From b2a7fc3bc9e14094df5a9113f08a0638a2ca4c91 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 13 Jul 2020 11:07:10 +0500
Subject: [PATCH 01/84] Link to deployment of PKI page
As suggested by user that content is missing in the document, I have linked the page with the deployment of PKI certificate.
Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6360
---
.../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index 5a7e9bb20a..898d43aaaa 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -76,7 +76,7 @@ The minimum required Enterprise certificate authority that can be used with Wind
* The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template.
* The domain controller certificate must be installed in the local computer's certificate store.
-
+See [Step-by-step example deployment of the PKI certificates](https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/network/example-deployment-of-pki-certificates).
> [!IMPORTANT]
> For Azure AD joined device to authenticate to and use on-premises resources, ensure you:
From efe389ee3bf4f59a53bd47737fa6e2fc6c2ff778 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 13 Jul 2020 14:45:26 +0500
Subject: [PATCH 02/84] Update
windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
.../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index 898d43aaaa..1772e4de58 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -74,7 +74,7 @@ The minimum required Enterprise certificate authority that can be used with Wind
* The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5).
* The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name.
* The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template.
-* The domain controller certificate must be installed in the local computer's certificate store.
+* The domain controller certificate must be installed in the local computer's certificate store. See [Step-by-step example deployment of the PKI certificates for Configuration Manager: Windows Server 2008 certification authority](https://docs.microsoft.com/mem/configmgr/core/plan-design/network/example-deployment-of-pki-certificates) for details.
See [Step-by-step example deployment of the PKI certificates](https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/network/example-deployment-of-pki-certificates).
From d46766bceefc57e2f3024b2ba5237f36b127dc10 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 13 Jul 2020 14:45:51 +0500
Subject: [PATCH 03/84] Update
windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
.../hello-for-business/hello-hybrid-key-trust-prereqs.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index 1772e4de58..d595c23de0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -76,7 +76,6 @@ The minimum required Enterprise certificate authority that can be used with Wind
* The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template.
* The domain controller certificate must be installed in the local computer's certificate store. See [Step-by-step example deployment of the PKI certificates for Configuration Manager: Windows Server 2008 certification authority](https://docs.microsoft.com/mem/configmgr/core/plan-design/network/example-deployment-of-pki-certificates) for details.
-See [Step-by-step example deployment of the PKI certificates](https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/network/example-deployment-of-pki-certificates).
> [!IMPORTANT]
> For Azure AD joined device to authenticate to and use on-premises resources, ensure you:
From 8efa046a314e4ba3cb053801f1771fdb1ebb2c23 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Thu, 30 Jul 2020 08:15:55 +0500
Subject: [PATCH 04/84] Added certificate deployment
Updated certificate deployment for WHFB as suggested by @mapalko.
---
.../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index d595c23de0..1ef40f8957 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -74,7 +74,7 @@ The minimum required Enterprise certificate authority that can be used with Wind
* The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5).
* The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name.
* The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template.
-* The domain controller certificate must be installed in the local computer's certificate store. See [Step-by-step example deployment of the PKI certificates for Configuration Manager: Windows Server 2008 certification authority](https://docs.microsoft.com/mem/configmgr/core/plan-design/network/example-deployment-of-pki-certificates) for details.
+* The domain controller certificate must be installed in the local computer's certificate store. See [Configure Hybrid Windows Hello for Business: Public Key Infrastructure](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki) for details.
> [!IMPORTANT]
From 7b738c749ef6904d5120a5e674826fbb1a7a3dd2 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Fri, 11 Dec 2020 17:44:34 +0500
Subject: [PATCH 05/84] Command Update
There was an issue with the command arguments. Made adjustments in the command.
Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8721
---
.../threat-protection/microsoft-defender-atp/linux-resources.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
index 3b12f36855..7a265a8e8c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
@@ -97,7 +97,7 @@ The following table lists commands for some of the most common scenarios. Run `m
|Configuration |Turn on/off cloud protection |`mdatp config cloud --value [enabled|disabled]` |
|Configuration |Turn on/off product diagnostics |`mdatp config cloud-diagnostic --value [enabled|disabled]` |
|Configuration |Turn on/off automatic sample submission |`mdatp config cloud-automatic-sample-submission [enabled|disabled]` |
-|Configuration |Turn on/off AV passive mode |`mdatp config passive-mode [enabled|disabled]` |
+|Configuration |Turn on/off AV passive mode |`mdatp config passive-mode --value [enabled|disabled]` |
|Configuration |Add/remove an antivirus exclusion for a file extension |`mdatp exclusion extension [add|remove] --name [extension]` |
|Configuration |Add/remove an antivirus exclusion for a file |`mdatp exclusion file [add|remove] --path [path-to-file]` |
|Configuration |Add/remove an antivirus exclusion for a directory |`mdatp exclusion folder [add|remove] --path [path-to-directory]` |
From 0afc459ed3c77cf47406db586ee904dd5746d1eb Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Fri, 11 Dec 2020 16:08:04 +0100
Subject: [PATCH 06/84] Use escape character before meta characters (pipe)
Had to suggest this additional change, seeing that the vertical pipe divider characters (logic 'or' in parameter examples) becomes interpreted as cell dividers by GitHub Flavored MarkDown.
- Add the backslash escape character in front of all pipe characters used as logic 'or' between parameter choices.
- Remove redundant (and unneeded) excessive backtick characters from inline encapsulations, only 1 (not 3) is needed.
---
.../microsoft-defender-atp/linux-resources.md | 30 +++++++++----------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
index 7a265a8e8c..969ca9675a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
@@ -75,9 +75,9 @@ There are several ways to uninstall Defender for Endpoint for Linux. If you are
### Manual uninstallation
-- ```sudo yum remove mdatp``` for RHEL and variants(CentOS and Oracle Linux).
-- ```sudo zypper remove mdatp``` for SLES and variants.
-- ```sudo apt-get purge mdatp``` for Ubuntu and Debian systems.
+- `sudo yum remove mdatp` for RHEL and variants(CentOS and Oracle Linux).
+- `sudo zypper remove mdatp` for SLES and variants.
+- `sudo apt-get purge mdatp` for Ubuntu and Debian systems.
## Configure from the command line
@@ -93,15 +93,15 @@ The following table lists commands for some of the most common scenarios. Run `m
|Group |Scenario |Command |
|----------------------|--------------------------------------------------------|-----------------------------------------------------------------------|
-|Configuration |Turn on/off real-time protection |`mdatp config real-time-protection --value [enabled|disabled]` |
-|Configuration |Turn on/off cloud protection |`mdatp config cloud --value [enabled|disabled]` |
-|Configuration |Turn on/off product diagnostics |`mdatp config cloud-diagnostic --value [enabled|disabled]` |
-|Configuration |Turn on/off automatic sample submission |`mdatp config cloud-automatic-sample-submission [enabled|disabled]` |
-|Configuration |Turn on/off AV passive mode |`mdatp config passive-mode --value [enabled|disabled]` |
-|Configuration |Add/remove an antivirus exclusion for a file extension |`mdatp exclusion extension [add|remove] --name [extension]` |
-|Configuration |Add/remove an antivirus exclusion for a file |`mdatp exclusion file [add|remove] --path [path-to-file]` |
-|Configuration |Add/remove an antivirus exclusion for a directory |`mdatp exclusion folder [add|remove] --path [path-to-directory]` |
-|Configuration |Add/remove an antivirus exclusion for a process |`mdatp exclusion process [add|remove] --path [path-to-process]`
`mdatp exclusion process [add|remove] --name [process-name]` |
+|Configuration |Turn on/off real-time protection |`mdatp config real-time-protection --value [enabled\|disabled]` |
+|Configuration |Turn on/off cloud protection |`mdatp config cloud --value [enabled\|disabled]` |
+|Configuration |Turn on/off product diagnostics |`mdatp config cloud-diagnostic --value [enabled\|disabled]` |
+|Configuration |Turn on/off automatic sample submission |`mdatp config cloud-automatic-sample-submission [enabled\|disabled]` |
+|Configuration |Turn on/off AV passive mode |`mdatp config passive-mode --value [enabled\|disabled]` |
+|Configuration |Add/remove an antivirus exclusion for a file extension |`mdatp exclusion extension [add\|remove] --name [extension]` |
+|Configuration |Add/remove an antivirus exclusion for a file |`mdatp exclusion file [add\|remove] --path [path-to-file]` |
+|Configuration |Add/remove an antivirus exclusion for a directory |`mdatp exclusion folder [add\|remove] --path [path-to-directory]` |
+|Configuration |Add/remove an antivirus exclusion for a process |`mdatp exclusion process [add\|remove] --path [path-to-process]`
`mdatp exclusion process [add\|remove] --name [process-name]` |
|Configuration |List all antivirus exclusions |`mdatp exclusion list` |
|Configuration |Add a threat name to the allowed list |`mdatp threat allowed add --name [threat-name]` |
|Configuration |Remove a threat name from the allowed list |`mdatp threat allowed remove --name [threat-name]` |
@@ -109,7 +109,7 @@ The following table lists commands for some of the most common scenarios. Run `m
|Configuration |Turn on PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action block` |
|Configuration |Turn off PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action off` |
|Configuration |Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action audit` |
-|Diagnostics |Change the log level |`mdatp log level set --level verbose [error|warning|info|verbose]` |
+|Diagnostics |Change the log level |`mdatp log level set --level verbose [error\|warning\|info\|verbose]` |
|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create` |
|Health |Check the product's health |`mdatp health` |
|Protection |Scan a path |`mdatp scan custom --path [path]` |
@@ -152,6 +152,6 @@ In the Defender for Endpoint portal, you'll see two categories of information:
- Logged on users do not appear in the Microsoft Defender Security Center portal.
- In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
- ```bash
+ ```bash
sudo SUSEConnect --status-text
- ```
+ ```
From 4172c1f5d6b0ae822486c230b648ea4fd36ceb49 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Tue, 29 Dec 2020 14:51:40 -0800
Subject: [PATCH 07/84] Create best-practices-attack-surface-reduction-rules.md
---
...ractices-attack-surface-reduction-rules.md | 32 +++++++++++++++++++
1 file changed, 32 insertions(+)
create mode 100644 windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
new file mode 100644
index 0000000000..e0b732c7ad
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -0,0 +1,32 @@
+---
+title: Best practices with attack surface reduction rules
+description: Prevent issues from arising with your attack surface reduction rules by following these best practices
+keywords: Microsoft Defender ATP, attack surface reduction, best practices
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp
+ms.reviewer: jcedola
+audience: ITPro
+ms.topic: article
+ms.prod: w10
+ms.localizationpriority: medium
+ms.custom:
+- asr
+ms.collection:
+- m365-security-compliance
+- m365initiative-defender-endpoint
+---
+
+# Best practices with attack surface reduction rules
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+
+**Applies to:**
+
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+*ASR guidance for deploying rules (links to Antonio’s blog, recommendations for deploying rules to small set of devices first, code signing, link to ASR Power BI template, and link to M365 security center reports)*
+
From 3525787146823116248e423e6fd9ba753f6ad8f1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Tue, 29 Dec 2020 14:53:34 -0800
Subject: [PATCH 08/84] Update TOC.md
---
windows/security/threat-protection/TOC.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 79487e7cc2..862dcdb459 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -82,6 +82,7 @@
#### [Attack surface reduction controls]()
##### [Attack surface reduction rules](microsoft-defender-atp/attack-surface-reduction.md)
+##### [Best practices with attack surface reduction rules](microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md)
##### [Enable attack surface reduction rules](microsoft-defender-atp/enable-attack-surface-reduction.md)
##### [Customize attack surface reduction rules](microsoft-defender-atp/customize-attack-surface-reduction.md)
##### [View attack surface reduction events](microsoft-defender-atp/event-views.md)
From e90667baf92ce836c62737bae1f493757e4df046 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Tue, 29 Dec 2020 16:00:23 -0800
Subject: [PATCH 09/84] Update best-practices-attack-surface-reduction-rules.md
---
...ractices-attack-surface-reduction-rules.md | 27 ++++++++++++++++---
1 file changed, 23 insertions(+), 4 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index e0b732c7ad..cc67b6f89e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -1,5 +1,5 @@
---
-title: Best practices with attack surface reduction rules
+title: Tips and best practices for attack surface reduction rules
description: Prevent issues from arising with your attack surface reduction rules by following these best practices
keywords: Microsoft Defender ATP, attack surface reduction, best practices
search.product: eADQiWindows 10XVcnh
@@ -19,14 +19,33 @@ ms.collection:
- m365initiative-defender-endpoint
---
-# Best practices with attack surface reduction rules
+# Tips and best practices for attack surface reduction rules
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-
**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-*ASR guidance for deploying rules (links to Antonio’s blog, recommendations for deploying rules to small set of devices first, code signing, link to ASR Power BI template, and link to M365 security center reports)*
+
+
+Whether you're about to enable or have already deployed attack surface reduction rules for your organization, see the information in this article. By using the tips and best practices in this article, you can employ attack surface reduction rules successfully and avoid potential issues.
+
+## Use a phased approach
+
+Before you roll out attack surface reduction rules in your organization, select a small set of managed devices to start. This approach enables you to see how attack surface reduction rules work in your environment and gives you flexibility in applying exclusions. You can do this with dynamic membership rules.
+
+
+
+## Use code signing for applications
+
+## Get the Power BI report template
+
+
+https://github.com/microsoft/MDATP-PowerBI-Templates
+
+## Avoid policy conflicts
+
+## See the demystifying blogs
From 9337b5f030d22f55a15554d42a658d2e890cfe65 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Tue, 29 Dec 2020 16:14:27 -0800
Subject: [PATCH 10/84] Update best-practices-attack-surface-reduction-rules.md
---
.../best-practices-attack-surface-reduction-rules.md | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index cc67b6f89e..79644b2380 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -40,12 +40,15 @@ Before you roll out attack surface reduction rules in your organization, select
## Use code signing for applications
+As a best practice, use code signing for all the applications and scripts that your organization is using. This includes internally developed applications. Using code signing helps avoid false positives with attack surface reduction rules. It can also help avoid issues with attack surface reduction rules for developers and other users within your organization.
+
## Get the Power BI report template
-
-https://github.com/microsoft/MDATP-PowerBI-Templates
+
## Avoid policy conflicts
+
+
## See the demystifying blogs
From bf788b9b594dc9cf544f85ecd184fbdab696e2a9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Tue, 29 Dec 2020 16:39:52 -0800
Subject: [PATCH 11/84] Update best-practices-attack-surface-reduction-rules.md
---
.../best-practices-attack-surface-reduction-rules.md | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 79644b2380..de07f909f2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -52,3 +52,10 @@ As a best practice, use code signing for all the applications and scripts that y
## See the demystifying blogs
+
+|Blog |Description |
+|---------|---------|
+|[Demystifying attack surface reduction rules - Part 1: Why and What](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-1/ba-p/1306420) | Get a quick overview of the Why and the What through eight questions and answers. |
+|[Demystifying attack surface reduction rules - Part 2: How](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-2/ba-p/1326565) | See how to configure attack surface reduction rules, how exclusions work, and how to define exclusions. |
+|[Demystifying attack surface reduction rules - Part 3: Reports and Troubleshooting](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-3/ba-p/1360968) | |
+|Row4 | |
From a3a05f747e7eddaac23fde5a5c91141bffc75827 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Tue, 29 Dec 2020 17:03:48 -0800
Subject: [PATCH 12/84] Update best-practices-attack-surface-reduction-rules.md
---
.../best-practices-attack-surface-reduction-rules.md | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index de07f909f2..7f28d0e038 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -52,10 +52,12 @@ As a best practice, use code signing for all the applications and scripts that y
## See the demystifying blogs
+The following table lists several blog posts that you might find helpful. All of these blogs are hosted on the [Microsoft Tech Community site](https://techcommunity.microsoft.com), under [Microsoft Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog).
|Blog |Description |
|---------|---------|
|[Demystifying attack surface reduction rules - Part 1: Why and What](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-1/ba-p/1306420) | Get a quick overview of the Why and the What through eight questions and answers. |
|[Demystifying attack surface reduction rules - Part 2: How](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-2/ba-p/1326565) | See how to configure attack surface reduction rules, how exclusions work, and how to define exclusions. |
-|[Demystifying attack surface reduction rules - Part 3: Reports and Troubleshooting](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-3/ba-p/1360968) | |
-|Row4 | |
+|[Demystifying attack surface reduction rules - Part 3: Reports and Troubleshooting](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-3/ba-p/1360968) | Learn how to view reports and information about attack surface reduction rules and their status, and how to troubleshoot issues with rule impact and operations. |
+|[Demystifying attack surface reduction rules - Part 4: Migrating](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-4/ba-p/1384425) | If you're currently using a non-Microsoft host intrusion prevention system (HIPS) and are evaluating or migrating to attack surface reduction capabilities in Microsoft Defender for Endpoint, see this blog. You'll see how custom rules you were using with your HIPS solution can map to attack surface reduction rules in Microsoft Defender for Endpoint. |
+
From dc962d76e76215e9ada5ee762adb98e44d446061 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Tue, 29 Dec 2020 17:13:05 -0800
Subject: [PATCH 13/84] Update best-practices-attack-surface-reduction-rules.md
---
.../best-practices-attack-surface-reduction-rules.md | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 7f28d0e038..487e9cd874 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -42,6 +42,10 @@ Before you roll out attack surface reduction rules in your organization, select
As a best practice, use code signing for all the applications and scripts that your organization is using. This includes internally developed applications. Using code signing helps avoid false positives with attack surface reduction rules. It can also help avoid issues with attack surface reduction rules for developers and other users within your organization.
+## View reports in the Microsoft 365 security center
+
+In the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)), go to **Reports** > **Devices** > **Attack surface reduction**.
+
## Get the Power BI report template
From f7ebe8a8e67172c8aab6e29c8128f9827c37a4be Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Tue, 29 Dec 2020 17:30:59 -0800
Subject: [PATCH 14/84] Update best-practices-attack-surface-reduction-rules.md
---
...best-practices-attack-surface-reduction-rules.md | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 487e9cd874..caf7149e05 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -44,7 +44,7 @@ As a best practice, use code signing for all the applications and scripts that y
## View reports in the Microsoft 365 security center
-In the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)), go to **Reports** > **Devices** > **Attack surface reduction**.
+In the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)), go to **Reports** > **Devices** > **Attack surface reduction**. (MORE TO COME!)
## Get the Power BI report template
@@ -52,6 +52,17 @@ In the Microsoft 365 security center ([https://security.microsoft.com](https://s
## Avoid policy conflicts
+If a conflicting policy is applied via Mobile Device Management (MDM, using Intune) and Group Policy, the setting applied from MDM will take precedence. See [Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules).
+
+Attack surface reduction rules for MEM managed devices now support new behavior for merger of settings from different policies, to create a superset of policy for each device. Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either profile would be deployed. Attack surface reduction rule merge behavior is as follows:
+- Attack surface reduction rules from the following profiles are evaluated for each device the rules apply to:
+ - Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > [Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction).
+ - Endpoint security > Attack surface reduction policy > Attack surface reduction rules.
+ - Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Attack Surface Reduction Rules.
+- Settings that do not have conflicts are added to a superset of policy for the device.
+- When two or more policies have conflicting settings, the conflicting settings are not added to the combined policy, while settings that don’t conflict are added to the superset policy that applies to a device.
+- Only the configurations for conflicting settings are held back.
+
## See the demystifying blogs
From 0d4c2d4fe938e21f6e1baead860009915e010d70 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Tue, 29 Dec 2020 17:36:15 -0800
Subject: [PATCH 15/84] Update best-practices-attack-surface-reduction-rules.md
---
.../best-practices-attack-surface-reduction-rules.md | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index caf7149e05..96874697de 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -55,12 +55,16 @@ In the Microsoft 365 security center ([https://security.microsoft.com](https://s
If a conflicting policy is applied via Mobile Device Management (MDM, using Intune) and Group Policy, the setting applied from MDM will take precedence. See [Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules).
