diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 330dddba01..2b8f5d0334 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -239,7 +239,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
The data type is boolean. Supported operation is Get and Replace. **InBoxApps/Welcome/CurrentBackgroundPath** -
Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image. +
Background image for the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
The data type is string. Supported operation is Get and Replace. @@ -333,7 +333,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
The data type is integer. Supported operation is Get and Replace. +**Properties/SleepMode** +
Added in Windows 10, version 20H2. Specifies the type of sleep mode for the Surface Hub. + +
Valid values: + +- 0 - Connected Standby (default) +- 1 - Hibernate + +
The data type is integer. Supported operation is Get and Replace. + **Properties/AllowSessionResume**
Added in Windows 10, version 1703. Specifies whether to allow the ability to resume a session when the session times out. diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 125734b5c8..0325decbfc 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -52,7 +52,7 @@ Supported operations include Get, Add, and Delete. Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect. **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId -A sequential integer identifier which allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers. +A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers. Supported operations include Get, Add, Replace, and Delete. @@ -132,7 +132,7 @@ Returns the namespace type. This value can be one of the following: Value type is chr. Supported operation is Get. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DnsServers** -List of comma separated DNS Server IP addresses to use for the namespace. +List of comma-separated DNS Server IP addresses to use for the namespace. Value type is chr. Supported operations include Get, Add, Replace, and Delete. @@ -202,7 +202,7 @@ Numeric value from 0-255 representing the IP protocol to allow. For example, TCP Value type is int. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/LocalPortRanges** -A list of comma separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`. +A list of comma-separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`. > [!NOTE] > Ports are only valid when the protocol is set to TCP=6 or UDP=17. @@ -210,7 +210,7 @@ A list of comma separated values specifying local port ranges to allow. For exam Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RemotePortRanges** -A list of comma separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`. +A list of comma-separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`. > [!NOTE] > Ports are only valid when the protocol is set to TCP=6 or UDP=17. @@ -218,12 +218,12 @@ A list of comma separated values specifying remote port ranges to allow. For exa Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/LocalAddressRanges** -A list of comma separated values specifying local IP address ranges to allow. +A list of comma-separated values specifying local IP address ranges to allow. Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RemoteAddressRanges** -A list of comma separated values specifying remote IP address ranges to allow. +A list of comma-separated values specifying remote IP address ranges to allow. Value type is chr. Supported operations include Get, Add, Replace, and Delete. @@ -243,7 +243,7 @@ Added in Windows 10, version 2004. Specifies the traffic direction to apply this - Outbound - The rule applies to all outbound traffic - Inbound - The rule applies to all inbound traffic -If no inbound filter is provided, then by default all unsolicated inbound traffic will be blocked. +If no inbound filter is provided, then by default all unsolicited inbound traffic will be blocked. Value type is chr. Supported operations include Get, Add, Replace, and Delete. @@ -327,7 +327,7 @@ Valid values: - True = Register the connection's addresses in DNS. **VPNv2/**ProfileName**/DnsSuffix** -Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. +Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. Value type is chr. Supported operations include Get, Add, Replace, and Delete. @@ -345,7 +345,10 @@ Added in Windows 10, version 1607. The XML schema for provisioning all the fiel Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/Proxy** -A collection of configuration objects to enable a post-connect proxy support for VPN. The proxy defined for this profile is applied when this profile is active and connected. +A collection of configuration objects to enable a post-connect proxy support for VPN Force Tunnel connections. The proxy defined for this profile is applied when this profile is active and connected. + +> [!NOTE] +> VPN proxy settings are used only on Force Tunnel connections. On Split Tunnel connections, the general proxy settings are used. **VPNv2/**ProfileName**/Proxy/Manual** Optional node containing the manual server settings. @@ -436,7 +439,7 @@ Required for native profiles. Public or routable IP address or DNS name for the The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. -You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com. +You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com. Value type is chr. Supported operations include Get, Add, Replace, and Delete. @@ -1329,4 +1332,3 @@ Servers - diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 956ca7dc78..c72bdf03e9 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1659,7 +1659,7 @@ You can turn off **Enhanced Notifications** as follows: -or- -- Create a new REG_SZ registry setting named **DisableEnhancedNotifications** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Reporting** to a value of **1**. +- Create a new REG_DWORD registry setting named **DisableEnhancedNotifications** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Reporting** and enter the decimal value **1**. ### 24.1 Windows Defender SmartScreen diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 61198672fc..5e7db538d0 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -3368,9 +3368,9 @@ This security group has not changed since Windows Server 2008. ### Server Operators -Members in the Server Operators group can administer domain servers. This group exists only on domain controllers. By default, the group has no members. Members of the Server Operators group can sign in to a server interactively, create and delete network shared resources, start and stop services, back up and restore files, format the hard disk drive of the computer, and shut down the computer. This group cannot be renamed, deleted, or moved. +Members in the Server Operators group can administer domain controllers. This group exists only on domain controllers. By default, the group has no members. Members of the Server Operators group can sign in to a server interactively, create and delete network shared resources, start and stop services, back up and restore files, format the hard disk drive of the computer, and shut down the computer. This group cannot be renamed, deleted, or moved. -By default, this built-in group has no members, and it has access to server configuration options on domain controllers. Its membership is controlled by the service administrator groups, Administrators and Domain Admins, in the domain, and the Enterprise Admins group. Members in this group cannot change any administrative group memberships. This is considered a service administrator account because its members have physical access to domain controllers, they can perform maintenance tasks (such as backup and restore), and they have the ability to change binaries that are installed on the domain controllers. Note the default user rights in the following table. +By default, this built-in group has no members, and it has access to server configuration options on domain controllers. Its membership is controlled by the service administrator groups Administrators and Domain Admins in the domain, and the Enterprise Admins group in the forest root domain. Members in this group cannot change any administrative group memberships. This is considered a service administrator account because its members have physical access to domain controllers, they can perform maintenance tasks (such as backup and restore), and they have the ability to change binaries that are installed on the domain controllers. Note the default user rights in the following table. The Server Operators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable). diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 742dd80951..1d0b90717a 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -160,7 +160,7 @@ You can view System Information to check that Windows Defender Credential Guard 2. Click **System Summary**. -3. Confirm that **Credential Guard** is shown next to **Virtualization-based security Services Configured**. +3. Confirm that **Credential Guard** is shown next to **Virtualization-based security Services Running**. Here's an example: diff --git a/windows/security/identity-protection/credential-guard/images/credguard-msinfo32.png b/windows/security/identity-protection/credential-guard/images/credguard-msinfo32.png index d9af0e8fc4..46f838c8d2 100644 Binary files a/windows/security/identity-protection/credential-guard/images/credguard-msinfo32.png and b/windows/security/identity-protection/credential-guard/images/credguard-msinfo32.png differ diff --git a/windows/security/identity-protection/vpn/images/vpn-connection-intune.png b/windows/security/identity-protection/vpn/images/vpn-connection-intune.png index bf551eabb7..8098b3445e 100644 Binary files a/windows/security/identity-protection/vpn/images/vpn-connection-intune.png and b/windows/security/identity-protection/vpn/images/vpn-connection-intune.png differ diff --git a/windows/security/identity-protection/vpn/images/vpn-custom-xml-intune.png b/windows/security/identity-protection/vpn/images/vpn-custom-xml-intune.png index 94cbb2c5cb..c6437e95d1 100644 Binary files a/windows/security/identity-protection/vpn/images/vpn-custom-xml-intune.png and b/windows/security/identity-protection/vpn/images/vpn-custom-xml-intune.png differ diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index fc09e68a62..9aee353de2 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -74,10 +74,12 @@ Two client-side configuration service providers are leveraged for VPN device com - Collects TPM data used to verify health states - Forwards the data to the Health Attestation Service (HAS) - Provisions the Health Attestation Certificate received from the HAS - - Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification + - Upon request, forward the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification > [!NOTE] -> Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. +> Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. +> +> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has the user UPN from AzureAD in Subject and SAN (Subject Alternative Name), the VPN profile must be modified to ensure that the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing the entry **UseRasCredentials** from 1 (default) to 0 (zero). ## Client connection flow diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md index 92c4d2b8c5..d825487b05 100644 --- a/windows/security/identity-protection/vpn/vpn-connection-type.md +++ b/windows/security/identity-protection/vpn/vpn-connection-type.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security, networking author: dulcemontemayor ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/13/2020 ms.reviewer: manager: dansimp ms.author: dansimp @@ -61,11 +61,11 @@ There are a number of Universal Windows Platform VPN applications, such as Pulse See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration. -The following image shows connection options in a VPN Profile configuration policy using Microsoft Intune. +The following image shows connection options in a VPN Profile configuration policy using Microsoft Intune:  -In Intune, you can also include custom XML for third-party plug-in profiles. +In Intune, you can also include custom XML for third-party plug-in profiles:  diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md index cb543ad1cd..ae26cfc95a 100644 --- a/windows/security/identity-protection/vpn/vpn-guide.md +++ b/windows/security/identity-protection/vpn/vpn-guide.md @@ -6,7 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: dulcemontemayor ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/13/2020 ms.reviewer: manager: dansimp ms.author: dansimp @@ -20,12 +20,12 @@ ms.author: dansimp - Windows 10 - Windows 10 Mobile -This guide will walk you through the decisions you will make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10. +This guide will walk you through the decisions you will make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10. - +To create a Windows 10 VPN device configuration profile see: [Windows 10 and Windows Holographic device settings to add VPN connections using Intune](https://docs.microsoft.com/mem/intune/configuration/vpn-settings-windows-10). ->[!NOTE] ->This guide does not explain server deployment. +> [!NOTE] +> This guide does not explain server deployment. ## In this guide @@ -43,7 +43,5 @@ This guide will walk you through the decisions you will make for Windows 10 clie ## Learn more -- [VPN connections in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/vpn-connections-in-microsoft-intune) - - +- [Create VPN profiles to connect to VPN servers in Intune](https://docs.microsoft.com/mem/intune/configuration/vpn-settings-configure) diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index 29b5df1daf..077c2d4c8f 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -34,7 +34,6 @@ The following table lists the VPN settings and whether the setting can be config | Routing: forced-tunnel | yes | | Authentication (EAP) | yes, if connection type is built-in | | Conditional access | yes | -| Proxy settings | yes, by PAC/WPAD file or server and port | | Name resolution: NRPT | yes | | Name resolution: DNS suffix | no | | Name resolution: persistent | no | @@ -45,6 +44,10 @@ The following table lists the VPN settings and whether the setting can be config | LockDown | no | | Windows Information Protection (WIP) | yes | | Traffic filters | yes | +| Proxy settings | yes, by PAC/WPAD file or server and port | + +> [!NOTE] +> VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections, the general proxy settings are used. The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This is particularly useful for deploying profiles with features that are not yet supported by MDMs. You can get additional examples in the [ProfileXML XSD](https://msdn.microsoft.com/library/windows/hardware/mt755930.aspx) topic. diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index 131a256f82..551b239d72 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -62,7 +62,7 @@ A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant B The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment. > [!IMPORTANT] -> From Windows 7, you can encrypt an OS drive without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://blogs.technet.microsoft.com/tip_of_the_day/2014/01/22/tip-of-the-day-bitlocker-without-tpm-or-usb/). +> From Windows 7, you can encrypt an OS drive without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://social.technet.microsoft.com/Forums/en-US/eac2cc67-8442-42db-abad-2ed173879751/bitlocker-without-tpm?forum=win10itprosetup). > [!NOTE] > TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature. @@ -74,6 +74,8 @@ The hard disk must be partitioned with at least two drives: - The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system. - The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker is not enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. We recommend that system drive be approximately 350 MB in size. After BitLocker is turned on it should have approximately 250 MB of free space. +A fixed data volume or removable data volume cannot be marked as an active partition. + When installed on a new computer, Windows will automatically create the partitions that are required for BitLocker. When installing the BitLocker optional component on a server you will also need to install the Enhanced Storage feature, which is used to support hardware encrypted drives. @@ -98,4 +100,3 @@ When installing the BitLocker optional component on a server you will also need | [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic for IT pros describes how to protect CSVs and SANs with BitLocker.| | [Enabling Secure Boot and BitLocker Device Encryption on Windows 10 IoT Core](https://developer.microsoft.com/windows/iot/docs/securebootandbitlocker) | This topic covers how to use BitLocker with Windows 10 IoT Core | - diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 2e9b5977ec..144ddb363c 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -161,7 +161,7 @@ ###### [Detect and block Potentially Unwanted Applications](microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) ###### [Enable and configure always-on protection and monitoring](microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) -##### [Antivirus on Windows Server 2016](microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md) +##### [Antivirus on Windows Server](microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md) ##### [Antivirus compatibility]() ###### [Compatibility charts](microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md) @@ -179,29 +179,29 @@ ##### [Deploy, manage updates, and report on antivirus]() ###### [Preparing to deploy](microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md) ###### [Deploy and enable antivirus](microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md) -####### [Deployment guide for VDI environments](microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md) +###### [Deployment guide for VDI environments](microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md) ###### [Report on antivirus protection]() -####### [Review protection status and alerts](microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md) -####### [Troubleshoot antivirus reporting in Update Compliance](microsoft-defender-antivirus/troubleshoot-reporting.md) +###### [Review protection status and alerts](microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md) +###### [Troubleshoot antivirus reporting in Update Compliance](microsoft-defender-antivirus/troubleshoot-reporting.md) ###### [Manage updates and apply baselines]() -####### [Learn about the different kinds of updates](microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md) -####### [Manage protection and security intelligence updates](microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md) -####### [Manage when protection updates should be downloaded and applied](microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md) -####### [Manage updates for endpoints that are out of date](microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md) -####### [Manage event-based forced updates](microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md) -####### [Manage updates for mobile devices and VMs](microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) +###### [Learn about the different kinds of updates](microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md) +###### [Manage protection and security intelligence updates](microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md) +###### [Manage when protection updates should be downloaded and applied](microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md) +###### [Manage updates for endpoints that are out of date](microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md) +###### [Manage event-based forced updates](microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md) +###### [Manage updates for mobile devices and VMs](microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md) ##### [Customize, initiate, and review the results of scans and remediation]() ###### [Configuration