From 174e4e6952bafe0ea434c4b8014d7385e6963f60 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Fri, 23 Oct 2020 13:04:09 +0300 Subject: [PATCH 01/15] add info about Cloud Windows Hello for Business deployment model https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8423 --- .../hello-for-business/hello-feature-remote-desktop.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index 0ebcd33ec5..8e34c873e2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -23,7 +23,7 @@ ms.reviewer: - Windows 10 - Certificate trust deployments -- Hybrid and On-premises Windows Hello for Business deployments +- Cloud, Hybrid and On-premises Windows Hello for Business deployments - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices - Certificate trust deployments @@ -35,7 +35,7 @@ Microsoft continues to investigate supporting using keys trust for supplied cred **Requirements** -- Hybrid and On-premises Windows Hello for Business deployments +- Cloud, Hybrid and On-premises Windows Hello for Business deployments - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices - Certificate trust deployments - Biometric enrollments From fc189fc8a8f16f81d2d6ba7e07f077696d31cd52 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 26 Oct 2020 10:02:46 +0200 Subject: [PATCH 02/15] Update windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-feature-remote-desktop.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index 8e34c873e2..800ee54bd4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -22,7 +22,6 @@ ms.reviewer: **Requirements** - Windows 10 -- Certificate trust deployments - Cloud, Hybrid and On-premises Windows Hello for Business deployments - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices - Certificate trust deployments From bcdd52d07715e6821e746233ff90957936a9b15d Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 18 Nov 2020 13:18:19 +0200 Subject: [PATCH 03/15] Update windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-feature-remote-desktop.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index 800ee54bd4..d44c977b17 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -22,7 +22,7 @@ ms.reviewer: **Requirements** - Windows 10 -- Cloud, Hybrid and On-premises Windows Hello for Business deployments +- Cloud, Hybrid, and On-premises Windows Hello for Business deployments - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices - Certificate trust deployments From b92fb88b56658e582c0ad224c2ca6bb5ea284c41 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 18 Nov 2020 21:26:58 +0200 Subject: [PATCH 04/15] Update windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-feature-remote-desktop.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index d44c977b17..57b76a1aa8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -34,7 +34,7 @@ Microsoft continues to investigate supporting using keys trust for supplied cred **Requirements** -- Cloud, Hybrid and On-premises Windows Hello for Business deployments +- Cloud, Hybrid, and On-premises Windows Hello for Business deployments - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices - Certificate trust deployments - Biometric enrollments From 778e34c1d7ff525f4d27ba38197ea2b6d43ef83e Mon Sep 17 00:00:00 2001 From: Oludele0315 <79658488+Oludele0315@users.noreply.github.com> Date: Sun, 14 Mar 2021 22:31:25 -0700 Subject: [PATCH 05/15] Update enable-attack-surface-reduction.md @denisebmsft , please review. --- .../enable-attack-surface-reduction.md | 29 ++++++++++++++----- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index ae6ac815b2..bceccdf264 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -32,11 +32,13 @@ ms.technology: mde - Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) -Each ASR rule contains one of three settings: +Each ASR rule contains one of four settings: - Not configured: Disable the ASR rule - Block: Enable the ASR rule - Audit: Evaluate how the ASR rule would impact your organization if enabled +- Warn: Enable the ASR rule but allow the end-user to bypass the block + It's highly recommended you use ASR rules with a Windows E5 license (or similar licensing SKU) to take advantage of the advanced monitoring and reporting capabilities available in [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Defender for Endpoint). However, for other licenses like Windows Professional or E3 that don't have access to advanced monitoring and reporting capabilities, you can develop your own monitoring and reporting tools on top of the events that are generated at each endpoint when ASR rules are triggered (e.g., Event Forwarding). @@ -92,11 +94,13 @@ The following is a sample for reference, using [GUID values for ASR rules](attac `Value: 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84=2|3B576869-A4EC-4529-8536-B80A7769E899=1|D4F940AB-401B-4EfC-AADC-AD5F3C50688A=2|D3E037E1-3EB8-44C8-A917-57927947596D=1|5BEB7EFE-FD9A-4556-801D-275E5FFC04CC=0|BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550=1` -The values to enable, disable, or enable in audit mode are: +The values to enable (Block), disable, warn, or enable in audit mode are: + + • 0 : Disable (Disable the ASR rule) + • 1 : Block (Enable the ASR rule) + • 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled) + • 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block) -- Disable = 0 -- Block (enable ASR rule) = 1 -- Audit = 2 Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions. @@ -138,9 +142,10 @@ Example: Select **Show...** and enter the rule ID in the **Value name** column and your chosen state in the **Value** column as follows: - - Disable = 0 - - Block (enable ASR rule) = 1 - - Audit = 2 + • 0 : Disable (Disable the ASR rule) + • 1 : Block (Enable the ASR rule) + • 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled) + • 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block) ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](../images/asr-rules-gp.png) @@ -158,6 +163,8 @@ Example: 2. Enter the following cmdlet: + To enable ASR rules in enable (block) mode, use the following cmdlet: + ```PowerShell Set-MpPreference -AttackSurfaceReductionRules_Ids -AttackSurfaceReductionRules_Actions Enabled ``` @@ -167,6 +174,12 @@ Example: ```PowerShell Add-MpPreference -AttackSurfaceReductionRules_Ids -AttackSurfaceReductionRules_Actions AuditMode ``` + + To enable ASR rules in warn mode, use the following cmdlet: + + ```PowerShell + Add-MpPreference -AttackSurfaceReductionRules_Ids -AttackSurfaceReductionRules_Actions Warn + ``` To turn off ASR rules, use the following cmdlet: From 5281498d2893b6ad640a884fdc26dcdfd85d11a7 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 17 Mar 2021 09:31:30 +0200 Subject: [PATCH 06/15] Update windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md Co-authored-by: mapalko --- .../hello-for-business/hello-feature-remote-desktop.