From 4bcb2f09de05e089822439e5af8ebc17b679c392 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha
Lp{(UBK`5wbb^!_~odD2yD
z<9Va``J3o!3{AX;5OMSrV0rrI#EU#
+>Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
> If you are not enrolled yet and would like to experience its benefits, go to Settings > General > Advanced features > Microsoft Threat Experts to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a 90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on Demand subscription.
@@ -123,7 +123,7 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf
**[Integration with Microsoft solutions](threat-protection-integration.md)** FIPS Approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459) FIPS approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278) FIPS Approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459) FIPS approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.#1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.#1281) FIPS Approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790) FIPS approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790) Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed) FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790) FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790) FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790) FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282) FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790) FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282) FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227) FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886) FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227) FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887) FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347) FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347) Other algorithms: MD5; PBKDF (non-compliant); VMK KDF FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347) FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888) FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347) FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888) FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024) FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664) FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024) FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663) FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048) FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665) FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048) FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665) FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969) FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575) FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969) FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576) FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871) FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572) FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871) FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572) FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692) FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323) FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692) FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289) FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373) FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373) Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289) FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert. and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) FIPS approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert. and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) FIPS Approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) FIPS approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656) Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656) Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) FIPS Approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 FIPS approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 FIPS Approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed) FIPS approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed) Other algorithms: DES; MD5; HMAC MD5 FIPS Approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed) Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4 FIPS approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed) Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4 FIPS Approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed) Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits) FIPS approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed) Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits) FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29) FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29) Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement) FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed) FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed) Other algorithms: DES (Cert. #156); RC2; RC4; MD5 FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed) FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed) Other algorithms: DES (Cert. #156); RC2; RC4; MD5 FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed) FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed) Other algorithms: DES (Cert. #89) FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35) FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35) Other algorithms: DES (Certs. #89) (DSS/DH Enh: 5.0.2195.3665 [SP3]) FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5 FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35) FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35) Other algorithms: DES (Certs. #89) FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5 (DSS/DH Enh: 5.0.2150.1391 [SP1]) FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5 FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed) FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed) Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) FIPS Approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed) FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed) Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347) FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347) Other algorithms: MD5; PBKDF (non-compliant); VMK KDF FIPS Approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543) Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4 FIPS approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543) Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4 FIPS Approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542) FIPS approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542) Other algorithms: DES; HMAC-MD5 FIPS Approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544) Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) FIPS approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544) Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2]) FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2]) Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant) [1] x86 FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2]) FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2]) Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5 [1] x86 FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81) FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81) Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40 [1] x86 FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2]) FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2]) Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant) [1] x86 FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2]) FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2]) Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5 [1] x86 FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81) FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81) Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40 [1] x86 FIPS Approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384) Allowed algorithms: HMAC-MD5; MD5; NDRNG FIPS approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384) Allowed algorithms: HMAC-MD5, MD5, NDRNG FIPS Approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382) Allowed algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength FIPS approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382) Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength FIPS Approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2]) FIPS approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2]) Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES FIPS Approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed) FIPS approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed) Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5 AES Val#4902 Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896 AES Val#4901 Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895 AES Val#4897 Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894 CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96) IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); 96BitIV_Supported GMAC_Supported IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported GMAC supported XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f)) Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624 Version 10.0.15063 CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
This option maps to Azure AD only single-tenant.
This is the default option unless you're registering the app outside of a directory. In cases where the app is registered outside of a directory, the default is Azure AD multi-tenant and personal Microsoft accounts. |
+ | **Accounts in any organizational directory** | Select this option if you would like to target all business and educational customers.
This option maps to an Azure AD only multi-tenant.
If you registered the app as Azure AD only single-tenant, you can update it to be Azure AD multi-tenant and back to single-tenant through the **Authentication** blade. |
+ | **Accounts in any organizational directory and personal Microsoft accounts** | Select this option to target the widest set of customers.
This option maps to Azure AD multi-tenant and personal Microsoft accounts.
If you registered the app as Azure AD multi-tenant and personal Microsoft accounts, you cannot change this in the UI. Instead, you must use the application manifest editor to change the supported account types. |
+
+ - **Redirect URI (optional)** - Select the type of app you're building, **Web** or **Public client (mobile & desktop)**, and then enter the redirect URI (or reply URL) for your application.