Attack surface reduction rules for MEM managed devices now support new behavior for merger of settings from different policies, to create a superset of policy for each device. Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either profile would be deployed. Attack surface reduction rule merge behavior is as follows:
+
- Attack surface reduction rules from the following profiles are evaluated for each device the rules apply to:
- Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > [Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction).
- Endpoint security > Attack surface reduction policy > Attack surface reduction rules.
- Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Attack Surface Reduction Rules.
+
- Settings that do not have conflicts are added to a superset of policy for the device.
+
- When two or more policies have conflicting settings, the conflicting settings are not added to the combined policy, while settings that don’t conflict are added to the superset policy that applies to a device.
+
- Only the configurations for conflicting settings are held back.
From bd894640228c1881af47bea09afb255d39ae2d63 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 30 Dec 2020 14:57:24 +0500
Subject: [PATCH 16/84] Update custom-detection-rules.md
---
.../microsoft-defender-atp/custom-detection-rules.md | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 17e23e40fc..28be4b6c48 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -113,6 +113,7 @@ These actions are applied to devices in the `DeviceId` column of the query resul
- **Collect investigation package**—collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices)
- **Run antivirus scan**—performs a full Microsoft Defender Antivirus scan on the device
- **Initiate investigation**—starts an [automated investigation](automated-investigations.md) on the device
+- **Restrict app execution**—sets restrictions on device to allow only files that are signed with a Microsoft-issued certificate to run. [Learn more about restricting app execution](respond-machine-alerts.md#restrict-app-execution)
### Actions on files
@@ -121,6 +122,10 @@ These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1`
- **Allow/Block**—automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule.
- **Quarantine file**—deletes the file from its current location and places a copy in quarantine
+### Actions on users
+
+- **Mark user as compromised**-sets the users risk level to "high" in Azure Active Directory, triggering corresponding [identity protection policies](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection#risk-levels).
+
## 5. Set the rule scope.
Set the scope to specify which devices are covered by the rule:
From 081961b496ff51e25eff440724928b094748f69a Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 30 Dec 2020 15:42:28 +0500
Subject: [PATCH 17/84] Update
windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
.../microsoft-defender-atp/custom-detection-rules.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 28be4b6c48..44bf12dcfa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -124,7 +124,7 @@ These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1`
### Actions on users
-- **Mark user as compromised**-sets the users risk level to "high" in Azure Active Directory, triggering corresponding [identity protection policies](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection#risk-levels).
+- **Mark user as compromised**-sets the user's risk level to "high" in Azure Active Directory, triggering the corresponding [identity protection policies](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection#risk-levels).
## 5. Set the rule scope.
From 0726ac2d7abc646cf1b35d670b58c31bf8067502 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 30 Dec 2020 21:01:02 +0500
Subject: [PATCH 18/84] Update
windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
.../microsoft-defender-atp/custom-detection-rules.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 44bf12dcfa..3c1cbc5713 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -113,7 +113,7 @@ These actions are applied to devices in the `DeviceId` column of the query resul
- **Collect investigation package**—collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices)
- **Run antivirus scan**—performs a full Microsoft Defender Antivirus scan on the device
- **Initiate investigation**—starts an [automated investigation](automated-investigations.md) on the device
-- **Restrict app execution**—sets restrictions on device to allow only files that are signed with a Microsoft-issued certificate to run. [Learn more about restricting app execution](respond-machine-alerts.md#restrict-app-execution)
+- **Restrict app execution**—sets restrictions on the device to allow only files that are signed with a Microsoft-issued certificate to run. [Learn more about restricting app execution](respond-machine-alerts.md#restrict-app-execution)
### Actions on files
From 092e658109778d11de46a3450a469a27bba24811 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 30 Dec 2020 21:01:08 +0500
Subject: [PATCH 19/84] Update
windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
.../microsoft-defender-atp/custom-detection-rules.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 3c1cbc5713..89b5a47aa8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -124,7 +124,7 @@ These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1`
### Actions on users
-- **Mark user as compromised**-sets the user's risk level to "high" in Azure Active Directory, triggering the corresponding [identity protection policies](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection#risk-levels).
+- **Mark user as compromised**—sets the user's risk level to "high" in Azure Active Directory, triggering the corresponding [identity protection policies](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection#risk-levels).
## 5. Set the rule scope.
From b384eba9eb2b195a196a6cb8a9422e6fbc7a70e6 Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika
Date: Thu, 31 Dec 2020 19:16:42 +0530
Subject: [PATCH 20/84] Update best-practices-attack-surface-reduction-rules.md
---
...ractices-attack-surface-reduction-rules.md | 48 +++++++++++++++++--
1 file changed, 44 insertions(+), 4 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 96874697de..80da8794b6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -42,21 +42,61 @@ Before you roll out attack surface reduction rules in your organization, select
As a best practice, use code signing for all the applications and scripts that your organization is using. This includes internally developed applications. Using code signing helps avoid false positives with attack surface reduction rules. It can also help avoid issues with attack surface reduction rules for developers and other users within your organization.
-## View reports in the Microsoft 365 security center
+## View reports from various sources in Microsoft
+
+### From the Microsoft 365 security center**
In the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)), go to **Reports** > **Devices** > **Attack surface reduction**. (MORE TO COME!)
+To retrieve and view the reports generated in ([https://security.microsoft.com](https://security.microsoft.com)), ensure that the device for which you seek a report is onboarded on to Microsoft Defender ATP.
+
+### By Microsoft Defender ATP advanced hunting**
+
+Advanced hunting is a query-based threat-hunting tool of Microsoft Defender ATP. This tool generates reports based on the findings of the threat-hunting process.
+
+The **advanced hunting** tool enables the users to audit the **Of-the-last-30-days** data collected from various devices by Microsoft Defender ATP Endpoint Detection and Response (EDR). It facilitates proactive logging of any suspicious indicators and entities in the events that you explore. This tool provides flexibility in accessing data (without any restriction in category of data to be accessed). This flexibility enables the user to detect known threats and spot new threats.
+
+The reports for the ASR rules' events are generated by querying the **DeviceEvents** table.
+
+**Template of DeviceEvents table**
+
+DeviceEvents
+| where Timestamp > ago (30d)
+| where ActionType startswith "Asr"
+| summarize EventCount=count () by ActionType
+
+### By Microsoft Defender ATP machine timeline
+
+Machine timeline is another report-generating source in Microsoft Defender ATP, but with a narrower scope.
+
+Reports relating to ASR rule events can be generated for the preceding-6-months period on a specific endpoint or device.
+
+**Summarized procedure to generate report**
+
+1. Log in to **Microsoft Defender Security Center** and navigate to the **Machines** tab.
+2. Choose a machine for which you want to view the reports of its ASR rule-related events.
+3. Click **Timeline** and choose the time range for which the report is to display data.
+
+
## Get the Power BI report template
## Avoid policy conflicts
-If a conflicting policy is applied via Mobile Device Management (MDM, using Intune) and Group Policy, the setting applied from MDM will take precedence. See [Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules).
+If a conflicting policy has emerged as a result of a policy being applied from Mobile Device Management (MDM, using Intune) and Group Policy, the setting applied from MDM takes precedence. See [Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules).
-Attack surface reduction rules for MEM managed devices now support new behavior for merger of settings from different policies, to create a superset of policy for each device. Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either profile would be deployed. Attack surface reduction rule merge behavior is as follows:
+Attack surface reduction (ASR) rules for MEM-managed devices now support a new behavior for merger of settings from different policies, to create a superset of policies for each device. Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either of the profiles would be deployed. ASR rule merge behavior is as follows:
-- Attack surface reduction rules from the following profiles are evaluated for each device the rules apply to:
+Attack surface reduction (ASR) rules for MEM (Microsoft Endpoint Manager)-managed devices support a new behavior in terms of merger of the settings of policies. This behavior is described below:
+
+- If two or more policies have multiple settings configured in each of them, the settings without a conflict are merged into the superset of the policies they are mapped to.
+- If two or more policies encounter a conflict over a single setting from the various settings they are configured with, only that single setting with a conflict is held back from being merged into the superset of the policies.
+- The bundle of settings as a whole are not held back from being merged into the superset because of the single conflict-affected setting.
+- The policy as a whole is not flagged as **being in conflict** because of one of its settings being conflict affected.
+
+
+- ASR rules from the following profiles are evaluated for each device the rules apply to:
- Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > [Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction).
- Endpoint security > Attack surface reduction policy > Attack surface reduction rules.
- Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Attack Surface Reduction Rules.
From ed4b33cf41a447b10d6cd0136f31f6826aec43b8 Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika
Date: Thu, 31 Dec 2020 19:33:23 +0530
Subject: [PATCH 21/84] Update best-practices-attack-surface-reduction-rules.md
---
.../best-practices-attack-surface-reduction-rules.md | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 80da8794b6..0a09d31840 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -44,13 +44,13 @@ As a best practice, use code signing for all the applications and scripts that y
## View reports from various sources in Microsoft
-### From the Microsoft 365 security center**
+### From the Microsoft 365 security center
In the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)), go to **Reports** > **Devices** > **Attack surface reduction**. (MORE TO COME!)
To retrieve and view the reports generated in ([https://security.microsoft.com](https://security.microsoft.com)), ensure that the device for which you seek a report is onboarded on to Microsoft Defender ATP.
-### By Microsoft Defender ATP advanced hunting**
+### By Microsoft Defender ATP advanced hunting
Advanced hunting is a query-based threat-hunting tool of Microsoft Defender ATP. This tool generates reports based on the findings of the threat-hunting process.
@@ -65,6 +65,13 @@ DeviceEvents
| where ActionType startswith "Asr"
| summarize EventCount=count () by ActionType
+**Procedure**
+
+1. Navigate to **Advanced hunting** module in the **Microsoft Defender Security Center** portal.
+2. Click **Query**.
+3. Click **+ New** to create a new query.
+4. Click **Run query**. The report based on the query parameters (specified in the **Template of DeviceEvents table** section) is generated.
+
### By Microsoft Defender ATP machine timeline
Machine timeline is another report-generating source in Microsoft Defender ATP, but with a narrower scope.
From 4b6d132328c9cf139c94f23508f34b880e329f34 Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika
Date: Mon, 4 Jan 2021 18:37:55 +0530
Subject: [PATCH 22/84] Update best-practices-attack-surface-reduction-rules.md
---
...ractices-attack-surface-reduction-rules.md | 34 ++++++++++++++++---
1 file changed, 30 insertions(+), 4 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 0a09d31840..19653b1a5a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -30,13 +30,40 @@ ms.collection:
-Whether you're about to enable or have already deployed attack surface reduction rules for your organization, see the information in this article. By using the tips and best practices in this article, you can employ attack surface reduction rules successfully and avoid potential issues.
+The instructions to deploy attack surface reduction (ASR) rules in the most optimal way are available in [Demystifying attack surface reduction rules - Part 2](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-2/ba-p/1326565).
+It is highly recommended to test the ASR rules on a sample-like smaller set of devices. For information on the reasons for this recommendation and on how to deploy the ASR rules on a smaller set of devices, see **Use a phased approach** section, below, in this article.
+
+ > [!NOTE]
+> Whether you're about to enable or have already deployed ASR rules for your organization, see the information in this article. By using the tips and best practices in this article, you can employ attack surface reduction rules successfully and avoid potential issues.
+
+**Results of applying ASR rules**
+
+- The process of applying ASR rules on devices provides scope to query for reports. These queries can be implemented in the form of templates.
+
+
+
+- Once applying ASR rules to devices leads to querying for reports, there are a few sources from which reports can be queried. One of such sources is the [Microsoft 365 security center](https://security.microsoft.com)
+
+
+-
## Use a phased approach
-Before you roll out attack surface reduction rules in your organization, select a small set of managed devices to start. This approach enables you to see how attack surface reduction rules work in your environment and gives you flexibility in applying exclusions. You can do this with dynamic membership rules.
+Before you roll out attack surface reduction rules in your organization, select a small set of managed devices to start.
-
+The reasons for selecting a smaller set of devices as the sample object on which the ASR rules are to be applied are:
+
+- **Better prospects for display of ASR rules impact** - This approach enables you to see how attack surface reduction rules work in your environment. When lesser number of devices are used, the impact becomes more apparent because the ASR rules can sometimes impact a particular device to a larger extent.
+- **Ease in determining ASR rule exclusion** - Testing ASR rules on a smaller device set gives you scope to implement flexibility in exclusions. The flexibility refers to the devising combinations of **applicable-not applicable** devices for ASR rules applicability. These combinations vary depending on the results of the ASR rules testing on the smaller device set.
+
+> [!IMPORTANT]
+> You can implement the process of applying ASR rules to a smaller device set by utilizing dynamic membership rules.
+
+**How to configure dynamic membership rules**
+
+
## Use code signing for applications
@@ -115,7 +142,6 @@ Attack surface reduction (ASR) rules for MEM (Microsoft Endpoint Manager)-manage
- Only the configurations for conflicting settings are held back.
-
## See the demystifying blogs
The following table lists several blog posts that you might find helpful. All of these blogs are hosted on the [Microsoft Tech Community site](https://techcommunity.microsoft.com), under [Microsoft Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog).
From dc6a1422ef530c0659824db0176aeafda206d904 Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika
Date: Tue, 5 Jan 2021 17:29:55 +0530
Subject: [PATCH 23/84] Update controlled-folders.md
---
.../microsoft-defender-atp/controlled-folders.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
index d01c44566e..c8e81166ac 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
@@ -65,6 +65,7 @@ Windows system folders are protected by default, along with several other folder
- `c:\Users\\Pictures`
- `c:\Users\Public\Pictures`
- `c:\Users\Public\Videos`
+- `c:\Users\\Videos`
- `c:\Users\\Music`
- `c:\Users\Public\Music`
- `c:\Users\\Favorites`
From d8afba6ecda828c656854bf29d1f5a1e6baf91fc Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika
Date: Tue, 5 Jan 2021 19:14:10 +0530
Subject: [PATCH 24/84] Update best-practices-attack-surface-reduction-rules.md
---
...ractices-attack-surface-reduction-rules.md | 23 ++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 19653b1a5a..0a7fe26efc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -48,7 +48,28 @@ It is highly recommended to test the ASR rules on a sample-like smaller set of d
--
+
+**Applicable to rules' states**
+
+This section describes the best practices with regard to the states which any ASR rule can be set to, irrespective of the method used to configure or deploy the ASR rule.
+
+Prior to describing the best pratices for the ASR rules' states, it is important to know the states which an ASR rule can be set to:
+
+- **Not configured**: This is the state in which the ASR rule has been disabled. The code for this state is 0.
+- **Block**: This is the state in which the ASR rule is enabled. YThe code for this state is 1.
+- **Audit**: This is the state in which the ASR rule is evaluated about its impactive behavior toward the organization or environment in which it is deployed.
+
+**Recommendation**
+
+The recommended practice for a deployed ASR rule is to start it in **audit** mode. The reasons for recommendation of this best pratice are:
+
+1. **Access to logs and reviews**: When an ASR rule is set to **audit** mode, you can get access to the logs and reviews pertaining to it. These logs and reviews are data that helps you to analyze the impact of the ASR rule.
+2. **Rule-related decision**: The analysis findings guided by the logs and reviews help you take a decision whether to deploy or exclude the ASR rule or not. For information on ASR rule exclusion see
+
+
+
+
+
## Use a phased approach
Before you roll out attack surface reduction rules in your organization, select a small set of managed devices to start.
From 0234660baf0f9855f3eacd73ee2d02232433747e Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika
Date: Tue, 5 Jan 2021 19:52:34 +0530
Subject: [PATCH 25/84] Update best-practices-attack-surface-reduction-rules.md
---
.../best-practices-attack-surface-reduction-rules.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 0a7fe26efc..ea1d8dbfb2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -154,7 +154,7 @@ Attack surface reduction (ASR) rules for MEM (Microsoft Endpoint Manager)-manage
- ASR rules from the following profiles are evaluated for each device the rules apply to:
- Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > [Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction).
- Endpoint security > Attack surface reduction policy > Attack surface reduction rules.
- - Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Attack Surface Reduction Rules.
+ - Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Profiles > Profile Name > Properties > Configuration settings > Attack Surface Reduction Rules
- Settings that do not have conflicts are added to a superset of policy for the device.
From 4e744a03176f3b387f71d98005fe7bd3d25f7319 Mon Sep 17 00:00:00 2001
From: Benny Shilpa
Date: Fri, 8 Jan 2021 12:48:00 +0530
Subject: [PATCH 26/84] Update symantec-to-microsoft-defender-atp-setup.md
---
.../symantec-to-microsoft-defender-atp-setup.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 72385ecf92..d251f87b7a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -117,7 +117,7 @@ Microsoft Defender Antivirus can run alongside Symantec if you set Microsoft Def
|Method |What to do |
|---------|---------|
|Command Prompt |1. On a Windows device, open Command Prompt as an administrator.
2. Type `sc query windefend`, and then press Enter.
3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode. |
-|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.
2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet.
3. In the list of results, look for **AntivirusEnabled: True**. |
+|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.
2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet.
3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**.|
> [!NOTE]
> You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.
From 8910a420b285c848ad75714291673b1f4493b864 Mon Sep 17 00:00:00 2001
From: Benny Shilpa
Date: Fri, 8 Jan 2021 12:58:17 +0530
Subject: [PATCH 27/84] Update mcafee-to-microsoft-defender-setup.md
---
.../mcafee-to-microsoft-defender-setup.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 432aed7160..8b4ea42244 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -142,7 +142,7 @@ Microsoft Defender Antivirus can run alongside McAfee if you set Microsoft Defen
|Method |What to do |
|---------|---------|
|Command Prompt |1. On a Windows device, open Command Prompt as an administrator.
2. Type `sc query windefend`, and then press Enter.
3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode. |
-|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.
2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet.
3. In the list of results, look for **AntivirusEnabled: True**. |
+|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.
2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet.
3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**.|
> [!NOTE]
> You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.
From abc9f48f50788ec2ffa57a803e9f745ba3ceb7fe Mon Sep 17 00:00:00 2001
From: Benny Shilpa
Date: Fri, 8 Jan 2021 13:02:40 +0530
Subject: [PATCH 28/84] Update switch-to-microsoft-defender-setup.md
---
.../switch-to-microsoft-defender-setup.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
index c1ad46027c..cce6dd54eb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
@@ -138,7 +138,7 @@ Microsoft Defender Antivirus can run alongside your existing endpoint protection
|Method |What to do |
|---------|---------|
|Command Prompt |1. On a Windows device, open Command Prompt as an administrator.
2. Type `sc query windefend`, and then press Enter.
3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode. |
-|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.
2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet.
3. In the list of results, look for **AntivirusEnabled: True**. |
+|PowerShell |1. On a Windows device, open Windows PowerShell as an administrator.
2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet.
3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**. |
> [!NOTE]
> You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.
From 56837ef515082a92bd6802b9fc828a86251c2d06 Mon Sep 17 00:00:00 2001
From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com>
Date: Sat, 23 Jan 2021 19:07:52 +0100
Subject: [PATCH 29/84] Update install-vamt.md
adding link to ADK, removing specific version to ease maintenance of this page as we would have to update it at least once a year.
---
windows/deployment/volume-activation/install-vamt.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index 6b18acd8ae..c2737b30a4 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -49,8 +49,8 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
### Install VAMT using the ADK
-1. Download and open the [Windows 10, version 1903 ADK](https://go.microsoft.com/fwlink/?linkid=2086042) package.
-Reminder: There won't be new ADK release for 1909.
+1. Download the latest version of [Windows 10 ADK](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install)
+It is recommended to uninstall and install the latest version of ADK if you use a previous version. Existing data of VAMT is maintained in the respective VAMT database.
