deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #4265 from MicrosoftDocs/FromPrivateRepo

Browse Source 
From private repo
This commit is contained in:
huypub 2019-06-26 11:27:51 -07:00 committed by GitHub
commit cb13cb2e5d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
60 changed files with 964 additions and 256 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.openpublishing.redirection.json
View File

@ -15038,6 +15038,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-10-architecture-posters.md",
"redirect_url": "/windows/deployment/windows-10-deployment-scenarios",
"redirect_document_id": true
},
{
"source_path": "windows/device-security/index.md",
"redirect_url": "/windows/security/threat-protection",
"redirect_document_id": true

1
browsers/edge/docfx.json
View File

@ -25,7 +25,6 @@
}
],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/microsoft-edge/deploy/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.technology": "microsoft-edge",

1
browsers/internet-explorer/docfx.json
View File

@ -22,7 +22,6 @@
}
],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/internet-explorer/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.author": "shortpatti",

1
devices/hololens/docfx.json
View File

@ -29,7 +29,6 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/hololens/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",

3
devices/surface-hub/docfx.json
View File

@ -22,15 +22,12 @@
}
],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/surface-hub/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.technology": "windows",
"ms.topic": "article",
"ms.mktglfcycl": "manage",
"author": "jdeckerms",
"ms.sitesec": "library",
"ms.author": "jdecker",
"ms.date": "05/23/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",

6
devices/surface-hub/surface-hub-2s-manage-intune.md
View File

@ -35,11 +35,11 @@ Select Windows 10 Team for preset device restriction settings for Surface Hub an
![Set device restrictions for Surface Hub 2S.](images/sh2-set-intune3.png) <br>
These settings include user experience and app behavior, Azure Log Analytics registration, Maintenance windows configuration, Session settings, and Miracast settings. For a complete list of configuration service providers (CSPs) for the Windows 10 Team operating system, see [Surface Hub CSPs in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/surfacehub-csp)
These settings include user experience and app behavior, Azure Log Analytics registration, Maintenance windows configuration, Session settings, and Miracast settings. For a complete list of available Windows 10 Team settings, see [SurfaceHub CSP](https://docs.microsoft.com/windows/client-management/mdm/surfacehub-csp).
## Additional supported configuration service providers
## Additional supported configuration service providers (CSPs)
For additional supported CSPs, see [SurfaceHub CSP](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#surfacehubcspsuppor).
For additional supported CSPs, see [Surface Hub CSPs in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#surfacehubcspsupport).
## Quality of Service (QoS) settings

2
devices/surface/docfx.json
View File

@ -22,12 +22,10 @@
}
],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/surface/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "jdecker",
"ms.date": "05/09/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",

6
education/docfx.json
View File

@ -14,7 +14,9 @@
"resource": [
{
"files": [
"**/images/**"
"**/*.png",
"**/*.jpg",
"**/*.svg"
],
"exclude": [
"**/obj/**"
@ -22,9 +24,7 @@
}
],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"ROBOTS": "INDEX, FOLLOW",
"ms.author": "celested",
"audience": "windows-education",
"ms.topic": "article",
"breadcrumb_path": "/education/breadcrumb/toc.json",

BIN
education/images/data-streamer.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.9 KiB

2
education/images/education-partner-aep-2.svg
View File

@ -1,4 +1,4 @@
<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
<defs>
<style>
.cls-1 {

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.7 KiB

After

Width:  |  Height:  |  Size: 3.7 KiB

2
education/images/education-partner-directory-3.svg
View File

@ -1,4 +1,4 @@
<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
<defs>
<style>
.cls-1 {

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.7 KiB

After

Width:  |  Height:  |  Size: 3.7 KiB

2
education/images/education-partner-mepn-1.svg
View File

@ -1,4 +1,4 @@
<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
<defs>
<style>
.cls-1 {

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 5.5 KiB

After

Width:  |  Height:  |  Size: 5.5 KiB

2
education/images/education-partner-yammer.svg
View File

@ -1,4 +1,4 @@
<svg id="ICONS" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 400 140">
<svg id="ICONS" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140">
<defs>
<style>
.cls-1 {

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.7 KiB

After

Width:  |  Height:  |  Size: 2.7 KiB

25
education/index.md
View File

@ -144,7 +144,7 @@ ms.prod: w10
<div class="card">
<div class="cardImageOuter">
<div class="cardImage bgdAccent1">
<img src="/media/hubs/education/education-developers-uwp-apps.svg" alt="" />
<img src="https://docs.microsoft.com/media/hubs/education/education-developers-uwp-apps.svg" alt="" />
</div>
</div>
<div class="cardText">
@ -163,7 +163,7 @@ ms.prod: w10
<div class="card">
<div class="cardImageOuter">
<div class="cardImage bgdAccent1">
<img src="/media/hubs/education/education-developers-api-test.svg" alt="" />
<img src="https://docs.microsoft.com/media/hubs/education/education-developers-api-test.svg" alt="" />
</div>
</div>
<div class="cardText">
@ -182,7 +182,7 @@ ms.prod: w10
<div class="card">
<div class="cardImageOuter">
<div class="cardImage bgdAccent1">
<img src="/media/hubs/education/education-developers-office-education.svg" alt="" />
<img src="https://docs.microsoft.com/media/hubs/education/education-developers-office-education.svg" alt="" />
</div>
</div>
<div class="cardText">
@ -194,6 +194,25 @@ ms.prod: w10
</div>
</a>
</li>
<li>
<a href="/microsoft-365/education/data-streamer">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage bgdAccent1">
<img src="images/data-streamer.png" alt="" />
</div>
</div>
<div class="cardText">
<h3>Data Streamer</h3>
<p>Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.</p>
</div>
</div>
</div>
</div>
</a>
</li>
</ul>
</li>
</ul>

2
mdop/docfx.json
View File

@ -22,13 +22,11 @@
}
],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/microsoft-desktop-optimization-pack/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.technology": "mdop",
"ms.sitesec": "library",
"ms.topic": "article",
"ms.author": "jamiet",
"ms.date": "04/05/2017",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",

1
smb/docfx.json
View File

@ -29,7 +29,6 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/smb/breadcrumb/toc.json",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",

1
store-for-business/docfx.json
View File

@ -32,7 +32,6 @@
"externalReference": [],
"globalMetadata": {
"breadcrumb_path": "/microsoft-store/breadcrumb/toc.json",
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"ms.author": "trudyha",
"ms.technology": "windows",
"ms.topic": "article",

2
windows/access-protection/docfx.json
View File

@ -31,11 +31,9 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "justinha",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-access-protection",

1
windows/application-management/docfx.json
View File

@ -31,7 +31,6 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",

1
windows/client-management/docfx.json
View File

@ -31,7 +31,6 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",

10
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -736,10 +736,10 @@ The following diagram shows the Policy configuration service provider in tree fo
<dl>
<dd>
<a href="./policy-csp-cryptography.md#cryptographyallowfipsalgorithmpolicy" id="cryptographyallowfipsalgorithmpolicy">Cryptography/AllowFipsAlgorithmPolicy</a>
<a href="./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy" id="cryptography-allowfipsalgorithmpolicy">Cryptography/AllowFipsAlgorithmPolicy</a>
</dd>
<dd>
<a href="./policy-csp-cryptography.md#cryptographytlsciphersuites" id="cryptographytlsciphersuites">Cryptography/TLSCipherSuites</a>
<a href="./policy-csp-cryptography.md#cryptography-tlsciphersuites" id="cryptography-tlsciphersuites">Cryptography/TLSCipherSuites</a>
</dd>
</dl>
@ -4393,7 +4393,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptographyallowfipsalgorithmpolicy)
- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
- [Defender/AllowArchiveScanning](./policy-csp-defender.md#defender-allowarchivescanning)
- [Defender/AllowBehaviorMonitoring](./policy-csp-defender.md#defender-allowbehaviormonitoring)
@ -5258,8 +5258,8 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Camera/AllowCamera](#camera-allowcamera)
- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui)
- [Cryptography/AllowFipsAlgorithmPolicy](#cryptographyallowfipsalgorithmpolicy)
- [Cryptography/TLSCipherSuites](#cryptographytlsciphersuites)
- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)
- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)
- [Defender/AllowArchiveScanning](#defender-allowarchivescanning)
- [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring)
- [Defender/AllowCloudProtection](#defender-allowcloudprotection)