overview](microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md) ###### [Configure and validate exclusions in antivirus scans]() -####### [Exclusions overview](microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md) -####### [Configure and validate exclusions based on file name, extension, and folder location](microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md) -####### [Configure and validate exclusions for files opened by processes](microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) -####### [Configure antivirus exclusions Windows Server 2016](microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md) -####### [Common mistakes when defining exclusions](microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md) +###### [Exclusions overview](microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md) +###### [Configure and validate exclusions based on file name, extension, and folder location](microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md) +###### [Configure and validate exclusions for files opened by processes](microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) +###### [Configure antivirus exclusions Windows Server](microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md) +###### [Common mistakes when defining exclusions](microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md) ###### [Configure scanning antivirus options](microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md) ###### [Configure remediation for scans](microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md) ###### [Configure scheduled scans](microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md) @@ -215,10 +215,10 @@ ###### [Management overview](microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md) ###### [Configure and validate exclusions in antivirus scans]() -####### [Exclusions overview](microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md) -####### [Configure and validate exclusions based on file name, extension, and folder location](microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md) -####### [Configure and validate exclusions for files opened by processes](microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) -####### [Configure antivirus exclusions on Windows Server 2016](microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md) +###### [Exclusions overview](microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md) +###### [Configure and validate exclusions based on file name, extension, and folder location](microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md) +###### [Configure and validate exclusions for files opened by processes](microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) +###### [Configure antivirus exclusions on Windows Server](microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md) ###### [Configure scanning options](microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md) @@ -230,7 +230,7 @@ ###### [Run and review the results of an offline scan](microsoft-defender-antivirus/microsoft-defender-offline.md) ###### [Restore quarantined files](microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md) -#### [Better together: Microsoft Defender Antivirus and Microsoft Defender ATP](microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md) +#### [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md) #### [Better together: Microsoft Defender Antivirus and Office 365](microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 867aadf0d5..98392dd180 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -1,6 +1,6 @@ --- title: Federal Information Processing Standard (FIPS) 140 Validation -description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140. +description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140. ms.prod: w10 audience: ITPro author: dansimp @@ -16,41 +16,48 @@ ms.reviewer: ## FIPS 140-2 standard overview -The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard that defines minimum security requirements for cryptographic modules in information technology products, as defined in Section 5131 of the Information Technology Management Reform Act of 1996. +The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. -The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program), a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover eleven areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module. +The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program) is a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). It validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover 11 areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module. ## Microsoft’s approach to FIPS 140-2 validation -Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since the inception of the standard in 2001. Microsoft validates its cryptographic modules under the NIST CMVP, as described above. Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules. +Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. Microsoft validates its cryptographic modules under the NIST CMVP, as described above. Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules. ## Using Windows in a FIPS 140-2 approved mode of operation -Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation. This is commonly referred to as “FIPS mode.” When this mode is enabled, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows cryptographic operations are run. These self-tests are run in accordance with FIPS 140-2 Section 4.9 and are utilized to ensure that the modules are functioning properly. The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by this mode of operation. The FIPS 140-2 approved mode of operation will not prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. For applications or components beyond the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library, FIPS mode is merely advisory. +Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation, commonly referred to as "FIPS mode." If you turn on FIPS mode, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows runs cryptographic operations. These self-tests are run according to FIPS 140-2 Section 4.9. They ensure that the modules are functioning properly. -While US government regulations continue to mandate that FIPS mode be enabled on government computers running Windows, our recommendation is that it is each customer’s decision to make when considering enabling FIPS mode. There are many applications and protocols that look to the FIPS mode policy to determine which cryptographic functionality should be utilized in a given solution. We recommend that customers hoping to comply with FIPS 140-2 research the configuration settings of applications and protocols they may be using to ensure their solutions can be configured to utilize the FIPS 140-2 validated cryptography provided by Windows when it is operating in FIPS 140-2 approved mode. +The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by FIPS mode. FIPS mode won't prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. FIPS mode is merely advisory for applications or components other than the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library. + +US government regulations continue to mandate FIPS mode for government devices running Windows. Other customers should decide for themselves if FIPS mode is right for them. There are many applications and protocols that use FIPS mode policy to determine which cryptographic functionality to run. Customers seeking to follow the FIPS 140-2 standard should research the configuration settings of their applications and protocols. This research will help ensure that they can be configured to use FIPS 140-2 validated cryptography. Achieving this FIPS 140-2 approved mode of operation of Windows requires administrators to complete all four steps outlined below. ### Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed -Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated. This is accomplished by cross-checking the version number of the cryptographic module with the table of validated modules at the end of this topic, organized by operating system release. +Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated. Tables listing validated modules, organized by operating system release, are available later in this article. ### Step 2: Ensure all security policies for all cryptographic modules are followed -Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode. The security policy may be found in each module’s published Security Policy Document (SPD). The SPDs for each module may be found by following the links in the table of validated modules at the end of this topic. Click on the module version number to view the published SPD for the module. - +Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode. The security policy may be found in each module’s published Security Policy Document (SPD). The SPDs for each module may be found in the table of validated modules at the end of this article. Select the module version number to view the published SPD for the module. + ### Step 3: Enable the FIPS security policy -Windows provides the security policy setting, “System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode. When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode. The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing). +Windows provides the security policy setting, *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*. This setting is used by some Microsoft products to determine whether to run in FIPS mode. When this policy is turned on, the validated cryptographic modules in Windows will also operate in FIPS mode. This policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing). -### Step 4: Ensure only FIPS validated cryptographic algorithms are used +### Step 4: Ensure that only FIPS validated cryptographic algorithms are used -Neither the operating system nor the cryptographic modules can enforce a FIPS approved mode of operation, regardless of the FIPS security policy setting. To run in a FIPS approved mode, an application or service must check for the policy flag and enforce the security policies of the validated modules. If an application or service uses a non-approved cryptographic algorithm or does not follow the security policies of the validated modules, it is not operating in a FIPS approved mode. +FIPS mode is enforced at the level of the application or service. It is not enforced by the operating system or by individual cryptographic modules. Applications or services running in FIPS mode must follow the security policies of validated modules. They must not use a cryptographic algorithm that isn't FIPS-compliant. + +In short, an application or service is running in FIPS mode if it: + +* Checks for the policy flag +* Enforces security policies of validated modules ## Frequently asked questions -### How long does it take to certify cryptographic modules? +### How long does it take to certify a cryptographic module? Microsoft begins certification of cryptographic modules after each major feature release of Windows 10 and Windows Server. The duration of each evaluation varies, depending on many factors. @@ -58,29 +65,29 @@ Microsoft begins certification of cryptographic modules after each major feature The cadence for starting module validation aligns with the feature updates of Windows 10 and Windows Server. As the software industry evolves, operating systems release more frequently. Microsoft completes validation work on major releases but, in between releases, seeks to minimize the changes to the cryptographic modules. -### What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”? +### What is the difference between *FIPS 140 validated* and *FIPS 140 compliant*? -“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality. +*FIPS 140 validated* means that the cryptographic module, or a product that embeds the module, has been validated ("certified") by the CMVP as meeting the FIPS 140-2 requirements. *FIPS 140 compliant* is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality. -### I need to know if a Windows service or application is FIPS 140-2 validated. +### How do I know if a Windows service or application is FIPS 140-2 validated? -The cryptographic modules leveraged in Windows are validated through the CMVP, not individual services, applications, hardware peripherals, or other solutions. For a solution to be considered compliant, it must call a FIPS 140-2 validated cryptographic module in the underlying OS and the OS must be configured to run in FIPS mode. Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module. +The cryptographic modules used in Windows are validated through the CMVP. They aren't validated by individual services, applications, hardware peripherals, or other solutions. Any compliant solution must call a FIPS 140-2 validated cryptographic module in the underlying OS, and the OS must be configured to run in FIPS mode. Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module. -### What does "When operated in FIPS mode" mean on a certificate? +### What does *When operated in FIPS mode* mean on a certificate? -This caveat identifies required configuration and security rules that must be followed to use the cryptographic module in a way that is consistent with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module. +This label means that certain configuration and security rules must be followed to use the cryptographic module in compliance with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module. ### What is the relationship between FIPS 140-2 and Common Criteria? -These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria is designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly. +FIPS 140-2 and Common Criteria are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules. Common Criteria are designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly. ### How does FIPS 140 relate to Suite B? -Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS Approved cryptographic algorithms as allowed by the FIPS 140-2 standard. +Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS approved cryptographic algorithms allowed by the FIPS 140-2 standard. ### Is SMB3 (Server Message Block) FIPS 140 compliant in Windows? -When Windows is configured to operate in FIPS 140 approved mode on both client and server, SMB3 is FIPS 140 compliant and relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations. +SMB3 can be FIPS 140 compliant, if Windows is configured to operate in FIPS 140 mode on both client and server. In FIPS mode, SMB3 relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations. ## Microsoft FIPS 140-2 validated cryptographic modules @@ -314,7 +321,7 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
FIPS Approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)
+
FIPS approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)
Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278)
FIPS Approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)
+
FIPS approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)
Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.#1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.#1281)
FIPS Approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)
+FIPS approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)
Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)
FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
+FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)
+FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)
FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)
+FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)
FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886)
FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887)
FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)
Other algorithms: MD5; PBKDF (non-compliant); VMK KDF
+
Other algorithms: NDRNG; MD5
+
Other algorithms: MD5
FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
+
FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
Other algorithms: AES (non-compliant); MD5
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)
FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
+
FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
Other algorithms: MD5
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)
FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
+
FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664)
FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
+
FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663)
+
Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
+
Other algorithms: MD5; NDRNG
+
Other algorithms: MD5
FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
+
FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
Other algorithms: AES (non-compliant); MD5
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)
FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
+
FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
Other algorithms: MD5
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)
FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
+
FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575)
FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
+
FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576)
+
Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
+
Other algorithms: MD5; NDRNG
+
Other algorithms: MD5
FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
+
FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
Other algorithms: AES (non-compliant); MD5
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)
FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
+
FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
Other algorithms: MD5
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)
FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+
FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323)
FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+
FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)
+
Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
+
Other algorithms: MD5; NDRNG
+
Other algorithms: MD5
+
Other algorithms: N/A
FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
+
FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
Other algorithms: MD5
Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)
+
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
+
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
+
Other algorithms: MD5
+
Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
+
Other algorithms: MD5
+
Other algorithms: N/A
+
Other algorithms: MD5
+
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Cert., vendor affirmed)
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed)
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert., key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+
-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)
-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
+
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
+
Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)
@@ -913,7 +920,7 @@ Validated Editions: Windows 7, Windows 7 SP1
+
Other algorithms: MD5
+
Other algorithms: Elephant Diffuser
+
Other algorithms: MD5
(no change in SP1)
+
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
(no change in SP1)
+
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+
Other algorithms: MD5
+
Other algorithms: MD5
FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert. and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
FIPS approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert. and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
FIPS Approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
FIPS approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
FIPS Approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
FIPS approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
+
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
+
Other algorithms: Elephant Diffuser
+
-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5
FIPS Approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)
