From d6feeb1ba78a5b94275f2f25eb06ccefe5416f9f Mon Sep 17 00:00:00 2001 From: Sharla Akers Date: Fri, 30 Mar 2018 23:08:46 +0000 Subject: [PATCH 1/6] Updated enterprisemodernappmanagement-csp.md to reflect actual behavior today. --- .../mdm/enterprisemodernappmanagement-csp.md | 31 ++++++------------- 1 file changed, 10 insertions(+), 21 deletions(-) diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index 2ad3ca1434..404877f84d 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -112,7 +112,7 @@ The following image shows the EnterpriseModernAppManagement configuration servic ``` **AppManagement/RemovePackage** -

Added in Windows 10, version 1703. Used to remove packages. +

Added in Windows 10, version 1703. Used to remove packages. Not supported for ./User/Vendor/MSFT.

Parameters:

-
  • User (optional): Specifies the SID of the particular user for whom to remove the package; only the package for the specified user can be removed. Not required for ./User/Vendor/MSFT.
    • +
  • User (optional): Specifies the SID of the particular user for whom to remove the package; only the package for the specified user can be removed.

    • Supported operation is Execute. -

    The following example removes a package for the specified user: - -```XML - - 10 - - - ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/RemovePackage - - xml - - - - - -```

    The following example removes a package for all users: ````XML @@ -307,7 +291,12 @@ The following image shows the EnterpriseModernAppManagement configuration servic

    Supported operation is Get. **.../*PackageFamilyName*/*PackageFullName*/Users** -

    Required. Registered users of the app. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string. +

    Required. Registered users of the app and the package install state. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string. + +- Not Installed = 0 +- Staged = 1 +- Installed = 2 +- Paused = 6

    Supported operation is Get. From 473823fc5248678204a3add491fb2b1f47450396 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 4 Apr 2018 07:39:48 -0700 Subject: [PATCH 2/6] copyedit --- .../security-policy-settings/account-lockout-duration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md index 504909f266..7da0245da9 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md @@ -29,7 +29,7 @@ This policy setting is dependent on the **Account lockout threshold** policy set If [Account lockout threshold](account-lockout-threshold.md) is configured, after the specified number of failed attempts, the account will be locked out. If th **Account lockout duration** is set to 0, the account will remain locked until an administrator unlocks it manually. -It is advisable to set **Account lockout duration** to approximately 15 minutes. To specify that the account will never be locked out, set the Account lockout threshold value to 0. +It is advisable to set **Account lockout duration** to approximately 15 minutes. To specify that the account will never be locked out, set the **Account lockout threshold** value to 0. ### Location From 636f8bc5466625af729ba4c3832d7b7dbc8e1d17 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 4 Apr 2018 16:13:14 +0000 Subject: [PATCH 3/6] Merged PR 6905: Update endpoints --- .../change-history-for-configure-windows-10.md | 8 +++++++- ...e-windows-diagnostic-data-in-your-organization.md | 12 +++++++++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 822b8ec80b..b328c042ce 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -8,13 +8,19 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: high author: jdeckerms -ms.date: 03/23/2018 +ms.date: 04/04/2018 --- # Change history for Configure Windows 10 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile. +## April 2018 + +New or changed topic | Description +--- | --- +[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Updated endpoints. + ## March 2018 New or changed topic | Description diff --git a/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md index c77762a5e4..ce9e5b4792 100644 --- a/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: high author: brianlic-msft -ms.date: 10/17/2017 +ms.date: 04/04/2018 --- # Configure Windows diagnostic data in your organization @@ -143,11 +143,17 @@ All diagnostic data data is encrypted using SSL and uses certificate pinning dur The Microsoft Data Management Service routes data back to our secure cloud storage. Only Microsoft personnel with a valid business justification are permitted access. -The following table defines the endpoints for diagnostic data services: +The following table defines the endpoints for Connected User Experiences and Telemetry component: + +Windows release | Endpoint +--- | --- +Windows 10, versions 1703 and 1709 | Diagnostics data: v10.vortex-win.data.microsoft.com/collect/v1