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index 57b76a1aa8..c66240753c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -22,7 +22,7 @@ ms.reviewer: **Requirements** - Windows 10 -- Cloud, Hybrid, and On-premises Windows Hello for Business deployments +- Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices - Certificate trust deployments From a55fded46efc759d1b716814b4bdfc77cb9a78c9 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 17 Mar 2021 09:32:16 +0200 Subject: [PATCH 07/15] Update windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md Co-authored-by: mapalko --- .../hello-for-business/hello-feature-remote-desktop.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index c66240753c..d96a6787a6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -34,7 +34,7 @@ Microsoft continues to investigate supporting using keys trust for supplied cred **Requirements** -- Cloud, Hybrid, and On-premises Windows Hello for Business deployments +- Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices - Certificate trust deployments - Biometric enrollments From f59482448d3732fd5df752c63ed6ad9d444d0e71 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 17 Mar 2021 09:34:34 +0200 Subject: [PATCH 08/15] remove duplicate entry as advised by mapalko --- .../hello-for-business/hello-feature-remote-desktop.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index d96a6787a6..0f12c2f618 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -24,7 +24,6 @@ ms.reviewer: - Windows 10 - Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices -- Certificate trust deployments Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This functionality is not supported for key trust deployments. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard). From ebc504c9ede7738fde4cf97c1a64c720776f62ce Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 18 Mar 2021 09:53:43 +0200 Subject: [PATCH 09/15] Update windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-feature-remote-desktop.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index 0f12c2f618..3e87af814e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -35,7 +35,6 @@ Microsoft continues to investigate supporting using keys trust for supplied cred - Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices -- Certificate trust deployments - Biometric enrollments - Windows 10, version 1809 From 18c614031855dcd6cb5bc30f5f608e7f6eda0ea5 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Mon, 22 Mar 2021 16:06:57 -0700 Subject: [PATCH 10/15] remove WUfB section --- .../ltsc/whats-new-windows-10-2019.md | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index a34e99e632..62b6502a5e 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -482,26 +482,6 @@ Previously, the customized taskbar could only be deployed using Group Policy or ## Windows Update -### Windows Update for Business - -Windows Update for Business now provides greater control over updates, with the ability to pause and uninstall problematic updates using Intune. For more information, see [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure). - -The pause feature has been changed, and now requires a start date to set up. Users are now able to pause through **Settings > Update & security > Windows Update > Advanced options** in case a policy has not been configured. We have also increased the pause limit on quality updates to 35 days. You can find more information on pause in [Pause Feature Updates](/windows/deployment/update/waas-configure-wufb#pause-feature-updates) and [Pause Quality Updates](/windows/deployment/update/waas-configure-wufb#pause-quality-updates). - - -Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferral periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details. - -WUfB now has additional controls available to manage Windows Insider Program enrollment through policies. For more information, see [Manage Windows Insider Program flights](https://docs.microsoft.com/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-windows-insider-preview-builds). - -Windows Update for Business now provides greater control over updates, with the ability to pause and uninstall problematic updates using Intune. For more information, see [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure). - -The pause feature has been changed, and now requires a start date to set up. Users are now able to pause through **Settings > Update & security > Windows Update > Advanced options** in case a policy has not been configured. We have also increased the pause limit on quality updates to 35 days. You can find more information on pause in [Pause Feature Updates](/windows/deployment/update/waas-configure-wufb#pause-feature-updates) and [Pause Quality Updates](/windows/deployment/update/waas-configure-wufb#pause-quality-updates). - - -Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferral periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details. - -WUfB now has additional controls available to manage Windows Insider Program enrollment through policies. For more information, see [Manage Windows Insider Program flights](https://docs.microsoft.com/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-windows-insider-preview-builds). - ### Windows Insider for Business We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (AAD). By enrolling devices in AAD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](/windows/deployment/update/waas-windows-insider-for-business). From bafb4f7768a638f21e88f5e6d68101f2d006ab11 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 22 Mar 2021 17:02:59 -0700 Subject: [PATCH 11/15] Update hello-feature-remote-desktop.md --- .../hello-for-business/hello-feature-remote-desktop.