From b48c0e4bc36527b64be72c0ab919bdb09a2537c0 Mon Sep 17 00:00:00 2001 From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com> Date: Mon, 13 Jul 2020 15:07:03 -0700 Subject: [PATCH 1/3] Update microsoft-defender-antivirus-compatibility.md EDR in block mode link was wrong --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 1c06747e7f..cdb56d3bf7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -27,7 +27,7 @@ manager: dansimp Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection. - If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Microsoft Defender Antivirus automatically goes into disabled mode. - If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.) -- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/shadow-protection) (currently in private preview) enabled, then Microsoft Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack. +- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) (currently in private preview) enabled, then Microsoft Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack. ## Antivirus and Microsoft Defender ATP From 8be00827bcc78359700da22c2257ed92d317e65b Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 14 Jul 2020 12:18:57 -0700 Subject: [PATCH 2/3] Updates per PR#6578 --- .../mdm/vpnv2-profile-xsd.md | 399 +++++++++--------- 1 file changed, 200 insertions(+), 199 deletions(-) diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index eecc7c7075..ecebcd8133 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -1,25 +1,23 @@ --- title: ProfileXML XSD -description: Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. +description: Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. ms.assetid: 2F32E14B-F9B9-4760-AE94-E57F1D4DFDB3 -ms.reviewer: +ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 02/05/2018 +ms.date: 07/14/2020 --- # ProfileXML XSD - -Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. +Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. ## XSD for the VPN profile - ```xml @@ -51,15 +49,15 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro - + - - - - + + + + @@ -89,7 +87,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro - + @@ -115,7 +113,13 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro - + + + + + + + @@ -148,23 +152,25 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro - - + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - + @@ -187,16 +193,79 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro ## Native profile example +```xml + + corp.contoso.com + true + false + corp.contoso.com + contoso.com -``` - - - testServer.VPN.com - IKEv2 - - Eap - - + + Helloworld.Com + + HelloServer + + + + + true + + true + This is my Eku + This is my issuer hash + + + + + + Microsoft.MicrosoftEdge_8wekyb3d8bbwe + + + + + C:\windows\system32\ping.exe + + + + + hrsite.corporate.contoso.com + 1.2.3.4,5.6.7.8 + 5.5.5.5 + true + + + .corp.contoso.com + 10.10.10.10,20.20.20.20 + 100.100.100.100 + + + + + %ProgramFiles%\Internet Explorer\iexplore.exe + + 6 + 10,20-50,100-200 + 20-50,100-200,300 + 30.30.0.0/16,10.10.10.10-20.20.20.20 + ForceTunnel + + + + Microsoft.MicrosoftEdge_8wekyb3d8bbwe + + 3.3.3.3/32,1.1.1.1-2.2.2.2 + + + + testServer.VPN.com + SplitTunnel + IKEv2 + true + + Eap + + 25 @@ -261,178 +330,110 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro - - - SplitTunnel - true - - - -
192.168.0.0
- 24 - - -
10.10.0.0
- 16 - - - - - Microsoft.MicrosoftEdge_8wekyb3d8bbwe - - - - - C:\windows\system32\ping.exe - - - - - - - %ProgramFiles%\Internet Explorer\iexplore.exe - - 6 - 10,20-50,100-200 - 20-50,100-200,300 - 30.30.0.0/16,10.10.10.10-20.20.20.20 - ForceTunnel - - - - Microsoft.MicrosoftEdge_8wekyb3d8bbwe - - 3.3.3.3/32,1.1.1.1-2.2.2.2 - - - - - hrsite.corporate.contoso.com - 1.2.3.4,5.6.7.8 - 5.5.5.5 - true - - - .corp.contoso.com - 10.10.10.10,20.20.20.20 - 100.100.100.100 - - - corp.contoso.com - true - false - corp.contoso.com - contoso.com - - - HelloServer - - Helloworld.Com - - - - true - - true - This is my Eku - This is my issuer hash - - - + + + + + +
192.168.0.0
+ 24 + + +
10.10.0.0
+ 16 + + ``` ## Plug-in profile example - ```xml - - testserver1.contoso.com;testserver2.contoso..com - JuniperNetworks.JunosPulseVpn_cw5n1h2txyewy - true - - -
192.168.0.0
- 24 - - -
10.10.0.0
- 16 - - - - Microsoft.MicrosoftEdge_8wekyb3d8bbwe - - - - - %ProgramFiles%\Internet Explorer\iexplore.exe - - - - - %ProgramFiles%\Internet Explorer\iexplore.exe - - 6 - 10,20-50,100-200 - 20-50,100-200,300 - 30.30.0.0/16,10.10.10.10-20.20.20.20 - - - - - Microsoft.MicrosoftEdge_8wekyb3d8bbwe - - 3.3.3.3/32,1.1.1.1-2.2.2.2 - - - - Microsoft.MicrosoftEdge_8wekyb3d8bbwe - - O:SYG:SYD:(A;;CC;;;AU) - - - - corp.contoso.com - 1.2.3.4,5.6.7.8 - 5.5.5.5 - false - - - corp.contoso.com - 10.10.10.10,20.20.20.20 - 100.100.100.100 - - - true - false - false - false - corp.contoso.com - contoso.com,test.corp.contoso.com - - - HelloServer - - Helloworld.Com - - - - - - - - - - -``` + + true + false + corp.contoso.com + contoso.com,test.corp.contoso.com + false + false -  + + Helloworld.Com + + HelloServer + -  + + + + + + + true + + + + testserver1.contoso.com;testserver2.contoso..com + true + JuniperNetworks.JunosPulseVpn_cw5n1h2txyewy + + + + Microsoft.MicrosoftEdge_8wekyb3d8bbwe + + + + + %ProgramFiles%\Internet Explorer\iexplore.exe + + + + corp.contoso.com + 1.2.3.4,5.6.7.8 + 5.5.5.5 + false + + + corp.contoso.com + 10.10.10.10,20.20.20.20 + 100.100.100.100 + + + + %ProgramFiles%\Internet Explorer\iexplore.exe + + 6 + 10,20-50,100-200 + 20-50,100-200,300 + 30.30.0.0/16,10.10.10.10-20.20.20.20 + + + + + Microsoft.MicrosoftEdge_8wekyb3d8bbwe + + 3.3.3.3/32,1.1.1.1-2.2.2.2 + + + + Microsoft.MicrosoftEdge_8wekyb3d8bbwe + + O:SYG:SYD:(A;;CC;;;AU) + + + +
192.168.0.0
+ 24 + + +
10.10.0.0
+ 16 + + +``` \ No newline at end of file From 3248954b9fa956d2aa4beebe01089e6a8e3d67fd Mon Sep 17 00:00:00 2001 From: Luqman Aden Date: Tue, 14 Jul 2020 10:31:02 -0700 Subject: [PATCH 3/3] VPNProfile XSD: Add missing elements. --- windows/client-management/mdm/vpnv2-profile-xsd.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index ecebcd8133..c0e32c95b7 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -14,7 +14,7 @@ ms.date: 07/14/2020 # ProfileXML XSD -Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. +Here's the XSD for the ProfileXML node in the VPNv2 CSP and VpnManagementAgent::AddProfileFromXmlAsync for Windows 10 and some profile examples. ## XSD for the VPN profile @@ -25,6 +25,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof + @@ -34,6 +35,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof + @@ -107,6 +109,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof + @@ -127,6 +130,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof + @@ -138,6 +142,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof + @@ -155,7 +160,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof - + @@ -176,12 +181,13 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some prof - + +