deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 05:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #2209 from MicrosoftDocs/repo_sync_working_branch

Browse Source 
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)
This commit is contained in:
Gary Moore 2020-03-05 14:53:56 -08:00 committed by GitHub
commit ced7747799
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
windows/deployment/update/wufb-compliancedeadlines.md
View File

@ -16,15 +16,15 @@ ms.topic: article
Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions. Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions.
The compliance options have changed with the release of Windows 10, version 1903: The compliance options have changed for devices on Windows 10, version 1709 and above:
- [Starting with Windows 10, version 1903](#starting-with-windows-10-version-1903) - [For Windows 10, version 1709 and above](#for-windows-10-version-1709-and-above)
- [Prior to Windows 10, version 1903](#prior-to-windows-10-version-1903) - [For prior to Windows 10, version 1709](#prior-to-windows-10-version-1709)
## Starting with Windows 10, version 1903 ## For Windows 10, version 1709 and above
With a current version of Windows 10, it's best to use the new policy introduced in Windows 10, version 1903: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings: With a current version of Windows 10, it's best to use the new policy introduced in June 2019 to Windows 10, version 1709 and above: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings:
- Update/ConfigureDeadlineForFeatureUpdates - Update/ConfigureDeadlineForFeatureUpdates
- Update/ConfigureDeadlineForQualityUpdates - Update/ConfigureDeadlineForQualityUpdates
@ -43,7 +43,7 @@ Further, the policy includes the option to opt out of automatic restarts until t
|Policy|Description | |Policy|Description |
|-|-| |-|-|
| (starting in Windows 10, version 1903) Specify deadlines for automatic updates and restarts | Similar to the older "Specify deadline before auto-restart for update installation," but starts the deadline countdown from when the update was published. Also introduces a configurable grace period and the option to opt out of automatic restarts until the deadline is reached. | | (For Windows 10, version 1709 and above) Specify deadlines for automatic updates and restarts | Similar to the older "Specify deadline before auto-restart for update installation," but starts the deadline countdown from when the update was published. Also introduces a configurable grace period and the option to opt out of automatic restarts until the deadline is reached. |
@ -51,31 +51,34 @@ Further, the policy includes the option to opt out of automatic restarts until t
|Policy|Location|Quality update deadline in days|Feature update deadline in days|Grace period in days| |Policy|Location|Quality update deadline in days|Feature update deadline in days|Grace period in days|
|-|-|-|-|-| |-|-|-|-|-|
|(starting in Windows 10, version 1903) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts | 7 | 7 | 2 | |(For Windows 10, version 1709 and above) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts | 7 | 7 | 2 |
When **Specify deadlines for automatic updates and restarts** is set (starting in Windows 10, version 1903): When **Specify deadlines for automatic updates and restarts** is set (For Windows 10, version 1709 and above):
**While restart is pending, before the deadline occurs:** - **While restart is pending, before the deadline occurs:**
- For the first few days, the user receives a toast notification
- After this period, the user receives this dialog:
![The notification users get for an impending restart prior to deadline](images/wufb-update-deadline-warning.png) - For the first few days, the user receives a toast notification
- If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur:
![The notification users get for an impending restart 15 minutes prior to restart](images/wufb-restart-imminent-warning.png) - After this period, the user receives this dialog:
**If the restart is still pending after the deadline passes:** ![The notification users get for an impending restart prior to deadline](images/wufb-update-deadline-warning.png)
- Within 12 hours before the deadline passes, the user receives this notification that the deadline is approaching:
![The notification users get for an approaching restart deadline](images/wufb-pastdeadline-restart-warning.png) - If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur:
- Once the deadline has passed, the user is forced to restart to keep their devices in compliance and receives this notification:
![The notification users get for an imminent restart after the deadline](images/wufb-pastdeadline-restartnow.png) ![The notification users get for an impending restart 15 minutes prior to restart](images/wufb-restart-imminent-warning.png)
- **If the restart is still pending after the deadline passes:**
- Within 12 hours before the deadline passes, the user receives this notification that the deadline is approaching:
![The notification users get for an approaching restart deadline](images/wufb-pastdeadline-restart-warning.png)
- Once the deadline has passed, the user is forced to restart to keep their devices in compliance and receives this notification:
![The notification users get for an imminent restart after the deadline](images/wufb-pastdeadline-restartnow.png)
## Prior to Windows 10, version 1709
## Prior to Windows 10, version 1903
Two compliance flows are available: Two compliance flows are available:
@ -119,9 +122,11 @@ Once the device is in the pending restart state, it will attempt to restart the
#### Notification experience for deadline #### Notification experience for deadline
Notification users get for a quality update deadline: Notification users get for a quality update deadline:
![The notification users get for an impending quality update deadline](images/wufb-quality-notification.png) ![The notification users get for an impending quality update deadline](images/wufb-quality-notification.png)
Notification users get for a feature update deadline: Notification users get for a feature update deadline:
![The notification users get for an impending feature update deadline](images/wufb-feature-notification.png) ![The notification users get for an impending feature update deadline](images/wufb-feature-notification.png)
### Deadline with user engagement ### Deadline with user engagement

14
windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
View File

@ -12,7 +12,7 @@ ms.localizationpriority: medium
author: denisebmsft author: denisebmsft
ms.author: deniseb ms.author: deniseb
ms.custom: nextgen ms.custom: nextgen
ms.reviewer: ms.reviewer: ksarens
manager: dansimp manager: dansimp
--- ---
@ -22,14 +22,12 @@ manager: dansimp
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
You can perform various Windows Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. You can perform various Windows Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Windows Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt.
This utility can be useful when you want to automate Windows Defender Antivirus use.
You can find the utility in _%ProgramFiles%\Windows Defender\MpCmdRun.exe_. You must run it from a command prompt.
> [!NOTE] > [!NOTE]
> You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. > You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
>
> If you're running an updated Windows Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
The utility has the following commands: The utility has the following commands:
@ -44,11 +42,11 @@ MpCmdRun.exe -scan -2
| Command | Description | | Command | Description |
|:----|:----| |:----|:----|
| `-?` **or** `-h` | Displays all available options for this tool | | `-?` **or** `-h` | Displays all available options for this tool |
| `-Scan [-ScanType [0\|1\|2\|3]] [-File <path> [-DisableRemediation] [-BootSectorScan]] [-Timeout <days>] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. | | `-Scan [-ScanType [0\|1\|2\|3]] [-File <path> [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout <days>] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. |
| `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing | | `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing |
| `-GetFiles` | Collects support information | | `-GetFiles` | Collects support information |
| `-GetFilesDiagTrack` | Same as `-GetFiles`, but outputs to temporary DiagTrack folder | | `-GetFilesDiagTrack` | Same as `-GetFiles`, but outputs to temporary DiagTrack folder |
| `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set | | `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set |
| `-RemoveDefinitions [-DynamicSignatures]` | Removes only the dynamically downloaded Security intelligence | | `-RemoveDefinitions [-DynamicSignatures]` | Removes only the dynamically downloaded Security intelligence |
| `-RemoveDefinitions [-Engine]` | Restores the previous installed engine | | `-RemoveDefinitions [-Engine]` | Restores the previous installed engine |
| `-SignatureUpdate [-UNC \| -MMPC]` | Checks for new Security intelligence updates | | `-SignatureUpdate [-UNC \| -MMPC]` | Checks for new Security intelligence updates |