+ - For web applications, provide the base URL of your app. For example, `http://localhost:31544` might be the URL for a web app running on your local machine. Users would use this URL to sign in to a web client application.
+ - For public client applications, provide the URI used by Azure AD to return token responses. Enter a value specific to your application, such as `myapp://auth`.
+
+ To see specific examples for web applications or native applications, check out our [quickstarts](/azure/active-directory/develop/#quickstarts).
+
+ When finished, select **Register**.
4. Allow your Application to access Microsoft Defender ATP and assign it 'Read alerts' permission:
From 342d51170c2026887adb68299555e459d5fc4500 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Fri, 6 Nov 2020 23:35:42 +0500
Subject: [PATCH 12/85] Update
use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
Path values in rules were defined incorrectly.
Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8564
---
...licy-to-control-specific-plug-ins-add-ins-and-modules.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
index 79a167e2a1..a6e3ec2b41 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@@ -36,14 +36,14 @@ To work with these options, the typical method is to create a policy that only a
For example, to create a WDAC policy that allows **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable:
```powershell
-$rule = New-CIPolicyRule -DriverFilePath '.\ERP1.exe' -Level FileName -AppID '.\temp\addin1.dll'
-$rule += New-CIPolicyRule -DriverFilePath '.\ERP1.exe' -Level FileName -AppID '.\temp\addin2.dll'
+$rule = New-CIPolicyRule -DriverFilePath '..\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
+$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs
```
As another example, to create a WDAC policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specified application:
```powershell
-$rule = New-CIPolicyRule -DriverFilePath '.\winword.exe' -Level FileName -Deny -AppID '.\temp\addin3.dll'
+$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe'
New-CIPolicy -Rules $rule -FilePath ".\BlockAddins.xml" -UserPEs
```
From a886efe0b1106c8bddc2c0d045dd79ec9b05f019 Mon Sep 17 00:00:00 2001
From: Peter Smith
- You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue, alert page, and device timeline and will appear as resolved across Microsoft Defender ATP APIs.
Alerts that are marked as hidden will be suppressed from the entire system, both on the device's associated alerts and from the dashboard and will not be streamed across Microsoft Defender ATP APIs.
+ You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue, alert page, and device timeline and will appear as resolved across Defender for Endpoint APIs.
Alerts that are marked as hidden will be suppressed from the entire system, both on the device's associated alerts and from the dashboard and will not be streamed across Defender for Endpoint APIs.
5. Enter a rule name and a comment.
@@ -120,10 +120,10 @@ Added comments instantly appear on the pane.
## Related topics
- [Manage suppression rules](manage-suppression-rules.md)
-- [View and organize the Microsoft Defender Advanced Threat Protection Alerts queue](alerts-queue.md)
-- [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md)
-- [Investigate a file associated with a Microsoft Defender ATP alert](investigate-files.md)
-- [Investigate devices in the Microsoft Defender ATP Devices list](investigate-machines.md)
-- [Investigate an IP address associated with a Microsoft Defender ATP alert](investigate-ip.md)
-- [Investigate a domain associated with a Microsoft Defender ATP alert](investigate-domain.md)
-- [Investigate a user account in Microsoft Defender ATP](investigate-user.md)
+- [View and organize the Microsoft Defender for Endpoint Alerts queue](alerts-queue.md)
+- [Investigate Microsoft Defender for Endpoint alerts](investigate-alerts.md)
+- [Investigate a file associated with a Microsoft Defender for Endpoint alert](investigate-files.md)
+- [Investigate devices in the Microsoft Defender for Endpoint Devices list](investigate-machines.md)
+- [Investigate an IP address associated with a Microsoft Defender for Endpoint alert](investigate-ip.md)
+- [Investigate a domain associated with a Microsoft Defender for Endpoint alert](investigate-domain.md)
+- [Investigate a user account in Microsoft Defender for Endpoint](investigate-user.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
index 36d77dce37..94a77a1007 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
@@ -61,7 +61,7 @@ The following table lists various tasks you can perform to configure Microsoft D
|**Use Conditional Access** to control the devices and apps that can connect to your email and company resources |[Configure Conditional Access in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access) |
|**Configure Microsoft Defender Antivirus settings** using the Policy configuration service provider ([Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider)) |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus)
[Policy CSP - Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender) |
|**If necessary, specify exclusions for Microsoft Defender Antivirus**
*Generally, you shouldn't need to apply exclusions. Microsoft Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios.* |[Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows](https://support.microsoft.com/help/822158/virus-scanning-recommendations-for-enterprise-computers)
[Device restrictions: Microsoft Defender Antivirus Exclusions for Windows 10 devices](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)
[Configure Microsoft Defender Antivirus exclusions on Windows Server 2016 or 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus)|
-|**Configure your attack surface reduction rules** to target software behaviors that are often abused by attackers
*Configure your attack surface reduction rules in [audit mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender) at first (for at least one week and up to two months). You can monitor status using Power BI ([get our template](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules)), and then set those rules to active mode when you're ready.* |[Audit mode in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender)