136
windows/client-management/mdm/policy-csp-cryptography.md
View File

@ -6,43 +6,56 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 05/14/2018
ms.date: 06/19/2019
ms.reviewer:
manager: dansimp
---
# Policy CSP - Cryptography
<hr/>
<!--Policies-->
## Cryptography policies
<dl>
<dd>
<a href="#cryptography-allowfipsalgorithmpolicy">Cryptography/AllowFipsAlgorithmPolicy</a>
</dd>
<dd>
<a href="#cryptography-tlsciphersuites">Cryptography/TLSCipherSuites</a>
</dd>
</dl>
<<<<<<< HEAD
* [Cryptography/AllowFipsAlgorithmPolicy](#CryptographyAllowFipsAlgorithmPolicy)
* [Cryptography/TLSCipherSuites](#CryptographyTLSCipherSuites)
=======
* [Cryptography/AllowFipsAlgorithmPolicy](#cryptographyallowfipsalgorithmpolicy)
* [Cryptography/TLSCipherSuites](#cryptographytlsciphersuites)
>>>>>>> master
* [Cryptography/Microsoft Surface Hub](#cryptography-policies-supported-by-microsoft-surface-hub)
<hr/>
<!--Policy-->
<<<<<<< HEAD
## <a id="CryptographyAllowFipsAlgorithmPolicy" />Cryptography/AllowFipsAlgorithmPolicy
=======
## Cryptography/AllowFipsAlgorithmPolicy
>>>>>>> master
<a href="" id="cryptography-allowfipsalgorithmpolicy"></a>**Cryptography/AllowFipsAlgorithmPolicy**
<!--SupportedSKUs-->
|Home|Pro|Business |Enterprise |Education |Mobile |Mobile Enterprise |
| :---: | :---: | :---: | :---: | :---: | :---: | :---: |
|![][x] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check]|
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
@ -58,36 +71,53 @@ manager: dansimp
Allows or disallows the Federal Information Processing Standard (FIPS) policy.
<!--/Description-->
<!--RegistryMapped-->
GP Info:
<!--ADMXMapped-->
ADMX Info:
- GP English name: *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*
- GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
<!--/RegistryMapped-->
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) Not allowed.
- 1 Allowed.
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<<<<<<< HEAD
## <a id="CryptographyTLSCipherSuites" />Cryptography/TLSCipherSuites
=======
## Cryptography/TLSCipherSuites
>>>>>>> master
<a href="" id="cryptography-tlsciphersuites"></a>**Cryptography/TLSCipherSuites**
<!--SupportedSKUs-->
|Home|Pro|Business |Enterprise |Education |Mobile |Mobile Enterprise |
| :---: | :---: | :---: | :---: | :---: | :---: | :---: |
|![][x] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check] | ![][check]|
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
@ -103,26 +133,36 @@ The following list shows the supported values:
Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.
<!--/Description-->
<!--ADMXMapped-->
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<!--StartSurfaceHub-->
## <a href="" id="surfacehubpolicies"></a>Cryptography policies supported by Microsoft Surface Hub
- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)
- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)
<!--EndSurfaceHub-->
<hr/>
Footnote:
Footnotes:
- 1 - Added in Windows 10, version 1607.
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
<!--/Policies-->
<!--StartSurfaceHub-->
## Cryptography policies supported by Microsoft Surface Hub
- [Cryptography/AllowFipsAlgorithmPolicy](#CryptographyAllowFipsAlgorithmPolicy)
- [Cryptography/TLSCipherSuites](#CryptographyTLSCipherSuites)
<!--EndSurfaceHub-->
[check]: images/checkmark.png "Check"
[x]: images/crossmark.png "X"

2
windows/configuration/docfx.json
View File

@ -31,11 +31,9 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "jdecker",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",

1
windows/deployment/TOC.md
View File

@ -1,5 +1,4 @@
# [Deploy and update Windows 10](https://docs.microsoft.com/windows/deployment)
## [Architectural planning posters for Windows 10](windows-10-architecture-posters.md)
## [Deploy Windows 10 with Microsoft 365](deploy-m365.md)
## [What's new in Windows 10 deployment](deploy-whats-new.md)
## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)

1
windows/deployment/docfx.json
View File

@ -32,7 +32,6 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",

27
windows/deployment/windows-10-architecture-posters.md
View File

@ -1,27 +0,0 @@
---
title: Deploy Windows 10 - architectural posters
description: Provides architural planning posters for Windows 10 in the enterprise
ms.prod: w10
ms.author: greg-lindsay
author: greg-lindsay
ms.date: 09/28/2017
ms.reviewer:
manager: laurawi
ms.tgt_pltfrm: na
ms.topic: article
ms.localizationpriority: medium
---
# Architectural planning posters for Windows 10
You can download the following posters for architectural information about deploying Windows 10 in the enterprise.
- [Deploy Windows 10 - Clean installation](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf)
Learn about the options and steps for a new installation of Windows 10.
- [Deploy Windows 10 - In-place upgrade](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf)
Learn about the steps to upgrade from a previous version of Windows.
- [Deploy Windows 10 - Windows Autopilot](https://github.com/MicrosoftDocs/windows-itpro-docs/blob/master/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf)
Learn how you can set up and pre-configure Windows 10 devices.
- [Deploy Windows 10 - Windows servicing](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/WindowsServicing.pdf)
Learn how to keep Windows up to date.
- [Deploy Windows 10 - Protection solutions](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/ProtectionSolutions.pdf)
Learn about the two tiers of protection available for Windows 10 devices.

2
windows/device-security/docfx.json
View File

@ -31,11 +31,9 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "justinha",
"ms.date": "04/05/2017",
"_op_documentIdPathDepotMapping": {
"./": {

2
windows/hub/docfx.json
View File

@ -34,11 +34,9 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "brianlic",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",