    Functional: v20.vortex-win.data.microsoft.com/collect/v1
    Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com/collect/v1
    settings-win.data.microsoft.com +Windows 10, version 1607 | v10.vortex-win.data.microsoft.com

    settings-win.data.microsoft.com + +The following table defines the endpoints for other diagnostic data services: | Service | Endpoint | | - | - | -| Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com | | [Windows Error Reporting](http://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com | | [Online Crash Analysis](http://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com | | OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 | From 8136381cf86f842fc7a3030a2a608262ecabd8c1 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Wed, 4 Apr 2018 09:49:19 -0700 Subject: [PATCH 4/6] Changed updates.microsoft.com to update.* --- ...gure-network-connections-windows-defender-antivirus.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md index f44c485e39..2de4642ade 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md @@ -9,9 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: iaanw -ms.author: iawilt -ms.date: 11/20/2017 +author: andreabichsel +ms.author: v-anbic +ms.date: 04/04/2018 --- # Configure and validate network connections for Windows Defender Antivirus @@ -77,7 +77,7 @@ Microsoft Update Service (MU) Signature and product updates -*.updates.microsoft.com +*.update.microsoft.com From 2bec4fe1203564b98b4337fe1cf69bc7ff466d8f Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Wed, 4 Apr 2018 16:57:37 +0000 Subject: [PATCH 5/6] Merged PR 6909: Added note to KioskBrowser policies --- .../mdm/policy-csp-kioskbrowser.md | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index 27f995e4d9..6554f182c6 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/03/2018 --- # Policy CSP - KioskBrowser @@ -14,6 +14,7 @@ ms.date: 03/12/2018 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +These policies only apply to kiosk browser.

    @@ -83,6 +84,9 @@ ms.date: 03/12/2018 Added in Windows 10, version 1803. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. +> [!Note] +> This policy only applies to kiosk browser. + @@ -127,6 +131,9 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL Added in Windows 10, version 1803. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. +> [!Note] +> This policy only applies to kiosk browser. + @@ -171,6 +178,9 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s Added in Windows 10, version 1803. Configures the default URL kiosk browsers to navigate on launch and restart. +> [!Note] +> This policy only applies to kiosk browser. + @@ -215,6 +225,9 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to Added in Windows 10, version 1803. Enable/disable kiosk browser's home button. +> [!Note] +> This policy only applies to kiosk browser. + @@ -259,6 +272,9 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button. Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation buttons (forward/back). +> [!Note] +> This policy only applies to kiosk browser. + @@ -305,6 +321,9 @@ Added in Windows 10, version 1803. Amount of time in minutes the session is idle The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. +> [!Note] +> This policy only applies to kiosk browser. +
    From 84187159ab89462133240ca6144b663e52e083b6 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Wed, 4 Apr 2018 10:00:58 -0700 Subject: [PATCH 6/6] Fixed table in compatibility topic --- .../windows-defender-antivirus-compatibility.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index 4fe762ad49..fb71bda388 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -9,9 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: iaanw -ms.author: iawilt -ms.date: 11/09/2017 +author: andreabichsel +ms.author: v-anbic +ms.date: 04/04/2018 --- @@ -67,7 +67,7 @@ This table indicates the functionality and features that are available in each s State | Description | [Real-time protection](configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) | [Limited periodic scanning availability](limited-periodic-scanning-windows-defender-antivirus.md) | [File scanning and detection information](customize-run-review-remediate-scans-windows-defender-antivirus.md) | [Threat remediation](configure-remediation-windows-defender-antivirus.md) | [Threat definition updates](manage-updates-baselines-windows-defender-antivirus.md) :-|:-|:-:|:-:|:-:|:-:|:-: -Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] +Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)]] Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]