+FIPS approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)
Other algorithms: DES; MD5; HMAC MD5
FIPS Approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)
-Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4
FIPS approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)
+Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4
FIPS Approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)
-Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits)
FIPS approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)
+Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits)
FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)
+FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)
Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)
FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)
+FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)
Other algorithms: DES (Cert. #156); RC2; RC4; MD5
FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)
+FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)
Other algorithms: DES (Cert. #156); RC2; RC4; MD5
FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)
+FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)
Other algorithms: DES (Cert. #89)
FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)
+FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)
Other algorithms: DES (Certs. #89)
(DSS/DH Enh: 5.0.2195.3665 [SP3])
FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)
+FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)
Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5
FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)
+FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)
Other algorithms: DES (Certs. #89)
FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)
+FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)
Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5
(DSS/DH Enh: 5.0.2150.1391 [SP1])
FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)
+FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)
Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5
FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)
+FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)
Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
FIPS Approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)
+FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)
Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
+
Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
+
Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
+
Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)
Other algorithms: MD5; PBKDF (non-compliant); VMK KDF
+
Other algorithms: NDRNG; MD5
+
Other algorithms: MD5
+
Other algorithms: AES (non-compliant); MD5
+
Other algorithms: MD5
+
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
+
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
+
Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
+
Other algorithms: MD5; NDRNG
+
Other algorithms: MD5
+
Other algorithms: N/A
+
Other algorithms: MD5
+
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
+
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
+
Other algorithms: MD5
+
Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
+
Other algorithms: MD5
+
Other algorithms: N/A
+
Other algorithms: MD5
+
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+
-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+
Other algorithms: MD5
+
Other algorithms: MD5
+
Other algorithms: MD5
+
--Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
+
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4
+
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
+
Other algorithms: Elephant Diffuser
+
Other algorithms: N/A
+
Other algorithms: MD5
+
Other algorithms: MD5
+
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert. and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert. and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
+
--Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
+
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
FIPS Approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)
-Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4
FIPS approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)
+Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4
FIPS Approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)
+FIPS approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)
Other algorithms: DES; HMAC-MD5
FIPS Approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)
-Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
FIPS approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)
+Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])
+FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])
Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)
[1] x86
[2] SP1 x86, x64, IA64
FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])
+FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])
Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5
[1] x86
[2] SP1 x86, x64, IA64
FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)
+FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)
Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40
[1] x86
[2] SP1 x86, x64, IA64
FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])
+FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])
Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)
[1] x86
[2] SP1 x86, x64, IA64
FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])
+FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])
Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5
[1] x86
[2] SP1 x86, x64, IA64
FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)
+FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)
Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40
[1] x86
[2] SP1 x86, x64, IA64
FIPS Approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)
-Allowed algorithms: HMAC-MD5; MD5; NDRNG
FIPS approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)
+Allowed algorithms: HMAC-MD5, MD5, NDRNG
FIPS Approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)
-Allowed algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength
FIPS approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)
+Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength
FIPS Approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])
+FIPS approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])
Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES
FIPS Approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)
+FIPS approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)
Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5
-
@@ -2393,7 +2400,7 @@ The following tables are organized by cryptographic algorithms with their modes,
- Key Lengths: 128, 192, 256 (bits)
- Tag Lengths: 96, 104, 112, 120, 128 (bits)
- Plain Text Lengths: 0, 8, 1016, 1024 (bits) -
- AAD Lengths: 0, 8, 1016, 1024 (bits) +
- Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
- 96 bit IV supported
-
@@ -2499,7 +2506,7 @@ The following tables are organized by cryptographic algorithms with their modes,
- Key Lengths: 128, 192, 256 (bits)
- Tag Lengths: 96, 104, 112, 120, 128 (bits)
- Plain Text Lengths: 0, 8, 1016, 1024 (bits) -
- AAD Lengths: 0, 8, 1016, 1024 (bits) +
- Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
- 96 bit IV supported
-
@@ -2606,7 +2613,7 @@ The following tables are organized by cryptographic algorithms with their modes,
- Key Lengths: 128, 192, 256 (bits)
- Tag Lengths: 96, 104, 112, 120, 128 (bits)
- Plain Text Lengths: 0, 8, 1016, 1024 (bits) -
- AAD Lengths: 0, 8, 1016, 1024 (bits) +
- Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
- 96 bit IV supported
AES Val#4902
+Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900
Version 10.0.15063.674
AES Val#4901
+Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899
Version 10.0.15254
AES Val#4897
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898
Version 10.0.16299
AES Val#4902
+Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896
Version 10.0.15063.674
AES Val#4901
+Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895
Version 10.0.15254
AES Val#4897
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894
Version 10.0.16299
KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
-AES Val#4624
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626
Version 10.0.15063
CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
-AES Val#4624
+
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625
Version 10.0.15063
CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); 96BitIV_Supported
-GMAC_Supported
+IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported
+GMAC supported
XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624
Version 10.0.15063
CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
-GMAC_Supported
+GMAC supported
XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064
Version 10.0.14393
KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048)
-AES Val#4064
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062
Version 10.0.14393
CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
-AES Val#4064
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061
Version 10.0.14393
KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
-AES Val#3629
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652
Version 10.0.10586
CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
-AES Val#3629
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653
Version 10.0.10586
CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
-GMAC_Supported
+GMAC supported
XTS((KS: XTS_128((e/d) (f)) KS: XTS_256((e/d) (f))
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
@@ -2840,13 +2847,13 @@ GMAC_Supported
KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
-AES Val#3497
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507
Version 10.0.10240
CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
-AES Val#3497
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498
Version 10.0.10240
CMAC(Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
-GMAC_Supported
+GMAC supported
XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
Version 10.0.10240
CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
-AES Val#2832
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations #2848
Version 6.3.9600
CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); AAD Lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96BitIV_Supported;
+
IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported;
OtherIVLen_Supported
-GMAC_Supported
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
+GMAC supportedWindows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
Version 6.3.9600
CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
-AES Val#2197
CMAC (Generation/Verification) (KS: 128; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
-AES Val#2197
GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); AAD Lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96BitIV_Supported
-GMAC_Supported
+GMAC supported
CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16 ) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
-AES Val#2196
CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
+-AES Val#1168
+AES validation number 1168
Windows Server 2008 R2 and SP1 CNG algorithms #1187
Windows 7 Ultimate and SP1 CNG algorithms #1178
-AES Val#1168
+AES validation number 1168
Windows Server 2008 CNG algorithms #757
Windows Vista Ultimate SP1 CNG algorithms #756
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556
Version 10.0.15063
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555
Version 10.0.15063
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433
Version 7.00.2872
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432
Version 8.00.6246
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430
Version 7.00.2872
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429
Version 8.00.6246
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222
Version 10.0.14393
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217
Version 10.0.14393
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955
Version 10.0.10586
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868
Version 10.0.10240
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
Version 6.3.9600
PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)]
-SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256); ]
+SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-SHS: Val#3790
-DRBG: Val# 1555
+ +DRBG: validation number 1555
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223
Version 10.0.15063
-PQG(ver)PARMS TESTED: [(1024,160) SHA(1); ]
-SIG(ver)PARMS TESTED: [(1024,160) SHA(1); ]
-SHS: Val# 3649
+SIG(ver)PARMS TESTED: [(1024,160) SHA(1)]
+SHS: validation number 3649
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188
Version 7.00.2872
-PQG(ver)PARMS TESTED: [(1024,160) SHA(1); ]
-SIG(ver)PARMS TESTED: [(1024,160) SHA(1); ]
-SHS: Val#3648
+SIG(ver)PARMS TESTED: [(1024,160) SHA(1)]
+SHS: validation number 3648
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187
Version 8.00.6246
PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)]
SIG(gen)PARMS TESTED: [(2048,256)
-SHA(256); (3072,256) SHA(256); ]
+SHA(256); (3072,256) SHA(256)]
SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] -
SHS: Val# 3347
-DRBG: Val# 1217
SHS: validation number 3347
+DRBG: validation number 1217
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098
Version 10.0.14393
FIPS186-4:
PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-KeyPairGen: [(2048,256); (3072,256)] SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256); ]
+KeyPairGen: [(2048,256); (3072,256)] SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SHS: validation number 3047
+DRBG: validation number 955
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024
Version 10.0.10586
-DRBG: Val# 868 +SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] +
SHS: validation number 2886
+DRBG: validation number 868
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983
Version 10.0.10240
PQG(ver)PARMS TESTED: [(2048,256)
SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)]
-SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256); ]
+SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] -
SHS: Val# 2373
-DRBG: Val# 489
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
+SHS: validation number 2373
+DRBG: validation number 489
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
Version 6.3.9600
DRBG: #258
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 687.
SIG(ver) MOD(1024);
SHS: #1902
DRBG: #258
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 686.
SIG(ver) MOD(1024);
-SHS: Val# 1773
-DRBG: Val# 193
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645.
+DRBG: validation number 193
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 645.
SIG(ver) MOD(1024);
-SHS: Val# 1081
-DRBG: Val# 23
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386.
+DRBG: validation number 23
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 391. See Historical DSA List validation number 386.
Windows Server 2008 R2 and SP1 CNG algorithms #391
Windows 7 Ultimate and SP1 CNG algorithms #386
SIG(ver) MOD(1024);
-SHS: Val# 1081
-RNG: Val# 649
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385.
+RNG: validation number 649
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 390. See Historical DSA List validation number 385.
Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390
Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385
SIG(ver) MOD(1024);
-SHS: Val# 753
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 284. See Historical DSA List validation number 283.
Windows Server 2008 CNG algorithms #284
Windows Vista Ultimate SP1 CNG algorithms #283
SIG(ver) MOD(1024);
-SHS: Val# 753
-RNG: Val# 435
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281.
+RNG: validation number 435
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 282. See Historical DSA List validation number 281.
Windows Server 2008 Enhanced DSS (DSSENH) #282
Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281
SIG(ver) MOD(1024);
-SHS: Val# 618
-RNG: Val# 321
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226.
+RNG: validation number 321
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 227. See Historical DSA List validation number 226.
Windows Vista CNG algorithms #227
Windows Vista Enhanced DSS (DSSENH) #226
SIG(ver) MOD(1024);
-SHS: Val# 784
-RNG: Val# 448
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292.
+RNG: validation number 448
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 292.
SIG(ver) MOD(1024);
-SHS: Val# 783
-RNG: Val# 447
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291.
+RNG: validation number 447
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 291.
KEYGEN(Y) MOD(1024);
SIG(gen) MOD(1024);
SIG(ver) MOD(1024);
-SHS: Val# 611
-RNG: Val# 314 +SHS: validation number 611
+RNG: validation number 314
KEYGEN(Y) MOD(1024);
SIG(gen) MOD(1024);
SIG(ver) MOD(1024);
-SHS: Val# 385 +SHS: validation number 385
KEYGEN(Y) MOD(1024);
SIG(gen) MOD(1024);
SIG(ver) MOD(1024);
-SHS: Val# 181
+SHS: validation number 181
Prerequisite: SHS #2373, DRBG #489
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263
Version 6.3.9600
PKG: CURVES(P-256 P-384 TestingCandidates)
-SHS: Val#3790
-DRBG: Val# 1555
+DRBG: validation number 1555
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136
Version 10.0.15063
PKV: CURVES(P-256 P-384 P-521)
SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
-SHS: Val#3790
-DRBG: Val# 1555 +SHS: validation number 3790
+DRBG: validation number 1555
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135
Version 10.0.15063
PKV: CURVES(P-256 P-384 P-521)
SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
-SHS: Val#3790
-DRBG: Val# 1555 +SHS: validation number 3790
+DRBG: validation number 1555
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133
Version 10.0.15063
PKV: CURVES(P-256 P-384 P-521)
SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
-SHS:Val# 3649
-DRBG:Val# 1430 +SHS:validation number 3649
+DRBG:validation number 1430
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073
Version 7.00.2872
PKV: CURVES(P-256 P-384 P-521)
SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
-SHS:Val#3648
-DRBG:Val# 1429 +SHS:validation number 3648
+DRBG:validation number 1429
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072
Version 8.00.6246
PKV: CURVES(P-256 P-384)
SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384)) -
SHS: Val# 3347
-DRBG: Val# 1222
SHS: validation number 3347
+DRBG: validation number 1222
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920
Version 10.0.14393
PKV: CURVES(P-256 P-384 P-521)
SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) -
SHS: Val# 3347
-DRBG: Val# 1217
SHS: validation number 3347
+DRBG: validation number 1217
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911
Version 10.0.14393
-DRBG: Val# 955 +
SHS: validation number 3047
+DRBG: validation number 955
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760
Version 10.0.10586
-DRBG: Val# 868 +
SHS: validation number 2886
+DRBG: validation number 868
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706
Version 10.0.10240
-DRBG: Val# 489 -
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
+SHS: validation number 2373
+DRBG: validation number 489
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
Version 6.3.9600
DRBG: #258
-SIG(ver):CURVES(P-256 P-384 P-521)
+SIG(ver): CURVES(P-256 P-384 P-521)
SHS: #1903
DRBG: #258
FIPS186-4:
@@ -3909,57 +3916,57 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
SHS: #1903
DRBG: #258
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.
FIPS186-2:
PKG: CURVES(P-256 P-384 P-521)
-SHS: Val#1773
-DRBG: Val# 193
+SHS: validation number 1773
+DRBG: validation number 193
SIG(ver): CURVES(P-256 P-384 P-521)
-SHS: Val#1773
-DRBG: Val# 193
+DRBG: validation number 193
FIPS186-4:
PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
-SHS: Val#1773
-DRBG: Val# 193
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.