1
windows/known-issues/docfx.json
View File

@ -35,7 +35,6 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",

1
windows/privacy/docfx.json
View File

@ -32,7 +32,6 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",

70
windows/release-information/TOC.md
View File

@ -1,36 +1,36 @@
# [Windows 10 release information](index.md)
## [Message center](windows-message-center.yml)
## Version 1903
### [Known issues and notifications](status-windows-10-1903.yml)
### [Resolved issues](resolved-issues-windows-10-1903.yml)
## Version 1809 and Windows Server 2019
### [Known issues and notifications](status-windows-10-1809-and-windows-server-2019.yml)
### [Resolved issues](resolved-issues-windows-10-1809-and-windows-server-2019.yml)
## Version 1803
### [Known issues and notifications](status-windows-10-1803.yml)
### [Resolved issues](resolved-issues-windows-10-1803.yml)
## Version 1709
### [Known issues and notifications](status-windows-10-1709.yml)
### [Resolved issues](resolved-issues-windows-10-1709.yml)
## Version 1703
### [Known issues and notifications](status-windows-10-1703.yml)
### [Resolved issues](resolved-issues-windows-10-1703.yml)
## Version 1607 and Windows Server 2016
### [Known issues and notifications](status-windows-10-1607-and-windows-server-2016.yml)
### [Resolved issues](resolved-issues-windows-10-1607.yml)
## Version 1507
### [Known issues and notifications](status-windows-10-1507.yml)
### [Resolved issues](resolved-issues-windows-10-1507.yml)
## Previous versions
### Windows 8.1 and Windows Server 2012 R2
#### [Known issues and notifications](status-windows-8.1-and-windows-server-2012-r2.yml)
####[Resolved issues](resolved-issues-windows-8.1-and-windows-server-2012-r2.yml)
### Windows Server 2012
#### [Known issues and notifications](status-windows-server-2012.yml)
####[Resolved issues](resolved-issues-windows-server-2012.yml)
### Windows 7 and Windows Server 2008 R2
#### [Known issues and notifications](status-windows-7-and-windows-server-2008-r2-sp1.yml)
####[Resolved issues](resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml)
### Windows Server 2008 SP2
#### [Known issues and notifications](status-windows-server-2008-sp2.yml)
####[Resolved issues](resolved-issues-windows-server-2008-sp2.yml)
# [Message center](windows-message-center.yml)
# Version 1903
## [Known issues and notifications](status-windows-10-1903.yml)
## [Resolved issues](resolved-issues-windows-10-1903.yml)
# Version 1809 and Windows Server 2019
## [Known issues and notifications](status-windows-10-1809-and-windows-server-2019.yml)
## [Resolved issues](resolved-issues-windows-10-1809-and-windows-server-2019.yml)
# Version 1803
## [Known issues and notifications](status-windows-10-1803.yml)
## [Resolved issues](resolved-issues-windows-10-1803.yml)
# Version 1709
## [Known issues and notifications](status-windows-10-1709.yml)
## [Resolved issues](resolved-issues-windows-10-1709.yml)
# Version 1703
## [Known issues and notifications](status-windows-10-1703.yml)
## [Resolved issues](resolved-issues-windows-10-1703.yml)
# Version 1607 and Windows Server 2016
## [Known issues and notifications](status-windows-10-1607-and-windows-server-2016.yml)
## [Resolved issues](resolved-issues-windows-10-1607.yml)
# Version 1507
## [Known issues and notifications](status-windows-10-1507.yml)
## [Resolved issues](resolved-issues-windows-10-1507.yml)
# Previous versions
## Windows 8.1 and Windows Server 2012 R2
### [Known issues and notifications](status-windows-8.1-and-windows-server-2012-r2.yml)
###[Resolved issues](resolved-issues-windows-8.1-and-windows-server-2012-r2.yml)
## Windows Server 2012
### [Known issues and notifications](status-windows-server-2012.yml)
### [Resolved issues](resolved-issues-windows-server-2012.yml)
## Windows 7 and Windows Server 2008 R2
### [Known issues and notifications](status-windows-7-and-windows-server-2008-r2-sp1.yml)
### [Resolved issues](resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml)
## Windows Server 2008 SP2
### [Known issues and notifications](status-windows-server-2008-sp2.yml)
### [Resolved issues](resolved-issues-windows-server-2008-sp2.yml)

8
windows/release-information/breadcrumb/toc.yml
View File

@ -1,3 +1,11 @@
- name: Docs
tocHref: /
topicHref: /
items:
- name: Windows
tocHref: /windows
topicHref: /windows/windows-10
items:
- name: Release information
tocHref: /windows/release-information/
topicHref: /windows/release-information/index

2
windows/release-information/docfx.json
View File

@ -35,7 +35,7 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"breadcrumb_path": "/windows/release-information/breadcrumb/toc.json",
"ms.prod": "w10",
"ms.date": "4/30/2019",
"titleSuffix": "Windows Release Information",

2
windows/security/docfx.json
View File

@ -32,14 +32,12 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"ms.author": "justinha",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.security",

3
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
View File

@ -66,6 +66,9 @@ After a successful key registration, Windows creates a certificate request using
The AD FS registration authority verifies the key used in the certificate request matches the key that was previously registered. On a successful match, the AD FS registration authority signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.
> [!NOTE]
> In order for AD FS to verify the key used in the certificate request, it needs to be able to access the https://enterpriseregistration.windows.net endpoint.
The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current users certificate store. Once this process completes, the Windows Hello for Business provisioning workflow informs the user that they can use their PIN to sign-in through the Windows Action Center.
<br><br>

3
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
View File

@ -28,6 +28,9 @@ The Windows Server 2016 Active Directory Federation Server Certificate Registrat
The Windows Hello for Business Authentication certificate template is configured to only issue certificates to certificate requests that have been signed with an enrollment agent certificate.
> [!NOTE]
> In order for AD FS to verify user certificate requests for Windows Hello for Business, it needs to be able to access the https://enterpriseregistration.windows.net endpoint.
### Configure the Registration Authority
Sign-in the AD FS server with *Domain Admin* equivalent credentials.

6
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
View File

@ -55,7 +55,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e
7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list. Select **RSA** from the **Algorithm name** list. Type **2048** in the **Minimum key size** text box. Select **SHA256** from the **Request hash** list. Click **OK**.
8. Close the console.
#### Configure Certificate Suspeding for the Domain Controller Authentication (Kerberos) Certificate Template
#### Configure Certificate Superseding for the Domain Controller Authentication (Kerberos) Certificate Template
Many domain controllers may have an existing domain controller certificate. The Active Directory Certificate Services provides a default certificate template for domain controllers--the domain controller certificate template. Later releases provided a new certificate template--the domain controller authentication certificate template. These certificate templates were provided prior to update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the **KDC Authentication** extension.
@ -77,6 +77,9 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi
The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities.
>[!NOTE]
>The Domain Controller Certificate must be present in the NTAuth store. By default, Microsoft Enterprise CAs are added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the Domain Controller Certificate is not present in the NTAuth store, user authentication will fail.
### Enrollment Agent certificate template
Active Directory Federation Server used for Windows Hello for Business certificate enrollment performs its own certificate life-cycle management. Once the registration authority is configured with the proper certificate template, the AD FS server attempts to enroll the certificate on the first certificate request or when the service first starts.
@ -183,6 +186,7 @@ Sign-in to the certificate authority or management workstation with _Enterprise
4. Right-click the **Domain Controller** certificate template in the content pane and select **Delete**. Click **Yes** on the **Disable certificate templates** window.
5. Repeat step 4 for the **Domain Controller Authentication** and **Kerberos Authentication** certificate templates.
### Section Review
> [!div class="checklist"]
> * Domain Controller certificate template

2
windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
View File

@ -77,6 +77,8 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi
The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities.
>[!NOTE]
>The Domain Controller Certificate must be present in the NTAuth store. By default, Microsoft Enterprise CAs are added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the Domain Controller Certificate is not present in the NTAuth store, user authentication will fail.
### Publish Certificate Templates to a Certificate Authority

1
windows/security/threat-protection/TOC.md
View File

@ -72,6 +72,7 @@
#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)
##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
#####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
#### [Secure score](microsoft-defender-atp/overview-secure-score.md)