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index 73e443551f..cbf8bb250e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -57,7 +57,8 @@ Windows Hello for Business emulates a smart card for application compatibility. Users appreciate convenience of biometrics and administrators value the security however, you may experience compatibility issues with your applications and Windows Hello for Business certificates. You can relax knowing a Group Policy setting and a [MDM URI](https://docs.microsoft.com/windows/client-management/mdm/passportforwork-csp) exist to help you revert to the previous behavior for those users who need it. -![WHFB Certificate GP Setting](images/rdpbio/rdpbiopolicysetting.png) +> [!div class="mx-imgBorder"] +> ![WHFB Certificate GP Setting](images/rdpbio/rdpbiopolicysetting.png) > [!IMPORTANT] > The remote desktop with biometric feature does not work with [Dual Enrollment](hello-feature-dual-enrollment.md) feature or scenarios where the user provides alternative credentials. Microsoft continues to investigate supporting the feature. From c07a32ac715b49f6abd33017bee88b444570adfb Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 22 Mar 2021 17:07:43 -0700 Subject: [PATCH 12/15] Simple addition of space to get a new version I'm trying to figure out why two bulleted lists are rendered as paragraphs --- .../microsoft-defender-atp/enable-attack-surface-reduction.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index ae6ac815b2..53a5005894 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -21,6 +21,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** + - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) From a289fa978bb6de567d84045afaa75517005a0b93 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 22 Mar 2021 17:18:51 -0700 Subject: [PATCH 13/15] Changed "quotes" to "quotation marks" --- .../microsoft-defender-atp/enable-attack-surface-reduction.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index 53a5005894..17bf1a2a70 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -147,8 +147,8 @@ Example: 5. To exclude files and folders from ASR rules, select the **Exclude files and paths from Attack surface reduction rules** setting and set the option to **Enabled**. Select **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. -> [!WARNING] -> Do not use quotes as they are not supported for either the **Value name** column or the **Value** column. + > [!WARNING] + > Do not use quotation marks, because they are not supported for either the **Value name** column or the **Value** column. ## PowerShell From 967dd02dc782f12c1dc44f4db3eda8702bed89ee Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 22 Mar 2021 17:51:23 -0700 Subject: [PATCH 14/15] Fix broken bulleted lists This fixes bulleted lists that were broken by commit https://github.com/MicrosoftDocs/windows-docs-pr/pull/4952/commits/778e34c1d7ff525f4d27ba38197ea2b6d43ef83e in PR https://github.com/MicrosoftDocs/windows-itpro-docs/pull/9353 --- .../enable-attack-surface-reduction.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index ef3ef1edff..df36f96ede 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -97,10 +97,10 @@ The following is a sample for reference, using [GUID values for ASR rules](attac The values to enable (Block), disable, warn, or enable in audit mode are: - • 0 : Disable (Disable the ASR rule) - • 1 : Block (Enable the ASR rule) - • 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled) - • 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block) +- 0 : Disable (Disable the ASR rule) +- 1 : Block (Enable the ASR rule) +- 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled) +- 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block) Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions. @@ -143,10 +143,10 @@ Example: Select **Show...** and enter the rule ID in the **Value name** column and your chosen state in the **Value** column as follows: - • 0 : Disable (Disable the ASR rule) - • 1 : Block (Enable the ASR rule) - • 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled) - • 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block) + - 0 : Disable (Disable the ASR rule) + - 1 : Block (Enable the ASR rule) + - 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled) + - 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block) ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](../images/asr-rules-gp.png) From 7f992582b2e0fc92ec831ad5007db138283361a4 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 23 Mar 2021 02:09:47 +0100 Subject: [PATCH 15/15] Link 404 correction (ad385bc follow-up) As noted in issue ticket #9350 (**Link for "Security policy violation indicators" under Share endpoint alerts with Microsoft Compliance Center is not getting redirected properly.**), the link https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-settings.md#indicators does not open the correct page. (To experienced users, it is obvious, because there is a misplaced `.md` within the link, as if it was meant to be a github.com page link.) Thanks to @vikassou for noticing and reporting the link issue. Proposed change: - Remove the misplaced `.md` file extension from the link Closes #9350 --- .../microsoft-defender-atp/advanced-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index 13c41c5a68..4577d64037 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -201,7 +201,7 @@ You'll have access to upcoming features, which you can provide feedback on to he Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data. -After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Defender for Endpoint alerts will be shared with insider risk management for applicable users. +After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings#indicators) in the insider risk management settings, Defender for Endpoint alerts will be shared with insider risk management for applicable users. ## Related topics