+DRBG: validation number 193
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 295.
PKG: CURVES(P-256 P-384 P-521)
-SHS: Val#1081
-DRBG: Val# 23
+SHS: validation number 1081
+DRBG: validation number 23
SIG(ver): CURVES(P-256 P-384 P-521)
-SHS: Val#1081
-DRBG: Val# 23
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.
+DRBG: validation number 23
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 142. See Historical ECDSA List validation number 141.
Windows Server 2008 R2 and SP1 CNG algorithms #142
Windows 7 Ultimate and SP1 CNG algorithms #141
PKG: CURVES(P-256 P-384 P-521)
-SHS: Val#753
+SHS: validation number 753
SIG(ver): CURVES(P-256 P-384 P-521)
-SHS: Val#753
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 83. See Historical ECDSA List validation number 82.
Windows Server 2008 CNG algorithms #83
Windows Vista Ultimate SP1 CNG algorithms #82
PKG: CURVES(P-256 P-384 P-521)
-SHS: Val#618
-RNG: Val# 321
+SHS: validation number 618
+RNG: validation number 321
SIG(ver): CURVES(P-256 P-384 P-521)
-SHS: Val#618
-RNG: Val# 321
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.
+RNG: validation number 321
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 60.
Version 10.0.16299
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3790
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3790
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3790
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3790
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062
Version 10.0.15063
HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS Val#3790
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3790
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3790
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val#3790
HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS validation number 3790
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3790
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061
Version 10.0.15063
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3652
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3652
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3652
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3652
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3652
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3652
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3652
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3652
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946
Version 7.00.2872
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3651
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3651
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3651
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3651
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3651
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3651
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3651
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3651
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945
Version 8.00.6246
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val# 3649
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val# 3649
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val# 3649
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal# 3649
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3649
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3649
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3649
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3649
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943
Version 7.00.2872
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3648
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3648
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3648
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3648
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3648
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3648
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3648
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3648
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942
Version 8.00.6246
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)
-SHS Val# 3347
HMAC-SHA256 (Key Size Ranges Tested: KSBS)
-SHS Val# 3347
HMAC-SHA384 (Key Size Ranges Tested: KSBS)
-SHS Val# 3347
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661
Version 10.0.14393
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val# 3347
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val# 3347
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val# 3347
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val# 3347
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3347
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3347
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3347
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3347
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651
Version 10.0.14393
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)
-SHS Val# 3047
HMAC-SHA256 (Key Size Ranges Tested: KSBS)
-SHS Val# 3047
HMAC-SHA384 (Key Size Ranges Tested: KSBS)
-SHS Val# 3047
HMAC-SHA512 (Key Size Ranges Tested: KSBS)
-SHS Val# 3047
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381
Version 10.0.10586
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)
-SHSVal# 2886
HMAC-SHA256 (Key Size Ranges Tested: KSBS)
-SHSVal# 2886
HMAC-SHA384 (Key Size Ranges Tested: KSBS)
- SHSVal# 2886
HMAC-SHA512 (Key Size Ranges Tested: KSBS)
-SHSVal# 2886
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233
Version 10.0.10240
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)
-SHS Val#2373
HMAC-SHA256 (Key Size Ranges Tested: KSBS)
-SHS Val#2373
HMAC-SHA384 (Key Size Ranges Tested: KSBS)
-SHS Val#2373
HMAC-SHA512 (Key Size Ranges Tested: KSBS)
-SHS Val#2373
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
+SHS validation number 2373Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
Version 6.3.9600
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#2764
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#2764
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#2764
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val#2764
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 2764
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 2764
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 2764
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 2764
Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122
Version 5.2.29344
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1773
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1773
-Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1773
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1773
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1773
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773
+Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1774
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1774
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1774
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1774
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1774
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1081
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1081
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1081
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1081
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1081
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081
Windows Server 2008 R2 and SP1 CNG algorithms #686
Windows 7 and SP1 CNG algorithms #677
Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687
Windows 7 Enhanced Cryptographic Provider (RSAENH) #673
HMAC-SHA1(Key Sizes Ranges Tested: KSVal#1081
-HMAC-SHA256 (Key Size Ranges Tested: KSVal#1081
HMAC-SHA1(Key Sizes Ranges Tested: KSvalidation number 1081
+HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 1081
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#816
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#816
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#816
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#816
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 816
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 816
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 816
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 816
HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#753
-HMAC-SHA256 (Key Size Ranges Tested: KSVal#753
HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 753
+HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 753
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#753
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#753
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#753
-HMAC-SHA512 (Key Size Ranges Tested: KSBS)SHS Val#753
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 753
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
+HMAC-SHA512 (Key Size Ranges Tested: KSBS)SHS validation number 753
Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408
Windows Vista Enhanced Cryptographic Provider (RSAENH) #407
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHSVal#618
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#618
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#618
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#618
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHSvalidation number 618
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429
Windows XP, vendor-affirmed
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#783
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#783
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#783
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#783
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 783
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 783
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 783
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 783
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#613
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#613
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#613
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#613
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 613
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 613
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 613
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 613
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#753
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#753
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#753
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#753
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 753
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
Windows Server 2008 CNG algorithms #413
Windows Vista Ultimate SP1 CNG algorithms #412
HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#737
-HMAC-SHA256 (Key Size Ranges Tested: KSVal#737
HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 737
+HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 737
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#618
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#618
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#618
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#618
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 618
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#589
-HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHSVal#589
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#589
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#589
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 589
+HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHSvalidation number 589
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 589
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 589
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#578
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#578
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#578
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#578
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 578
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 578
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 578
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 578
HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#495
-HMAC-SHA256 (Key Size Ranges Tested: KSVal#495
HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 495
+HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 495
Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99
Windows XP, vendor-affirmed
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#305
-HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#305
-HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#305
-HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#305
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 305
+HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 305
+HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 305
+HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 305
- Key Agreement Roles: Initiator, Responder
- Parameter Sets: @@ -4802,7 +4809,7 @@ SHS
- Modulus Size: 2048 (bits) -
- c:\sample\test.exe
- d:\internal\files\test.exe
- c:\test\sample\test.exe
- c:\test\sample\test2.exe
- c:\test\sample\utility.exe
- C:\MyData\\*
- Any file opened by C:\MyData\file.exe
- %ALLUSERSPROFILE%\CustomLogFiles\file.exe
- Any file opened by C:\ProgramData\CustomLogFiles\file.exe
ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration) SCHEMES [FullUnified (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC)]
-SHS validation number 3790
+DSA validation number 1135
+DRBG validation number 1556
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128
Version 10.0.15063
-DSA Val#1223
-DRBG Val#1555 +SHS validation number 3790
+DSA validation number 1223
+DRBG validation number 1555
ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
[OnePassDH (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
[StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-SHS Val#3790
-ECDSA Val#1133
-DRBG Val#1555
+ECDSA validation number 1133
+DRBG validation number 1555
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127
Version 10.0.15063
-DSA Val#1188
-DRBG Val#1430 +SHS validation number 3649
+DSA validation number 1188
+DRBG validation number 1430
ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
[OnePassDH (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
[StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-DSA Val#1187
-DRBG Val#1429 +SHS validation number 3648
+DSA validation number 1187
+DRBG validation number 1429
ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
[OnePassDH (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
[StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-SHS Val#3648
-ECDSA Val#1072
-DRBG Val#1429
+ECDSA validation number 1072
+DRBG validation number 1429
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114
Version 8.00.6246
ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration)
SCHEMES [FullUnified (No_KC < KARole(s): Initiator / Responder > < KDF: CONCAT >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC)]
SHS validation number 3347 ECDSA validation number 920 DRBG validation number 1222
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93
Version 10.0.14393
SHS validation number 3347 DSA validation number 1098 DRBG validation number 1217
ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
[OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
[StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
SHS Val# 3347 DSA Val#1098 ECDSA Val#911 DRBG Val#1217 HMAC Val#2651
+SHS validation number 3347 DSA validation number 1098 ECDSA validation number 911 DRBG validation number 1217 HMAC validation number 2651
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92
Version 10.0.14393
SHS validation number 3047 DSA validation number 1024 DRBG validation number 955
ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
[OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
[StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
SHS Val# 3047 ECDSA Val#760 DRBG Val#955
+SHS validation number 3047 ECDSA validation number 760 DRBG validation number 955
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72
Version 10.0.10586
SHS validation number 2886 DSA validation number 983 DRBG validation number 868
ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
[OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
[StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
SHS Val# 2886 ECDSA Val#706 DRBG Val#868
+SHS validation number 2886 ECDSA validation number 706 DRBG validation number 868
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64
Version 10.0.10240
SHS validation number 2373 DSA validation number 855 DRBG validation number 489
ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
[OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
[StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
SHS Val#2373 ECDSA Val#505 DRBG Val#489
-Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47
+SHS validation number 2373 ECDSA validation number 505 DRBG validation number 489
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47
Version 6.3.9600
ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
[OnePassDH(No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256) (ED: P-384 SHA384) (EE: P-521 (SHA512, HMAC_SHA512)))]
[StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
-SHS #1903 ECDSA Val#341 DRBG #258
KAS (SP 800–56A)
key agreement
-key establishment methodology provides 80 to 256 bits of encryption strength
key establishment methodology provides 80 bits to 256 bits of encryption strength
Windows 7 and SP1, vendor-affirmed
Windows Server 2008 R2 and SP1, vendor-affirmed
-KAS Val#128
-DRBG Val#1556
-MAC Val#3062
+DRBG validation number 1556
+MAC validation number 3062
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141
Version 10.0.15063
-KAS Val#127
-AES Val#4624
-DRBG Val#1555
-MAC Val#3061
+AES validation number 4624
+DRBG validation number 1555
+MAC validation number 3061
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140
Version 10.0.15063
CTR_Mode: (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))
-KAS validation number 93 DRBG validation number 1222 MAC validation number 2661
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102
Version 10.0.14393
CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
-KAS validation number 92 AES validation number 4064 DRBG validation number 1217 MAC validation number 2651
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101
Version 10.0.14393
CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
-KAS validation number 72 AES validation number 3629 DRBG validation number 955 MAC validation number 2381
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72
Version 10.0.10586
CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
-KAS validation number 64 AES validation number 3497 RBG validation number 868 MAC validation number 2233
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66
Version 10.0.10240
CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
-Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30
Version 6.3.9600
CTR_Mode: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
-DRBG #258 HMAC validation number 1345
[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
-SHA Val#3790 +SHA validation number 3790
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524
Version 10.0.15063
ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-SHA Val#3790
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523
Version 10.0.15063
-DRBG: Val# 1555 +SHA validation number 3790
+DRBG: validation number 1555
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522
Version 10.0.15063
SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SIG(gen) with SHA-1 affirmed for use with protocols only.
Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
-SHA Val#3790 +SHA validation number 3790
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521
Version 10.0.15063
FIPS186-2:
ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3652
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3652, SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3652, SHA-384validation number 3652, SHA-512validation number 3652
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3652, SHA-256validation number 3652, SHA-384validation number 3652, SHA-512validation number 3652
FIPS186-4:
ALG[ANSIX9.31] Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-SHA Val#3652
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415
Version 7.00.2872
FIPS186-2:
ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3651
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3651, SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3651, SHA-384validation number 3651, SHA-512validation number 3651
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3651, SHA-256validation number 3651, SHA-384validation number 3651, SHA-512validation number 3651
FIPS186-4:
ALG[ANSIX9.31] Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-SHA Val#3651
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414
Version 8.00.6246
FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val# 3649, SHA-384Val# 3649, SHA-512Val# 3649
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val# 3649, SHA-256Val# 3649, SHA-384Val# 3649, SHA-512Val# 3649
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3649, SHA-256validation number 3649, SHA-384validation number 3649, SHA-512validation number 3649
FIPS186-4:
186-4KEY(gen): FIPS186-4_Fixed_e (10001);
PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-SHA Val# 3649
-DRBG: Val# 1430
+DRBG: validation number 1430
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412
Version 7.00.2872
FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3648, SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3648, SHA-256validation number 3648, SHA-384validation number 3648, SHA-512validation number 3648
FIPS186-4:
186-4KEY(gen): FIPS186-4_Fixed_e (10001);
PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
-SHA Val#3648
-DRBG: Val# 1429
+DRBG: validation number 1429
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411
Version 8.00.6246
[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) -
SHA Val# 3347
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206
Version 10.0.14393
FIPS186-4:
186-4KEY(gen): FIPS186-4_Fixed_e (10001);
PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
SHA validation number 3347 DRBG: validation number 1217
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195
Version 10.0.14393
FIPS186-4:
ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA Val#3346
soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194
Version 10.0.14393
FIPS186-4:
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA validation number 3347 DRBG: validation number 1217
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193
Version 10.0.14393
FIPS186-4:
[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
-SHA validation number 3347 DRBG: validation number 1217
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192
Version 10.0.14393
FIPS186-4:
186-4KEY(gen): FIPS186-4_Fixed_e (10001);
PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
SHA validation number 3047 DRBG: validation number 955
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889
Version 10.0.10586
FIPS186-4:
ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA Val#3048
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871
Version 10.0.10586
FIPS186-4:
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA Val# 3047
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888
Version 10.0.10586
FIPS186-4:
[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
SHA Val# 3047
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887
Version 10.0.10586
FIPS186-4:
186-4KEY(gen): FIPS186-4_Fixed_e (10001);
PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
SHA validation number 2886 DRBG: validation number 868
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798
Version 10.0.10240
FIPS186-4:
ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA Val#2871
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784
Version 10.0.10240
FIPS186-4:
ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA Val#2871
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783
Version 10.0.10240
FIPS186-4:
[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
SHA Val# 2886
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802
Version 10.0.10240
FIPS186-4:
186-4KEY(gen): FIPS186-4_Fixed_e;
PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487
+SHA validation number 2373 DRBG: validation number 489
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487
Version 6.3.9600
FIPS186-4:
ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA Val#2373
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494
Version 6.3.9600
FIPS186-4:
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA Val#2373
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493
Version 6.3.9600
FIPS186-4:
[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
SHA Val#2373
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519
Version 6.3.9600
Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512))
SHA #1903 -
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1134.