2. Enter an install location or use the default path, and then select **Next**.
3. Select a privacy setting, and then select **Next**.
4. Accept the license terms.
From 539a6ec83a1a5072f7482874fc5bf4a27fb51021 Mon Sep 17 00:00:00 2001
From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com>
Date: Sat, 23 Jan 2021 19:29:08 +0100
Subject: [PATCH 30/84] Update install-vamt.md
spellings / corrections
---
windows/deployment/volume-activation/install-vamt.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index c2737b30a4..3c482e49b3 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -49,8 +49,8 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
### Install VAMT using the ADK
-1. Download the latest version of [Windows 10 ADK](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install)
-It is recommended to uninstall and install the latest version of ADK if you use a previous version. Existing data of VAMT is maintained in the respective VAMT database.
+1. Download the latest version of [Windows 10 ADK](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install).
+It is recommended to uninstall ADK and install the latest version, if you use a previous version. Existing data of VAMT is maintained in the respective VAMT database.
2. Enter an install location or use the default path, and then select **Next**.
3. Select a privacy setting, and then select **Next**.
4. Accept the license terms.
From 3745db7676eb331faffe66aeb76d1fe77c4eb107 Mon Sep 17 00:00:00 2001
From: Guillaume Aubert <44520046+gaubert-ms@users.noreply.github.com>
Date: Tue, 26 Jan 2021 10:55:11 +0100
Subject: [PATCH 31/84] Update passwordless-strategy.md
Missing "System" in GPO path
---
.../hello-for-business/passwordless-strategy.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
index dd1b6b18e0..87e71bc747 100644
--- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
+++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
@@ -216,7 +216,7 @@ The policy name for these operating systems is **Interactive logon: Require Wind
When you enable this security policy setting, Windows prevents users from signing in or unlocking with a password. The password credential provider remains visible to the user. If a user tries to use a password, Windows informs the user they must use Windows Hello for Business or a smart card.
#### Excluding the password credential provider
-You can use Group Policy to deploy an administrative template policy setting to the computer. This policy setting is found under **Computer Configuration > Policies > Administrative Templates > Logon**
+You can use Group Policy to deploy an administrative template policy setting to the computer. This policy setting is found under **Computer Configuration > Policies > Administrative Templates > System > Logon**
The name of the policy setting is **Exclude credential providers**. The value to enter in the policy to hide the password credential provider is **60b78e88-ead8-445c-9cfd-0b87f74ea6cd**.
From cf5684d08b22e3cc90316984028b006030ded975 Mon Sep 17 00:00:00 2001
From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com>
Date: Tue, 26 Jan 2021 19:07:58 +0100
Subject: [PATCH 32/84] Update
windows/deployment/volume-activation/install-vamt.md
Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
windows/deployment/volume-activation/install-vamt.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index 3c482e49b3..8fc4fde224 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -50,7 +50,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
### Install VAMT using the ADK
1. Download the latest version of [Windows 10 ADK](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install).
-It is recommended to uninstall ADK and install the latest version, if you use a previous version. Existing data of VAMT is maintained in the respective VAMT database.
+ If an older version is already installed, it is recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database.
2. Enter an install location or use the default path, and then select **Next**.
3. Select a privacy setting, and then select **Next**.
4. Accept the license terms.
From c4fc310164a58e2b58f7dc09ab41691c44a45c8c Mon Sep 17 00:00:00 2001
From: Anders Ahl <58516456+GenerAhl@users.noreply.github.com>
Date: Wed, 27 Jan 2021 14:16:03 +0100
Subject: [PATCH 33/84] Update waas-manage-updates-wufb.md
It is not clear what version of Office is managed by WUfB. With the majority of users using C2R versions, we should point out that Windows Update only patches MSI-versions.
---
windows/deployment/update/waas-manage-updates-wufb.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 1a27cda457..c6548529a8 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -49,7 +49,7 @@ Windows Update for Business provides management policies for several types of up
- **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released semi-annually in the fall and in the spring.
- **Quality updates:** Quality updates are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as updates for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and you can set devices to receive such updates (or not) along with their Windows updates.
- **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer.
-- **Microsoft product updates**: Updates for other Microsoft products, such as Office. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
+- **Microsoft product updates**: Updates for other Microsoft products, such as Office MSI (Office Click-to-Run is not patched through Windows update). Product updates are off by default. You can turn them on by using Windows Update for Business policies.
## Offering
From 2d5030b41f663590154cdf47afb85ecce5a101db Mon Sep 17 00:00:00 2001
From: Jane Muriranja <68369324+JaneM-02@users.noreply.github.com>
Date: Thu, 28 Jan 2021 22:55:56 +0300
Subject: [PATCH 34/84] Update manage-windows-2004-endpoints.md
Adding 'adl.windows.com'
---
windows/privacy/manage-windows-2004-endpoints.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/windows/privacy/manage-windows-2004-endpoints.md b/windows/privacy/manage-windows-2004-endpoints.md
index c6f1fd140f..aea5913427 100644
--- a/windows/privacy/manage-windows-2004-endpoints.md
+++ b/windows/privacy/manage-windows-2004-endpoints.md
@@ -113,6 +113,7 @@ The following methodology was used to derive these network endpoints:
|||HTTP|*.windowsupdate.com|
||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTPS|*.delivery.mp.microsoft.com|
|||TLSv1.2|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTP|adl.windows.com|
||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|TLSv1.2|tsfe.trafficshaping.dsp.mp.microsoft.com|
|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
|||TLSv1.2|dlassets-ssl.xboxlive.com|
From 098fadffe74b309909c6a4de723156a405223a0e Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Fri, 29 Jan 2021 17:22:30 +0100
Subject: [PATCH 35/84] Update indicator-ip-domain.md
indicators are also supported on iOS
---
.../microsoft-defender-atp/indicator-ip-domain.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index 2fd5f9cce1..bfa5bf0c44 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -46,6 +46,7 @@ It's important to understand the following prerequisites prior to creating indic
- The Antimalware client version must be 4.18.1906.x or later.
- Supported on machines on Windows 10, version 1709 or later.
- Ensure that **Custom network indicators** is enabled in **Microsoft Defender Security Center > Settings > Advanced features**. For more information, see [Advanced features](advanced-features.md).
+- For support of indicators on iOS, please [see](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features#configure-custom-indicators)
>[!IMPORTANT]
From fa72b22985f0b4b466df2b91c0d845cbbd77dacc Mon Sep 17 00:00:00 2001
From: "Nisha Mittal (Wipro Ltd.)"
Date: Fri, 29 Jan 2021 18:26:51 -0800
Subject: [PATCH 36/84] Need to update Windows 10 Release Information Page Url
in all the docs pages wherever used from "windows/release-information" to
"windows/release-health/release-information" as we are changing base url for
that repo.
---
windows/client-management/mdm/policy-csp-update.md | 2 +-
windows/deployment/planning/features-lifecycle.md | 2 +-
.../update/update-compliance-schema-waasinsiderstatus.md | 2 +-
.../update/update-compliance-schema-waasupdatestatus.md | 2 +-
windows/deployment/update/waas-manage-updates-wufb.md | 4 ++--
windows/deployment/update/waas-overview.md | 2 +-
windows/deployment/update/waas-wufb-csp-mdm.md | 2 +-
windows/deployment/upgrade/windows-10-upgrade-paths.md | 2 +-
windows/hub/TOC.md | 2 +-
windows/hub/breadcrumb/toc.yml | 2 +-
windows/hub/index.yml | 2 +-
...ent-changes-to-security-settings-with-tamper-protection.md | 2 +-
.../mcafee-to-microsoft-defender-prepare.md | 4 ++--
.../mcafee-to-microsoft-defender-setup.md | 2 +-
.../switch-to-microsoft-defender-prepare.md | 4 ++--
.../switch-to-microsoft-defender-setup.md | 2 +-
.../symantec-to-microsoft-defender-atp-prepare.md | 4 ++--
.../symantec-to-microsoft-defender-atp-setup.md | 2 +-
windows/whats-new/index.md | 2 +-
windows/whats-new/ltsc/index.md | 2 +-
20 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index df70a21a7c..bc6e5f1c7f 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4332,7 +4332,7 @@ The following list shows the supported values:
-Available in Windows 10, version 1803 and later. Enables IT administrators to specify which version they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).
+Available in Windows 10, version 1803 and later. Enables IT administrators to specify which version they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information/).
ADMX Info:
diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index 9469d47cb7..2b515fbbd0 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -42,4 +42,4 @@ The following terms can be used to describe the status that might be assigned to
## Also see
-[Windows 10 release information](https://docs.microsoft.com/windows/release-information/)
+[Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information)
diff --git a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
index 2ddf505e62..52147e7fab 100644
--- a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
@@ -26,7 +26,7 @@ WaaSInsiderStatus records contain device-centric data and acts as the device rec
|**OSArchitecture** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`amd64` |The architecture of the Operating System. |
|**OSName** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
|**OSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
-|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-information/). |
+|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-health/release-information). |
|**OSRevisionNumber** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`720` |An integer value for the revision number of the currently-installed Windows 10 OSBuild on the device. |
|**OSEdition** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Enterprise` |The Windows 10 Edition or SKU. |
|**OSFamily** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows.Desktop` |The Device Family of the device. Only `Windows.Desktop` is currently supported. |
diff --git a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
index 0b5adb4096..72389ab819 100644
--- a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
@@ -33,7 +33,7 @@ WaaSUpdateStatus records contain device-centric data and acts as the device reco
|**OSArchitecture** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`amd64` |The architecture of the Operating System. |
|**OSName** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
|**OSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
-|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-information/). |
+|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-health/release-information). |
|**OSRevisionNumber** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`720` |An integer value for the revision number of the currently-installed Windows 10 OSBuild on the device. |
|**OSCurrentStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Current` |*Deprecated* Whether or not the device is on the latest Windows Feature Update available, as well as the latest Quality Update for that Feature Update. |
|**OSEdition** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Enterprise` |The Windows 10 Edition or SKU. |
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 1a27cda457..3490e22ae0 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -67,7 +67,7 @@ The branch readiness level enables administrators to specify which channel of fe
- Windows Insider Release Preview
- Semi-Annual Channel
-Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days are calculated against a release’s Semi-Annual Channel release date. For exact release dates, see [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. To use this policy to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
+Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days are calculated against a release’s Semi-Annual Channel release date. For exact release dates, see [Windows Release Information](https://docs.microsoft.com/windows/release-health/release-information). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. To use this policy to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
#### Defer an update
@@ -188,7 +188,7 @@ The branch readiness level enables administrators to specify which channel of fe
- Windows Insider Release Preview
- Semi-Annual Channel for released updates
-Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days will be calculated against a release's Semi-Annual Channel release date. To see release dates, visit [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
+Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days will be calculated against a release's Semi-Annual Channel release date. To see release dates, visit [Windows Release Information](https://docs.microsoft.com/windows/release-health/release-information). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
### Recommendations
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 76e17626d7..094f58c685 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -101,7 +101,7 @@ In Windows 10, rather than receiving several updates each month and trying to fi
To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how frequently their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity.
-With that in mind, Windows 10 offers three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).
+With that in mind, Windows 10 offers three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).
The concept of servicing channels is new, but organizations can use the same management tools they used to manage updates and upgrades in previous versions of Windows. For more information about the servicing tool options for Windows 10 and their capabilities, see [Servicing tools](#servicing-tools).
diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md
index d7a01438ab..82617b0e13 100644
--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@@ -105,7 +105,7 @@ Now all devices are paused from updating for 35 days. When the pause is removed,
#### I want to stay on a specific version
-If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the [Update/TargetReleaseVersion](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) (or Deploy Feature Updates Preview in Intune) instead of using feature update deferrals. When you use this policy, specify the version that you want your device(s) to move to or stay on (for example, "1909"). You can find version information at the [Windows 10 Release Information Page](https://docs.microsoft.com/windows/release-information/).
+If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the [Update/TargetReleaseVersion](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) (or Deploy Feature Updates Preview in Intune) instead of using feature update deferrals. When you use this policy, specify the version that you want your device(s) to move to or stay on (for example, "1909"). You can find version information at the [Windows 10 Release Information Page](https://docs.microsoft.com/windows/release-health/release-information).
### Manage how users experience updates
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index 37da456194..ca70223a2c 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -30,7 +30,7 @@ If you are also migrating to a different edition of Windows, see [Windows 10 edi
>
> **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
>
-> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](https://docs.microsoft.com/windows/release-information/) to Windows 10 LTSC is not supported. **Note**: Windows 10 LTSC 2015 did not block this upgrade path. This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch the option 'Keep personal files and apps' will be grayed out. The command line would be **setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx**, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be **setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43**.
+> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](https://docs.microsoft.com/windows/release-health/release-information) to Windows 10 LTSC is not supported. **Note**: Windows 10 LTSC 2015 did not block this upgrade path. This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch the option 'Keep personal files and apps' will be grayed out. The command line would be **setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx**, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be **setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43**.
>
> **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
>
diff --git a/windows/hub/TOC.md b/windows/hub/TOC.md
index 25ef07d002..eaeb093642 100644
--- a/windows/hub/TOC.md
+++ b/windows/hub/TOC.md
@@ -1,6 +1,6 @@
# [Windows 10](index.yml)
## [What's new](/windows/whats-new)
-## [Release information](/windows/release-information)
+## [Release information](/windows/release-health)
## [Deployment](/windows/deployment)
## [Configuration](/windows/configuration)
## [Client management](/windows/client-management)
diff --git a/windows/hub/breadcrumb/toc.yml b/windows/hub/breadcrumb/toc.yml
index a28aaa3b77..e2971f2d84 100644
--- a/windows/hub/breadcrumb/toc.yml
+++ b/windows/hub/breadcrumb/toc.yml
@@ -27,7 +27,7 @@
topicHref: /windows/client-management/mdm/index
- name: Release information
tocHref: /windows/release-information/
- topicHref: /windows/release-information/index
+ topicHref: /windows/release-health/release-information
- name: Privacy
tocHref: /windows/privacy/
topicHref: /windows/privacy/index
diff --git a/windows/hub/index.yml b/windows/hub/index.yml
index 75355791f6..bac6a47a7b 100644
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@@ -33,7 +33,7 @@ landingContent:
- text: What's new in Windows 10, version 1909
url: /windows/whats-new/whats-new-windows-10-version-1909
- text: Windows 10 release information
- url: https://docs.microsoft.com/windows/release-information/
+ url: https://docs.microsoft.com/windows/release-health/release-information
# Card (optional)
- title: Configuration
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index 4a620da214..d56e4a120b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -98,7 +98,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-
1. Make sure your organization meets all of the following requirements to use Intune to manage tamper protection:
- Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.)
- - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).)
+ - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).)
- You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above).
- Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index 8108d9e245..e3c03a1566 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -110,10 +110,10 @@ To enable communication between your devices and Microsoft Defender for Endpoint
|Capabilities | Operating System | Resources |
|--|--|--|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
|EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)
- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)
- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
|EDR |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)
- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)
|
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)
- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)
|
|Antivirus |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
|Antivirus |Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index bf07f58bcb..33da9af409 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -168,7 +168,7 @@ The specific exclusions to configure depend on which version of Windows your end
|OS |Exclusions |
|--|--|
-|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))
- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`
|
+|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))
- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`
|
|- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)
- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)
- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`
**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.
`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
## Add McAfee to the exclusion list for Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
index a49d62bf03..6898a5ff90 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
@@ -100,10 +100,10 @@ To enable communication between your devices and Microsoft Defender for Endpoint
|Capabilities | Operating System | Resources |
|--|--|--|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
|EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)
- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)
- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
|EDR |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)
- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)
|
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)
- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)
|
|Antivirus |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
|Antivirus |Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
index 639bbd689d..f4b0d0633b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
@@ -164,7 +164,7 @@ The specific exclusions to configure depend on which version of Windows your end
|OS |Exclusions |
|--|--|
-|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))
- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`
|
+|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))
- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`
|
|- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)
- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)
- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`
**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.
`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
## Add your existing solution to the exclusion list for Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 4d58af47fd..1833f80a00 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -80,10 +80,10 @@ To enable communication between your devices and Microsoft Defender for Endpoint
|Capabilities | Operating System | Resources |
|:----|:----|:---|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information/)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
|EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)
- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)
- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
|EDR |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)
- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)
|
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information/)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)
- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)
|
|Antivirus |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft -Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
|Antivirus |Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 8648a57da9..d99d0d1d39 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -138,7 +138,7 @@ This step of the setup process involves adding Microsoft Defender for Endpoint t
|OS |Exclusions |
|--|--|
-|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))
- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`
|
+|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))
- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`
`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`
|
|- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)
- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)
- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`
**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.
`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`
`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
## Add Symantec to the exclusion list for Microsoft Defender Antivirus
diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md
index 559ab66233..89b398d5a5 100644
--- a/windows/whats-new/index.md
+++ b/windows/whats-new/index.md
@@ -28,7 +28,7 @@ Windows 10 provides IT professionals with advanced protection against modern sec
## Learn more
-- [Windows 10 release information](https://docs.microsoft.com/windows/release-information/)
+- [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information/)
- [Windows 10 release health dashboard](https://docs.microsoft.com/windows/release-information/status-windows-10-2004)
- [Windows 10 update history](https://support.microsoft.com/help/4555932/windows-10-update-history)
- [What’s new for business in Windows 10 Insider Preview Builds](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new)
diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md
index 09f32c39f4..61f137f85b 100644
--- a/windows/whats-new/ltsc/index.md
+++ b/windows/whats-new/ltsc/index.md
@@ -49,4 +49,4 @@ For detailed information about Windows 10 servicing, see [Overview of Windows as
## See Also
[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.
-[Windows 10 - Release information](https://docs.microsoft.com/windows/windows-10/release-information): Windows 10 current versions by servicing option.
+[Windows 10 - Release information](https://docs.microsoft.com/windows/release-health/release-information): Windows 10 current versions by servicing option.
From 87d4839f8baf1e1f4540dc6fae82fa886c6b9968 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Mon, 1 Feb 2021 23:26:36 +0100
Subject: [PATCH 37/84] MarkDown code blocks & whitespace (ref. #9053)
Corrections to PR #9053 / commit https://github.com/MicrosoftDocs/windows-itpro-docs/commit/9856688ff24ecbf4fe47f7446b9ef9182d2de3a4
A misunderstanding in PR #9053 caused the addition of unneeded & unwanted blank lines within the PowerShell PUA code blocks for the 3 variations of `Set-MpPreference -PUAProtection` and the console output, as well as missing the opportunity to add editorial blank lines below the code blocks, for easier future editing.
Ref. PR #9053 / commit https://github.com/MicrosoftDocs/windows-itpro-docs/commit/9856688ff24ecbf4fe47f7446b9ef9182d2de3a4
---
...lly-unwanted-apps-microsoft-defender-antivirus.md | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 5b962456c2..15e0a33178 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -134,19 +134,17 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
##### To enable PUA protection
```PowerShell
-
Set-MpPreference -PUAProtection Enabled
-
```
+
Setting the value for this cmdlet to `Enabled` turns the feature on if it has been disabled.
##### To set PUA protection to audit mode
```PowerShell
-
Set-MpPreference -PUAProtection AuditMode
-
```
+
Setting `AuditMode` detects PUAs without blocking them.
##### To disable PUA protection
@@ -154,10 +152,9 @@ Setting `AuditMode` detects PUAs without blocking them.
We recommend keeping PUA protection turned on. However, you can turn it off by using the following cmdlet:
```PowerShell
-
Set-MpPreference -PUAProtection Disabled
-
```
+
Setting the value for this cmdlet to `Disabled` turns the feature off if it has been enabled.
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
@@ -167,7 +164,6 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoint Manager or in Intune. You can also use the `Get-MpThreat` cmdlet to view threats that Microsoft Defender Antivirus handled. Here's an example:
```console
-
CategoryID : 27
DidThreatExecute : False
IsActive : False
@@ -188,7 +184,7 @@ See [Troubleshoot event IDs](troubleshoot-microsoft-defender-antivirus.md) for d
### Allow-listing apps
-Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be allow-listed.
+Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be allow-listed.
For more information, see [Recommended antivirus exclusions for Configuration Manager site servers, site systems, and clients](https://docs.microsoft.com/troubleshoot/mem/configmgr/recommended-antivirus-exclusions#exclusions).
From 1cce4fea20d4e5be3b494a006c8887283e6f226a Mon Sep 17 00:00:00 2001
From: isbrahm <43386070+isbrahm@users.noreply.github.com>
Date: Tue, 2 Feb 2021 15:56:18 -0800
Subject: [PATCH 38/84] WDAC Intune OMA URI document 350K limit
- Document that files deployed through custom oma-uri must be less than 350K bytes in size
- Change warnings into 'removing policies' sections
- Remove line indicating support for Server 2016
---
...plication-control-policies-using-intune.md | 29 ++++++++++++-------
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
index 8eb3de7a42..1f84641636 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
@@ -23,11 +23,8 @@ ms.technology: mde
**Applies to:**
- Windows 10
-- Windows Server 2016
-You can use Microsoft Endpoint Manager (MEM) Intune to configure Windows Defender Application Control (WDAC). Intune includes native support for WDAC, which allows you to configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or to also allow reputable apps as defined by the Intelligent Security Graph (ISG). Using the built-in policies can be a helpful starting point, but many customers may find the available circle-of-trust options to be too limited.
-
-In order to deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. Beginning in 1903, Custom OMA-URI policy deployment leverages the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies. Custom OMA-URI can also be used on pre-1903 systems to deploy custom policies via the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp).
+You can use Microsoft Endpoint Manager (MEM) Intune to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which allows you to configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or to also allow reputable apps as defined by the Intelligent Security Graph (ISG). Using the built-in policies can be a helpful starting point, but many customers may find the available circle-of-trust options to be too limited. In order to deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI.
## Using Intune's Built-In Policies
@@ -50,9 +47,15 @@ Setting "Trust apps with good reputation" to enabled is equivalent to adding [Op
## Using a Custom OMA-URI Profile
+> [!NOTE]
+> Policies deployed through Intune Custom OMA-URI are subject to a 350,000 byte limit. Customers whose devices are running 1903+ builds of Windows are encouraged to use [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) which are more streamlined and less than 350K bytes in size.
+
### For 1903+ systems
-The steps to use Intune's Custom OMA-URI functionality to leverage the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp) and deploy a custom WDAC policy to 1903+ systems are:
+Beginning in 1903, Custom OMA-URI policy deployment leverages the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies.
+
+#### Deploying policies
+The steps to use Intune's Custom OMA-URI functionality are:
1. Know a generated policy's GUID, which can be found in the policy xml as ``
2. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
@@ -65,11 +68,13 @@ The steps to use Intune's Custom OMA-URI functionality to leverage the [Applicat
-> [!NOTE]
-> Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to functionally do a rebootless delete, replace the existing policy with an Allow All policy (found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml) and then delete the updated policy. This will immediately prevent anything from being blocked and fully deactive the policy on the next reboot.
+#### Removing policies
+
+Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to functionally do a rebootless delete, first replace the existing policy with an Allow All policy (found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml) and then delete the updated policy. This will immediately prevent anything from being blocked and fully deactive the policy on the next reboot.
### For pre-1903 systems
+#### Deploying policies
The steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp) and deploy a custom WDAC policy to pre-1903 systems are:
1. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
@@ -79,9 +84,11 @@ The steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocke
- **OMA-URI**: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy)
- **Data type**: Base64
- **Certificate file**: upload your binary format policy file
-
-> [!NOTE]
-> Policies deployed through Intune via the AppLocker CSP cannot be deleted through the Intune console. In order to disable WDAC policy enforcement, either deploy an audit-mode policy and/or use a script to delete the existing policy.
-
+
> [!NOTE]
> Deploying policies via the AppLocker CSP will force a reboot during OOBE.
+
+#### Removing policies
+
+Policies deployed through Intune via the AppLocker CSP cannot be deleted through the Intune console. In order to disable WDAC policy enforcement, either deploy an audit-mode policy and/or use a script to delete the existing policy.
+
From be750af7cd7d5741d368495e7c2f022d8d8fd8a8 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha
Date: Wed, 3 Feb 2021 13:05:19 +0530
Subject: [PATCH 39/84] update-per-4838104
updated link
---
.../microsoft-defender-atp/overview-hardware-based-isolation.md | 2 +-
.../microsoft-defender-atp/partner-applications.md | 2 +-
.../microsoft-defender-atp/partner-integration.md | 2 +-
.../threat-protection/microsoft-defender-atp/portal-overview.md | 2 +-
.../microsoft-defender-atp/post-ti-indicator.md | 2 +-
.../microsoft-defender-atp/preferences-setup.md | 2 +-
.../microsoft-defender-atp/prepare-deployment.md | 2 +-
.../microsoft-defender-atp/preview-settings.md | 2 +-
.../threat-protection/microsoft-defender-atp/preview.md | 2 +-
.../microsoft-defender-atp/production-deployment.md | 2 +-
.../microsoft-defender-atp/pull-alerts-using-rest-api.md | 2 +-
.../microsoft-defender-atp/raw-data-export-event-hub.md | 2 +-
.../microsoft-defender-atp/raw-data-export-storage.md | 2 +-
.../threat-protection/microsoft-defender-atp/raw-data-export.md | 2 +-
.../security/threat-protection/microsoft-defender-atp/rbac.md | 2 +-
.../threat-protection/microsoft-defender-atp/recommendation.md | 2 +-
.../microsoft-defender-atp/respond-file-alerts.md | 2 +-
.../microsoft-defender-atp/respond-machine-alerts.md | 2 +-
.../microsoft-defender-atp/restrict-code-execution.md | 2 +-
.../threat-protection/microsoft-defender-atp/review-alerts.md | 2 +-
.../microsoft-defender-atp/run-advanced-query-api.md | 2 +-
.../run-advanced-query-sample-powershell.md | 2 +-
.../microsoft-defender-atp/run-advanced-query-sample-python.md | 2 +-
.../threat-protection/microsoft-defender-atp/run-av-scan.md | 2 +-
.../microsoft-defender-atp/run-detection-test.md | 2 +-
25 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
index 0e43599b7f..904f3ed93e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
@@ -23,7 +23,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Microsoft Defender for Endpoint.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index d4b17c7972..8e1a337484 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md
index 5aae40dce1..1e859d8565 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
index 302c9405a3..dbdcd3ec28 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
index f019e3a9d3..7c0f31ec8b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md
index aba7dce04f..eae61c0ac8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-prefsettings-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
index c39bab20ac..542f254a7e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
@@ -27,7 +27,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
index f821f26626..fc271cdeb0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
@@ -23,7 +23,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-previewsettings-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md
index 508d8c7ff6..f938477d13 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md
@@ -28,7 +28,7 @@ ms.technology: mde
>The preview versions are provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
The Defender for Endpoint service is constantly being updated to include new feature enhancements and capabilities.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
index b773ed3d47..e0471276f9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
@@ -27,7 +27,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
Deploying Defender for Endpoint is a three-phase process:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
index 49d143d897..6a64739449 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
@@ -23,7 +23,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
index 6fe781ca15..34f6e68ce9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
index 84b4d64c9c..436460fd43 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
index 5498729b00..6ff321c4c2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/rbac.md b/windows/security/threat-protection/microsoft-defender-atp/rbac.md
index 2cbeaf06af..3b41b0af7b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/rbac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/rbac.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
- Azure Active Directory
- Office 365
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-rbac-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
index bd7d795620..0f68bbd5d8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
index 4040df0a11..dff9f2f7e1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
[!include[Prerelease information](../../includes/prerelease.md)]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
index 43c6ea2779..04e022b88d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-respondmachine-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
index a78424ca79..0bbd14dfc5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
index 3a560a21fe..7c65cd23e5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
@@ -26,7 +26,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
index 1f52029bfe..e50d7962b8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@@ -23,7 +23,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
index 3435095384..3d998f112b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
index db8dce54e7..d48747a4ee 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
@@ -23,7 +23,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
index 68a10a5e99..e57ab8cdb4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
index 278c62f37e..4972dbb989 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
@@ -31,7 +31,7 @@ ms.technology: mde
- Windows Server 2016
- Windows Server, version 1803
- Windows Server, 2019
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
Run the following PowerShell script on a newly onboarded device to verify that it is properly reporting to the Defender for Endpoint service.
From 8f2bbf1750709b4469c5512abe8200bc940bdc6d Mon Sep 17 00:00:00 2001
From: Lovina Saldanha
Date: Wed, 3 Feb 2021 13:45:29 +0530
Subject: [PATCH 40/84] updated-per-4838104
updated link
---
.../security/threat-protection/microsoft-defender-atp/score.md | 2 +-
.../microsoft-defender-atp/security-operations-dashboard.md | 2 +-
.../threat-protection/microsoft-defender-atp/service-status.md | 2 +-
.../microsoft-defender-atp/set-device-value.md | 2 +-
.../threat-protection/microsoft-defender-atp/software.md | 2 +-
.../microsoft-defender-atp/stop-and-quarantine-file.md | 2 +-
.../microsoft-defender-atp/threat-analytics.md | 2 +-
.../threat-and-vuln-mgt-event-timeline.md | 2 +-
.../microsoft-defender-atp/threat-indicator-concepts.md | 2 +-
.../microsoft-defender-atp/threat-protection-integration.md | 2 +-
.../microsoft-defender-atp/threat-protection-reports.md | 2 +-
.../threat-protection/microsoft-defender-atp/ti-indicator.md | 2 +-
.../threat-protection/microsoft-defender-atp/time-settings.md | 2 +-
.../microsoft-defender-atp/troubleshoot-asr.md | 2 +-
.../microsoft-defender-atp/troubleshoot-collect-support-log.md | 2 +-
.../troubleshoot-exploit-protection-mitigations.md | 2 +-
.../microsoft-defender-atp/troubleshoot-live-response.md | 2 +-
.../threat-protection/microsoft-defender-atp/troubleshoot-np.md | 2 +-
.../troubleshoot-onboarding-error-messages.md | 2 +-
.../microsoft-defender-atp/troubleshoot-onboarding.md | 2 +-
.../microsoft-defender-atp/troubleshoot-siem.md | 2 +-
.../microsoft-defender-atp/tvm-assign-device-value.md | 2 +-
.../microsoft-defender-atp/tvm-dashboard-insights.md | 2 +-
.../microsoft-defender-atp/tvm-end-of-support-software.md | 2 +-
.../threat-protection/microsoft-defender-atp/tvm-exception.md | 2 +-
.../microsoft-defender-atp/tvm-exposure-score.md | 2 +-
.../microsoft-defender-atp/tvm-hunt-exposed-devices.md | 2 +-
27 files changed, 27 insertions(+), 27 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md
index 16a1f602bb..53e562a73f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/score.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
index 4215777b33..fae7709749 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/service-status.md b/windows/security/threat-protection/microsoft-defender-atp/service-status.md
index e4c2b710e3..c0c35a7e8e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/service-status.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/service-status.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
index 66e0dfcd99..897caae4d4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md
index cbe9c7e0d5..57abac6d07 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/software.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
index 6ab096b9f7..b014a28500 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
index a7163a294f..fb8f606070 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
@@ -26,7 +26,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
With more sophisticated adversaries and new threats emerging frequently and prevalently, it's critical to be able to quickly:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
index 75b6243eea..5580c259e4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md b/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md
index 6d076ba18e..07cd63cd6f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
index f825bed722..008d62b7e0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
## Integrate with other Microsoft solutions
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md
index de27be571b..2a0ec4b9d7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
The threat protection report provides high-level information about alerts generated in your organization. The report includes trending information showing the detection sources, categories, severities, statuses, classifications, and determinations of alerts across time.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
index 1eb4f26891..9024d8e68e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/time-settings.md b/windows/security/threat-protection/microsoft-defender-atp/time-settings.md
index efce09619a..a72be4ef7a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/time-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/time-settings.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
index c25e934d20..c2cd43a76f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
When you use [attack surface reduction rules](attack-surface-reduction.md) you may run into issues, such as:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md
index a0705e4829..cece3ee059 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md
@@ -22,7 +22,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
When contacting support, you may be asked to provide the output package of the Microsoft Defender for Endpoint Client Analyzer tool.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md
index 6169ebd01f..bcbb795dcb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
When you create a set of exploit protection mitigations (known as a configuration), you might find that the configuration export and import process does not remove all unwanted mitigations.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
index 222234bfb9..939c5167c2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
This page provides detailed steps to troubleshoot live response issues.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
index 05563e45c4..f302922f27 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- IT administrators
When you use [Network protection](network-protection.md) you may encounter issues, such as:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
index 995a0869a4..fe5e9fa8d6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
@@ -23,7 +23,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
index 52bbe320a4..77b31cad57 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Windows Server 2012 R2
- Windows Server 2016
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md
index d1f622f732..b9315feb71 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md
index ba994dd266..b0e538e2a4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md
@@ -26,7 +26,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
index 5eea3a7195..ee7f0fb3c1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md
index c28f1e8ea5..996b96291c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
index 0a6e51b1a0..31e7e872a1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
index 4c7a90fef7..86febc3e3d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md
index 9f049bbf57..bb694d231b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md
@@ -26,7 +26,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
From 8a2a8702e94901310404409eca98a2a319a06927 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha
Date: Wed, 3 Feb 2021 14:21:05 +0530
Subject: [PATCH 41/84] updated-4838104-batch13
updated link
---
.../tvm-microsoft-secure-score-devices.md | 2 +-
.../microsoft-defender-atp/tvm-prerequisites.md | 2 +-
.../threat-protection/microsoft-defender-atp/tvm-remediation.md | 2 +-
.../microsoft-defender-atp/tvm-security-recommendation.md | 2 +-
.../microsoft-defender-atp/tvm-software-inventory.md | 2 +-
.../microsoft-defender-atp/tvm-supported-os.md | 2 +-
.../microsoft-defender-atp/tvm-vulnerable-devices-report.md | 2 +-
.../threat-protection/microsoft-defender-atp/tvm-weaknesses.md | 2 +-
.../microsoft-defender-atp/tvm-zero-day-vulnerabilities.md | 2 +-
.../microsoft-defender-atp/unisolate-machine.md | 2 +-
.../microsoft-defender-atp/unrestrict-code-execution.md | 2 +-
.../threat-protection/microsoft-defender-atp/update-alert.md | 2 +-
.../security/threat-protection/microsoft-defender-atp/use.md | 2 +-
.../threat-protection/microsoft-defender-atp/user-roles.md | 2 +-
.../security/threat-protection/microsoft-defender-atp/user.md | 2 +-
.../microsoft-defender-atp/view-incidents-queue.md | 2 +-
.../threat-protection/microsoft-defender-atp/vulnerability.md | 2 +-
.../whats-new-in-microsoft-defender-atp.md | 2 +-
18 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md
index ca1b85ec5e..0fd463daeb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>[!NOTE]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md
index aabc368193..59fd19575b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
index baad4cc61d..0ba3316caf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
@@ -24,7 +24,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index dfa4d609a2..32f2c001c1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
index f2a3b70362..516a0605a9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
@@ -24,7 +24,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
index 30820fa2ac..02656250bc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
index 9bf4ddccc7..57be58aa7b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
@@ -26,7 +26,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
index dc46a51f0e..6968f67454 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
@@ -24,7 +24,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
index 2a58bec532..92366dea5a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
@@ -26,7 +26,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
index 9d41281585..76ff78da24 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
index 41934f0380..5888bfcce4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
index a19d0d51e1..53054f3d27 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/use.md b/windows/security/threat-protection/microsoft-defender-atp/use.md
index 777f2b2ae4..f1bf9a9989 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/use.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/use.md
@@ -25,7 +25,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-usewdatp-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
index f312b2554c..2abf64fd71 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
@@ -24,7 +24,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-roles-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/user.md b/windows/security/threat-protection/microsoft-defender-atp/user.md
index ed14562c20..ad552678d8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/user.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/user.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
index 887ca33b19..a73d5f2594 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
@@ -24,7 +24,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
The **Incidents queue** shows a collection of incidents that were flagged from devices in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md
index fa32bd8294..ad8f29558d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md
@@ -22,7 +22,7 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
index 1eb35c6079..e8cb584b9d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
@@ -27,7 +27,7 @@ ms.technology: mde
**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
The following features are generally available (GA) in the latest release of Microsoft Defender for Endpoint as well as security features in Windows 10 and Windows Server.
From 2beb86cdd0a6358b3f0a67a9fb02f357f9f2a10c Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 3 Feb 2021 17:55:27 +0200
Subject: [PATCH 42/84] Update controlled-folders.md
Some customers opened support tickets wanting to know why CFA blocks did not create alerts in our portal... so I think we should add this note to avoid customer confusion...
---
.../microsoft-defender-atp/controlled-folders.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
index f193b2eca8..34b3992bb5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
@@ -35,6 +35,9 @@ Controlled folder access helps protect your valuable data from malicious apps an
Controlled folder access works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+> [!NOTE]
+> Controlled folder access blocks do not generate alerts in the [Alert queue](../microsoft-defender-atp/alerts-queue.md). However, they do provide valuable information that will appear in the [Device Timeline](../microsoft-defender-atp/investigate-machines.md), [Advanced Hunting](../microsoft-defender-atp/advanced-hunting-overview.md) or can be used when building [Custom Detections](../microsoft-defender-atp/custom-detection-rules.md).
+
## How does controlled folder access work?
Controlled folder access works by only allowing trusted apps to access protected folders. Protected folders are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, and so on, are included in the list of controlled folders.