1
windows/security/threat-protection/microsoft-defender-atp/TOC.md
View File

@ -75,6 +75,7 @@
### [Automated investigation and remediation](automated-investigations.md)
#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
### [Secure score](overview-secure-score.md)

24
windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
View File

@ -63,6 +63,30 @@ So, for example:
- An alert about malware detected while executing which can pose a threat not only to the individual machine but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High".
- Suspicious behavioral alerts which were not blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations.
#### Understanding alert categories
We've redefined the alert categories to align to the [enterprise attack tactics](https://attack.mitre.org/tactics/enterprise/) in the [MITRE ATT&CK matrix](https://attack.mitre.org/). New category names apply to all new alerts. Existing alerts will retain the previous category names.
The table below lists the current categories and how they generally map to previous categories.
| New category | Previous categories | Detected threat activity or component |
|----------------------|----------------------|-------------|
| Collection | - | Locating and collecting data for exfiltration |
| Command and control | CommandAndControl | Connecting to attacker-controlled network infrastructure to relay data or receive commands |
| Credential access | CredentialTheft | Obtaining valid credentials to extend control over devices and other resources in the network |
| Defense evasion | - | Avoiding security controls by, for example, turning off security apps, deleting implants, and running rootkits |
| Discovery | Reconnaissance, WebFingerprinting | Gathering information about important devices and resources, such as administrator computers, domain controllers, and file servers |
| Execution | Delivery, MalwareDownload | Launching attacker tools and malicious code, including RATs and backdoors |
| Exfiltration | Exfiltration | Extracting data from the network to an external, attacker-controlled location |
| Exploit | Exploit | Exploit code and possible exploitation activity |
| Initial access | SocialEngineering, WebExploit, DocumentExploit | Gaining initial entry to the target network, usually involving password-guessing, exploits, or phishing emails |
| Lateral movement | LateralMovement, NetworkPropagation | Moving between devices in the target network to reach critical resources or gain network persistence |
| Malware | Malware, Backdoor, Trojan, TrojanDownloader, CredentialStealing, Weaponization, RemoteAccessTool | Backdoors, trojans, and other types of malicious code |
| Persistence | Installation, Persistence | Creating autostart extensibility points (ASEPs) to remain active and survive system restarts |
| Privilege escalation | PrivilegeEscalation | Obtaining higher permission levels for code by running it in the context of a privileged process or account |
| Ransomware | Ransomware | Malware that encrypts files and extorts payment to restore access |
| Suspicious activity | General, None, NotApplicable, EnterprisePolicy, SuspiciousNetworkTraffic | Atypicaly activity that could be malware activity or part of an attack |
| Unwanted software | UnwantedSoftware | Low-reputation apps and apps that impact productivity and the user experience; detected as potentially unwanted applications (PUAs) |
### Status
You can choose to limit the list of alerts based on their status.

2
windows/security/threat-protection/microsoft-defender-atp/alerts.md
View File

@ -46,7 +46,7 @@ status | Enum | Specifies the current status of the alert. Possible values are:
investigationState | Nullable Enum | The current state of the investigation. Possible values are: 'Unknown', 'Terminated', 'SuccessfullyRemediated', 'Benign Failed PartiallyRemediated', 'Running', 'PendingApproval', 'PendingResource', 'PartiallyInvestigated', 'TerminatedByUser', 'TerminatedBySystem', 'Queued', 'InnerFailure', 'PreexistingAlert', 'UnsupportedOs', 'UnsupportedAlertType', 'SuppressedAlert' .
classification | Nullable Enum | Specification of the alert. Possible values are: 'Unknown', 'FalsePositive', 'TruePositive'.
determination | Nullable Enum | Specifies the determination of the alert. Possible values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other'.
category| String | Category of the alert. The property values are: 'None', 'SuspiciousActivity', 'Malware', 'CredentialTheft', 'Exploit', 'WebExploit', 'DocumentExploit', 'PrivilegeEscalation', 'Persistence', 'RemoteAccessTool', 'CommandAndControl', 'SuspiciousNetworkTraffic', 'Ransomware', 'MalwareDownload', 'Reconnaissance', 'WebFingerprinting', 'Weaponization', 'Delivery', 'SocialEngineering', 'CredentialStealing', 'Installation', 'Backdoor', 'Trojan', 'TrojanDownloader', 'LateralMovement', 'ExplorationEnumeration', 'NetworkPropagation', 'Exfiltration', 'NotApplicable', 'EnterprisePolicy' and 'General' .
category| String | Category of the alert. Possible values are: 'Collection', 'Command and control', 'Credential access', 'Defense evasion', 'Discovery', 'Execution', 'Exfiltration', 'Exploit', 'Initial access', 'Lateral movement', 'Malware', 'Persistence', 'Privilege escalation', 'Ransomware', 'Suspicious activity', 'Unwanted software'.
detectionSource | string | Detection source.
threatFamilyName | string | Threat family.
title | string | Alert title.

54
windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md Normal file
View File

@ -0,0 +1,54 @@
---
title: Manage actions related to automated investigation and remediation
description: Use the action center to manage actions related to automated investigation and response
keywords: action, center, autoir, automated, investigation, response, remediation
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Manage actions related to automated investigation and remediation
The Action center aggregates all investigations that require an action for an investigation to proceed or be completed.
![Image of Action center page](images/action-center.png)
The action center consists of two main tabs:
- Pending actions - Displays a list of ongoing investigations that require attention. A recommended action is presented to the analyst, which they can approve or reject.
- History - Acts as an audit log for:
- All actions taken by AutoIR or approved by an analyst with ability to undo actions that support this capability (for example, quarantine file).
- All commands ran and remediation actions applied in Live Response with ability to undo actions that support this capability.
- Remediation actions applied by Windows Defender AV with ability to undo actions that support this capability.
Use the Customize columns drop-down menu to select columns that you'd like to show or hide.
From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
>[!NOTE]
>The tab will only appear if there are pending actions for that category.
### Approve or reject an action
You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
From the panel, you can click on the Open investigation page link to see the investigation details.
You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations.
## Related topics
- [Automated investigation and investigation](automated-investigations.md)
- [Learn about the automated investigations dashboard](manage-auto-investigation.md)

2
windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
View File

@ -56,7 +56,7 @@ During an Automated investigation, details about each analyzed entity is categor
The **Log** tab reflects the chronological detailed view of all the investigation actions taken on the alert.
If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions.
If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions. You can also go to the **Action center** to get an aggregated view all pending actions and manage remediaton actions. It also acts as an audit trail for all Automated investigation actions.
### How an Automated investigation expands its scope

5
windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
View File

@ -1,8 +1,8 @@
---
title: Evaluate Microsoft Defender Advanced Threat Protection
ms.reviewer:
description:
keywords:
description: Evaluate the different security capabilities in Microsoft Defender ATP.
keywords: attack surface reduction, evaluate, next, generation, protection
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@ -16,7 +16,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/10/2018
---
# Evaluate Microsoft Defender ATP

BIN
windows/security/threat-protection/microsoft-defender-atp/images/action-center.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

8
windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
View File

@ -68,12 +68,12 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
2. Select **Create a suppression rule**.
You can create a suppression rule based on the following attributes:
You can create a suppression condition using these attributes. An AND operator is applied between each condition, so suppression occurs only if all conditions are met.
* File hash
* File SHA1
* File name - wildcard supported
* File path - wild card supported
* IP
* Folder path - wildcard supported
* IP address
* URL - wildcard supported
3. Select the **Trigerring IOC**.