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1132.
ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052.
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1774, SHA-384validation number 1774, SHA-512validation number 1774,
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774, SHA-256validation number 1774, SHA-384validation number 1774, SHA-512validation number 1774,
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1052.
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 193
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051.
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1773, SHA-384validation number 1773, SHA-512validation number 1773,
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1773, SHA-256validation number 1773, SHA-384validation number 1773, SHA-512validation number 1773,
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1051.
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568.
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 568.
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560.
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
+ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 567. See Historical RSA List validation number 560.
Windows Server 2008 R2 and SP1 CNG algorithms #567
Windows 7 and SP1 CNG algorithms #560
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 23
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 559.
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557.
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 557.
ALG[ANSIX9.31]:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395.
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 816, SHA-256validation number 816, SHA-384validation number 816, SHA-512validation number 816,
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 395.
ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#783
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371.
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 783, SHA-384validation number 783, SHA-512validation number 783,
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 371.
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357.
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
+ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 358. See Historical RSA List validation number 357.
Windows Server 2008 CNG algorithms #358
Windows Vista SP1 CNG algorithms #357
ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354.
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 355. See Historical RSA List validation number 354.
Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355
Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354
ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353.
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: Val# 321
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 258.
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#257.
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
+ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 257.
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255.
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 255.
ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245.
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 613, SHA-384validation number 613, SHA-512validation number 613,
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 613, SHA-256validation number 613, SHA-384validation number 613, SHA-512validation number 613,
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 245.
ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230.
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 589, SHA-384validation number 589, SHA-512validation number 589,
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 589, SHA-256validation number 589, SHA-384validation number 589, SHA-512validation number 589,
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 230.
ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222.
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 578, SHA-384validation number 578, SHA-512validation number 578,
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 578, SHA-256validation number 578, SHA-384validation number 578, SHA-512validation number 578,
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 222.
ALG[RSASSA-PKCS1_V1_5]:
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#364
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 81.
ALG[ANSIX9.31]:
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52.
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 305, SHA-384validation number 305, SHA-512validation number 305,
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 305, SHA-256validation number 305, SHA-384validation number 305, SHA-512validation number 305,
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 52.
FIPS186-2:
-– PKCS#1 v1.5, signature generation and verification
+– PKCS#1 v1.5, signature generation, and verification
– Mod sizes: 1024, 1536, 2048, 3072, 4096
– SHS: SHA–1/256/384/512
Windows XP, vendor-affirmed
@@ -6452,7 +6459,7 @@ Version 6.3.9600SHA-384 (BYTE-only)
SHA-512 (BYTE-only) -
+
Version 6.3.9600
Version 10.0.16299
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459
Version 10.0.15063
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,)
TECB(KO 1 e/d);
+TCBC(KO 1 e/d)
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384
Version 8.00.6246
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,)
TECB(KO 1 e/d);
+TCBC(KO 1 e/d)
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383
Version 8.00.6246
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,);
+TECB(KO 1 e/d);
+TCBC(KO 1 e/d);
CTR (int only)
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382
Version 7.00.2872
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,)
TECB(KO 1 e/d);
+TCBC(KO 1 e/d)
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381
Version 8.00.6246
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,);
-TCFB8(KO 1 e/d,);
-TCFB64(KO 1 e/d,)
TECB(KO 1 e/d);
+TCBC(KO 1 e/d);
+TCFB8(KO 1 e/d);
+TCFB64(KO 1 e/d)
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227
Version 10.0.14393
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,);
-TCFB8(KO 1 e/d,);
-TCFB64(KO 1 e/d,)
TECB(KO 1 e/d);
+TCBC(KO 1 e/d);
+TCFB8(KO 1 e/d);
+TCFB64(KO 1 e/d)
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024
Version 10.0.10586
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,);
-TCFB8(KO 1 e/d,);
-TCFB64(KO 1 e/d,)
TECB(KO 1 e/d);
+TCBC(KO 1 e/d);
+TCFB8(KO 1 e/d);
+TCFB64(KO 1 e/d)
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969
Version 10.0.10240
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,);
-TCFB8(KO 1 e/d,);
-TCFB64(KO 1 e/d,)
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692
+TECB(KO 1 e/d);
+TCBC(KO 1 e/d);
+TCFB8(KO 1 e/d);
+TCFB64(KO 1 e/d)
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692
Version 6.3.9600
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540 + | Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540 Version 6.3.9600 |
|||||||||||||||||||
Microsoft Surface Hub MsBignum Cryptographic Implementations #1517 + | Microsoft Surface Hub MsBignum Cryptographic Implementations #1517 Version 10.0.15063.674 |
|||||||||||||||||||
 Threat & vulnerability management |
@@ -37,7 +37,7 @@ ms.topic: conceptual
|||||||||||||
@@ -73,7 +73,7 @@ The attack surface reduction set of capabilities provide the first line of defen **[Next-generation protection](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)**
-To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next-generation protection designed to catch all types of emerging threats. +To further reinforce the security perimeter of your network, Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats. - [Behavior monitoring](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) - [Cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus) @@ -98,7 +98,7 @@ Endpoint detection and response capabilities are put in place to detect, investi **[Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)**
-In addition to quickly responding to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. +In addition to quickly responding to advanced attacks, Microsoft Defender for Endpoint offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. - [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) - [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md) @@ -107,16 +107,16 @@ In addition to quickly responding to advanced attacks, Microsoft Defender ATP of **[Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)**
-Microsoft Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights. Microsoft Threat Experts further empowers Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately. +Microsoft Defender for Endpoint's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights. Microsoft Threat Experts further empowers Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately. - [Targeted attack notification](microsoft-defender-atp/microsoft-threat-experts.md) - [Experts-on-demand](microsoft-defender-atp/microsoft-threat-experts.md) -- [Configure your Microsoft Threat Protection managed hunting service](microsoft-defender-atp/configure-microsoft-threat-experts.md) +- [Configure your Microsoft 365 Defender managed hunting service](microsoft-defender-atp/configure-microsoft-threat-experts.md) **[Centralized configuration and administration, APIs](microsoft-defender-atp/management-apis.md)**
-Integrate Microsoft Defender Advanced Threat Protection into your existing workflows. +Integrate Microsoft Defender for Endpoint into your existing workflows. - [Onboarding](microsoft-defender-atp/onboard-configure.md) - [API and SIEM integration](microsoft-defender-atp/configure-siem.md) - [Exposed APIs](microsoft-defender-atp/apis-intro.md) @@ -125,14 +125,14 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf **[Integration with Microsoft solutions](microsoft-defender-atp/threat-protection-integration.md)**
- Microsoft Defender ATP directly integrates with various Microsoft solutions, including: + Microsoft Defender for Endpoint directly integrates with various Microsoft solutions, including: - Intune -- Office 365 ATP -- Azure ATP -- Azure Security Center +- Microsoft Defender for Office 365 +- Microsoft Defender for Identity +- Azure Defender - Skype for Business - Microsoft Cloud App Security -**[Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**
- With Microsoft Threat Protection, Microsoft Defender ATP and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks. +**[Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**
+ With Microsoft 365 Defender, Microsoft Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md index a3d582510d..fd9d16d4b6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 09/03/2018 +ms.date: 11/18/2020 ms.reviewer: manager: dansimp --- @@ -37,15 +37,16 @@ The following broad categories of features can be configured: - Cloud-delivered protection - Always-on real-time protection, including behavioral, heuristic, and machine-learning-based protection -- How end-users interact with the client on individual endpoints +- How end users interact with the client on individual endpoints -The topics in this section describe how to perform key tasks when configuring Microsoft Defender Antivirus. Each topic includes instructions for the applicable configuration tool (or tools). +The following articles describe how to perform key tasks when configuring Microsoft Defender Antivirus. Each article includes instructions for the applicable configuration tool (or tools). -You can also review the [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) topic for an overview of each tool and links to further help. +|Article |Description | +|---------|---------| +|[Utilize Microsoft cloud-provided Microsoft Defender Antivirus protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) | Use cloud-delivered protection for advanced, fast, robust antivirus detection. | +|[Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md) |Enable behavior-based, heuristic, and real-time antivirus protection. | +|[Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) | Configure how end users in your organization interact with Microsoft Defender Antivirus, what notifications they see, and whether they can override settings. | + +> [!TIP] +> You can also review the [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) topic for an overview of each tool and links to further help. -## In this section -Topic | Description -:---|:--- -[Utilize Microsoft cloud-provided Microsoft Defender Antivirus protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) | Cloud-delivered protection provides an advanced level of fast, robust antivirus detection -[Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)|Enable behavior-based, heuristic, and real-time antivirus protection -[Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md)|Configure how end-users interact with Microsoft Defender Antivirus, what notifications they see, and whether they can override settings diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md index 8ee17ca054..1be93dc8a6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 07/08/2020 +ms.date: 11/18/2020 ms.reviewer: manager: dansimp --- @@ -62,7 +62,7 @@ The table below lists the services and their associated URLs. Make sure that the | Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | `ussus1eastprod.blob.core.windows.net`
`ussus1westprod.blob.core.windows.net`
`usseu1northprod.blob.core.windows.net`
`usseu1westprod.blob.core.windows.net`
`ussuk1southprod.blob.core.windows.net`
`ussuk1westprod.blob.core.windows.net`
`ussas1eastprod.blob.core.windows.net`
`ussas1southeastprod.blob.core.windows.net`
`ussau1eastprod.blob.core.windows.net`
`ussau1southeastprod.blob.core.windows.net` | | Certificate Revocation List (CRL)|Used by Windows when creating the SSL connection to MAPS for updating the CRL | `http://www.microsoft.com/pkiops/crl/`
`http://www.microsoft.com/pkiops/certs`
`http://crl.microsoft.com/pki/crl/products`
`http://www.microsoft.com/pki/certs` | | Symbol Store|Used by Microsoft Defender Antivirus to restore certain critical files during remediation flows | `https://msdl.microsoft.com/download/symbols` | -| Universal Telemetry Client| Used by Windows to send client diagnostic data; Microsoft Defender Antivirus uses this for product quality monitoring purposes | This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: `vortex-win.data.microsoft.com`
`settings-win.data.microsoft.com`| +| Universal Telemetry Client| Used by Windows to send client diagnostic data; Microsoft Defender Antivirus uses telemetry for product quality monitoring purposes | The update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: `vortex-win.data.microsoft.com`
`settings-win.data.microsoft.com`| ## Validate connections between your network and the cloud @@ -85,8 +85,7 @@ For more information, see [Manage Microsoft Defender Antivirus with the mpcmdrun You can download a sample file that Microsoft Defender Antivirus will detect and block if you are properly connected to the cloud. -Download the file by visiting the following link: -- https://aka.ms/ioavtest +Download the file by visiting [https://aka.ms/ioavtest](https://aka.ms/ioavtest). >[!NOTE] >This file is not an actual piece of malware. It is a fake file that is designed to test if you are properly connected to the cloud. @@ -105,11 +104,11 @@ You will also see a detection under **Quarantined threats** in the **Scan histor 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Scan history** label: +2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Scan history** label:  -3. Under the **Quarantined threats** section, click the **See full history** label to see the detected fake malware. +3. Under the **Quarantined threats** section, select **See full history** to see the detected fake malware. > [!NOTE] > Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](microsoft-defender-security-center-antivirus.md). diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md index 95de8ec073..725634e323 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md @@ -26,15 +26,16 @@ manager: dansimp You can exclude files that have been opened by specific processes from Microsoft Defender Antivirus scans. See [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists. -This topic describes how to configure exclusion lists for the following: +This article describes how to configure exclusion lists. - +## Examples of exclusions + +|Exclusion | Example | +|---|---| +|Any file on the machine that is opened by any process with a specific file name | Specifying `test.exe` would exclude files opened by:
`c:\sample\test.exe`
`d:\internal\files\test.exe` | +|Any file on the machine that is opened by any process under a specific folder | Specifying `c:\test\sample\*` would exclude files opened by:
`c:\test\sample\test.exe`
`c:\test\sample\test2.exe`
`c:\test\sample\utility.exe` | +|Any file on the machine that is opened by a specific process in a specific folder | Specifying `c:\test\process.exe` would exclude files only opened by `c:\test\process.exe` | -Exclusion | Example ----|--- -Any file on the machine that is opened by any process with a specific file name | Specifying "test.exe" would exclude files opened by:
Replaces any number of characters | `C:\MyData\*` | Any file opened by `C:\MyData\file.exe` | +|Environment variables
The defined variable is populated as a path when the exclusion is evaluated | `%ALLUSERSPROFILE%\CustomLogFiles\file.exe` | Any file opened by `C:\ProgramData\CustomLogFiles\file.exe` | ## Review the list of exclusions diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index 8139e27e9a..a7990f4bca 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -10,8 +10,8 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 01/31/2020 -ms.reviewer: +ms.date: 11/18/2020 +ms.reviewer: jesquive manager: dansimp --- @@ -28,7 +28,7 @@ In addition to standard on-premises or hardware configurations, you can also use See [Windows Virtual Desktop Documentation](https://docs.microsoft.com/azure/virtual-desktop) for more details on Microsoft Remote Desktop Services and VDI support. -For Azure-based virtual machines, you can also review the [Install Endpoint Protection in Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection) topic. +For Azure-based virtual machines, see [Install Endpoint Protection in Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection). With the ability to easily deploy updates to VMs running in VDIs, we've shortened this guide to focus on how you can get updates on your machines quickly and easily. You no longer need to create and seal golden images on a periodic basis, as updates are expanded into their component bits on the host server and then downloaded directly to the VM when it's turned on. @@ -49,7 +49,7 @@ You can also download the whitepaper [Microsoft Defender Antivirus on Virtual De ## Set up a dedicated VDI file share -In Windows 10, version 1903, we introduced the shared security intelligence feature. This offloads the unpackaging of downloaded security intelligence updates onto a host machine — thus saving previous CPU, disk, and memory resources on individual machines. You can set this feature with a Group Policy, or PowerShell. +In Windows 10, version 1903, we introduced the shared security intelligence feature, which offloads the unpackaging of downloaded security intelligence updates onto a host machine—thus saving previous CPU, disk, and memory resources on individual machines. You can set this feature with a Group Policy, or PowerShell. ### Use Group Policy to enable the shared security intelligence feature: @@ -63,7 +63,7 @@ In Windows 10, version 1903, we introduced the shared security intelligence feat 5. Double-click **Define security intelligence location for VDI clients**, and then set the option to **Enabled**. A field automatically appears. -6. Enter `\\
- If the app you want to configure is already listed, click it and then click **Edit**. - If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app.
- - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location. - - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. + - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location. + - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. 4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You are notified if you need to restart the process or app, or if you need to restart Windows. @@ -70,12 +70,12 @@ You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Au If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work: -Enabled in **Program settings** | Enabled in **System settings** | Behavior --|-|- -[!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)] | As defined in **Program settings** -[!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | As defined in **Program settings** -[!include[Check mark no](../images/svg/check-no.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | As defined in **System settings** -[!include[Check mark no](../images/svg/check-no.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | Default as defined in **Use default** option +|Enabled in **Program settings** | Enabled in **System settings** | Behavior | +|:---|:---|:---| +|[!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)] | As defined in **Program settings** | +|[!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | As defined in **Program settings** | +|[!include[Check mark no](../images/svg/check-no.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | As defined in **System settings** | +|[!include[Check mark no](../images/svg/check-no.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | Default as defined in **Use default** option | ### Example 1: Mikael configures Data Execution Prevention in system settings section to be off by default @@ -98,8 +98,8 @@ The result will be that DEP will be enabled for *test.exe*. DEP will not be enab 3. Go to **Program settings** and choose the app you want to apply mitigations to.
- If the app you want to configure is already listed, click it and then click **Edit**. - If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app.
- - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location. - - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. + - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location. + - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. 4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows. @@ -209,41 +209,41 @@ Set-Processmitigation -Name test.exe -Remove -Disable DEP This table lists the PowerShell cmdlets (and associated audit mode cmdlet) that can be used to configure each mitigation. -Mitigation | Applies to | PowerShell cmdlets | Audit mode cmdlet -- | - | - | - -Control flow guard (CFG) | System and app-level | CFG, StrictCFG, SuppressExports | Audit not available -Data Execution Prevention (DEP) | System and app-level | DEP, EmulateAtlThunks | Audit not available -Force randomization for images (Mandatory ASLR) | System and app-level | ForceRelocateImages | Audit not available -Randomize memory allocations (Bottom-Up ASLR) | System and app-level | BottomUp, HighEntropy | Audit not available -Validate exception chains (SEHOP) | System and app-level | SEHOP, SEHOPTelemetry | Audit not available -Validate heap integrity | System and app-level | TerminateOnHeapError | Audit not available -Arbitrary code guard (ACG) | App-level only | DynamicCode | AuditDynamicCode -Block low integrity images | App-level only | BlockLowLabel | AuditImageLoad -Block remote images | App-level only | BlockRemoteImages | Audit not available -Block untrusted fonts | App-level only | DisableNonSystemFonts | AuditFont, FontAuditOnly -Code integrity guard | App-level only | BlockNonMicrosoftSigned, AllowStoreSigned | AuditMicrosoftSigned, AuditStoreSigned -Disable extension points | App-level only | ExtensionPoint | Audit not available -Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall -Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess -Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter \[1\] | Audit not available -Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available -Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available -Validate API invocation (CallerCheck) | App-level only | EnableRopCallerCheck | Audit not available -Validate handle usage | App-level only | StrictHandle | Audit not available -Validate image dependency integrity | App-level only | EnforceModuleDepencySigning | Audit not available -Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot | Audit not available +|Mitigation | Applies to | PowerShell cmdlets | Audit mode cmdlet | +|:---|:---|:---|:---| +|Control flow guard (CFG) | System and app-level | CFG, StrictCFG, SuppressExports | Audit not available | +|Data Execution Prevention (DEP) | System and app-level | DEP, EmulateAtlThunks | Audit not available | +|Force randomization for images (Mandatory ASLR) | System and app-level | ForceRelocateImages | Audit not available | +|Randomize memory allocations (Bottom-Up ASLR) | System and app-level | BottomUp, HighEntropy | Audit not available +|Validate exception chains (SEHOP) | System and app-level | SEHOP, SEHOPTelemetry | Audit not available +|Validate heap integrity | System and app-level | TerminateOnHeapError | Audit not available +|Arbitrary code guard (ACG) | App-level only | DynamicCode | AuditDynamicCode +|Block low integrity images | App-level only | BlockLowLabel | AuditImageLoad +|Block remote images | App-level only | BlockRemoteImages | Audit not available +|Block untrusted fonts | App-level only | DisableNonSystemFonts | AuditFont, FontAuditOnly +|Code integrity guard | App-level only | BlockNonMicrosoftSigned, AllowStoreSigned | AuditMicrosoftSigned, AuditStoreSigned +|Disable extension points | App-level only | ExtensionPoint | Audit not available +|Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall +|Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess +|Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter \[1\] | Audit not available\[2\] | +||Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available\[2\] | +|Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available\[2\] | +|Validate API invocation (CallerCheck) | App-level only | EnableRopCallerCheck | Audit not available\[2\] | +|Validate handle usage | App-level only | StrictHandle | Audit not available | +|Validate image dependency integrity | App-level only | EnforceModuleDepencySigning | Audit not available | +|Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot | Audit not available\[2\] | \[1\]: Use the following format to enable EAF modules for DLLs for a process: ```PowerShell Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll ``` - +\[2\]: Audit for this mitigation is not available via Powershell cmdlets. ## Customize the notification See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file. -## Related topics +## See also * [Evaluate exploit protection](evaluate-exploit-protection.md) * [Configure and audit exploit protection mitigations](customize-exploit-protection.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md deleted file mode 100644 index b86fec795a..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md +++ /dev/null @@ -1,165 +0,0 @@ ---- -title: Enable Microsoft Defender for Endpoint Insider Device -description: Install and use Microsoft Defender for Endpoint (Mac). -keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: dansimp -author: dansimp -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: -- m365-security-compliance -- m365initiative-defender-endpoint -ms.topic: conceptual ---- - -# Enable Microsoft Defender for Endpoint Insider Device - -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune). - -> [!IMPORTANT] -> Make sure you have enabled [Microsoft Defender for Endpoint (Mac)](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-for-endpoint-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md), and [manual deployment](mac-install-manually.md) instructions. - -## Enable the Insider program with Jamf - -1. Create configuration profile `com.microsoft.wdav.plist` with the following content: - - ```XML - - -
This option maps to Azure AD only single-tenant.
This is the default option unless you're registering the app outside of a directory. In cases where the app is registered outside of a directory, the default is Azure AD multi-tenant and personal Microsoft accounts. | + | **Accounts in any organizational directory** | Select this option if you would like to target all business and educational customers.
This option maps to an Azure AD only multi-tenant.
If you registered the app as Azure AD only single-tenant, you can update it to be Azure AD multi-tenant and back to single-tenant through the **Authentication** blade. | + | **Accounts in any organizational directory and personal Microsoft accounts** | Select this option to target the widest set of customers.
This option maps to Azure AD multi-tenant and personal Microsoft accounts.