[Endpoint protection: Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=/intune/configuration/toc.json&bc=/intune/configuration/breadcrumb/toc.json#attack-surface-reduction)
[Learn more about attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction)
[Tech Community blog post: Demystifying attack surface reduction rules - Part 1](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/demystifying-attack-surface-reduction-rules-part-1/ba-p/1306420) |
+|**Configure your attack surface reduction rules** to target software behaviors that are often abused by attackers
*Configure your attack surface reduction rules in [audit mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender) at first (for at least one week and up to two months). You can monitor status using Power BI ([get our template](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules)), and then set those rules to active mode when you're ready.* |[Audit mode in Microsoft Defender for Endpoint ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender)
[Endpoint protection: Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=/intune/configuration/toc.json&bc=/intune/configuration/breadcrumb/toc.json#attack-surface-reduction)
[Learn more about attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction)
[Tech Community blog post: Demystifying attack surface reduction rules - Part 1](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/demystifying-attack-surface-reduction-rules-part-1/ba-p/1306420) |
|**Configure your network filtering** to block outbound connections from any app to IP addresses or domains with low reputations
*Network filtering is also referred to as [network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection).*
*Make sure that Windows 10 devices have the latest [antimalware platform updates](https://support.microsoft.com/help/4052623/update-for-microsoft-defender-antimalware-platform) installed.*|[Endpoint protection: Network filtering](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#network-filtering)
[Review network protection events in Windows Event Viewer](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection#review-network-protection-events-in-windows-event-viewer) |
|**Configure controlled folder access** to protect against ransomware
*[Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders) is also referred to as antiransomware protection.* |[Endpoint protection: Controlled folder access](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#controlled-folder-access)
[Enable controlled folder access in Intune](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders#intune) |
|**Configure exploit protection** to protect your organization's devices from malware that uses exploits to spread and infect other devices
*[Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection) is also referred to as Exploit Guard.* |[Endpoint protection: Microsoft Defender Exploit Guard](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-exploit-guard)
[Enable exploit protection in Intune](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection#intune) |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index ab130cb910..3f4c0af91b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -70,7 +70,7 @@ The following table summarizes remediation actions following an automated invest
|Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence.
No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center) |
|**No automated response** (this is not recommended)|No automated investigations run, so no verdicts are reached, and no remediation actions are taken or awaiting approval. |[Consider setting up or changing your device groups to use **Full** or **Semi** automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) |
-In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
+In Microsoft Defender for Endpoint, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
> [!TIP]
> To learn more about remediation actions following an automated investigation, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md
index 0b5d31597f..a82c4c98cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md
@@ -25,11 +25,11 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink)
Enable the content analysis capability so that certain files and email attachments can automatically be uploaded to the cloud for additional inspection in Automated investigation.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
index 29529c8847..c60093cd86 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
@@ -25,11 +25,11 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automationexclusionfolder-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automationexclusionfolder-abovefoldlink)
Automation folder exclusions allow you to specify folders that the Automated investigation will skip.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
index f0cd8403c1..4fa8c2f463 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
@@ -19,13 +19,13 @@ ms.collection:
ms.topic: article
---
-# Manage Microsoft Defender ATP incidents
+# Manage Microsoft Defender for Endpoint incidents
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Managing incidents is an important part of every cybersecurity operation. You can manage incidents by selecting an incident from the **Incidents queue** or the **Incidents management pane**.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index d5186273e9..a2904c5d62 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -24,22 +24,22 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability gives SecOps the ability to set a list of indicators for detection and for blocking (prevention and response).
Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the device group to apply it to.
-Currently supported sources are the cloud detection engine of Microsoft Defender ATP, the automated investigation and remediation engine, and the endpoint prevention engine (Microsoft Defender AV).