32
windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
View File

@ -162,37 +162,9 @@ If there are pending actions on an Automated investigation, you'll see a pop up
![Image of pending actions](images/pending-actions.png)
When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**.
When you click on the pending actions link, you'll be taken to the Action center. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Action center**. For more information, see [Action center](auto-investigation-action-center.md).
The pending actions view aggregates all investigations that require an action for an investigation to proceed or be completed.
![Image of pending actions page](images/atp-pending-actions-list.png)
Use the Customize columns drop-down menu to select columns that you'd like to show or hide.
From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
Pending actions are grouped together in the following tabs:
- Quarantine file
- Remove persistence
- Stop process
- Expand pivot
- Quarantine service
>[!NOTE]
>The tab will only appear if there are pending actions for that category.
### Approve or reject an action
You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
![Image of pending action selected](images/atp-pending-actions-file.png)
From the panel, you can click on the Open investigation page link to see the investigation details.
You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations.
## Related topic
- [Investigate Microsoft Defender ATP alerts](investigate-alerts.md)
- [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)

12
windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
View File

@ -40,6 +40,18 @@ Verify that the **Domain member: Disable machine account password changes** opti
1. Do not enable this policy setting. Machine account passwords are used to establish secure channel communications between members and domain controllers and between the domain controllers within the domain. After it is established, the secure channel transmits sensitive information that is necessary for making authentication and authorization decisions.
2. Do not use this policy setting in an attempt to support dual-boot scenarios that use the same machine account. If you want to dual-boot installations that are joined to the same domain, give the two installations different computer names. This policy setting was added to the Windows operating system to make it easier for organizations that stockpile pre-built computers that are put into production months later; those devices do not have to be rejoined to the domain.
3. You may consider using this policy setting in particular environments, such as the following:
- Non-persistent Virtual Desktop Infrastructure implementations. In such implementations, each session starts from a read-only base image.
- Embedded devices that do not have write access to the OS volume.
In either of these cases, a password change that was made during normal operations would be lost as soon as the session ends. We strongly recommend that you plan password changes for maintenance windows. Add the password changes to the updates and modifications that Windows performs during maintenance windows. To trigger a password update on a particular OS volume, use the following command:
```
Nltest /sc_change_pwd:<AD DS domain name>
```
In this command, **\<AD DS domain name\>** represents the domain of the local computer. For more information about maintenance windows and non-persistent VDI implementations, see [Optimizing Windows 10, version 1803, for a Virtual Desktop Infrastructure (VDI) role: VDI optimization principles: Non-Persistent VDI](/windows-server/remote/remote-desktop-services/rds-vdi-recommendations-1803#vdi-optimization-principles).
### Location

10
windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
View File

@ -28,19 +28,21 @@ Describes the best practices, location, values, and security considerations for
The **Domain member: Maximum machine account password age** policy setting determines when a domain member submits a password change.
In Active Directorybased domains, each device has an account and password. By default, the domain members submit a password change every 30 days. Increasing this interval significantly, or setting it to **0** so that a device no longer submits a password change, gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts.
In Active Directorybased domains, each device has an account and password. By default, the domain members submit a password change every 30 days. You can extend or reduce this interval. Additionally, you can use the policy **Domain member: Disable machine account password changes** to disable the password change requirement altogether. However, before you consider this option, review the implications as described in [Domain member: Disable machine account password changes](domain-member-disable-machine-account-password-changes.md).
> [!IMPORTANT]
> Significantly increasing the password change interval (or disabling password changes) gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts.
For more information, see [Machine Account Password Process](https://blogs.technet.microsoft.com/askds/2009/02/15/machine-account-password-process-2/).
### Possible values
- User-defined number of days between 0 and 999
- User-defined number of days between 1 and 999
- Not defined.
### Best practices
1. It is often advisable to set **Domain member: Maximum machine account password age** to about 30 days.
Setting the value to fewer days can increase replication and impact domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would impact domain controllers in large organizations with many computers or slow links between sites.
1. It is often advisable to set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and impact domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would impact domain controllers in large organizations with many computers or slow links between sites.
2. Some organizations pre-build computers and then store them for later use or ship them to remote locations. When a computer starts after being offline more than 30 days, the Netlogon service will notice the password age and initiate a secure channel to a domain controller to change it. If the secure channel cannot be established, the computer will not authenticate with the domain. For this reason, some organizations might want to create a special organizational unit (OU) for computers that are prebuilt, and configure the value for this policy setting to a larger number of days.
### Location

360
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md Normal file
View File