From 29073bd634dfcf3fb5c21fde7694689c56762e97 Mon Sep 17 00:00:00 2001
From: Joey Caparas
Date: Wed, 3 Feb 2021 08:39:19 -0800
Subject: [PATCH 43/84] update sheet
---
.../downloads/mdatp-urls.xlsx | Bin 20092 -> 25191 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx b/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx
index de1ec91182b84f43093aeee46bb6ee02d8b3d2e2..136c11b15d47022e131bf797785eb4d226ef1590 100644
GIT binary patch
delta 18236
zcmcG#V|=B}7Cji-w$rh#j&0jX$2L!FJ007$ZFQ`U&5n&pzwfTbddmbp8U)5tkOl=q1A+j80s;ae1{&UA<{btG0*ZvH!y*O&OscKht~0{<
z5Y_@1@3;r0It;NwIDJ;Yv1+CLT?uvfX;+wMxc2j?
zW~$k=7U^6COv8>%OQ6dDpegH(3&^MFw2Jz2C4XG-c?*u9AF(XIzed4V;$!Nw-?*2U
z7O%30d??7ERCIqjnMu=7hGUdAJbn(6
z3zZv3tbL|DX_Pif3-=_t@B>V^=hj*6wN>9pydEObO5zQbdra33kokc+XNlZj&Wpg@
z$l4}i3c0j(_I;4SrAv-DK_k_^HQ<%|em0R(AZ=w=xG07>;*VKLl#ekst8m*Ho5S&R
z@m3#iqPLyPL$I?Rz1TyiT@jr316)&@~t-MK&Cm^Zj~^O
z*Nw?9zmXLRXGYpW5N-xzKn%7s(C13dj-+q;2Y*~2P~Zmwtn-#P
zYW6HV{zdFTy{mx9LD2L_;TaP_anE!Q%54u&VmvQe!wcvSP(T;zh@=515D>!`)reng
zyIV83**RJn+1XjqyW3b-s%qO+a3cBYTYQ4C#ZEIQVr+i}UiWnX*WP7MtlwAiehGXx=0v|K|()zZ!cT{imQ
zeGuzgBOuB)7apnrS!`+!t6s+6dn)s_in#KN9r*J0r%O8+%;OU{l;Fxiw|-5Z
z@zbr1p_icF?n>H$piyfXIxdqVFR9b}%FHaugV{8L1jb`Qz>ea=D-rpjj+?3G_j21S
z*Eu2@91D-T&mR~3A>O_k-!>SqLp!GtldMCG0o?m)>)+?9O>jrm47`x0&l)-6Xivo~
z2rZ~i+b)B;ed69lkJ}-}+3SmtPU*|0?pw&RJR(I8u`JF*L(babV3R09vS@dK+5`!X
zs`E{d*E$V?Sc^ATU8aX794&I;|#$01XjgUkwsHdI5*)pEh`)gd
z8H?UkhsRH#{E`eq82lK-5XcH~%DA&Vx^$dscIT@*(E|WaT&qGe_@5-vQW&
za4jN)^Lhy*(8G+kz>hwgbTyZ_E_HovXK&zPpAX)`;Yc7AFKA4_Q_;rq>LWmyM%NkT
zo%-Wu2_oGd@|K;!af(U|=7M<=<@(5A2gsBeGc-pAeNaKR!Fl^++7HT
zxH1#zG#Gee@9l&k_K%H6egDxYgtZY>*U
zG0Mur#s=WUAZ5#~0l&}>^>u4`#Z+aBP_?2O2*o{0Tip+8QhjGb)#z^k`q7cTmb|nM
z0SJl)##+U&io$XOI5H53K(8N7ZGT!<8A3Ndoxgf+9MxJMy)|4r*8S+1^O+4r6tabZ
z9A1#$74ttsX&zWqu76%N7+$H1hD`4u5mwws+)Mj5z$!+trCG8VJC8eeO@ZP$pMd0*
z@LOyyCTJy|wKF;>N=rTrUsA~YOiH6ANj6!XMUES1H~nD%U?{Uo)~RQ;7LUZkT*ac&wknIJn8&RkfffE_6;OobziNP?pfmFqKcLd|E<=CHi?uX)C_V@Rj5~KmYlY
zqu>@1%~k?9a>d~IRm<73;U`k
zfs1o7*#N-%)5rV!#PVZJPWI>9bI;bt+Y=-2+rt^Z{^$GIgB^g79kJ)#{qw1|$A9bN
z_3Ztqhkonx$w$bx_cfNk`~CKI<`v-W`N4ki8f$SBi#W1A9E;dP@SX4T{^a_3KtCs&
z-y3w#$taV0_!qNYTAc;9KFVHMd7TZmS#_NiHlQY)iC0bZf$l&y4^L}cG!IXETs1FK
zYrIq;TT4oTGBA!kfJHNLk?@BD|L-@tZ(H8viJ@JWCxh=#wN(``!rv*RSZeL}$(4(Z
zcgcQyklS>=J7u?ComEZ>J>8e9Ap3Tak5>~&Jh_Y|A#xhkpkR?Bks+blySFZyoAiWB
z)C26YKU_5weDiB4b0~{%((|cv*xAP;3vRzUz{{$ULND{qPa8LrQq%(}01E&!0?~M0
z@4W=|-K`$YrYt^B&mYfbU#hnor^pNv?oXdJthUok=3;026}-gB}E{J#PVB
zr+XdLjptL8S!FRz@M%F+&ttH#D(GlU0c3gL;3^&@SHxY08=YoTiMl~Yor(5ylYfKp
zayq{Hv0Lq)NLkF0p6`{|%)U9A0VHosY6qed+$o7RpCLoFDPfQ#5GNqhdy#Wc+?+l$
zeb{WT&CoWJ5Z=^dD^QfXvn^=?yuV
z-{=%5L(U}1&J=S?!_XdHhZb?DI>DI|X!GGRRC50r#cw2h{dDtUa8TEQL{Wx@l06tj=9<&SLD~f)4+wCVcHSKc(XOWE#pM
z1ZNv<%4H1ss}Kc(hC`$2uo)$#;{>W>dF6@
zW&!BJ3s&Y5*Gn4AZJxnnY$EYD6!Ysue^1YhtGMn$d8mF(lQ}}aR^0}6=)S+s+5yb<
z?^q;7uhu)YlV;MpE6pY`Yoj=vb`!-D*qMj);%?s61J$EpK7t2p=rE_j#%&3Y^>Qhh
zN2bbd$Kik6Zq|gNK;Psl^Ys+Wu485ZJ6;rI{4~lt!D&jNmru-g`U-8$!Af2`8qJlD
zkR+#+6w>l3gm{JonJ*@W+UK0HC{t`Qu4+kT=Y##bsujY`oFsgw3u20;6mmplhtI5Q
zlhWzzEq7$EeaIJmbv|_id{PVD=O-yM%7*%!TYp9|#d}A*E%hmPF=Jdns$$UrilOqk
zvhtTbiObn2a^UM^!W2lSw7Sc+ZA?=1AYa2AkO-6si}@QLe)Om3U=)9jt+vl9QgCu2
z;|-N&%k_R6`oZEDV4STOT)>cD_w}Xkh3duqVnrwH>N1|C89cxfX8qvCs%B`!#)45S
z<9*@Vlw$XH5bQCVK%C8ru66(*a-4$WRUUa$dBiQ$5q3+yK7B^Qv&s%`&VoQxyiBMV
zqaX6(hI_}9e#RN;9SE>y_--H%^|J*s!BhL(-X1zL@0d}h8EtxI&I`~8a$w?24JC+m
z4tK=8byJP6NR+dg>5g@!GNufeky7~VPF>pef>|#pQd!WuU_vBFLqUM->Ve@|7oZXL
zzDw?05#xaKSt?~i)Tb<9_P*;mpy6`a-0xrxAjHUFMndwjUpSb)a40-tJ=K9oEque<
zztKq_7yN#qcv=g6R^9inQIT5}-Au>&D2Nj0_3IpYq!sD-wGQ1PEsnG^D5OoGnqVh|{-UmeD0b
zKKNBJ-tXv{r}4nVe9{Rst_W$Z4kC@RVL_{|Jy8MP1xS=CZt^2_g
zxV3<{SAMKj0VSDFCfV4TQd|GP8Sdu&dW|*l#qsoU>3=;(+VISr>WeXp7Bq!?CS?dJ
zQ)+MMgA|aQ^e+a6%Ng%0NyuR7;Kb(5+xB|Z>0JvUG0t_wn_qURA
zlFMote!FreFvPe550_VK21S80$r1gvdZvJK(0w<4yR^r$H#`{LZMzyLtXPpDPJxNN
zVzJN!t^H5b_$VpkRSJc}Ns2fTu_)8Ue}l2SM7P$d5w^E3x_%v;au$nRIGh=sJz@)Q
zn`L~KzE|TOfc@nRK3V;B)1~)yUvejQ-w5IwqxO$D(EQbgza#XEInek;J2rxRv7oYP
z#V$qS{}Az)2a>mGVZawmH=uv~Y9+`=-r!4zeK$ssR}{^tYK@(Y1K`fb
zRgMM2l|rY%>?b>Swsr6`XZ!vmbQA~j{E)3L%Ca#@vD}eA9Jv7rv5a3NrvH6zPCv`?
zt0?$i+;Ev{*-;qefYh!+1C4a@Vodil*cBO`0$6S(UB7hx*8wu#?G03n%{Ld2aXs=D
zB$R(WUFl;p{^qZRmA`*k_}8DD>#vv)A0N?ZhGw4EpU`W7PCyMq{VQE$PhF&afyNmI
z6z)mpGI7v)=`b1F5?7_h8AS8XP3LSG0?^r<|Hx>-77xl_i?{}ehXaPe(zm}bL&t!9
zVTNX|`Ty#Z&r{{}%5o}xTd_oo8I>93KR8j|HsiPd;za$&6ToV|Ji(sKeW7j!%(JHF
zoGs`7g;P1>ifs2$dIvyT8N=zpKXz3rb0GPF#K4(xQ=nldP+rmnu4$X0kDnP&4Jkwt
zx8BC_S%16N8Di&)Ww3>M`e(n1Hy!kqm-E#q)DuoQ2XBCsPP?tIcX(eVCw7M;sXAIy
z{(iZBx!!|R72#`XMQ@D2C-^C+_gbcb@L~dYN^2@?Z5tggtqCxtH<6)Ii2_!_Rz}*3
z%Igvn`kQQKLbAhr?M0mJC(qP&Xy1M?h@b5!(*Hhhdllqul~8D(v-71*SRT#
z+~nUhRsSe*8i-P+`H-0^yLzGU)p*tPNd0f)3Qbq+PzFlf33@KlfBc`sOFk_7J0&r0
zBdwR*X!7|@1_?uHqdV^56OYOkUfU-<;0&7$$8KMrvd5CFeRLGayHBs_{BAqrpA;J3
zMZr#(v@%(LBx5~p3uy+oKrPjx>s!rNdkzzBk{VmbfYp$_NvH>>Qo1*K~`%oqy+H
zK|TQOiFLeI9Vg-XT>27lZMAyh!2aK<-0)GxHfTPGwCloF$P13;P>2-`S@H0PeIGlH
zM5$t{r^<^f<%5*#@=cPjs2TisQC;~`N3payW_2bWXT2z>rG%ehB`VLnOr2>MS58Bw
z1i;UfauKQyiVFI>9ud9IM)OipqQyTWsw&NczNq6~g
z&k?75$oI$LrT=Y;?82bVgk>h`LO)nO!Rsk_a@sC8Dk1S#u2lX=mWm%Be=V%S8}r+<
z6qppMDBqU?`W34IjCcwsGnWdb-qp)7pvgeP-+U2YNsiT9&NY7s{X!tazgiCv|jQee4Zp%4l3Yq!fRNh
zL`*lR3i4gQIu-kGr(<88ih-BScD)GgcDX%)C;_wt=iCD8nv%1=tB!J|bQhMRCqx6=
zp9W@;Q2*OMRHW}|c&XcsmI(M527V#T
z+(nU>%?piQh(3E3Bqh!*)tEnVUm#>On@rJ6#?9v`dT@Fp^dDA4a^}(jkI4th5socH
zie0KCIe7t%B%bAs&V^2uc*iV(SR>!(l7+}TcNfIlMXIr^4*%mNciG;aH~Y$QII{=h
znEC=*r!WRiPNnLEf-*BnDhY3L4Pqp#C(zUn<*_bf*#9!M>IHH-hN>WFX_}e?2V$Y<
zdeBz#<`d5Xux#9flGJBI8IyxX_gbv~ul-HF>`x&tv?!sSz^6WkTCNnxz%*{sT-Yu|
zvdB`>sjM8rz#k^?&qS6aZq>HRC~`K(jG#$-Djqe-$INhp8*|%Hf=<>W*92~){c3Q+
zO=b$F>ZSL!PLon~zJ6^E;#ipe2``}lkZ0GQ|NXQOd^H(|XVq-^$3Q(zvc$t=x@qcY
z6CC@Ol=ySjiD|8R&7DX}me6*5&5gxE(6uP!jeb`%Bl<0AtK#d`t$D*aN?Qtd!};HQ
zWL22lMUk1EWItYSMV7#qh+!h1QDQeYeWvm}RMEhWzobhe+8@}M#UBoc+HLt$GrjC)
z6g>$8Hw3rw=a=LMVvn!)=f}sv+3T|WC*=P&c~oL#VfqE&f@@G5f!3)>BuZ#F=)w9>
zW!4*6G$@3BQoDPW2)(Z!yl(ErGp}XKsd*BLVU;QeK3j$ob-PVe;cdA_Dl|}UVK|y-
zC#17O;WyC7smdO7dJ$)l)Vjl1E;=z{X{uDJgQdPDDl_8cb7)lF;_b-gcRwrFKUN8H
zHG>yxHr)%D(Qpe5C`&M4JQ?rI>&;x8Ys+65w8g|oRABzI(FrcU|KequXh=c^NZhhp
zCqf$8qPPGEbgqMaS{ew+)ql>
zSlt`_s4Ew?7yWB8xEPgga$(pKaJaK<8-7-4ut+%N2^V=DK5ARp+!F@x0XAJ
z`<_#p!y9!%%5NMqOG1$JOvi3|fY^_qYuJp}W7C%@6YZka-n|GRN1yz=B_{Z*0XM%mdumF06Z$0-U)(D$*$xJ8
zgjn{QW|GmM*HN@Dcl12wy(DCMGuQ%UsYH)SN>_HfKc*$rH?D`H0H1RYad@^AEOmb#UJaMw
zWYHN)a(3$-HqqbPxE?ySW^`uZJBifcHr%{cviHYS>(Fnce_fvq-@muP5n_A`{CAArYoj%wJ
z6#4)S-DR+h3Sh+~H0qan7Np!6N&XQn|4YX^j99gREkNnnfmr(;Z0aBs>xP;itmv(E
zrOG$p@J1M}j7No(@?d1h_8yfrmC#6H3-RkyHCKK?r)T1jfR`R9spsc#-K*h4lpv%o
zXLBw!yJY7#lc1=sPaD)bsQeMXR@nj^CCL%Q!>|@O6BMZUY_d2{2U60>rIC~+a+q0V
zVO&a%KFHqj`s#7&5vD1oSz&R?3h=+R1;X;sp?Yv2pmvP^))oLPe`}tZiPCljj7TG2
z#RVRX?!Z1?l>E4I$)M(zMN2}nku(Ev<0V&uMa!O71i3^tDMUqb1Bj4MyC3J*Z`Xy~
z&Pc;j8>yTKq){R>E_AOp;ee0Q04lMiy6zuYm!jeNK|`^Tp$xYL>^$o*J4i^L+Ph0_
zhGJm{RSJ_Ko&Y315gZ#drz^|mK?JedwMZ3lbF>2yrqw+b!ylK1$HnnFm26uyvmGph
zVKH2#Tg{HOm_K(Px6xQS-jVF9AOx&UC^jNPjS8R6J=U!T*zxatB9w<`$9hF~Vi@^3Av@_7?tX**>hv3T{Mp1$LBjm0en2|u8kZ5LI$n}buChrL4@qGjmXl}az
zJL={6%;vyhRBXqraptM>};SBGW#6uq=
z8wmSTHGlfZwGG<}W4PLdbY5Zq^EY`A`GZhxO+PQ}9_#o?D0Dc(6aW9Q=bvWyw{rBA
z4jlXf{Qb%#3WXR@L}`l37pmB20S_-(Oy7R|$WA=3nTjEJi1hGgG3nIX+_dGFZ<%*^
zbN_64-gY%ZzF(t?4oi_#r0Xi>{vfoetx{0{zM3d(dh$V3&(Z5uo-8m4C|0qD1iE+M>Jwmt{F2pXZFIXBZ?|R
zGn^EMz{x5Ub_poPcHRAgRiA1*E)|M@01>5{Az?s+wx`!wJesS3lapAmV6ZPr;@t@*
z0q(R{&5^EYPS2$rV*Wjf4Tw;>3BnXl2l^qjnkh5>I{~Y5&b5|05bdazkUnExvMtg#
zcl^n}JW0UgJ4!!|`R@S9XOa7eB2*QRDbC7qlMx^PHbH5Q_-;Fp?&bJ^@=d%oA)_WW
zh%mXiXTu{HtyS!$1ao-3JSRQXW)AyAk@Ofm^o_m@8R2B31H9&6S%6_P&SSjryGSKJ)Kya59Q)AvclpCJkd(K*3WH_up(>BIJ}@nuG(C(axr)X`>@<3pIB
zYjiq3bE0)$2(3(Sl#RtgZ|3D9RM!yIzMiDT_z7e%SJ;h?S?Sm-C1z2n=Z*8qXM!Tk
zc2Y}@ByQPdOLiOq+&X=^eR$fPj8RSbb_)sfk6e5Rjj`Bh^z6>FGgxW|%t4Tc+|zAF
zQfzSj)O(QC$rDIFSi6W;!Y3J_%Haa9wAxw?#BSe@ps$$%b1i?-p;a(DX+~q?kIPed
zl-Bza6|nq4f0G0Ew4~%W`z7SKnpH_yIzAcRiE$IyYUvONP+3A$G0kSUgjt%w8+Y#E
zz6F^`T!{4k8HiDH13vB$Mm168cbD?e_^;Cp_g>woMg|oKl=n3xM~YbCsQWUoDQBR%+`P7y$}~e>HtOb;0Zq1PF){;(waX`v27Q
z3%6Qt$XghAMTteS=;jvHrq~AK5QCxN$_w7|Mc+q!iT`Q(^AzCx`tG9?eKpW!u8}-?
zAPmJkxXh%3>STtn!ayecwzI00nJ(!L9Iq?K=bf1ktHTA}k3zy+R}%M62eh#qYi=8?
zEF^$V%+i?c@yU{7(gnkvjm%;wfpR?ku)c_*e{i#((S;72HhRUv{2kgz&>{9kmz2k?
z*unu;&Z%R=#hJzgnrCvB@
z5*L{xB8jFjCy2ac)CA+F8@8FWCJQ(v=Z$zj#LecVb`c(RkzrjV33tc5MOLl3CubO-
zAs?qH-Z`tIS0DT-Xizr3R-x3IIJ~
zp5Uo6IuFFC7gmS57{i)L6oiL$c~^k{TgR>A6%qQ0;6iGIJb^g4*|UIAq7n6sH8G9?
zr{OY}TT~mE_Wgt28n?s&f*svwZ)Mlfi+fin1;Eh#d_Ox1HVFDoQwBgwAQ&Nc;5j2G
zB0cgN#!f4XM5kDQ)xl2EBY<5|UKh+TOV
zeLxPn5pIL#_|)Sc5U7zBSuE%j`VP6<*bNK>+z-huer~SnG8zPWU~&FNqT<&0W4y`I
z!E*kzG0hyTzVEqGN0IMH8VOPlZ{~loDDw8gd%I@g737HIusdeWLAx4oz#m=0TjI?bK#X8Dr;!_^N=#fN1)Z5Z%P2yXAxmvR(FI
zD`353dRM7IPm`S+&2$qlqO}!PL~gcRZgBW{CM?1L9WMxmfX}!3EkChU1B$jEwZ7P0
z>eb!qFIpeK*~Yuz!AAF3i^i&GP{mpdTfbw(3V393Eyqi1`T@nePCY!$nC77vs1CXH
zY^3H2rqcjWM|Lnbpgsj`xX^)k&x%rN7D8aKZVgc&xpR6|pmaMov6;2oJr>axUus6v
zG7!~aSfrk|J^EfgNHN_!l+pEKV^lh5gM;10pC9DYA-l&&Am6RI^$dItR@x=2oEb^D
zQQo*)ufomqz&EuR>D=H(P=qkAmq)n*`cNS$jwApGUhK!fb5)?nVX){0x|zoJ{Z3rC
zYsAG|ConJQrOO#C&9(cGprbe-mjy(O6CM&a{hb>j)foPVls#=p!@9Coy;M~&*fBM}
zd9f!(2t8iSpV&2Ct~z=-8Ri1zpxn!M(6rC|yD3H@ZIe;x@SO^=xs|ekpMqDkyVfW?Rv6G+1+svXYKg7gM2OG@1SKMG~hpxem283ZT~1Y
zM3)O>3*6u*t<(%yqov9~)n19nYB(ep&GUSk??eWJzqk=o1y-r(3RS2=DQBZ73Dg4Y
z-_=7=O?_hpvjX0Nxn#Xlaib$M{po4eyQV-Xs%R4>ox=g
z8itJO;c^!fDg930Wpv7Mk!uOw<9ntD{mEs^NAJ;b-|B&Y(<$4LYH19y3
z88Q7)FdfW@HePS}n$i(Po3`^rGP@8&4cvKXF{u$zBcLHIm9`3@P08dg-PAnc$@UU`8;V
zRu$e=W+3CJJ@go^a=SBK>4s4-gQA?m?=}a)Umo!o5|xO4wgH~_%JbL9;}WTR+h?iQ
zJ}J@Qi>DRl%G>TFW7PsW_zM@9x5YIi-E|>65ic(Wdcf{f4ekFu$hebd$)YQp8E;@mcI`*a@`3t&+SiVTJrJgqhj=YCH%4nF2LWtVHRzOob>Aw
z&xv?|Be%@vM4yaSc`~_yC!Fx5C=9BQ7$xFc_?ERe?S5sYbOEj{R+BmBA(S+-DD{dc
z*=^CayI9~86n~py$~fpc$h9$hKW}8~cDJ;9+mV-b%5900DjqLb
zkC>~mkm(d+xfUCTiLJtA-4v=kEY7P>6P9t%q7)#<8CQYsYE9p;axP5;57x{r>Si08
z*cl1O`u;ghUjqn=aP3((dpkv99}
zoo)8Mso;zCu%KOdFSa(IEU!#Rn4SHDw2guP1Gnw_OTa|Is?D3UFz!~a#;B(6Jf)4@T8Y)LSR~i~Vms~`zfj+jXr3?$HPmA2|yjCo9ARTHq
z2^N}4Xui5^;CdYtD@LmA4p;j5RlQ{He1Sn|_ChcWTu=hG2n!Ea-rM
zzRq3#vvM#ubTl!
