windows/application-management/docfx.json @@ -31,7 +31,6 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json index e896532c51..c5967a88c3 100644 --- a/windows/client-management/docfx.json +++ b/windows/client-management/docfx.json @@ -31,7 +31,6 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json index e2e249e9d1..1ca640e263 100644 --- a/windows/configuration/docfx.json +++ b/windows/configuration/docfx.json @@ -31,11 +31,9 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", - "ms.author": "jdecker", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json index af5362ff55..2abea6edac 100644 --- a/windows/deployment/docfx.json +++ b/windows/deployment/docfx.json @@ -32,7 +32,6 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", diff --git a/windows/device-security/docfx.json b/windows/device-security/docfx.json index 7c76654379..0dbfe2d2e9 100644 --- a/windows/device-security/docfx.json +++ b/windows/device-security/docfx.json @@ -31,11 +31,9 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", - "ms.author": "justinha", "ms.date": "04/05/2017", "_op_documentIdPathDepotMapping": { "./": { diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json index 31963629cf..78a9eb10fb 100644 --- a/windows/hub/docfx.json +++ b/windows/hub/docfx.json @@ -34,11 +34,9 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", - "ms.author": "brianlic", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", diff --git a/windows/known-issues/docfx.json b/windows/known-issues/docfx.json index 102f32f826..ebcaf22f82 100644 --- a/windows/known-issues/docfx.json +++ b/windows/known-issues/docfx.json @@ -35,7 +35,6 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", diff --git a/windows/privacy/docfx.json b/windows/privacy/docfx.json index 9221109b4d..5a6da07e0b 100644 --- a/windows/privacy/docfx.json +++ b/windows/privacy/docfx.json @@ -32,7 +32,6 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", diff --git a/windows/security/docfx.json b/windows/security/docfx.json index d407ef1215..14b733039f 100644 --- a/windows/security/docfx.json +++ b/windows/security/docfx.json @@ -32,14 +32,12 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", - "ms.author": "justinha", "_op_documentIdPathDepotMapping": { "./": { "depot_name": "MSDN.security", diff --git a/windows/threat-protection/docfx.json b/windows/threat-protection/docfx.json index 98413f9962..12bbd676fa 100644 --- a/windows/threat-protection/docfx.json +++ b/windows/threat-protection/docfx.json @@ -31,11 +31,9 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", - "ms.author": "justinha", "ms.date": "04/05/2017", "_op_documentIdPathDepotMapping": { "./": { diff --git a/windows/whats-new/docfx.json b/windows/whats-new/docfx.json index 1903ec7f9a..b86924bf53 100644 --- a/windows/whats-new/docfx.json +++ b/windows/whats-new/docfx.json @@ -31,11 +31,9 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "uhfHeaderId": "MSDocsHeader-WindowsIT", "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", - "ms.author": "trudyha", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", From 0d8a62917daba73fe3a4bdd1c5027dadd3399993 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 25 Jun 2019 13:44:38 -0700 Subject: [PATCH 52/52] More updates --- .../microsoft-defender-atp-mac-privacy.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md index f472606244..e86f43b048 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md @@ -38,7 +38,7 @@ There are two levels of diagnostic data for Microsoft Defender ATP client softwa * **Required**: The minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and performing as expected on the device it’s installed on. -* **Optional**: Additional data that helps Microsoft make product improvements and provides enhanced information to help us detect, diagnose, and remediate issues. +* **Optional**: Additional data that helps Microsoft make product improvements and provides enhanced information to help detect, diagnose, and remediate issues. By default, both optional and required diagnostic data are sent to Microsoft. @@ -79,7 +79,7 @@ The following fields are considered common for all events: | org_id | Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. | | hostname | Local machine name (without DNS suffix). Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. | | product_guid | Unique identifier of the product. Allows Microsoft to differentiate issues impacting different flavors of the product. | -| app_version | Version of the Microsoft Defender ATP for Mac application. Allows us to identify which versions of the product are showing an issue so that it can correctly be prioritized.| +| app_version | Version of the Microsoft Defender ATP for Mac application. Allows Microsoft to identify which versions of the product are showing an issue so that it can correctly be prioritized.| | sig_version | Version of security intelligence database. Allows Microsoft to identify which versions of the security intelligence are showing an issue so that it can correctly be prioritized. | | supported_compressions | List of compression algorithms supported by the application, for example `['gzip']`. Allows Microsoft to understand what types of compressions can be used when it communicates with the application. | | release_ring | Ring that the device is associated with (for example Insider Fast, Insider Slow, Production). Allows Microsoft to identify on which release ring an issue may be occurring so that it can correctly be prioritized. | @@ -87,7 +87,7 @@ The following fields are considered common for all events: ### Required diagnostic data -**Required diagnostic data** is the minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and performing as expected on the device it’s installed on. +**Required diagnostic data** is the minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and perform as expected on the device it’s installed on. Required diagnostic data helps to identify problems with Microsoft Defender ATP that may be related to a device or software configuration. For example, it can help determine if a Microsoft Defender ATP feature crashes more frequently on a particular operating system version, with newly introduced features, or when certain Microsoft Defender ATP features are disabled. Required diagnostic data helps Microsoft detect, diagnose, and fix these problems more quickly so the impact to users or organizations is reduced. @@ -100,7 +100,7 @@ The following fields are collected: | Field | Description | | ---------------- | ----------- | | correlation_id | Unique identifier associated with the installation. | -| version | Version of the package being installed. | +| version | Version of the package. | | severity | Severity of the message (for example Informational). | | code | Code that describes the operation. | | text | Additional information associated with the product installation. | @@ -147,7 +147,7 @@ Diagnostic logs are collected only with the consent of the user as part of the f ### Optional diagnostic data -**Optional diagnostic data** is additional data that helps Microsoft make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. +**Optional diagnostic data** is additional data that helps Microsoft make product improvements and provides enhanced information to help detect, diagnose, and fix issues. If you choose to send us optional diagnostic data, required diagnostic data is also included. @@ -161,7 +161,7 @@ The following fields are collected: | Field | Description | | -------------------------------------------------- | ----------- | -| connection_retry_timeout | Connection retry timeout when communication with the cloud. | +| connection_retry_timeout | Connection retry time out when communication with the cloud. | | file_hash_cache_maximum | Size of the product cache. | | crash_upload_daily_limit | Limit of crash logs uploaded daily. | | antivirus_engine.exclusions[].is_directory | Whether the exclusion from scanning is a directory or not. | @@ -170,7 +170,7 @@ The following fields are collected: | antivirus_engine.exclusions[].name | Name of the file excluded from scanning. | | antivirus_engine.scan_cache_maximum | Size of the product cache. | | antivirus_engine.maximum_scan_threads | Maximum number of threads used for scanning. | -| antivirus_engine.threat_restoration_exclusion_time | Timeout before a file restored from the quarantine can be detected again. | +| antivirus_engine.threat_restoration_exclusion_time | Time out before a file restored from the quarantine can be detected again. | | filesystem_scanner.full_scan_directory | Full scan directory. | | filesystem_scanner.quick_scan_directories | List of directories used in quick scan. | | edr.latency_mode | Latency mode used by the detection and response component. |