@ -0,0 +1,360 @@
---
title: Set preferences for Microsoft Defender ATP for Mac
ms.reviewer:
description: Describes how to configure Microsoft Defender ATP for Mac in enterprises.
keywords: microsoft, defender, atp, mac, management, preferences, enterprise, intune, jamf, macos, mojave, high sierra, sierra
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dansimp
author: dansimp
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Set preferences for Microsoft Defender ATP for Mac
>[!IMPORTANT]
>This topic contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](microsoft-defender-atp-mac-resources.md#configuring-from-the-command-line) page.
In enterprise environments, Microsoft Defender ATP for Mac can be managed through a configuration profile. This profile is deployed from management tool of your choice. Preferences managed by the enterprise take precedence over the ones set locally on the device. In other words, users in your enterprise are not able to change preferences that are set through this configuration profile.
This topic describes the structure of this profile (including a recommended profile that you can use to get started) and instructions for how to deploy the profile.
## Configuration profile structure
The configuration profile is a .plist file that consists of entries identified by a key (which denotes the name of the preference), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences.
The top level of the configuration profile includes product-wide preferences and entries for subareas of the product, which are explained in more detail in the next sections.
### Antivirus engine preferences
The *antivirusEngine* section of the configuration profile is used to manage the preferences of the antivirus component of the product.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | antivirusEngine |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
#### Enable / disable real-time protection
Whether real-time protection (scan files as they are accessed) is enabled or not.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | enableRealTimeProtection |
| **Data type** | Boolean |
| **Possible values** | true (default) <br/> false |
#### Scan exclusions
Entities that have been excluded from the scan. Exclusions can be specified by full paths, extensions, or file names.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | exclusions |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
**Type of exclusion**
Specifies the type of content excluded from the scan.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | $type |
| **Data type** | String |
| **Possible values** | excludedPath <br/> excludedFileExtension <br/> excludedFileName |
**Path to excluded content**
Used to exclude content from the scan by full file path.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | path |
| **Data type** | String |
| **Possible values** | valid paths |
| **Comments** | Applicable only if *$type* is *excludedPath* |
**Path type (file / directory)**
Indicates if the *path* property refers to a file or directory.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | isDirectory |
| **Data type** | Boolean |
| **Possible values** | false (default) <br/> true |
| **Comments** | Applicable only if *$type* is *excludedPath* |
**File extension excluded from the scan**
Used to exclude content from the scan by file extension.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | extension |
| **Data type** | String |
| **Possible values** | valid file extensions |
| **Comments** | Applicable only if *$type* is *excludedFileExtension* |
**Name of excluded content**
Used to exclude content from the scan by file name.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | name |
| **Data type** | String |
| **Possible values** | any string |
| **Comments** | Applicable only if *$type* is *excludedFileName* |
#### Threat type settings
The *threatTypeSettings* preference in the antivirus engine is used to control how certain threat types are handled by the product.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | threatTypeSettings |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
**Threat type**
Type of the threat for which the behavior is configured.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | key |
| **Data type** | String |
| **Possible values** | potentially_unwanted_application <br/> archive_bomb |
**Action to take**
Action to take when coming across a threat of the type specified in the preceding section. Can be:
- **Audit**: your device is not protected against this type of threat, but an entry about the threat is logged.
- **Block**: your device is protected against this type of threat and you are notified in the user interface and the security console.
- **Off**: your device is not protected against this type of threat and nothing is logged.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | value |
| **Data type** | String |
| **Possible values** | audit (default) <br/> block <br/> off |
### Cloud delivered protection preferences
The *cloudService* entry in the configuration profile is used to configure the cloud driven protection feature of the product.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | cloudService |
| **Data type** | Dictionary (nested preference) |
| **Comments** | See the following sections for a description of the dictionary contents. |
#### Enable / disable cloud delivered protection
Whether cloud delivered protection is enabled on the device or not. To improve the security of your services, we recommend keeping this feature turned on.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | enabled |
| **Data type** | Boolean |
| **Possible values** | true (default) <br/> false |
#### Diagnostic collection level
Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by the product to Microsoft.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | diagnosticLevel |
| **Data type** | String |
| **Possible values** | optional (default) <br/> required |
#### Enable / disable automatic sample submissions
Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. You are prompted if the submitted file is likely to contain personal information.
|||
|:---|:---|
| **Domain** | com.microsoft.wdav |
| **Key** | automaticSampleSubmission |
| **Data type** | Boolean |
| **Possible values** | true (default) <br/> false |
## Recommended configuration profile
To get started, we recommend the following configuration profile for your enterprise to take advantage of all protection features that Microsoft Defender ATP provides.
The following configuration profile will:
- Enable real-time protection (RTP)
- Specify how the following threat types are handled:
- **Potentially unwanted applications (PUA)** are blocked
- **Archive bombs** (file with a high compression rate) are audited to the product logs
- Enable cloud delivered protection
- Enable automatic sample submission
```XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>antivirusEngine</key>
<dict>
<key>enableRealTimeProtection</key>
<true/>
<key>threatTypeSettings</key>
<array>
<dict>
<key>key</key>
<string>potentially_unwanted_application</string>
<key>value</key>
<string>block</string>
</dict>
<dict>
<key>key</key>
<string>archive_bomb</string>
<key>value</key>
<string>audit</string>
</dict>
</array>
</dict>
<key>cloudService</key>
<dict>
<key>enabled</key>
<true/>
<key>automaticSampleSubmission</key>
<true/>
</dict>
</dict>
</plist>
```
## Full configuration profile example
The following configuration profile contains entries for all settings described in this document and can be used for more advanced scenarios where you want more control over the product.
```XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>antivirusEngine</key>
<dict>
<key>enableRealTimeProtection</key>
<true/>
<key>exclusions</key>
<array>
<dict>
<key>$type</key>
<string>excludedPath</string>
<key>isDirectory</key>
<false/>
<key>path</key>
<string>/var/log/system.log</string>
</dict>
<dict>
<key>$type</key>
<string>excludedPath</string>
<key>isDirectory</key>
<true/>
<key>path</key>
<string>/home</string>
</dict>
<dict>
<key>$type</key>
<string>excludedFileExtension</string>
<key>extension</key>
<string>pdf</string>
</dict>
</array>
<key>allowedThreats</key>
<array>
<string>eicar</string>
</array>
<key>threatTypeSettings</key>
<array>
<dict>
<key>key</key>
<string>potentially_unwanted_application</string>
<key>value</key>
<string>block</string>
</dict>
<dict>
<key>key</key>
<string>archive_bomb</string>
<key>value</key>
<string>audit</string>
</dict>
</array>
</dict>
<key>cloudService</key>
<dict>
<key>enabled</key>
<true/>
<key>diagnosticLevel</key>
<string>optional</string>
<key>automaticSampleSubmission</key>
<true/>
</dict>
</dict>
</plist>
```
## Configuration profile deployment
Once you've built the configuration profile for your enterprise, you can deploy it through the management console that your enterprise is using. The following sections provide instructions on how to deploy this profile using JAMF and Intune.
### JAMF deployment
From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings**. Create an entry with *com.microsoft.wdav* as the preference domain and upload the .plist produced earlier.
>[!WARNING]
>It is important that you enter the correct preference domain (*com.microsoft.wdav*), otherwise the preferences might not be recognized by the product.
### Intune deployment
1. Open **Manage** > **Device configuration**. Select **Manage** > **Profiles** > **Create Profile**.
2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select Configure.
3. Save the .plist produced earlier as **com.microsoft.wdav.xml**.
4. Enter **com.microsoft.wdav** as the **custom configuration profile name**.
5. Open the configuration profile and upload **com.microsoft.wdav.xml**. This file was created in step 3.
6. Select **OK**.
7. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
>[!WARNING]
>It is important that you enter the correct custom configuration profile name, otherwise these preferences might not be recognized by the product.
## Resources
- [Configuration Profile Reference (Apple developer documentation)](https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf)

260
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md Normal file
View File