zE0;63Hz37aJ4~dU#B}8K><_loO(f-d!aAZTPB0!q=}&|A6kSvB=UV3c@Tj2Jb<_u+P;9au%uXv$7~=wTtR0+Yx?<``R2{rMPX$uB
zI*$Ys)t!;L06j&{9-{&2O7NX=~GwN=8GvN=m5`{(dD
z;IxrIK)n*Ji%C-DSEJELX`$?zUE3Qx*Xt&)LnNd!Xo|d84pU(!^(REhSM~+51_bG$
zSXvp;-Y6p{f?(jP+hs4jj~<_j>?{5q+8bFkkxddnDJ^mSU{L`t12mif%a!qufN)Gk
z@K*y~78q)R7h2Wv+DxFxVE#Sk1tylK9F=&$Px|l+i8Q(x!ARU;<=?_XlI6P!d%kf@
zv?NoFeGJBZ&LrM6sgzpvl7l76-bbEYrQ_#Db@ry!C>IfL;nTPbnq_{G>2Z^xd2181
zvf>5Wj1)yz7slHtZttP-s$gE4C?Hk1oMMZpPIJ_VBnRu~D$jInwazyUy%^m>t9mGa
z_z-(>Ar@XBFSPiuV98W9BYSa_n}NpwQCX#L%x+d2L)Ygq(%*-~D!=VjUz3?-tNiLV
zErW59Qjj_!o@a5DpODm)6o-8*Ts>)doyDa*v*Dy5UkXoHyVe>|N*v2-4~^m{<9lZyt4&I|wz}%@3-e^_WBS$Z=~)>NuII|aAgy`
zrs93x>5IdfhBaPc8*=!ySYcG_kjzwNiZFQD+QhBi2CHe}1_t>U&euI8^PRm5df7m%
zI+63a-k2E`l0Qa1O!8O)gx$;w+1Yq7dn9(m?qNb-wxBi?wsdgXi@Hx9UWysO?Dl?2
zZa7Q3GNARl$|EXllA)}==TN}m9)Ga=I0ydE|d9VD*P
z@niQ%D2zOVBxp};JCz`*sz^0?6E21dMmsOpP|>Ig{L-Uz;mpbd)E|ACjMiEHLOE}S
z0)}CI=!O-Eyy~vlA@|kMIpoJ{vs^5H}s)
z0>>~hq*)7O{#L9aT`P(O{#_n;F*AE{gUHr3u;I-y3uQ~OzB-$eXYHi=RHQ@?s9i~U
z29i>`#h|g>r*vHkKzVQ^J@5I=-Q?jG_>K2|7EVG#5l2e={m}cZb0I*?Ay>Rk<;KaTd&2e%qsLAil<)J
zXCEKXIKDC^`^E4vtnyk@UCIEx;mvf+EHgnxX$sQwlLlz;)+K7v!~EjCc1An*ofFdf
zjT$hHoL`GDVEdlesLd6!cN6JRDR)3Ht)MLtN)~tII|1aPyp3Oq9=c_TL})QguVC+b
z$j*70iaGUD6woc;Ps_W^0R0s00{dhN!XNRFW+;1++)PtW`Fd7Gjq@PbmP`C0UN%y{
z&wh(tI8hM$p$DGc>vxEo3r}@flV3ET=`r9^4=+wMfMon?+dyL8nQxHwRFIHH=b;U^2Sk@L8W+@
zF(6sX!+9&*S$Yj67E4E9Xvz&sWqwbW(}l<>rP5WWrb@Kh$*(N;X&i)jd`8C+UY;R1
z>Qm}&1DYrnTFI5NGwmpE0^9d%bxQX&h>3&mbNk-l3=~OQD8Av6pOB+_k?uGUAZ2#f
zmvy={=vQ9^3oiN|>w9`a1TC;nxwV7=#T9TJncskNG?dS;9xp3ot9`VWF!`p!?HZ&>
zB7RdTVt=~AH!HX%XqZVV@n$$l-Z+K$Znse_2tXH>ungrkgd3KMSs;$n5g$~*=dcQ-
zdfhvJdGK#f3LQJ`*cX#~RMu_UUZ%y&l3^_v>$-AKnZHg*wAaG93=9z0y5#?1v+toX
z{)p5JC#3mvWJJ8^_n}Uy_(|tI{&@GiLT){jabLHDrCVZyb774*$kalCivN8em$*7S
zJYXN&rKPM&xp5oETypcZ)>WZ7_7Q5skt+^#y~2hvuIduz1P;P5V#zVeXxK;7YczF-
zY5zhELct61pl_-MpAOU-*LTf
zd_?Tq3FCmAcwh!3q~MD7TSxaNQSxy0JC^Um(>4CSf+**8M0cIEcp~GBF(fzCDuDQ+
zNRtT7d3Pw5IXWE%C$d~zy7}$&a8v@tLD)RlH?j;iF7GZ%acDLCmut+*a(t+Q{|j}0
zF6M_HsiHIE<+_Ea7hbA#F{4#uw(zRs?}}$USS8PM7S2o)b46oe%9C^6wEUeYIDcaz
zv-Y{Q`(E@XVYigWN1WIb5FM)X5ORg~
z8!At?OnZWU*s04k5xX@>8GuC@18gi_5Q?CIR6ow0or5P8*|rs)^{xE%2$wW7y2D_b
z0BI=&W}uYvU=nJPDS|$yp6#}~#c8}OddQOqF7A%`&AWj!br)36yC&wdhnK}^rRul&
zYL8~G7%*0KcvrU#fcFXnFRpB#5>-D$l5vE=d#P@e)Z@q3<WWtJQ4)ulL%+6GEhzh1_
z7)J2{rMz#CritAkV8?TkaT2EHPg@06sh79*0
zgi05oDpMlYGoE4Lsz)g8N>}FE6SyR`aXeFpo1S9dI3xpSg<&-2xy{reelH
zL6wdM%g_=Hy#azo`oQr~o&1$zhoSo1rE*eV>0u-{$|T%QI0)fRI}5$&sgI#L<{?#W|MSTeImP9bRldi^MWRHK
zu)L|rDE>PE46@Y#=RfXL7CSGN|?$Y0hK8h{!O7jHiEBFTo>*^|VWoq?A^+}bvD&V_>2~GYrY9xf5x|BPq7>ZRKj0}*uVRqu5TfL|&vtBv>
z*({G?xGXk`3O?xX-RU4j;5CuGq=IEh*B=Bs$TdV+04}VNOg@d@pn+-pK;ZKTH42Ps)~)Y+
z&))xwT$#E8Az4jn7CO@y2n%c06CiHb^rK9h-yrWIi1UHEY_psa4Q+@lh%mtX1x
zb40zDmI~zrjYjMU=0Q%G8X!GdL829t1UPlY)_V!sHc5f&f)o~F^55aj;1;46G~AY}
zB5raVR|?^rrfUp2q}&T3O~p=^PT`@Gdw)bw?Ojlxho*Q!f!*b*V=ch0tM=;#P3=^H
zvrvK&iT=7$X_P1(#gB#8WthdQ02CP!GKLa6>*{U#fdI3n)WqAp>q^lj~HXv6F2!0eSz7^5S>_x-qnow7aYy^}oC
z82{fNVE^o868_~#$55OJup>TRy&mb3f00FRU$=Xn)`-p}keh
zp+>aPVMSQ}(p#bremgUBa;$lrb((#x3uArXp{ChqpZj0$v*%O#uzsqp!}~j1_?&Nl
zOM3Fn%irneWWU)Ht@oSmzToHfVeQ-2g2w`Cfm2$Qr*qAbxR(4|Uq#v6{+n>lSBpY*
z`KJnZ3m-Bays<97+-vsDP)0sAiy2?ce;%w+kWbCta&_+RPbmxES>5d7mrE9r`l#|e
z_|Bi0?9NAsBCpX^v
z?jljY@X|5;IQ~5cm+lr7t^K77N*KB7I~!OD4=TE
zsM2S+X7MT|m6eM{9u|AW_vW>36&F>n_s|!zTW;Q|u{Pk+2A(vHF2zM02ZfZmKF?CR
zWU%SfqZhtSyZiM1Y6%}>sp|Ef^r
zRIG=~W|tp&YQLp!?X~866ju7{?-ZQ}bMJiB`+olhzoT+*>GGQCg)=r<|6`oxeoWGm
z^Z)i*?q|`<-P6C!?LP}ybg)^-Q;(4gaY)K!FRwtx|C8r<$w{N1t^piSg@V+{SG|;^
z5j+1G7^GlQVEWT!A#Yt7)a~!c3T%0yo8cwJQ-O6D8xLr`12T}Eyue#q26c@aviuHJ
zkO7RwlMB5?WKfq)AS+v-4OV6XQa1Utw-nPJy~)qLRb|j;m=Suc%_eL3$jhJ)BqJ1*
z*iBCMabU{!nmp55b@C}60U1PFlYv1Qp%BPw^#&@E2Dp$)R&W)YEbk|vhh8)w6vak@
r2fa}W3b5z({iK*KL{C=mloku{W(BS<0U0mC5DHvD_y;)6&cFZw2ALap
delta 13417
zcmbumWmH_vwgrm2ySr;}m*7Dgf@|Sk{2;yD-5A)5Dh;RBJ>`0rKc{eDdk5*+
zHqDA>DZ!X2jurBoO;-*R1Ciq*cu)8LgdG9wvk&2{pj~HDw;|27
z$Mqmvzruc2Cb1Z~e2cr5k|nlWmeR$W^3Lv8ZQd)h4abeW30Zvy7~Ic6#%+hm^ME;E
z{KL#}=Kgi8y^4+c$|qE{7Eg$h$%%_H-K3?cao5|N&;xZGsvo~ko8S5n(_e$xx2mey
zmdu++69umrrybv|Ds;rOY)iGU5n7M=E-1o#nQV)=8Fqj%QmTVm4AmTE1BKpYdL1Q<
zJr?0lNdF+WsJmu^{owBb{cKJ-(e(=a3S+M()8`(40(SZr0WsUFJ<`v)&%{eNp}ZfL
zC}8U$lH1!dOy-N2MB~$Psreu7Fl%pNKfGHbhhZ$7iErG{)7qdYwV;RK7u8%@q2g=W_#
z1C!5j21Dj7lKIP8rR;p%dv|{{!_n=YiG;RqA^}af$sjcZynNxfvEvNwnpTwVRSime
zdS95EB7U^7J>=Nc=2BUX&sgup32HAa5%Z@mJYxZ4nx%DzM(2x
z55R8=P`}TaWJ*dYNk;0ur%DIbf34rzFthmAvKsZa9Fvy0e`SegnJcrT#^bc|f*JAX
zS+g6=jY3rKD%nDq8JK$jjius1mv5eFM9QZ~bY*-mUZ*EzsSlc>An*3aQYJTVO`c?W
zE=)w~$SK^F1UAyeV5pH=7v>L%z0d&B*4ODOq7n?KjK~qYMdA@frjp$eIZZQ{j8`*H
z$Yw)S!v_4tm*NUBLOt24BPa5Nb|Tpz5fT~5=JVp}Gq%_>f3&qkJ;I&P8dAr;$@YX&
zT|2(Yq=VIG&~o42{*jA0hNEomoSYgZ-rAAh&Za*)5M6TOC44(I`NQf)=uOd+S+(06
z5=4C{PKLMX^u2EgAi*EOY-6H5gCAvwcrm_MS7u{$cgIlqZaC#4
zePvOQHC!8XKxL9)a_$>{x~&c~y4}t$3izAzP|^|xuVTCEmsHK4
zN!j1*ZvgGA>){_rnXfNqY6;`b;ue(V8I1+q7517j-n7l=-GMDzqW!Y`S9J29Cyjm;
z1>nS>8=M>SlxQdJU{3t1^dhdMK$#shhhCevFqeq7CuI6aJQ^-v#2>Nsoz_47b?y|e
z-rXXq9=qgiS0lN8e>xAJ!c7A7lok0t*YXJk|A@g#e+Sws@6aC0Y|F{FXAcNTUgb?f
zYHbEBC&LBm_yndmJwf7WoD`&gKJsJ7^_DyzE;z@rV6j;X}QM0k5;Jq
z#=*%yzVJa+&7xJ3rbJNVU0TnlBuxV{UQ6*WN~!$=uU$#ZSwB@^0xhz7zizXlJNdq(
z+eBumV|o4}>Gek&x^=W)<28zj>+mO?fDoe&MWBMe#In}}**q8%=)u5yXXhG%H+lwO
z^<>1I$#m$7l$zn*KJff7<8J)W9Y2dbiaMYvE?mfCz)9~~%Yqi?cW_tD$~!7?<)Zz3
zfcjq^!u_8SWSp2}mjNFNYC9f0K~D^JKt}+Kj9iz6Q+(G-A2B)F2ly|KG&4(jQ)sal
zzLm7!L&^sg%OmZ*>FJw!-rldJ(xu}$-C@BM9jpr4@MCHwjA`%Wv-(5OCwgD@v7*7pi7*A&qljohDlSg1<
z0AkZBW`u`r9M|}%XnOzXady`Eyv|RLlJnYed46-S@o~e_kLAhx#^2pn#BM%LD?fF&
zY~%9s;=r=qhr9{t1e2NTYOUjlfBF9L*Y3#G<#rHR!}#G_uBWZ(<0D;ppT&Y;A3aL{
z2VbAY#m+W->W<@V&!SGP*NB9i8P`DBN#%Xd-JvU_`T0lx;b>n@*k-3GdLPwiQ~>Jj;KK$haV3R#|npvxeNvz;Hlu%;>|(TV?8UpXc)mNzFOfta|hixk+koJkRKw9l)GLzF2ELI?2Djj+(wZq+H%T`c=m+JcK|9teu!V
zEtD%AIYfe6Zg)FV8MkX;M_g|X{h#yE8d%be2v;b|s4N=~M{TY@_%!-)EaXJGkv-3&
zTj*kJmJ)|NUw@RroYi}t?*aO@u9ok1&-W#+I#ZWdu8ZDs)j@XLG~^b3=b(Os?DmaR
zWPa=;ZhWe}yY;#D`q)AqEth&eWFeY0&hRN}bbQO^`Ap(iA@r)klB=%N5>o4sR#;D#
zZwbL=ALyw|=?gCvkIH$UhK`!h=@3^GW^~J(Pn(_R4ym>A6UtPp83Nphp38aa*!=T$
zoP34Sj0kt%wwYE(Yr%5(&l!zPi65Zr6G$9#grzRtw0tPm`=)eDSeJ>;InXm?x5~Z5
z>Zz((H1~K{_jI#S_3Wo!jw&l0=XmInJi3~?F^p?7wcR9Ck3d*dwDN0U*RN30*(KRt
zB00tpQMMoDLN{}xQyee`n(nkR8%SS?i^wIUhbDwXi&&va_qUtly|Fcmmg)~OkCyKL
zWNy*tW*?+1HB1=7jn1qT!i~zz8p4gq+$`0M%q*8{K~qnVxj7)zxVvqPf5%UgsuYdq
z?dGbdj3aO>V!@F?7!|sfFtJyg4`+@|vof1>#+w#}>3V`e007w%QSnZ>(NYRGUu3Xx
z{GF4`^n^X>=nUtQTkcp6W5tYj>f9m8Z&@gkcB{8KCy>RRz_J@cf?>V3B
zXqyO;g>hyTswLiLupcOI@Spz+huZ#C*XdVOEc3aZ(vp&c{1Q2R`c-<~*A?=MX>mMP
zGoUMBS>N5y7}BhU~=4rUHI^NOZt$cD3-+{QEM{n7`;v@3{ixzzRX
z`*_dl6m~BnY3!ZAe9-DkgV*U(+eR?no>3g+Yx_YSS1yPtcnAGWQ74w7t)vE#~bprZr?UEyIbr+E&r=(&WK3Sb^a`dG5
zRBH+Z<}P&wWcdgd^|vJSbn!~x6}}5o$wrv<%0)d|zGN}VCtcm^;8ns;p&Y3a$nN$n%85BftU*fO3k1wIjBCLLqPLP!y5D
zrm}V(_dvvmhO54XbJ%08ukt(r1oGn?4>0C{!`%ioQbla|n`PRaSK;sd5y1%1XeHI*pDm!Y_C3mxz?*y?jQ9j9((
zSIXo3DhG{7x%f}btD{<^Gv`>vGft`%Zl#D(9D9=l-TG4feIf=s*tVDcSa^IFAWLRh
za{)Qi3ra&A$YEns`Z-1`Qx!Ti9Lb$jy`U@l-dO=ifm4bT>;PFDM3^I0OZqNzi=S9@
zFHQ|CSR;>7yjbY$7>CuthTF1v4$>uPxHeCu?^-h#eYwUdsjA(R+qETj*zR~$+|i3+
z0>~o)xe2+qp9JkkNH7qkhQtE6lOle?GC3KP`LHHl9Lk?oi)3p;~
zU<4yUeu}U?!BbFz&bga~(7{N-c?Kt-!xGX6)rcCPR&-vC84@
zeU*y_t!ntgix`GFD2@3#au~$mQd!(<%GDYLuha|Srw`r^CX!;qk_{G@4Ld7o8za^t
z#2bs^a}?Z^MRdarr&4lz;Tzn%im&%?4s^E3R8E*=>hM2)#>2i#A__&OM*y5QdAc~c
zPL1G$Pr(Ao%dVD8Z@p{fBYJppTXCvn$V}i$g|P;(%mSHcE=ritZnZ^cy}w69fpp0A
zE7%Q@KM%`WC*@WlA>+gMMmV-x%9_sBl?rSLQHNro%3$ZJJ-+)4l7Jc@G*wi4(|?GF
zg#80<=^F%8T%O;TfY}?gwE}QaS;#7^QehjUf3IF=s<|kkM8iEmT<^7vn8(DTi4VCl
zLcWA$#~4ZkNl20bfq8e(&S=yG3W|ExGe!EKgjNc>9b4#8f?k_4f^{dVsGqNyrE_ay
z3FL=iRNaPb1$Pk*OZ4Nh2I!pF1VsTkzfySoW+f);jQn#%XZ;YfR6wGzD4u+P(-2e-
zwE`Ce1|iSF^g@1NQhR@rA!vb%g_p-JRjYrO1Y(C`55RgIwBw;mjDp%X8^ny9
z3}Tlw=>WNxS>aANnMt|7(D6?N`j-mGe=FbwV0D0ank}_MrIMlOF;J61$dZ}w>8bur
z4d4$qa9$}E!v)|H@)#pahD$2zU22DRo3%J>j+jf)L;YV`M0PXf=0W|Tg)B5R3|C>C
zMrgMZlMbGj6@w<;L~3WShHRkVzuYftngmjRu|ujYF90hL>Fg@_h1r2Q`tPuDSWxyx
z2m@IFlwPi2U8+bVKNghy;7AxjXY5UU_+TWNcq?sU6fL|YK{lytFx(5!<{PYGtknRwxuSb`*(bU1uo_(YNaOYbNHwxV9)
z{(7$1*sJFw!;qoMAO0syz)dmdx|b!nly>koI?l2Tqo{p=Alpcj+T#}*&&N=Pc}#_u
z*wz;Q5$}~)ZoE>;_s#`u>oSLk=(`UY>6#K$u`km9hWRl1UK5qYC6&#P{hgj|thm8M
z3}@6s$XN(CUP?$A22Ub=u6{sA8+}xK+iRM0#uuGe|E0G7?kzxxPA<|)>W2iExmPpi
zq#x|E0w?umEe|ckLvJ1KJU-aPuWwgvRA`(sVtbF3;4hC}vcD95E7%tLPxjBkykvi3
zw#*+!jH91MD;5)c;RNJnzoplx_C$;pA9t{AGD%&Qz(wP-K(F_PMC!m`(O@aw5m+*@
z;pxBty2ZhYP+64nLC92>ZV^lLJUx2hRTX^!BBvk|zHB(x%urhT?aTQB-1&r8e#auU*ib|LQA-
zf8u{Tg}m*>Db!tEw5o=1`(rvPWwl7#>k;OERMPnr42OuRY8c$~Nj_W>Zh!rcr;#xz
zoHuC{Iy-Fjvt;ARq{;rMW89}4IzZ6tPa2VnO2N@6AXcJ<9E-9zdo`x4uVW7^bK@rB
zn*F2Jf;Vr1J|Vtj^3N_>8LA++(-&b6hC_@KgrrHTT?%{~VC&A
zc&{m(7o+XS`J-|Q&dv|&m>504hkMpGzFryuewD$gswSYn&yVOQ8q&TtCwmqZc2|av1-uu8{a@T3oJ^
z#?w!YjnoeZ!Fj2T8Y8TG@LM@I0nS(C86?q)(h{zpdm0WWF
zxDpuIenR4cvEM#nlz304Z&3hkoR^&A(E?HVD~|<0dz^hXOGDbUvCroFrLBHq@(|*}
z5stO_F~K90h$#+7bI!@m7yRtM@a=Kx*(`D|@YeMgxb_R&ric))3R8QkBA)4JYMbLP
zy7_<5eAz5>pQnx2ny;o+Mbd7L?A`FbW_fV`{!$w~=Mf@f1Ee;VrtYn&iL8t<{87?B
z{k~OAUS7=fkY|~bI++EXwMJl^K)&oZ6fA>=s1_8UoD1)!JPAg+MMB?en^j=jzW^VQ(HN14GkS*@1LoJ-pQ7kb!1eb
zD|rDBTi&YhP0yNABw<(h4mp+DyMmSOE{NFaptu_%!1c_!%B
zjuE)icyjF((H@e8*K$1W;pDcvXT@h?{TXm9+T*0Nm>UCb4Lu8D%Lm9=gwJ>sP3pfm
zCE267VIohxHM&QSZXB%PB6>#bRVKi1-qlWPG8AB$f-wjj$R2>8AII
zImntB0ly%&Z2+CcEZDoqKH3VjA5+
zEew3F?zU-qE!W~C&k$Zb<7?EG^K(^C$B6&IR=;4Q{$dIKU`OPMd2uRvB4u~l!1A(o
zfFEO=;$MPox5vq66?$pL2etWB%9lHstOag+#9vIkBSW87Jz=&0;uI^@XJLlAp#-0X
zR0)y=|4!Y4!Qv<8>Z~rQvhd8=Zt?nwvH7M``^mw_1eI!e1s?(}rn(@Bs)LdL@;Tif
zpBD*g#tSDNi)ac@W78NJ&&}G{#;uFh=@^CyG-_o+%GYD%LwFw9XX{
zK!R4fh=%+WdC8HowL#jX2*RY=gR;&G56K54rs->>OsxMEsl?TRoUykL%nGlkc1Q_N
zByG!3)}5S6eHq^sEA{q7V5S&tgS1W3!~L
zXr@Dyh#F(pbZgu6;|xw2s=q|`qw^|te6dQ~qBta;qRsQf=7yU
ziaw)4MMgAbUu#{L=m)R{?i4;>i66UFG`&@AmCLJ}FG#6l<=R%lCR}>I?ejqK-xt`e
zQ;MaIy-av@*R4m{&Gm-NdjC=j}Nc5edi+v
zenmqEq%6lSy}}ATVZ9`$S(DzxvWCXiCW~w#OfD@A`+$q4OXqBx(NlWR>X`|p^r?2J
zqRvir?cr98*hloEXkmowI}PUqStL)f?J70`)@*y4i>>>-Y5CYGUV}*)3pS~7<=g?t
z0A_xEyhy#JvdEYC5+wWjv9OA=O?IV{gUC!v;M9WMLXppKIHt^HXs;AW5qJK&Z9;{4
z98~fu$)30O_2jTU%tB+t5aKCCx?AdC5`ClE=g
z>fpYw++-+Wuo=~K5fd;LWS6ZVzFn$)z?jc*obxU!FSJw9x^K=cXU}o-CJi#G-4l%5
zLd}IztpFAFtU5d@6LgnbwCT0Y+8zU{obL-Hyn_>h7~3Q~v7BtVx)CFeMG6XLZz1g?