+Currently supported sources are the cloud detection engine of Defender for Endpoint, the automated investigation and remediation engine, and the endpoint prevention engine (Microsoft Defender AV).
**Cloud detection engine**
-The cloud detection engine of Microsoft Defender ATP regularly scans collected data and tries to match the indicators you set. When there is a match, action will be taken according to the settings you specified for the IoC.
+The cloud detection engine of Defender for Endpoint regularly scans collected data and tries to match the indicators you set. When there is a match, action will be taken according to the settings you specified for the IoC.
**Endpoint prevention engine**
-The same list of indicators is honored by the prevention agent. Meaning, if Microsoft Defender AV is the primary AV configured, the matched indicators will be treated according to the settings. For example, if the action is "Alert and Block", Microsoft Defender AV will prevent file executions (block and remediate) and a corresponding alert will be raised. On the other hand, if the Action is set to "Allow", Microsoft Defender AV will not detect nor block the file from being run.
+The same list of indicators is honored by the prevention agent. Meaning, if Microsoft Defender AV is the primary AV configured, the matched indicators will be treated according to the settings. For example, if the action is "Alert and Block", Microsoft Defender AV will prevent file executions (block and remediate) and a corresponding alert will be raised. On the other hand, if the Action is set to "Allow", Microsoft Defender AV will not detect nor block the file from being run.
**Automated investigation and remediation engine**
The automated investigation and remediation behave the same. If an indicator is set to "Allow", Automated investigation and remediation will ignore a "bad" verdict for it. If set to "Block", Automated investigation and remediation will treat it as "bad".
@@ -64,5 +64,5 @@ You can create an indicator for:
## Related topics
- [Create contextual IoC](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
-- [Use the Microsoft Defender ATP indicators API](ti-indicator.md)
+- [Use the Microsoft Defender for Endpoint indicators API](ti-indicator.md)
- [Use partner integrated solutions](partner-applications.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
index d13aa975d2..bf6e43d5b2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
@@ -24,7 +24,7 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
There might be scenarios where you need to suppress alerts from appearing in the portal. You can create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. For more information on how to suppress alerts, see [Suppress alerts](manage-alerts.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
index c3176ac54a..83cad3a708 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
@@ -24,19 +24,19 @@ ms.topic: conceptual
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mgt-apis-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mgt-apis-abovefoldlink)
-Microsoft Defender ATP supports a wide variety of options to ensure that customers can easily adopt the platform.
+Defender for Endpoint supports a wide variety of options to ensure that customers can easily adopt the platform.
-Acknowledging that customer environments and structures can vary, Microsoft Defender ATP was created with flexibility and granular control to fit varying customer requirements.
+Acknowledging that customer environments and structures can vary, Defender for Endpoint was created with flexibility and granular control to fit varying customer requirements.
## Endpoint onboarding and portal access
Device onboarding is fully integrated into Microsoft Endpoint Configuration Manager and Microsoft Intune for client devices and Azure Security Center for server devices, providing complete end-to-end experience of configuration, deployment, and monitoring. In addition, Microsoft Defender ATP supports Group Policy and other third-party tools used for devices management.
-Microsoft Defender ATP provides fine-grained control over what users with access to the portal can see and do through the flexibility of role-based access control (RBAC). The RBAC model supports all flavors of security teams structure:
+Defender for Endpoint provides fine-grained control over what users with access to the portal can see and do through the flexibility of role-based access control (RBAC). The RBAC model supports all flavors of security teams structure:
- Globally distributed organizations and security teams
- Tiered model security operations teams
- Fully segregated divisions with single centralized global security operations teams
@@ -44,30 +44,30 @@ Microsoft Defender ATP provides fine-grained control over what users with access
## Available APIs
The Microsoft Defender ATP solution is built on top of an integration-ready platform.
-Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities.
+Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities.
-
+
-The Microsoft Defender ATP APIs can be grouped into three:
-- Microsoft Defender ATP APIs
+The Defender for Endpoint APIs can be grouped into three:
+- Microsoft Defender for Endpoint APIs
- Raw data streaming API
- SIEM integration
-## Microsoft Defender ATP APIs
+## Microsoft Defender for Endpoint APIs
-Microsoft Defender ATP offers a layered API model exposing data and capabilities in a structured, clear, and easy to use model, exposed through a standard Azure AD-based authentication and authorization model allowing access in context of users or SaaS applications. The API model was designed to expose entities and capabilities in a consistent form.