@ -0,0 +1,260 @@
---
title: Privacy for Microsoft Defender ATP for Mac
ms.reviewer:
description: Describes privacy controls, how to configure policy settings that impact privacy and information about the diagnostic data collected in Microsoft Defender ATP for Mac.
keywords: microsoft, defender, atp, mac, privacy, diagnostic
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dansimp
author: dansimp
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Privacy for Microsoft Defender ATP for Mac
Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when youre using Microsoft Defender ATP for Mac.
This topic describes the privacy controls available within the product, how to manage these controls with policy settings and more details on the data events that are collected.
## Overview of privacy controls in Microsoft Defender ATP for Mac
This section describes the privacy controls for the different types of data collected by Microsoft Defender ATP for Mac.
### Diagnostic data
Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, detect, diagnose and fix problems, and also make product improvements.
Some diagnostic data is required, while some diagnostic data is optional. We give you the ability to choose whether to send us required or optional diagnostic data through the use of privacy controls, such as policy settings for organizations.
There are two levels of diagnostic data for Microsoft Defender ATP client software that you can choose from:
* **Required**: The minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and performing as expected on the device its installed on.
* **Optional**: Additional data that helps Microsoft make product improvements and provides enhanced information to help detect, diagnose, and remediate issues.
By default, both optional and required diagnostic data are sent to Microsoft.
### Cloud delivered protection data
Cloud delivered protection is used to provide increased and faster protection with access to the latest protection data in the cloud.
Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides important protection against malware on your endpoints and across your network.
### Sample data
Sample data is used to improve the protection capabilities of the product, by sending Microsoft suspicious samples so they can be analyzed. Enabling automatic sample submission is optional.
When this feature is enabled and the sample that is collected is likely to contain personal information, the user is prompted for consent.
## Manage privacy controls with policy settings
If you're an IT administrator, you might want to configure these controls at the enterprise level.
The privacy controls for the various types of data described in the preceding section are described in detail in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
As with any new policy settings, you should carefully test them out in a limited, controlled environment to ensure the settings that you configure have the desired effect before you implement the policy settings more widely in your organization.
## Diagnostic data events
This section describes what is considered required diagnostic data and what is considered optional diagnostic data, along with a description of the events and fields that are collected.
### Data fields that are common for all events
There is some information about events that is common to all events, regardless of category or data subtype.
The following fields are considered common for all events:
| Field | Description |
| ----------------------- | ----------- |
| platform | The broad classification of the platform on which the app is running. Allows Microsoft to identify on which platforms an issue may be occurring so that it can correctly be prioritized. |
| machine_guid | Unique identifier associated with the device. Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. |
| sense_guid | Unique identifier associated with the device. Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. |
| org_id | Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. |
| hostname | Local machine name (without DNS suffix). Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. |
| product_guid | Unique identifier of the product. Allows Microsoft to differentiate issues impacting different flavors of the product. |
| app_version | Version of the Microsoft Defender ATP for Mac application. Allows Microsoft to identify which versions of the product are showing an issue so that it can correctly be prioritized.|
| sig_version | Version of security intelligence database. Allows Microsoft to identify which versions of the security intelligence are showing an issue so that it can correctly be prioritized. |
| supported_compressions | List of compression algorithms supported by the application, for example `['gzip']`. Allows Microsoft to understand what types of compressions can be used when it communicates with the application. |
| release_ring | Ring that the device is associated with (for example Insider Fast, Insider Slow, Production). Allows Microsoft to identify on which release ring an issue may be occurring so that it can correctly be prioritized. |
### Required diagnostic data
**Required diagnostic data** is the minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and perform as expected on the device its installed on.
Required diagnostic data helps to identify problems with Microsoft Defender ATP that may be related to a device or software configuration. For example, it can help determine if a Microsoft Defender ATP feature crashes more frequently on a particular operating system version, with newly introduced features, or when certain Microsoft Defender ATP features are disabled. Required diagnostic data helps Microsoft detect, diagnose, and fix these problems more quickly so the impact to users or organizations is reduced.
#### Software setup and inventory data events
**Microsoft Defender ATP installation / uninstallation**
The following fields are collected:
| Field | Description |
| ---------------- | ----------- |
| correlation_id | Unique identifier associated with the installation. |
| version | Version of the package. |
| severity | Severity of the message (for example Informational). |
| code | Code that describes the operation. |
| text | Additional information associated with the product installation. |
**Microsoft Defender ATP configuration**
The following fields are collected:
| Field | Description |
| --------------------------------------------------- | ----------- |
| antivirus_engine.enable_real_time_protection | Whether real-time protection is enabled on the device or not. |
| cloud_service.enabled | Whether cloud delivered protection is enabled on the device or not. |
| cloud_service.timeout | Time out when the application communicates with the Microsoft Defender ATP cloud. |
| cloud_service.heartbeat_interval | Interval between consecutive heartbeats sent by the product to the cloud. |
| cloud_service.service_uri | URI used to communicate with the cloud. |
| cloud_service.diagnostic_level | Diagnostic level of the device (required, optional). |
| cloud_service.automatic_sample_submission | Whether automatic sample submission is turned on or not. |
| features.\[optional feature name\] | List of preview features, along with whether they are enabled or not. |
#### Product and service performance data events
**Kernel extension statistics**
The following fields are collected:
| Field | Description |
| ---------------- | ----------- |
| version | Version of Microsoft Defender ATP for Mac. |
| instance_id | Unique identifier generated on kernel extension startup. |
| trace_level | Trace level of the kernel extension. |
| ipc.connects | Number of connection requests received by the kernel extension. |
| ipc.rejects | Number of connection requests rejected by the kernel extension. |
| ipc.connected | Whether there is any active connection to the kernel extension. |
#### Support data
**Diagnostic logs**
Diagnostic logs are collected only with the consent of the user as part of the feedback submission feature. The following files are collected as part of the support logs:
- All files under */Library/Logs/Microsoft/mdatp/*
- Subset of files under */Library/Application Support/Microsoft/Defender/* that are created and used by Microsoft Defender ATP for Mac
- Subset of files under */Library/Managed Preferences* that are used by Microsoft Defender ATP for Mac
### Optional diagnostic data
**Optional diagnostic data** is additional data that helps Microsoft make product improvements and provides enhanced information to help detect, diagnose, and fix issues.
If you choose to send us optional diagnostic data, required diagnostic data is also included.
Examples of optional diagnostic data include data Microsoft collects about product configuration (for example number of exclusions set on the device) and product performance (aggregate measures about the performance of components of the product).
#### Software setup and inventory data events
**Microsoft Defender ATP configuration**
The following fields are collected:
| Field | Description |
| -------------------------------------------------- | ----------- |
| connection_retry_timeout | Connection retry time out when communication with the cloud. |
| file_hash_cache_maximum | Size of the product cache. |
| crash_upload_daily_limit | Limit of crash logs uploaded daily. |
| antivirus_engine.exclusions[].is_directory | Whether the exclusion from scanning is a directory or not. |
| antivirus_engine.exclusions[].path | Path that was excluded from scanning. |
| antivirus_engine.exclusions[].extension | Extension excluded from scanning. |
| antivirus_engine.exclusions[].name | Name of the file excluded from scanning. |
| antivirus_engine.scan_cache_maximum | Size of the product cache. |
| antivirus_engine.maximum_scan_threads | Maximum number of threads used for scanning. |
| antivirus_engine.threat_restoration_exclusion_time | Time out before a file restored from the quarantine can be detected again. |
| filesystem_scanner.full_scan_directory | Full scan directory. |
| filesystem_scanner.quick_scan_directories | List of directories used in quick scan. |
| edr.latency_mode | Latency mode used by the detection and response component. |
| edr.proxy_address | Proxy address used by the detection and response component. |
**Microsoft Auto-Update configuration**
The following fields are collected:
| Field | Description |
| --------------------------- | ----------- |
| how_to_check | Determines how product updates are checked (for example automatic or manual). |
| channel_name | Update channel associated with the device. |
| manifest_server | Server used for downloading updates. |
| update_cache | Location of the cache used to store updates. |
### Product and service usage
#### Diagnostic log upload started report
The following fields are collected:
| Field | Description |
| ---------------- | ----------- |
| sha256 | SHA256 identifier of the support log. |
| size | Size of the support log. |
| original_path | Path to the support log (always under */Library/Application Support/Microsoft/Defender/wdavdiag/*). |
| format | Format of the support log. |
#### Diagnostic log upload completed report
The following fields are collected:
| Field | Description |
| ---------------- | ----------- |
| request_id | Correlation ID for the support log upload request. |
| sha256 | SHA256 identifier of the support log. |
| blob_sas_uri | URI used by the application to upload the support log. |
#### Product and service performance data events
**Unexpected application exit (crash)**
Unexpected application exits and the state of the application when that happens.
**Kernel extension statistics**
The following fields are collected:
| Field | Description |
| ------------------------------ | ----------- |
| pkt_ack_timeout | The following properties are aggregated numerical values, representing count of events that happened since kernel extension startup. |
| pkt_ack_conn_timeout | |
| ipc.ack_pkts | |
| ipc.nack_pkts | |
| ipc.send.ack_no_conn | |
| ipc.send.nack_no_conn | |
| ipc.send.ack_no_qsq | |
| ipc.send.nack_no_qsq | |
| ipc.ack.no_space | |
| ipc.ack.timeout | |
| ipc.ack.ackd_fast | |
| ipc.ack.ackd | |
| ipc.recv.bad_pkt_len | |
| ipc.recv.bad_reply_len | |
| ipc.recv.no_waiter | |
| ipc.recv.copy_failed | |
| ipc.kauth.vnode.mask | |
| ipc.kauth.vnode.read | |
| ipc.kauth.vnode.write | |
| ipc.kauth.vnode.exec | |
| ipc.kauth.vnode.del | |
| ipc.kauth.vnode.read_attr | |
| ipc.kauth.vnode.write_attr | |
| ipc.kauth.vnode.read_ex_attr | |
| ipc.kauth.vnode.write_ex_attr | |
| ipc.kauth.vnode.read_sec | |
| ipc.kauth.vnode.write_sec | |
| ipc.kauth.vnode.take_own | |
| ipc.kauth.vnode.denied | |
| ipc.kauth.file_op.mask | |
| ipc.kauth_file_op.open | |
| ipc.kauth.file_op.close | |
## Resources
- [Privacy at Microsoft](https://privacy.microsoft.com/)

2
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
View File

@ -55,6 +55,8 @@ In general you'll need to take the following steps:
Whichever method you choose, you will first need to visit the onboarding page in the Microsoft Defender ATP portal.
Once installed, you can configure the product in your enterprise using the steps in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
### Prerequisites
You should have beginner-level experience in macOS and BASH scripting. You must have administrative privileges on the machine.

