From 25dd2bf28995e950a744cc3a47e46aa838ec956e Mon Sep 17 00:00:00 2001
From: tgrolleman <62642995+tgrolleman@users.noreply.github.com>
Date: Wed, 25 Mar 2020 09:53:28 +0100
Subject: [PATCH 01/10] Update configure-splunk.md
See documentation of https://splunkbase.splunk.com/app/4128/ also, the URL's are wrong. It doesn't work with /api/alerts after the domain, Because the splunk app already adds it themself (and makes it https://wdatp-alertexporter-eu.securitycenter.windows.com/api/alerts/api/alerts...) :
input_module_windows_defender_atp_alerts.py: uri = "%s/%s%s" % (endpoint,"/api/alerts?sinceTimeUtc=",max_date)
---
.../microsoft-defender-atp/configure-splunk.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md b/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md
index fd5efbf9ea..10c69301a9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md
@@ -78,7 +78,7 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP detec
| URL to authenticate the azure app (Default : https://login.microsoftonline.com) |
Endpoint |
- Depending on the location of your datacenter, select any of the following URL: For EU: https://wdatp-alertexporter-eu.securitycenter.windows.com/api/alerts
For US:https://wdatp-alertexporter-us.securitycenter.windows.com/api/alerts
For UK:https://wdatp-alertexporter-uk.securitycenter.windows.com/api/alerts
+ | Depending on the location of your datacenter, select any of the following URL: For EU: https://wdatp-alertexporter-eu.securitycenter.windows.com
For US:https://wdatp-alertexporter-us.securitycenter.windows.com
For UK:https://wdatp-alertexporter-uk.securitycenter.windows.com
|
| Tenant ID |
From 68c3bd55b7573d765bee63ad7df337b7dd519e55 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Wed, 25 Mar 2020 14:32:25 +0200
Subject: [PATCH 02/10] add note about best practices
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6040
---
.../password-must-meet-complexity-requirements.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
index 20fd54f909..ecc8a51c2b 100644
--- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
@@ -59,6 +59,9 @@ Additional settings that can be included in a custom Passfilt.dll are the use of
### Best practices
+> [!NOTE]
+> For the latest best practices, please check [this article](https://www.microsoft.com/en-us/research/publication/password-guidance/).
+
Set **Passwords must meet complexity requirements** to Enabled. This policy setting, combined with a minimum password length of 8, ensures that there are at least 218,340,105,584,896 different possibilities for a single password. This makes a brute force attack difficult, but still not impossible.
The use of ALT key character combinations can greatly enhance the complexity of a password. However, requiring all users in an organization to adhere to such stringent password requirements can result in unhappy users and an extremely busy Help Desk. Consider implementing a requirement in your organization to use ALT characters in the range from 0128 through 0159 as part of all administrator passwords. (ALT characters outside of this range can represent standard alphanumeric characters that do not add additional complexity to the password.)
From 847d916b597c5eb53a12303a5cf0f547b7ea3cbf Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 25 Mar 2020 15:05:48 +0200
Subject: [PATCH 03/10] Update respond-file-alerts.md
Added improvement to note
---
.../microsoft-defender-atp/respond-file-alerts.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
index 8998da024b..2c33bef617 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
@@ -126,7 +126,8 @@ You can roll back and remove a file from quarantine if you’ve determined that
```
> [!NOTE]
-> Microsoft Defender ATP will restore all files that were quarantined on this machine in the last 30 days.
+> In some scenarios the ThreatName may appear as: EUS:Win32/CustomEnterpriseBlock!cl.
+> Microsoft Defender ATP will restore all custom blocked files that were quarantined on this machine in the last 30 days.
## Add indicator to block or allow a file
From c1a9ba5dbca10ad0b4cc947643b2782f636ca6fe Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 25 Mar 2020 15:06:56 +0200
Subject: [PATCH 04/10] Update respond-file-alerts.md
---
.../microsoft-defender-atp/respond-file-alerts.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
index 2c33bef617..7c05201256 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
@@ -126,7 +126,7 @@ You can roll back and remove a file from quarantine if you’ve determined that
```
> [!NOTE]
-> In some scenarios the ThreatName may appear as: EUS:Win32/CustomEnterpriseBlock!cl.
+> In some scenarios the ThreatName may appear as: EUS:Win32/CustomEnterpriseBlock!cl.
> Microsoft Defender ATP will restore all custom blocked files that were quarantined on this machine in the last 30 days.
## Add indicator to block or allow a file
From 9d72c7a5de1525587b623cbdd107838ad386adbb Mon Sep 17 00:00:00 2001
From: hihayak
Date: Thu, 26 Mar 2020 00:26:13 +0900
Subject: [PATCH 05/10] Update waas-manage-updates-wsus.md
As a note I added, WUA client can fail to apply Feature update if we approve multiple versions of it. Administrators of WSUS should know about that.
---
windows/deployment/update/waas-manage-updates-wsus.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index 14223dbdc3..61bd446af0 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -280,6 +280,8 @@ You can manually approve updates and set deadlines for installation within the W
To simplify the manual approval process, start by creating a software update view that contains only Windows 10 updates.