If you registered the app as Azure AD multi-tenant and personal Microsoft accounts, you cannot change this in the UI. Instead, you must use the application manifest editor to change the supported account types. | + + - **Redirect URI (optional)** - Select the type of app you're building, **Web** or **Public client (mobile & desktop)**, and then enter the redirect URI (or reply URL) for your application. + - For web applications, provide the base URL of your app. For example, `http://localhost:31544` might be the URL for a web app running on your local machine. Users would use this URL to sign in to a web client application. + - For public client applications, provide the URI used by Azure AD to return token responses. Enter a value specific to your application, such as `myapp://auth`. + + To see specific examples for web applications or native applications, check out our [quickstarts](/azure/active-directory/develop/#quickstarts). + + When finished, select **Register**. 4. Allow your Application to access Microsoft Defender for Endpoint and assign it 'Read alerts' permission: diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md index 137fc569cc..55bdffa21c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md @@ -97,8 +97,6 @@ Content-type: application/json "accountSid": "S-1-5-21-72051607-1745760036-109187956-93922", "firstSeen": "2019-12-18T08:02:54Z", "lastSeen": "2020-01-06T08:01:48Z", - "mostPrevalentMachineId": "111153d0c675eaa415b8e5f383c6388bff446c62", - "leastPrevalentMachineId": "111153d0c675eaa415b8e5f383c6388bff446c62", "logonTypes": "Interactive", "logOnMachinesCount": 8, "isDomainAdmin": true, diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions-table.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions-table.png new file mode 100644 index 0000000000..f62d8f66b6 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions-table.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions.png new file mode 100644 index 0000000000..c4ae7c8318 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-device-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-device-group.png new file mode 100644 index 0000000000..3227f3eb0c Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-device-group.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png new file mode 100644 index 0000000000..31e2ed052f Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter.png new file mode 100644 index 0000000000..ebb2c93951 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter500.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter500.png new file mode 100644 index 0000000000..770141ad54 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter500.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-500.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-500.png new file mode 100644 index 0000000000..8532d279bc Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-500.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-flyout-400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-flyout-400.png new file mode 100644 index 0000000000..aa59d18577 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-flyout-400.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-flyout.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-flyout.png new file mode 100644 index 0000000000..92dd636c71 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-flyout.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-hover.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-hover.png new file mode 100644 index 0000000000..64f731a465 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-hover.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-edit-groups.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-edit-groups.png new file mode 100644 index 0000000000..64cfbd439f Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-edit-groups.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-global.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-global.png new file mode 100644 index 0000000000..4cc8e84eeb Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-global.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-option.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-option.png deleted file mode 100644 index 15d64d5abd..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-option.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-options.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-options.png new file mode 100644 index 0000000000..be0593bb84 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-options.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-permissions.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-permissions.png new file mode 100644 index 0000000000..748b97d6bb Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-permissions.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab.png new file mode 100644 index 0000000000..9147d3e4a8 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab400.png new file mode 100644 index 0000000000..29c6618677 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab400.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-view.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-view.png new file mode 100644 index 0000000000..539ed966bb Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-view.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-selected-device-groups.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-selected-device-groups.png new file mode 100644 index 0000000000..d4f3f506e5 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-selected-device-groups.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index e44fe3a67f..ad2a51ab8f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -24,26 +24,17 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -> [!IMPORTANT] -> **PUBLIC PREVIEW EDITION** -> -> This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability. -> -> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments. +> [!NOTE] +> Defender for Endpoint for iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. +## Configure custom indicators -## Configure custom indicators -Defender for Endpoint for iOS enables admins to configure custom indicators on -iOS devices as well. Refer to [Manage -indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) -on how to configure custom indicators +Defender for Endpoint for iOS enables admins to configure custom indicators on iOS devices as well. Refer to [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) on how to configure custom indicators. + +> [!NOTE] +> Defender for Endpoint for iOS supports creating custom indicators only for IP addresses and URLs/domains. ## Web Protection -By default, Defender for Endpoint for iOS includes and enables the web -protection feature. [Web -protection](web-protection-overview.md) helps -to secure devices against web threats and protect users from phishing attacks. ->[!NOTE] ->Defender for Endpoint for iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. +By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 960de74bcc..8714aeb2e1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -97,7 +97,9 @@ Then rerun step 2. 4. If the above steps don’t work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details. Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot. -5. Ensure that the daemon has executable permission. +5. If `/opt` directory is a symbolic link, create a bind mount for `/opt/microsoft`. + +6. Ensure that the daemon has executable permission. ```bash ls -l /opt/microsoft/mdatp/sbin/wdavdaemon ``` @@ -110,7 +112,7 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan ``` and retry running step 2. -6. Ensure that the file system containing wdavdaemon isn't mounted with "noexec". +7. Ensure that the file system containing wdavdaemon isn't mounted with "noexec". ## If mdatp service is running, but EICAR text file detection doesn't work diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 04b95ce93b..2e17fbc6fd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -58,6 +58,9 @@ Wildcard | Description | Example | Matches | Does not match \* | Matches any number of any characters including none (note that when this wildcard is used inside a path it will substitute only one folder) | `/var/*/*.log` | `/var/log/system.log` | `/var/log/nested/system.log` ? | Matches any single character | `file?.log` | `file1.log`
`file2.log` | `file123.log` +>[!NOTE] +>The product attempts to resolve firmlinks when evaluating exclusions. Firmlink resolution does not work when the exclusion contains wildcards or the target file (on the `Data` volume) does not exist. + ## How to configure the list of exclusions ### From the management console diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 719aa6fb32..336b9f1519 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -24,7 +24,10 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] > [!IMPORTANT] -> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. In the meantime, if you encounter such a kernel panic, please submit a feedback report to Apple through the Feedback Assistant app. +> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md). + +> [!IMPORTANT] +> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic. ## 101.13.75 diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md index 46b7669ddf..63eee7a042 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md @@ -24,38 +24,33 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -> [!IMPORTANT] -> **PUBLIC PREVIEW EDITION** -> -> This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability. -> -> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments. - - -The public preview of Defender for Endpoint for iOS will offer protection -against phishing and unsafe network connections from websites, emails, and apps. -All alerts will be available through a single pane of glass in the Microsoft -Defender Security Center. The portal gives security teams a centralized view of threats on +**Microsoft Defender for Endpoint for iOS** will offer protection against phishing and unsafe network connections from websites, emails, and apps. All alerts will be available through a single pane of glass in the Microsoft Defender Security Center. The portal gives security teams a centralized view of threats on iOS devices along with other platforms. +> [!CAUTION] +> Running other third-party endpoint protection products alongside Defender for Endpoint for iOS is likely to cause performance problems and unpredictable system errors. + ## Pre-requisites - **For End Users** -- Defender for Endpoint license assigned to the end user(s) of the app. Refer - [Assign licenses to - users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign) - for instructions on how to assign licenses. +- Microsoft Defender for Endpoint license assigned to the end user(s) of the app. See [Microsoft Defender for Endpoint licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements) + +- Device(s) are [enrolled](https://docs.microsoft.com/mem/intune/user-help/enroll-your-device-in-intune-ios) via the Intune Company Portal app to enforce Intune device compliance policies. This requires the end user to be assigned a Microsoft Intune license. + - Intune Company Portal app can be downloaded from [Apple App Store](https://apps.apple.com/us/app/intune-company-portal/id719171358). + +- For more information on how to assign licenses, see [Assign licenses to users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign). + **For Administrators** - Access to the Microsoft Defender Security Center portal + + > [!NOTE] + > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender for Endpoint for iOS. Currently only enrolled devices are supported for enforcing Defender for Endpoint for iOS related device compliance policies in Intune. - Access to [Microsoft Endpoint Manager admin - center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app - to enrolled user groups in your organization + center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app to enrolled user groups in your organization **System Requirements** @@ -64,6 +59,14 @@ iOS devices along with other platforms. - Device is enrolled with Intune Company Portal [app](https://apps.apple.com/us/app/intune-company-portal/id719171358) +> [!NOTE] +> **Microsoft Defender ATP (Microsoft Defender for Endpoint) for iOS is now available on [Apple App Store](https://aka.ms/mdatpiosappstore).** + +## Installation instructions + +Deployment of Microsoft Defender for Endpoint for iOS is via Microsoft Intune (MDM) and both supervised and unsupervised devices are supported. +For more information, see [Deploy Microsoft Defender for Endpoint for iOS](ios-install.md). + ## Resources - Stay informed about upcoming releases by visiting our [blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/iOS) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 873df4353b..87dd24a90d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -92,6 +92,10 @@ If you experience any installation failures, refer to [Troubleshooting installat After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints. +- Audit framework (`auditd`) must be enabled. + >[!NOTE] + > System events captured by rules added to `audit.logs` will add to audit logs and might affect host auditing and upstream collection. Events added by Microsoft Defender for Endopoint for Linux will be tagged with `mdatp` key. + ### Network connections The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs. If there are, you may need to create an *allow* rule specifically for them. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 0121869dec..e09cef38f1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -39,7 +39,7 @@ This topic describes how to install, configure, update, and use Defender for End > [!TIP] > If you have any feedback that you would like to share, submit it by opening Microsoft Defender for Endpoint for Mac on your device and navigating to **Help** > **Send feedback**. -To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender for Endpoint to be an "Insider" device. See [Enable Microsoft Defender for Endpoint Insider Device](endpoint-detection-response-mac-preview.md). +To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender for Endpoint to be an "Insider" device. ## How to install Microsoft Defender for Endpoint for Mac @@ -66,7 +66,10 @@ There are several methods and deployment tools that you can use to install and c The three most recent major releases of macOS are supported. > [!IMPORTANT] -> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. In the meantime, if you encounter such a kernel panic, please submit a feedback report to Apple through the Feedback Assistant app. +> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md). + +> [!IMPORTANT] +> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic. - 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra) - Disk space: 1GB diff --git a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md index 928c6f6e42..23dd0567e1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md @@ -36,7 +36,7 @@ have committed to building security solutions not just *for* Microsoft, but also heterogenous environments. We're listening to customer feedback and partnering closely with our customers to build solutions that meet their needs. -With Defender for Endpoint, customers benefit from a unified view of all +With Microsoft Defender for Endpoint, customers benefit from a unified view of all threats and alerts in the Microsoft Defender Security Center, across Windows and non-Windows platforms, enabling them to get a full picture of what's happening in their environment, which empowers them to more quickly assess and respond to @@ -44,7 +44,7 @@ threats. ## Microsoft Defender for Endpoint for Mac -Microsoft Defender for Endpoint for Mac offers AV and EDR capabilities for the three +Microsoft Defender for Endpoint for Mac offers antivirus and endpoint detection and response (EDR) capabilities for the three latest released versions of macOS. Customers can deploy and manage the solution through Microsoft Endpoint Manager and Jamf. Just like with Microsoft Office applications on macOS, Microsoft Auto Update is used to manage Microsoft @@ -96,15 +96,15 @@ devices. Microsoft Defender for Endpoint is also available for purchase from a C Solution Provider (CSP). Customers can obtain Microsoft Defender for Endpoint for Mac through a standalone -MDefender for Endpoint license, as part of Microsoft 365 A5/E5, or Microsoft 365 +Microsoft Defender for Endpoint license, as part of Microsoft 365 A5/E5, or Microsoft 365 Security. -Recently announced capabilities of Microsoft Defender for Endpoint for Android and soon -iOS are included in the above mentioned offers as part of the five qualified +Recently announced capabilities of Microsoft Defender for Endpoint for Android and iOS +are included in the above mentioned offers as part of the five qualified devices for eligible licensed users. - Defender for Endpoint for Linux is available through the Defender for Endpoint -for Server SKU that is available for both commercial and education customers. +Defender for Endpoint on Linux is available through the Defender for Endpoint +Server SKU that is available for both commercial and education customers. Please contact your account team or CSP for pricing and additional eligibility requirements. diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index 0edc028048..3f1a57820c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -27,12 +27,13 @@ ms.topic: conceptual - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -Microsoft Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform. +Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform. The support for third-party solutions helps to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender for Endpoint; enabling security teams to effectively respond better to modern threats. Microsoft Defender for Endpoint seamlessly integrates with existing security solutions. The integration provides integration with the following solutions such as: + - SIEM - Ticketing and IT service management solutions - Managed security service providers (MSSP) @@ -48,10 +49,12 @@ Microsoft Defender for Endpoint seamlessly integrates with existing security sol Logo |Partner name | Description :---|:---|:--- | [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates Defender for Endpoint is configured properly by launching continuous attacks safely on production assets -| [AzureSentinel](https://go.microsoft.com/fwlink/?linkid=2135705) | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel + +| [AzureSentinel](https://go.microsoft.com/fwlink/?linkid=2135705) | Stream alerts from Microsoft Defender for Endpoint into Azure Sentinel  | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Defender for Endpoint findings with simulated attacks to validate accurate detection and effective response actions  | [Elastic Security](https://go.microsoft.com/fwlink/?linkid=2139303) | Elastic Security is a free and open solution for preventing, detecting, and responding to threats - | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Defender for Endpoint. + | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Defender for Endpoint +  | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Defender for Endpoint detections  | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Defender for Endpoint Alerts to RSA NetWitness leveraging Microsoft Graph Security API  | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Defender for Endpoint security events that are automatically correlated with SafeBreach simulations diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md index 7aa19efe08..349dc8d30d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md @@ -18,42 +18,42 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- -# Microsoft Defender ATP partner opportunities and scenarios +# Microsoft Defender for Endpoint partner opportunities and scenarios [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -Partners can easily extend their existing security offerings on top of the open framework and a rich and complete set of APIs to build extensions and integrations with Microsoft Defender ATP. +Partners can easily extend their existing security offerings on top of the open framework and a rich and complete set of APIs to build extensions and integrations with Defender for Endpoint. -The APIs span functional areas including detection, management, response, vulnerabilities, and intelligence-wide range of use cases. Based on the use case and need, partners can either stream or query data from Microsoft Defender ATP. +The APIs span functional areas including detection, management, response, vulnerabilities, and intelligence-wide range of use cases. Based on the use case and need, partners can either stream or query data from Defender for Endpoint. ## Scenario 1: External alert correlation