zhOJh#}x<)gM!zMc4m}qMB(bqKCkOLdbec&C_L{K
z?Cl04UT-Xk#>59LhgA!>V8-{}L@SRgczs$Ac)%Pj2YH1UI(gJviyJHXAi(=zHlAFu
zKG`Xsf*{r*cOF1|O~Vr!%G0}u_OF;ak9wcK=u}%zBisIlKRP0=WA@``Akuu$%OwFo
zO7_#%6JIYDi8M+k)6h#tDDhkX0|3E(I46d>DN%w{a~CtR{hP!m{+;puc*U48J5ZKH
zZO(fkKlG&}2~z3O^B#oRThhAgmqs2IiEuPKD$z^N!%V~GK6>-py+uInVv#x4exITF
zZJ@C({(R~AfF|4?%i9J^Rv=xkL_f}PkG3x~mn*J;;dNfwUM`vn8TiiWB+tBK-vj=J!AtUDLeE75uKha1X2
znN&N>0U!b*M3dMT@K8`A!cb7?FHd&7>^NQByzMMqIlS!cejC_3ZVF;O`Af+VtOggZA4ur=U;cuN$Jx#{oVrN`+8+v6ThfsnE*D7W)z7)t9e{9`6P8LkPz~_Nk8W|>;=dy@ZXzk1Y=!4EVD1W9S}T}&Qe&7
z+WZC+LyTtXW#zDg3SCu!vHK{^=Am^rj7v;Gm-bYKY1wwIN&0oNsp?EJyDBD{!
zjWqc6-YV;ZOT1mQm=BX^nbXzpG_y5yv7C!pXnli_#3H|&$SlI~{ShZ}vld1ZQ($NL
zu!r#K-O#v5IM)L0hqXZ?6fI8AUupaR%*wBXSH6k*dnfO5*Oes&Q0u%%E@>g~bppC}
zXQY`DK}%y4Z!J>@3KCg0lxzrxgykn^t-8zt?28YeoN!ri(Mrl2Lm9zNt6??@QFQF?
z$z~=g5@Bw5F9Dgd`IMVTPkKxr$SDVJwu5HmHmZ=E;Fy_HIBYpUD9bS7xDG
zSUh5gi`FDDB1dkm0^=+<7U_<4C1VnU?KmsQ>&Cv9`c8MN>Xs&wFH0?bCtT}Zt~%B|
z&cQz9c-_v%%E{PpiVUb_P%@+JY^`1K)l?pR&?NX$d*JgbM)5Y(L{&AzI$?U6t-xM*
zLrNF(rlEV+?Y6L`T}sp;Q2E!E)XWO=x^nMAHLR-h$2uf^6Kbeb-<5nw(+?Vgne+Fd
z4Bw9^v8z%!zxia3bv=oB*;hA-@UoPd72Ab4BtzhtX5+kx06gF53Bw=wdPDPFsRGHq
zM;p82ekaMkT4(i-{CgKbYnEaM%Wdg4YG$}Z!KCq`$;Z0VVzfi$gDk7_qq
z8+PK5?)cG_ul(5OoM{$(;-e(A*y-N!P%Z!wNpzm$F_@bYZ?LYiQ*K`T+;!&H591q-
z@-_iQZ*?raApr+nol)x7Ly7LKEEB37Q4X9JNo3b%VN}X^XGt#w($J9p;~SIDAUeZ3
zU;m^6u+R0(MI3k6xju&%6nB^UBYO?D+MgEq29B?68{F59F7IO1
z1&*ItEhw_%J&SSZsiRlwjuWwJaJ~5#(H^F2#$-dJP)v3_p?}kO6s_`#FMm}(6hN!B
z;&U#Wv*rJ-zs7&q{&m)`>fQso)z88|FE_&~eV?go*)vFvk7dsa|LKb^Y7|_bCqwQo
zYc6LkNaW?Y|NqOw{}mU>px=lu5B{mZ(c+|lo`K_51CGChksZ`X_4QPpiXqWh
zw%H^dWB5GM7%e*&ziGrwViM=$<)d7KoxG;q&`}SKUI8lO>YtPFa4qS&#kzVD=P4?eH>>pR3_ay}8gc0;D9SwMPr%Xi1NylV>
zZu>89b5B!s>~W4yO?ZwLW{@Zr)37)qMB2;BIJ1J4X3cWPl3MNk_OJBW-k!-bgl2HA
zjL(02ib;MXou@>ujn8e`Z+cP*6So(~Y{q?SKeuzDw$yaiSjnPTuUWz4-@*A9Q+G4_
zRW#TGYkHG=@_-VjO2kx}_AMf5HTSLr5S&etJtoR!To8FNRdbAg_)6n7(Om1nlZF*2
z^PYI1;?uDYu3^)!-GQ%pa%DYM%x7Q^^FqI4VjjCumv+hoE>$p{y663uG&1E2is55h^{D+e)NlpH@0px>=&P6u(26x
zF`mhmz@JP^ju`D(^>h~VS&vkE9X^fs6F+U68vv24HgXu|
z4kM$midlN}Q|t>0vEJ_Si|Khl&IIqEtlLvjUCc6UE!)d44ZXNSrZd35-+UIekuvpg
zM)braCq4eL=FR=FzW-C<&m|*CU#8`AZe121W$c@L&3l1KmXy+|BLPHnrni=utYo(l
z_O!mXqUYLi(`q6zr%c$Xvp`Va^_u`?&v@h3d7aLxsNKn3%x00(2;-YR7;g+m_rSKB
zK%?!F37!=er0I9Wv*+`$jI21@l0wb#;YKbpG8a;ENXNR?>LNH6@`~?nV%y?HFm5aG
zO|1$Hc<>mp2V4}7J5=cXJ0dkfN`v{`8_Z7amVHXhV;{8EaW^umSk?Ye{$ttamIwC5sgqap6Q<+E(%9>F5!|%ft9?}ZN!Ew(d
zBT|F|d6XG7c^G{0T42uzzWz|&>f2xoitRX-zWS?(OSs$Na3hTJGk6NllCxN^#QvKE
z6_8&EycKN`da0~l*(ke`snMfSJW;dK^0cKv#P9bSLMPNrXG|dz5@(kA<|lkt+-z!t
z6DHZ_16xKkijLAEyHdP7=MAX13A}S@GcpA>Vw{51k5G>*jlgaeSkoueQ%vlt)8+9-
zZ5%aO#z0VhF(&@#Ael91s7*a_&-%O{I&HL7+gb$%2Lhkxy2YBYyd~>HiLlr1Ufq5M?wcOQ@i$MV@U+rd
zsi=bv=uzXJ*`T%y%(UZPxpV{$mhQa*inpT#rVJ4bERLGe
zNjH1;&qrmHRXFNbd1LKwytfuCtFmh5U%PY{gMQ)dA=+~wcwXZNLTT#srRP*3ywCkX
z<l(okM9)1%msBT7>W1$P@K&1mornkYl7K65Dj>Gtwb+jr+){jW@zi;%v)p$l+6*
zJ$vEwQ6b0y5|Z<=8^4tWyC-$0;duWHNa`4>I~s)!)Ij{SB1ljWqK1vc1t+suYe6Q|HT$a>eK(1d1G*5TROl^2g>&Eo?mb(WON4ZFeHZfD$26hI`@5(i
zacEJe+$mh0PqHU&Y!pfRogR^cO1hm%hLp1LMARv|vh!N}R&mn?1fp!+TOVe(%B
zWXq~}yohf(FzreG*fTj$(s@eTkC_}+vFz?YmHw&{ES{BdmCkTsi`#`lXTS5nsnLct
zb{gWtf!@V_z0>-6soXMlxxSg}ePXI9XBE$voLi|j+sElHht6k#m-XTQ>Hruul?nxlEjm*$~gYDK1Xc%OMM(LG}T>ZS$Z%UH@
z*Braq$w@z4Lk>3>Q_CZ=Kz@91@a;pb&c$nkTC1JBcf=%BiWx`gkBf%8scfipF^S*!
znyh@#ewW_fS;DIZT;41jgk|%FvI(bAegC$In}C~%=+&(nDy#V!P!QK&dlNa~*bF|U
zX&fxeyBQOqE1`QMPV~#c!vb6wv^aI-D?-AwzF-y>3d2cAFJX)9M<{Mbl!j|rWOK5q
zI^9&Xih?6lwic8f;b4LUwu1YOJ$A1qa2?@N5}8NG&NqP
zYYZ|aQ#{4XC@ms=F1WNxsxVAbsqH!!E`~KR%->|k$X9EF?+qAx@-b8N6f}$sjVM1n0#F(x}J}c?OeM1
zdQjQD+UR7B+wwK?w9!ZZ;(ko$(ErfS&I2{F+K^Xk<*Osg{OCbvIIq_AylI?v?xIfh
zllsZQ&BrN4u$8;t^-QQkxNRCm>-Iu5CdB;uO)F$Hy2>YMsDOMr-zsqj{u?dU2fBrVJtR
zo_`z3vGUNrv&`L~WDF7)c505D&D;d{zoTN}y$8dEJa>D5Z`+=@R^)*LZk3#R$h3
zW${@=7b_B(?N?uagb>5$D+|1eZ<6|qlc>jD>=Ldm}GXp2#hlBac+(5yPryq4Z{d{Xjz=xRD*Rw_W
z8zWezE26&LxpF;k9XVr)2m^mU{jarK?VJHWG|GQYwSWnX)S-Wa-y2bo{^yhg6cpx*
zGW_SI0nRm|A^qQbz5i4Ca;^frYQ#?VpN-B?P(=S-40VPEW;Es?6nn7*0qy@5s)Fr|
zS;4~`ST802es$4Dx~;Q_~s6M!{Mu)yAm
z|J}5o2sl@X6ioDvgzWD)^>Vg{;KeTN|5SbXmMRL)c_#*ABmrK1Ckhkv8cb#?0plS9
yHZm0=`@aJEpNep@;2Ki~Fo_un4BQ*=Zv#>SkP
From c83e76a75f9034bee1fb03ec7fc0c6e29dc91cb9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Wed, 3 Feb 2021 09:20:25 -0800
Subject: [PATCH 44/84] Update controlled-folders.md
---
.../microsoft-defender-atp/controlled-folders.md | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
index 34b3992bb5..5d79d2db3f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
@@ -1,5 +1,5 @@
---
-title: Prevent ransomware and threats from encrypting and changing files
+title: Protect important folders from ransomware from encrypting your files with controlled folder access
description: Files in default folders can be protected from being changed by malicious apps. Prevent ransomware from encrypting your files.
keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders
search.product: eADQiWindows 10XVcnh
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
audience: ITPro
-ms.date: 12/17/2020
+ms.date: 02/03/2021
ms.reviewer: v-maave
manager: dansimp
ms.custom: asr
@@ -35,8 +35,8 @@ Controlled folder access helps protect your valuable data from malicious apps an
Controlled folder access works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
-> [!NOTE]
-> Controlled folder access blocks do not generate alerts in the [Alert queue](../microsoft-defender-atp/alerts-queue.md). However, they do provide valuable information that will appear in the [Device Timeline](../microsoft-defender-atp/investigate-machines.md), [Advanced Hunting](../microsoft-defender-atp/advanced-hunting-overview.md) or can be used when building [Custom Detections](../microsoft-defender-atp/custom-detection-rules.md).
+> [!TIP]
+> Controlled folder access blocks don't generate alerts in the [Alerts queue](../microsoft-defender-atp/alerts-queue.md). However, you can view information about controlled folder access blocks in the [device timeline view](../microsoft-defender-atp/investigate-machines.md), while using [advanced hunting](../microsoft-defender-atp/advanced-hunting-overview.md), or with [custom detection rules](../microsoft-defender-atp/custom-detection-rules.md).
## How does controlled folder access work?
@@ -46,7 +46,7 @@ Controlled folder access works with a list of trusted apps. If an app is include
Apps are added to the list based upon their prevalence and reputation. Apps that are highly prevalent throughout your organization and that have never displayed any behavior deemed malicious are considered trustworthy. Those apps are added to the list automatically.
-Apps can also be added manually to the trusted list by using Configuration Manager or Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for an app, can be performed from the Security Center Console.
+Apps can also be added manually to the trusted list by using Configuration Manager or Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for an app, can be performed from the Security Center Console.
## Why controlled folder access is important
@@ -120,17 +120,11 @@ The following table shows events related to controlled folder access:
You can use the Windows Security app to view the list of folders that are protected by controlled folder access.
1. On your Windows 10 device, open the Windows Security app.
-
2. Select **Virus & threat protection**.
-
3. Under **Ransomware protection**, select **Manage ransomware protection**.
-
4. If controlled folder access is turned off, you'll need to turn it on. Select **protected folders**.
-
5. Do one of the following steps:
-
- To add a folder, select **+ Add a protected folder**.
-
- To remove a folder, select it, and then select **Remove**.
> [!NOTE]
From 9d86f926aa161d959dff7efdff5a67d091eb5e4a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Wed, 3 Feb 2021 09:25:53 -0800
Subject: [PATCH 45/84] Update
detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
---
...ially-unwanted-apps-microsoft-defender-antivirus.md | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 15e0a33178..f56820cf7f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -11,7 +11,7 @@ author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
audience: ITPro
-ms.date: 02/01/2021
+ms.date: 02/03/2021
ms.reviewer:
manager: dansimp
ms.technology: mde
@@ -112,21 +112,13 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
#### Use Group Policy to configure PUA protection
1. Download and install [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157)
-
2. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)).
-
3. Select the Group Policy Object you want to configure, and then choose **Edit**.
-
4. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
-
5. Expand the tree to **Windows Components** > **Microsoft Defender Antivirus**.
-
6. Double-click **Configure detection for potentially unwanted applications**.
-
7. Select **Enabled** to enable PUA protection.
-
8. In **Options**, select **Block** to block potentially unwanted applications, or select **Audit Mode** to test how the setting works in your environment. Select **OK**.