+> [!NOTE] If you approve more than one feature update for a computer, an error can result with the client. Only approve one feature update per computer.
+
**To approve and deploy feature updates manually**
1. In the WSUS Administration Console, go to Update Services\\*Server_Name*\Updates. In the **Action** pane, click **New Update View**.
From 728dd5cdeaa0b15c3a268122b63b5e090557c6a1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Wed, 25 Mar 2020 09:00:44 -0700
Subject: [PATCH 06/10] Update password-must-meet-complexity-requirements.md
---
.../password-must-meet-complexity-requirements.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
index ecc8a51c2b..b32a32dad0 100644
--- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
@@ -14,7 +14,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 09/08/2017
---
# Password must meet complexity requirements
@@ -60,7 +59,7 @@ Additional settings that can be included in a custom Passfilt.dll are the use of
### Best practices
> [!NOTE]
-> For the latest best practices, please check [this article](https://www.microsoft.com/en-us/research/publication/password-guidance/).
+> For the latest best practices, see [Password Guidance](https://www.microsoft.com/research/publication/password-guidance).
Set **Passwords must meet complexity requirements** to Enabled. This policy setting, combined with a minimum password length of 8, ensures that there are at least 218,340,105,584,896 different possibilities for a single password. This makes a brute force attack difficult, but still not impossible.
From 6b56302223467c6e3cab35e72525e406a8b2bbac Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Wed, 25 Mar 2020 09:01:19 -0700
Subject: [PATCH 07/10] Update password-must-meet-complexity-requirements.md
---
.../password-must-meet-complexity-requirements.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
index b32a32dad0..b713a96ecb 100644
--- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
@@ -58,7 +58,7 @@ Additional settings that can be included in a custom Passfilt.dll are the use of
### Best practices
-> [!NOTE]
+> [!TIP]
> For the latest best practices, see [Password Guidance](https://www.microsoft.com/research/publication/password-guidance).
Set **Passwords must meet complexity requirements** to Enabled. This policy setting, combined with a minimum password length of 8, ensures that there are at least 218,340,105,584,896 different possibilities for a single password. This makes a brute force attack difficult, but still not impossible.
@@ -106,6 +106,6 @@ If your organization has more stringent security requirements, you can create a
The use of ALT key character combinations can greatly enhance the complexity of a password. However, such stringent password requirements can result in additional Help Desk requests. Alternatively, your organization could consider a requirement for all administrator passwords to use ALT characters in the 0128–0159 range. (ALT characters outside of this range can represent standard alphanumeric characters that would not add additional complexity to the password.)
-## Related topics
+## Related articles
- [Password Policy](password-policy.md)
From f9b8a87423f89f3dc2588771f9fe694a04a07747 Mon Sep 17 00:00:00 2001
From: Tina Burden
Date: Wed, 25 Mar 2020 10:01:50 -0700
Subject: [PATCH 08/10] pencil edit
---
windows/deployment/update/waas-manage-updates-wsus.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index 61bd446af0..ba8a3e7ecb 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -280,7 +280,8 @@ You can manually approve updates and set deadlines for installation within the W
To simplify the manual approval process, start by creating a software update view that contains only Windows 10 updates.
-> [!NOTE] If you approve more than one feature update for a computer, an error can result with the client. Only approve one feature update per computer.
+> [!NOTE]
+> If you approve more than one feature update for a computer, an error can result with the client. Only approve one feature update per computer.
**To approve and deploy feature updates manually**
From db3ac0f62b1ce4ea71dd1a317b24dfb4fcea1be4 Mon Sep 17 00:00:00 2001
From: Tina Burden
Date: Wed, 25 Mar 2020 10:02:38 -0700
Subject: [PATCH 09/10] pencil edit
---
windows/deployment/update/waas-manage-updates-wsus.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index ba8a3e7ecb..13b02958f8 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -281,7 +281,7 @@ You can manually approve updates and set deadlines for installation within the W
To simplify the manual approval process, start by creating a software update view that contains only Windows 10 updates.
> [!NOTE]
-> If you approve more than one feature update for a computer, an error can result with the client. Only approve one feature update per computer.
+> If you approve more than one feature update for a computer, an error can result with the client. Approve only one feature update per computer.
**To approve and deploy feature updates manually**
From b4ebe54456399a79d7e914e914d560b9b549dbaf Mon Sep 17 00:00:00 2001
From: Tina Burden
Date: Wed, 25 Mar 2020 10:31:39 -0700
Subject: [PATCH 10/10] pencil edit
---
.../microsoft-defender-atp/respond-file-alerts.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
index 7c05201256..9213bd067e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
@@ -126,7 +126,8 @@ You can roll back and remove a file from quarantine if you’ve determined that
```
> [!NOTE]
-> In some scenarios the ThreatName may appear as: EUS:Win32/CustomEnterpriseBlock!cl.
+> In some scenarios, the **ThreatName** may appear as: EUS:Win32/CustomEnterpriseBlock!cl.
+>
> Microsoft Defender ATP will restore all custom blocked files that were quarantined on this machine in the last 30 days.
## Add indicator to block or allow a file