and Automated investigation and remediation -Microsoft Defender ATP offers unique automated investigation and remediation capabilities to drive incident response at scale. +Defender for Endpoint offers unique automated investigation and remediation capabilities to drive incident response at scale. Integrating the automated investigation and response capability with other solutions such as network security products or other endpoint security products will help to address alerts. The integration also minimizes the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices. -Microsoft Defender ATP adds support for this scenario in the following forms: +Defender for Endpoint adds support for this scenario in the following forms: -- External alerts can be pushed into Microsoft Defender ATP and presented side by side with additional device-based alerts from Microsoft Defender ATP. This view provides the full context of the alert - with the real process and the full story of attack. +- External alerts can be pushed into Defender for Endpoint and presented side by side with additional device-based alerts from Defender for Endpoint. This view provides the full context of the alert - with the real process and the full story of attack. -- Once an alert is generated, the signal is shared across all Microsoft Defender ATP protected endpoints in the enterprise. Microsoft Defender ATP takes immediate automated or operator-assisted response to address the alert. +- Once an alert is generated, the signal is shared across all Defender for Endpoint protected endpoints in the enterprise. Defender for Endpoint takes immediate automated or operator-assisted response to address the alert. ## Scenario 2: Security orchestration and automation response (SOAR) integration -Orchestration solutions can help build playbooks and integrate the rich data model and actions that Microsoft Defender ATP APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others. +Orchestration solutions can help build playbooks and integrate the rich data model and actions that Defender for Endpoint APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others. ## Scenario 3: Indicators matching -Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability is available in Microsoft Defender ATP and gives the ability to set a list of indicators for prevention, detection, and exclusion of entities. One can define the action to be taken as well as the duration for when to apply the action. +Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability is available in Defender for Endpoint and gives the ability to set a list of indicators for prevention, detection, and exclusion of entities. One can define the action to be taken as well as the duration for when to apply the action. The above scenarios serve as examples of the extensibility of the platform. You are not limited to the examples and we certainly encourage you to leverage the open framework to discover and explore other scenarios. -Follow the steps in [Become a Microsoft Defender ATP partner](get-started-partner-integration.md) to integrate your solution in Microsoft Defender ATP. +Follow the steps in [Become a Microsoft Defender for Endpoint partner](get-started-partner-integration.md) to integrate your solution in Defender for Endpoint. ## Related topic - [Overview of management and APIs](management-apis.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md index 699cc87da7..e4679370bb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md @@ -23,9 +23,9 @@ ms.topic: conceptual **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) Enterprise security teams can use Microsoft Defender Security Center to monitor and assist in responding to alerts of potential advanced persistent threat activity or data breaches. @@ -33,7 +33,7 @@ You can use [Microsoft Defender Security Center](https://securitycenter.windows. - View, sort, and triage alerts from your endpoints - Search for more information on observed indicators such as files and IP Addresses -- Change Microsoft Defender ATP settings, including time zone and review licensing information +- Change Microsoft Defender for Endpoint settings, including time zone and review licensing information ## Microsoft Defender Security Center @@ -42,7 +42,7 @@ When you open the portal, you'll see: - (1) Navigation pane (select the horizontal lines at the top of the navigation pane to show or hide it) - (2) Search, Community center, Localization, Help and support, Feedback -  +  > [!NOTE] > Malware related detections will only appear if your devices are using Microsoft Defender Antivirus as the default real-time protection antimalware product. @@ -54,29 +54,29 @@ Area | Description **(1) Navigation pane** | Use the navigation pane to move between **Dashboards**, **Incidents**, **Devices list**, **Alerts queue**, **Automated investigations**, **Advanced hunting**, **Reports**, **Partners & APIs**, **Threat & Vulnerability Management**, **Evaluation and tutorials**, **Service health**, **Configuration management**, and **Settings**. Select the horizontal lines at the top of the navigation pane to show or hide it. **Dashboards** | Access the active automated investigations, active alerts, automated investigations statistics, devices at risk, users at risk, devices with sensor issues, service health, detection sources, and daily devices reporting dashboards. **Incidents** | View alerts that have been aggregated as incidents. -**Devices list** | Displays the list of devices that are onboarded to Microsoft Defender ATP, some information about them, and their exposure and risk levels. +**Devices list** | Displays the list of devices that are onboarded to Defender for Endpoint, some information about them, and their exposure and risk levels. **Alerts queue** | View alerts generated from devices in your organizations. **Automated investigations** | Displays automated investigations that have been conducted in the network, triggering alert, the status of each investigation and other details such as when the investigation started and the duration of the investigation. **Advanced hunting** | Advanced hunting allows you to proactively hunt and investigate across your organization using a powerful search and query tool. **Reports** | View graphs detailing threat protection, device health and compliance, web protection, and vulnerability. **Partners & APIs** | View supported partner connections, which enhance the detection, investigation, and threat intelligence capabilities of the platform. You can also view connected applications, the API explorer, API usage overview, and data export settings. **Threat & Vulnerability management** | View your Microsoft Secure Score for Devices, exposure score, exposed devices, vulnerable software, and take action on top security recommendations. -**Evaluation and tutorials** | Manage test devices, attack simulations, and reports. Learn and experience the Microsoft Defender ATP capabilities through a guided walk-through in a trial environment. -**Service health** | Provides information on the current status of the Microsoft Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. +**Evaluation and tutorials** | Manage test devices, attack simulations, and reports. Learn and experience the Defender for Endpoint capabilities through a guided walk-through in a trial environment. +**Service health** | Provides information on the current status of the Defender for Endpoint service. You'll be able to verify that the service health is healthy or if there are current issues. **Configuration management** | Displays on-boarded devices, your organizations' security baseline, predictive analysis, web protection coverage, and allows you to perform attack surface management on your devices. **Settings** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as permissions, APIs, rules, device management, IT service management, and network assessments. -**(2) Search, Community center, Localization, Help and support, Feedback** | **Search** - search by device, file, user, URL, IP, vulnerability, software, and recommendation. **Community center** - Access the Community center to learn, collaborate, and share experiences about the product. **Localization** - Set time zones. **Help and support** - Access the Microsoft Defender ATP guide, Microsoft and Microsoft Premier support, license information, simulations & tutorials, Microsoft Defender ATP evaluation lab, consult a threat expert. **Feedback** - Provide comments about what you like or what we can do better. +**(2) Search, Community center, Localization, Help and support, Feedback** | **Search** - search by device, file, user, URL, IP, vulnerability, software, and recommendation. **Community center** - Access the Community center to learn, collaborate, and share experiences about the product. **Localization** - Set time zones. **Help and support** - Access the Defender for Endpoint guide, Microsoft and Microsoft Premier support, license information, simulations & tutorials, Defender for Endpoint evaluation lab, consult a threat expert. **Feedback** - Provide comments about what you like or what we can do better. > [!NOTE] > For devices with high resolution DPI scaling issues, please see [Windows scaling issues for high-DPI devices](https://support.microsoft.com/help/3025083/windows-scaling-issues-for-high-dpi-devices) for possible solutions. -## Microsoft Defender ATP icons +## Microsoft Defender for Endpoint icons The following table provides information on the icons used all throughout the portal: Icon | Description :---|:--- -| Microsoft Defender ATP logo +| Microsoft Defender for Endpoint logo | Alert – Indication of an activity correlated with advanced attacks. | Detection – Indication of a malware threat detection. | Active threat – Threats actively executing at the time of detection. diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md index f74d49ee22..ab2b412ae2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md +++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md @@ -21,9 +21,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint]https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) ## API description diff --git a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md index 59653a5fc2..335e716372 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md @@ -23,9 +23,9 @@ ms.topic: article **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-prefsettings-abovefoldlink) +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-prefsettings-abovefoldlink) Use the **Settings** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature. diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index fe2d128e37..3c320f4601 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -20,30 +20,30 @@ ms.collection: ms.topic: article --- -# Prepare Microsoft Defender ATP deployment +# Prepare Microsoft Defender for Endpoint deployment [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -Deploying Microsoft Defender ATP is a three-phase process: +Deploying Defender for Endpoint is a three-phase process:
- 
+
Phase 1: Prepare |
- 
+
Phase 2: Set up |
@@ -68,7 +68,7 @@ Deploying Microsoft Defender ATP is a three-phase process:
You are currently in the preparation phase.
-Preparation is key to any successful deployment. In this article, you'll be guided on the points you'll need to consider as you prepare to deploy Microsoft Defender ATP.
+Preparation is key to any successful deployment. In this article, you'll be guided on the points you'll need to consider as you prepare to deploy Defender for Endpoint.
## Stakeholders and approval
@@ -111,8 +111,7 @@ required in technologies or processes.
## Role-based access control
-Microsoft recommends using the concept of least privileges. Microsoft Defender
-ATP leverages built-in roles within Azure Active Directory. Microsoft recommends
+Microsoft recommends using the concept of least privileges. Defender for Endpoint leverages built-in roles within Azure Active Directory. Microsoft recommends
[review the different roles that are
available](https://docs.microsoft.com/azure/active-directory/active-directory-assign-admin-roles-azure-portal)
and choose the right one to solve your needs for each persona for this
@@ -132,7 +131,7 @@ Management](https://docs.microsoft.com/azure/active-directory/active-directory-p
to manage your roles to provide additional auditing, control, and access review
for users with directory permissions.
-Microsoft Defender ATP supports two ways to manage permissions:
+Defender for Endpoint supports two ways to manage permissions:
- **Basic permissions management**: Set permissions to either full access or
read-only. In the case of basic permissions management users with Global
@@ -144,7 +143,7 @@ Microsoft Defender ATP supports two ways to manage permissions:
groups access to device groups. For more information. see [Manage portal access using role-based access control](rbac.md).
Microsoft recommends leveraging RBAC to ensure that only users that have a
-business justification can access Microsoft Defender ATP.
+business justification can access Defender for Endpoint.
You can find details on permission guidelines
[here](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group).
@@ -167,16 +166,16 @@ place. The bare minimum every organization should have been an antivirus solutio
Historically, replacing any security solution used to be time intensive and difficult
to achieve due to the tight hooks into the application layer and infrastructure
-dependencies. However, because Microsoft Defender ATP is built into the
+dependencies. However, because Defender for Endpoint is built into the
operating system, replacing third-party solutions is now easy to achieve.
-Choose the component of Microsoft Defender ATP to be used and remove the ones
+Choose the component of Defender for Endpoint to be used and remove the ones
that do not apply. The table below indicates the order Microsoft recommends for
how the endpoint security suite should be enabled.
| Component | Description | Adoption Order Rank |
|-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|
-| Endpoint Detection & Response (EDR) | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 | +| Endpoint Detection & Response (EDR) | Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 | |Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including: - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities - Invaluable device vulnerability context during incident investigations - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager [Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 | | Next-generation protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes: -Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus. - Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection"). - Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research. [Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). |3 | | Attack Surface Reduction (ASR) | Attack surface reduction capabilities in Microsoft Defender ATP help protect the devices and applications in the organization from new and emerging threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) | 4 | diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md index 0609532537..8c1f70f474 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md @@ -16,15 +16,15 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article --- -# Turn on the preview experience in Microsoft Defender ATP +# Turn on the preview experience in Microsoft Defender for Endpoint [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-previewsettings-abovefoldlink) +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-previewsettings-abovefoldlink) Turn on the preview experience setting to be among the first to try upcoming features. @@ -36,8 +36,8 @@ Turn on the preview experience setting to be among the first to try upcoming fea 2. Toggle the setting between **On** and **Off** and select **Save preferences**. ## Related topics -- [Update general settings in Microsoft Defender ATP](data-retention-settings.md) -- [Turn on advanced features in Microsoft Defender ATP](advanced-features.md) -- [Configure email notifications in Microsoft Defender ATP](configure-email-notifications.md) -- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md) +- [Update general settings in Microsoft Defender for Endpoint](data-retention-settings.md) +- [Turn on advanced features in Microsoft Defender for Endpoint](advanced-features.md) +- [Configure email notifications in Microsoft Defender for Endpoint](configure-email-notifications.md) +- [Enable SIEM integration in Microsoft Defender for Endpoint](enable-siem-integration.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index 5ed93079a0..f8bc3dccad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -19,7 +19,7 @@ ms.collection: ms.topic: conceptual --- -# Microsoft Defender ATP preview features +# Microsoft Defender for Endpoint preview features [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] @@ -27,19 +27,19 @@ ms.topic: conceptual >The preview versions are provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -The Microsoft Defender ATP service is constantly being updated to include new feature enhancements and capabilities. +The Defender for Endpoint service is constantly being updated to include new feature enhancements and capabilities. > [!TIP] -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-abovefoldlink) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-abovefoldlink) -Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. +Learn about new features in the Defender for Endpoint preview release and be among the first to try upcoming features by turning on the preview experience. >[!TIP] >Get notified when this page is updated by copying and pasting the following URL into your feed reader: `https://docs.microsoft.com/api/search/rss?search=%22Microsoft+Defender+ATP+preview+features%22&locale=en-us` -For more information on new capabilities that are generally available, see [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md). +For more information on new capabilities that are generally available, see [What's new in Defender for Endpoint](whats-new-in-microsoft-defender-atp.md). ## Turn on preview features @@ -54,22 +54,22 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Preview features The following features are included in the preview release: -- [Microsoft Defender ATP for iOS](microsoft-defender-atp-ios.md) Microsoft Defender ATP now adds support for iOS. Learn how to install, configure, and use Microsoft Defender ATP for iOS. +- [Microsoft Defender for Endpoint for iOS](microsoft-defender-atp-ios.md) Microsoft Defender ATP now adds support for iOS. Learn how to install, configure, and use Microsoft Defender ATP for iOS. -- [Microsoft Defender ATP for Android](microsoft-defender-atp-android.md) Microsoft Defender ATP now adds support for Android. Learn how to install, configure, and use Microsoft Defender ATP for Android. +- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md) Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint for Android. -- [Web Content Filtering](web-content-filtering.md) Web content filtering is part of web protection capabilities in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns. +- [Web Content Filtering](web-content-filtering.md) Web content filtering is part of web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns. - [Device health and compliance report](machine-reports.md) The device health and compliance report provides high-level information about the devices in your organization. - [Information protection](information-protection-in-windows-overview.md) -Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. Microsoft Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. +Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. Microsoft Defender for Endpoint is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. >[!NOTE] >Partially available from Windows 10, version 1809. -- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-version-1803-and-windows-server-2019) Microsoft Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client devices. +- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-version-1803-and-windows-server-2019) Microsoft Defender for Endpoint now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client devices. > [!TIP] -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-belowfoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-belowfoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index a1c3772e14..516c64e1b5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -20,28 +20,28 @@ ms.collection: ms.topic: article --- -# Set up Microsoft Defender ATP deployment +# Set up Microsoft Defender for Endpoint deployment [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -Deploying Microsoft Defender ATP is a three-phase process: +Deploying Defender for Endpoint is a three-phase process:
|