-
9. Deploy your Group Policy object as you usually do.
#### Use PowerShell cmdlets to configure PUA protection
From f74183c3cbffbf27266ff6b666de53199f4dd8f8 Mon Sep 17 00:00:00 2001
From: Joey Caparas
Date: Wed, 3 Feb 2021 09:47:18 -0800
Subject: [PATCH 46/84] update
---
.../downloads/mdatp-urls.xlsx | Bin 25191 -> 26000 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx b/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx
index 136c11b15d47022e131bf797785eb4d226ef1590..b5683ec66f0cb1daf7e6e7c898378ba26a12bfdb 100644
GIT binary patch
delta 15091
zcmZ8o1y~(Tvb|`~puyeU-Q8V-dkF3>LvVKw?(P-{?jGDVxCFOgkL2I?cJ~b*7nrH8
zu0H2fbu&G)-v<^u3RdIv4))7|37!)K2qc%_{SF&Y{KIop2QIi8!^Nw*HC@!e*dl^pg2e#|w<1o(HP
z^GSKzYu^6A7@Sq4a`k7;DG6t5e*>+UPQB-c!Ci@=6mw#IWRUYSBx9oXK+{?Z{QUHb
z2%Q%2jSb~vzN_GJO^9%1oq>fb1*zYwek(fL`IUioAi?df?f1!>
z2MMLgDJs`_8kiuPGb!LQn~Q_^Or+)+FW?G@<J7J?q2n9TomVF?jX
za?i0Mg0$6q^lXQY_?c}-hR{wlqGE-^owgeU>#TKPuEBD7#fJ#7;Ff2AOo!c9m_ysR
z$Xm)xxj19-;O;Ej+zacl{h>Pgb|d3?aC#DH)c#iXF?Z!5u3jEM2wBfNMLVOZ{qi|T
z2r+-b$POiQHj3M4J4sva{4-w5yCnl4auQQ$iM$G9UROlP`L&ln@^k5Z`uIWplCbjU
zb+o7CPjP~od!)3o{d-W)+|G
z`pJGf01%`-y3@mct0NzAlNLTq5p$^nhPyI7LPFG$>65KYp!cmsfiL~nnds!eu~%xg
z>%~kPIG>igr+BQ(
zZ9UDhU~~gh(I(S^6?U`~1TN|A@V?D2;(pUOGPC^^;*m_*!640l{PWdhTX+FkkU*a#
z{mx&8J)yz-i{>PMIoh)5RcgT^&~=w+y&Z#Q4vF6GkDe?^GAI+@RsU3h^*}s4y~-GE
z>H<1qocLO6(}1l`3mXP8{fY3naZwhj$CGjqbEB;rf5ZHf(n-VX;WmW(MhzT^FEP2`NBOe}f7T9qOEG}W$~
z673z0#j9)XqiU`JNT-#;L0;vZgF9~rL0J<##BK3btXOLlq~I-U0ir_)>5Jz`ve6Ty
zbOkstd{=dk^c3#&t&16$d_x|KcL!~oUQSK76_#1<7KHBV-Gh*L05y3hllDc7E%X-k
zd!yF1)vCm0o-WcIH2Bl31E(vs?u6zuaoaqhv1B)j_3x;o231kM(&x{qn`BW{
z3z;r5p_weqB);)MOv(#EKgKwWLfg$;SAwH>$otk=E}3CpQ)qs9?Ov)A-bAFHb#Y
z3w8jnHxI|v)r1?b4}-71k5|1j*VikP0PwspxzhRUvds5<`*R_r_!;r(HaolX<$izn
z@eIh0!#zJ9JllA=IE;A&yuDv-*6-}DCJ3{lo1+M`0AB$g@7Il($+L~;yPuD48(sH_
z*u}xjH<6m3tUU+z$J{L}t-S`)tWG=!bUw*V%E$RAKIAFA=ikj!iss)fQ&Qk3r%Fu8
zLj5p8Rv^DQHjjQ&9MW=T`=XIx*AYKFqkreT=j*=Qq#i_^%~FW_k?T^M>WbL`mGw1)
zbN%HZ6=*p>t{4-!zbR5f@%0%_)Z>jkKUSeSv+vUKDaQrGB`Cv#gmQU9hjh#
zrs*WQ>aB>f*(9#c66baX*A*Sdw#>tTIt8^CP?TDSDU+o4uO@Vlr(Le20{`12&1~be
zPyN7Yeff}~%FH}#Ktj#qCryD@QEDru%$y#$QM;6Gae#mew$AkI8{MEfy!uj3M-y
zFp;UuAst@IKE2Da86wISIPN&=BD5ft%vhmVp+un(zrnDT*4fj(F+B$oRXIvHaW@jX
z(~Q_=^DJoYZuOxsIp$2N#G^n+f5<#Y6=*(%RgF7a%1^(-(b9~0l&MvADJLf5tp`ijWsG+D**ymi#=48zu+%Cg0H&Z{UMgM~4Xm+*U1(!)1(WuHv
zuQmS6;WYw`u3_*IulPoq%r50>n2|RGMiqc?Y|Q_X^-Zh^D&JXrG+Hbo;nC>~{H~$gOqoE^uA6b*OC7DAoGv%=nimXO*qf
z0`eb82IAb~GfSuer)4kr6%{V{rk(Lq<&JzWc*USejH+Ht=ClIFd&19?7{jnhCQB-}
zbrZ>B%GTJ!r&n4HO;6y1P5sfosHT=kZ1>I0Xm}k0zf-#`Vqo_(E|xb2ZF}y1Y~ljv
zJ)&wFi<|aovj4bOPwr%`11D)?DxcA8HnWSM;FgllE3jY$XqxtQQZ}Y
zQOXWq)s^x__1*D$*bonZ`BG{qSC`bg5AL70qs3<@m7a^pm5RD~r!_N{tS*a`wmZ`4
z%s)cFx+Er;k&P-wGa)H>)z#3uW=Mwp!lB@$9Z_>NHo7R9Bi6x-BXH5qr3_$vn|ps#-1xh#HwWtxCOCYIX)so(zN^u$-V0
z5fP7M9qE?dq>_lbhUSP~2XQqiyV`-sdGZgIcooeQkv3QdIV}0R4VVazE82Lty1T>P
zq$J7gRFGfe;Edi?J5Hw;5>y|}3+AvlyNpM(xszOT^jArQwbT@J;TsdDsB%{G56<+i-igw8D@(>hJ)RW8+aSV)0lBB;pyfpO4115-kvV)iYeYUyP}$i#yQNbSlC
zwUX-mxwz_1{~10Oq8%BjlF-IbeLH!wH`QYw5?bRuL)csEoV0thOUp5%4XHAa3y%7B{#LG
zM{jay0B?%c_$vom5V>}KwBvY%T#z=H3_i!m6r2!#{fEs>$aj=HT(EfkV{sZ?^HXr3
zL5>+)s2nl#B5N;NRU_6brrX`ADY&kWO=-t2{`tT^0!<^O530;B1V!5vt*HowO~_#v
zB$l3&C+fg?f8x=G!zzChg6x<76+&T+OT(MWTi=|KAWG
zAId`Cz#v94+0el|BQva+hxDZUzYxCExUeC2S;%vRU%zT|dpaS0
zMWWfiXilFM{1biBgZpouwm8?fHhb{R@QW!uQ;L`fGrvh*i=N&v_t|Rdjq`SBfM?Qh
z8YdxB>*M-@mjM~=2tJN7|LA(au&;N;j%+`6ti4Nzl@xLq8Q(3Q21j4tb*Lc5LK9<_
zEfjRc^@R+T2}oA|hpv*ht|q1!-sl>!#eAbH5rOCVv&plmT~Sb>YXZ~rT=U^<<|-2V^;6N8!w%hK|PTCSdY*l3uT
zw-l%9`BOdps3;=E?lVby0!+RdO1dW=$i*rOB$d{{K52lyZib#?m9u{#;d3A%h7C3D
zkqX@4CgJ01f^`j)44Z&VBlu&8x3vT*894Z{5`abD3PXFFQqj>QNS-E8wz}VBwE^}f
zLC6Of)ik)Tu_3i7t!A~N$|%vE{_GGyP|nyzu>=-Z)&JnB!VQ9
z$m2}mXR?R*ZvW^%G9gj$6>sxMk)2yb;D|1L`0zZu1W!XncRN2l8#gkhdpupRJXT^?264^Gqe;
zj^p|Zvi}Az>R*uk|AM@kRQe-dvhaQNJRU58OFB6#@t4?tO7nm9&MFN2yLTUoA70Nc
z)q`pO&uJwrBZ+UP#zfCiXu@3tLd=Mo{tnWGe|@Q7_zjfQRYNn$sLfS*09uLTTh4#W
z^olWX_4TdTY9oYRj0ybB>p`!W-1UN$;ZrNhA8er*eVCS9xoT)=B2&gVc#a7q+D2(9
z-n@;v&f^P>&ut2*c*Aa8v4Ga}luwb$jVU!JkEFw!o9R_~r
z{~ghGy%AX+Asz}o-c_qQH+<*P=#-~ta)g!{gS9C2bxm%;slTq$V5^rdeuffv;hzXE
zuvt-?kz`hVF=!_hiGaolxk+QQYi()xdHc<*tlcPl_TMv7FDKa&@txfu1+QtPE(!&r
zKO~>~JTalxoS8ak8869t+Ma2Uwc*z?D^-_#Pbw#i&lKf&O>9IM#7wlEuL*<{`6GUk
zN2vk_@{WDkk&rr
z^nFThH#Jsu<>fNT(N}Igy>vPaGt-nJYx9ou>AtT#xi0zow}Qv{kWmpP=8V;)pj!hY
zwvuKDv!eyo
zEw;js8LI`hPNcNizOS*dt@S&gnXnB7SY6<89oT8Z1u@+Hrcs
zaVM8s*HAy3>t-OV-)atkik$q+6>oL6(+EW-)vTj*1;s$kD<#{kX8p@7g%&%BEXFm8
z%-}|MWO{aIBEjpGixN
zaJWQrm-uaImDZ5gnyJjJRDO^Z?LzKzSvx`YTbLYSp5XX;Hihe-genn0RgTFDg_{mP
zaupMgQgHe9Ns|k$d;&H}y*My@`m|O7Ht8?u%06Vd1pKfc3O>xqM$WAmmQ0l?bkgMk
z_ULomN7IC9c}iXtqgECzBmpEAe)Ed+ce<$Tr5c_x|b9g|Gy3Z7k6gbjk@
zM8$u=o|C*hoJvr98`;`KammyM^`UE-m}0UXX;{P@Cc*;2>GetSzhXTQKvjy#@_UQ*
zm#dI?l)l>%rV=21i3z8UdZ+;Vp{;R{mt5`dJRp7-7wCCSrWUK=+>AzJdEGjSDW!&b
zSVcCwXBBlPu!pH;8RLd6Row^scR4oy%!aD`#$YI1eB~Q=<*wGhTv7o0ocMxYG}52c
zVsX}B-~Q==`8&=3BE`Ph87?8ZX&pt9_>u^?6jz&?STVMJFQ*}EZM6!La`t=*Z%>av
z_*caWeFIqWFTe*jVrEm^9~G`kg(GKpdh=-CY-LJHR>K*%|5+BGyg{7B_XpysmB5ia
z+AUSzwu?vy>nZ$6CFSDw?@B`di*DWKB>_Bfm9(69yUnjIhM(w=elF(mX6585
z(6-9uYi|E5i+@WA@OxZROJyEh+epM>oE75H7FX)>=1I8i7H{}YNjZOsbGY_zUxts|
zf&2%)+c-bZOGvd?&!t_YUw#c#ZKwjfm`@WWQ=<%kz5!|6NupA%ChZ@zfj`r(`0X3q
zmt<;D4dhF*lLLWjKlBVrNO(Pe?DW3;I-(
z^@wXvf*Oe0G(=s!fySjDoV4ty!}=0lLkw|Nl~=KPjwB8$5zcj;kp(ln9;crdq{zI;
z59`X=cktE8hwX4I$f&(`)t3H6X#vKe86j*jqYPJJz8-1qN#V5riO1Cw)ZSpP-GlCS
zMYLF}RiTu7Y*P%9U;h26RqxI32_-`+mP9z`PEqp*q>bmNi|5DcNdv&=`5piz*bsL>
zaX(j>TGlg>yn+F?JxmDV28AQ=i9%z8=rqE2BGB&
zv%wDD%;39EpUd32U(r+Auc{6@zgA~y+Rc-#M
zp%L*>zx-npnqx*RyPdtL_adJNdtj4WiD`Y?`g9c~)v*omlGU!}8w$(28$y)+dfgpE
zT0cNZ^=Om*07g-fNU%&gojvFPqd__N6(61H(PR})Azub74mUZOYsa+N!MAVh{QbO4P|(f
zuhd?k5)2rupiu8aZ5!)H$zQ;LkEgaPObFgdT}Vtibw6XeVVS%bQ6ZsN5I%-b9OwfD
zbdnSvGSdb&VfEfc3WKVH$GfMew^z=*_=7QbKwFIHR>a!P+2Q1kQp=f3ZQJTWicf8u
zo^K|gc=n{}fHxWW)UD*{=d1J}vpbn@RbKnV7ro2vUj&m^$U#IY>;wt0>nP1^2$MUs
zp%oD8j*D-YY)o3p}gk+D1MPj9q@fMh@FM{XFj$>9gn
zZIRK1?k-f1WO&yKxAkjg%PB{)cyDTBKf9ky~>~e0ki`ZSdDwb$@sD5U1o^NMnl8v&qoirTRjq{E!;EGY56`gMQ#TW&xe28
zDpcHX@?(P#baD7WxC=x_Y
z8V>u8u^r$&w~Q#V^dh9T=Y6480iMT`e_c~c9ZHmx!(2>uc7~LT1?TR113alVIpPn)1SR`PRq>)5xU_9
zDo**z=6vt)bEIhtLrPF%x_>@Ao2Oo!ycAeDf{qg{97lRXQ9l<@tJRMmR%ag@%7tC!
zQH$B&3>~s^c?!NhS-7&f?$dx2V}G<{XskD@4rEja!DFUl;9MsTSiarxw@tI656wfG
zW{=3H0!*|^g5L+0wg(xFs7Qar{>k@gtvgQNYAAUw=Ln=fNdk6#rT2Gp}<;`aB*FE>m0m?B?_Y
zX9?(dpeyuR&!QBRI`9gFX{>$gaX>95W>&w4qbG=#%xA;hh@y(~+K=+}y!hUS6t@^G
zfVwf*4WtC~Mb+J}am~ZOzWcL31^V;h9WVSofCyQecfVA!`7O-paC-ja4NO{3071?kF?X=8JvL16!sZu#G(z4kr;-Spw!U
z>u*Mb-6(^@rSzR5l<14I67eqaB$b80!0n{YV@v+ff^!8(m1kFmTBV6X@qX0UPsjb9
zFIw@=U6}w6;S~bG3zxl1?Aw=dXnp7!6FiDLrimBM2y%jKOz&O;1fzQK3?xw?${Jps
zFwO?W@ErOO8u^4d=2QNW8Efr0binAIZGw~Qw*D&8{|%5WN*Jz32tmA>We22zf>Jos
z9#Q4#KUBafoEgYQ;_j(q9pJ_1?d
z%dL0yO$-U|;8=0A$%tS;AWppmRStRJlWP`lZ}i3~ovOQdRS3Qp2@Pi*714@4#-hG_
zUo~U>x)M5H-U|Ghvo#ya-4NP_Jn(FG64xHqQGr4NE@$M0<{&?`rytK}5=FPx=D;x&
zY>*snbqJ}ymb7D|TfoT2GsIHZL5D;pJJ>X2-qIY&m+-Om(WdPXJGyZSHp>J+OW^-1
zi%$3RrFXXwJFb@WY?x0ih4)k79#x5%E0s3kjTf8%A
z2J9yW&V)Q^N5SC733~1Xnr{amW=_$He-@gcDKceL%2RCruuF|@C+sP=?YX7NW5dUd
zK5PO1q6bb=i=oque0EXt)%}+-!m>@N&f@CTo`8)ZZbB(1Jz%x~{+&keBr){nyl1zb
zW#ZPavDSjX)KbU{4yVXONdWTOErLGe>w{S*SXiB~qT{gPGmB@nu21!K;}ZnmU>`hO
z{}D6IU>Oy%T%mr)H~c6Gw{(u#L}i1ZSGm4@UpH&UAMfcYwuQ{BB!1-dWW3w4hWQ2Z
z&t<`SA3}Pgp$w=O34p_RH-&>T7WK+NECy$hS&jRH=Ha%_YKA>3P-WJPe$RW+ZJ;YW
zDwiNfBD=5A@(pBuNfDY>zf-ty!}CR97HbaOzuY9598=6qcZVKG)f^l4Q04_;xLb8M
ztTN#_!RYlFknY1kE8=BjkaC|a<-C(>exH-CSAuoA%?oHS@}<~`@-DJb>Irv%UwB?c
z(T_cJgX*9|9*1DZSO`?UGTAlfl?UZ=kJwEVI;hUz*vmwS1aFmRADYyq_WsH`1qP0?
z@KYA{C}?7j{3h6adXk?A9b}bBIxycU9KSn~>)fqrG5k
zVttpiR|9EqDQ{8Dm~i+bdLo;EppfyTecW!w;eqAa;gYW%Iz>N|q466QAoPwwmLI;&
zM@Il4Lb2v6(}2)^vLATgaA3jsZ1}Zh0g+ghnB1YKbRA8?>v-YI-
zmyE~PaW@4ion&w@4#Um$W`Bz6viO|BUIv$=eZ${knWR+7Er37UQ=H-b8+l{3Rb=T5K%f+E>
zU>6_Cr0CBtqBGHQ6e$#AEo$@219Kx$W0MI^vxss6Q+kJrDVakc`Ay@DDq4tNS-KLY
z&pIg{1xBMwgl&Ur-dQ8hv}NJjsb=E#2M7SK*zNg3sPek1_pu7g5X78EQXReS;99y-
zpegrUgs4`zxlp}U4(ikuYe}cU{Ats6d2I(G5s9s&!6ol3NmdgehrJJo`OLRA@kd
zlStRLbi=GvJ9=u|ta-Yt$EYEdENKt5Y@P%HIVSSX()>q?I=?%4;T#W*p$duV;aby6
zVno^>#>-*%xQWfJ6iuB_4h%Jm-VyR8yoIH6#O3rzs539Aifp{r65v0F{PIm1yJ{E3
zreA(
z|B{R_-OzOD7|-#nGW}qWxJ~Q$No#MD}B)@Ju1mr5NsgkoiMT6UR3M2eYmx
z#NX<&-F1&dC;k`2uqFGr-q14u^Y}$b#;{1HFOfsAMVEv1{3PA!fb-MbqFWn2uzSD5
zKs9`Jt+|CX#rtw}4?pW6Q{elcxrGn7Jk4EbUUD1k1A52QmvBo%h5OgV*n<<@A&gC}
zAeK9Mp<(DclbZWR+RPBf8IxYJ0|)@U`+>1F%et{1KJS|)|2Faj_#&F@?J=_o39
z5Yv)CuPo8`tLe6Ub{M9)hP(Az&LxI1J11gNKc08^j0o7slv0t*!SnRV??TabI+!tV
z`kP8={r7?jediBuu7dyt`ubzLz)#JP8fpsT`=>bl9av89o)M*vhp7NB&aLVimkY6{
z{f8~v>ubK_yWq>-n&NemO3rD5EYI}c_vhDaxWhgV7aK$L3z(}8;|#mOUqjJv)>*eG
ztQREb-@V8#a-fhh;(2Ruy*HFJBD{Hb=_McMRj;FUSPJ2@i2I)1wsBof^|vC#&6d_z
z3zWsicsHZb_`GwSM(Xor{%(x&>8OBLRGT1q{{>blscr?St*HH(*MwT~4{%nbho=wl
zAW#8ALZkp4aB9=mJ`dk3Z5JWC+@+v|r(`HB+dwZyq8?ZG^ZDiufqW^NYBau?Fq{pJ
z8}I%8P1?i#pekN%p_EI>PH_VK*;63wVL4Ial_Dk5UAEVmVk(C&G@pu!H;)#)&*k9e
zZbXbWZg9H_z@vqg;C*n{*on-%kR=n?XYh$8>RWd;aQMACLG4_KF_6h&wv$irwUY2k
zDT~R#Y}%X0!_C2=hXwm(tdHu|F^n-Fh6m4^Eg(!PC6`g)c6`$$TVOX^ay9gu%);E6
z8x8xM-2#i08kPL3k+