9
windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
View File

@ -11,7 +11,6 @@ ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
ms.date: 09/03/2018
ms.reviewer:
manager: dansimp
---
@ -22,7 +21,9 @@ manager: dansimp
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues.
You can use Windows Defender Antivirus with Update Compliance. Youll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the [Microsoft Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx).
When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of devices or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you might encounter problems or issues.
Typically, the most common indicators of a problem are:
- You only see a small number or subset of all the devices you were expecting to see
@ -52,7 +53,9 @@ In order for devices to properly show up in Update Compliance, you have to meet
> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 diagnostic data must be set to the Enhanced level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level).
> - It has been 3 days since all requirements have been met
If the above pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us.
“You can use Windows Defender Antivirus with Update Compliance. Youll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the Microsoft Defender ATP portal (https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see Windows 10 product licensing options"
If the above pre-requisites have all been met, you might need to proceed to the next step to collect diagnostic information and send it to us.
> [!div class="nextstepaction"]
> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance.md)

2
windows/threat-protection/docfx.json
View File

@ -31,11 +31,9 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "justinha",
"ms.date": "04/05/2017",
"_op_documentIdPathDepotMapping": {
"./": {

2
windows/whats-new/docfx.json
View File

@ -31,11 +31,9 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "trudyha",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",

3
windows/whats-new/ltsc/index.md
View File

@ -6,7 +6,6 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.date: 12/27/2018
ms.localizationpriority: low
ms.topic: article
---
@ -42,7 +41,7 @@ With the LTSC servicing model, customers can delay receiving feature updates and
>[!IMPORTANT]
>The Long Term Servicing Channel is not intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows 10 provides customers with access to a deployment option for their special-purpose devices and environments. These devices typically perform a single important task and dont need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC does not change for the lifetime of the release, over time there might be some external tools that do not continue to provide legacy support. See [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181).
For detailed information about Windows 10 servicing, see [Overview of Windows as a service](/windows/deployment/update/waas-overview.md).
For detailed information about Windows 10 servicing, see [Overview of Windows as a service](/windows/deployment/update/waas-overview).
## See Also

6
windows/whats-new/ltsc/whats-new-windows-10-2015.md
View File

@ -1,14 +1,14 @@
---
title: What's new in Windows 10 Enterprise 2015 LTSC
ms.reviewer:
manager: dansimp
ms.author: macapara
manager: laurawi
ms.author: greglin
description: New and updated IT Pro content about new features in Windows 10 Enterprise 2015 LTSC (also known as Windows 10 Enterprise 2015 LTSB).
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2015 LTSC"]
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: mjcaparas
author: greg-lindsay
ms.localizationpriority: low
ms.topic: article
---

6
windows/whats-new/ltsc/whats-new-windows-10-2016.md
View File

@ -1,14 +1,14 @@
---
title: What's new in Windows 10 Enterprise 2016 LTSC
ms.reviewer:
manager: dansimp
ms.author: macapara
manager: laurawi
ms.author: greglin
description: New and updated IT Pro content about new features in Windows 10 Enterprise 2016 LTSC (also known as Windows 10 Enterprise 2016 LTSB).
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2016 LTSC"]
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: mjcaparas
author: greg-lindsay
ms.localizationpriority: low
ms.topic: article
---

62
windows/whats-new/ltsc/whats-new-windows-10-2019.md
View File

@ -1,14 +1,14 @@
---
title: What's new in Windows 10 Enterprise 2019 LTSC
ms.reviewer:
manager: dansimp
ms.author: macapara
manager: laurawi
ms.author: greglin
description: New and updated IT Pro content about new features in Windows 10 Enterprise 2019 LTSC (also known as Windows 10 Enterprise 2019 LTSB).
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2019 LTSC"]
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: mjcaparas
author: greg-lindsay
ms.localizationpriority: low
ms.topic: article
---
@ -279,33 +279,6 @@ To learn more about Autopilot self-deploying mode and to see step-by-step instru
IT Pros can use Autopilot Reset to quickly remove personal files, apps, and settings. A custom login screen is available from the lock screen that enables you to apply original settings and management enrollment (Azure Active Directory and device management) so that devices are returned to a fully configured, known, IT-approved state and ready to use. For more information, see [Reset devices with Autopilot Reset](https://docs.microsoft.com/education/windows/autopilot-reset).
## Sign-in
### Faster sign-in to a Windows 10 shared pc
If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc) in a flash!
**To enable fast sign-in:**
1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise 2019 LTSC.
2. Set the Policy CSP, and the **Authentication** and **EnableFastFirstSignIn** policies to enable fast sign-in.
3. Sign-in to a shared PC with your account. You'll notice the difference!
![fast sign-in](../images/fastsignin.png "fast sign-in")
### Web sign-in to Windows 10
Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing “web sign-in,” a new way of signing into your Windows PC. Web Sign-in enables Windows logon support for non-ADFS federated providers (e.g.SAML).
**To try out web sign-in:**
1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs).
2. Set the Policy CSP, and the Authentication and EnableWebSignIn polices to enable web sign-in.
3. On the lock screen, select web sign-in under sign-in options.
4. Click the “Sign in” button to continue.
![Web sign-in](../images/websignin.png "web sign-in")
## Deployment
### MBR2GPT.EXE
MBR2GPT.EXE is a new command-line tool introduced with Windows 10, version 1703 and also available in Windows 10 Enterprise 2019 LTSC (and later versions). MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS).
@ -316,10 +289,6 @@ Additional security features of Windows 10 that are enabled when you boot in UEF
For details, see [MBR2GPT.EXE](/windows/deployment/mbr-to-gpt).
### Windows Autopilot
Information about Windows Autopilot support for LTSC 2019 is pending.
### DISM
The following new DISM commands have been added to manage feature updates:
@ -372,6 +341,31 @@ Portions of the work done during the offline phases of a Windows update have bee
SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available.
## Sign-in
### Faster sign-in to a Windows 10 shared pc
If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc) in a flash!
**To enable fast sign-in:**
1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise 2019 LTSC.
2. Set the Policy CSP, and the **Authentication** and **EnableFastFirstSignIn** policies to enable fast sign-in.
3. Sign-in to a shared PC with your account. You'll notice the difference!
![fast sign-in](../images/fastsignin.png "fast sign-in")
### Web sign-in to Windows 10
Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing “web sign-in,” a new way of signing into your Windows PC. Web Sign-in enables Windows logon support for non-ADFS federated providers (e.g.SAML).
**To try out web sign-in:**
1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs).
2. Set the Policy CSP, and the Authentication and EnableWebSignIn polices to enable web sign-in.
3. On the lock screen, select web sign-in under sign-in options.
4. Click the “Sign in” button to continue.
![Web sign-in](../images/websignin.png "web sign-in")
## Windows Analytics
### Upgrade Readiness