+Defender for Endpoint offers a layered API model exposing data and capabilities in a structured, clear, and easy to use model, exposed through a standard Azure AD-based authentication and authorization model allowing access in context of users or SaaS applications. The API model was designed to expose entities and capabilities in a consistent form.
-Watch this video for a quick overview of Microsoft Defender ATP's APIs.
+Watch this video for a quick overview of Defender for Endpoint's APIs.
>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4d73M]
-The **Investigation API** exposes the richness of Microsoft Defender ATP - exposing calculated or 'profiled' entities (for example, device, user, and file) and discrete events (for example, process creation and file creation) which typically describes a behavior related to an entity, enabling access to data via investigation interfaces allowing a query-based access to data. For more information, see, [Supported APIs](exposed-apis-list.md).
+The **Investigation API** exposes the richness of Defender for Endpoint - exposing calculated or 'profiled' entities (for example, device, user, and file) and discrete events (for example, process creation and file creation) which typically describes a behavior related to an entity, enabling access to data via investigation interfaces allowing a query-based access to data. For more information, see, [Supported APIs](exposed-apis-list.md).
The **Response API** exposes the ability to take actions in the service and on devices, enabling customers to ingest indicators, manage settings, alert status, as well as take response actions on devices programmatically such as isolate devices from the network, quarantine files, and others.
## Raw data streaming API
-Microsoft Defender ATP raw data streaming API provides the ability for customers to ship real-time events and alerts from their instances as they occur within a single data stream, providing a low latency, high throughput delivery mechanism.
+Defender for Endpoint raw data streaming API provides the ability for customers to ship real-time events and alerts from their instances as they occur within a single data stream, providing a low latency, high throughput delivery mechanism.
-The Microsoft Defender ATP event information is pushed directly to Azure storage for long-term data retention, or to Azure Event Hubs for consumption by visualization services or additional data processing engines.
+The Defender for Endpoint event information is pushed directly to Azure storage for long-term data retention, or to Azure Event Hubs for consumption by visualization services or additional data processing engines.
For more information, see, [Raw data streaming API](raw-data-export.md).
@@ -76,7 +76,7 @@ For more information, see, [Raw data streaming API](raw-data-export.md).
When you enable security information and event management (SIEM) integration, it allows you to pull detections from Microsoft Defender Security Center using your SIEM solution or by connecting directly to the detections REST API. This activates the SIEM connector access details section with pre-populated values and an application is created under your Azure Active Directory (Azure AD) tenant. For more information, see, [SIEM integration](enable-siem-integration.md)
## Related topics
-- [Access the Microsoft Defender Advanced Threat Protection APIs ](apis-intro.md)
+- [Access the Microsoft Defender for Endpoint APIs ](apis-intro.md)
- [Supported APIs](exposed-apis-list.md)
- [Technical partner opportunities](partner-integration.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index e9fa0412b0..efb438eb60 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -24,12 +24,12 @@ ms.date: 09/22/2020
ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
---
-# Migrate from McAfee to Microsoft Defender Advanced Threat Protection
+# Migrate from McAfee to Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-If you are planning to switch from McAfee Endpoint Security (McAfee) to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide to plan your migration.
+If you are planning to switch from McAfee Endpoint Security (McAfee) to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide to plan your migration.
## The migration process
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 8813e53523..858c7f0d06 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -34,10 +34,10 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
||*You are here!* | |
-**Welcome to the Setup phase of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This phase includes the following steps:
+**Welcome to the Setup phase of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This phase includes the following steps:
1. [Enable Microsoft Defender Antivirus and confirm it's in passive mode](#enable-microsoft-defender-antivirus-and-confirm-its-in-passive-mode).
2. [Get updates for Microsoft Defender Antivirus](#get-updates-for-microsoft-defender-antivirus).
-3. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-for-endpoint-to-the-exclusion-list-for-mcafee).
+3. [Add Microsoft Defender for Endpoint to the exclusion list for McAfee](#add-microsoft-defender-for-endpoint-to-the-exclusion-list-for-mcafee).
4. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-antivirus).
5. [Add McAfee to the exclusion list for Microsoft Defender for Endpoint](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-for-endpoint).
6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
index 16dd867662..98816a74b8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
@@ -25,26 +25,26 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-To benefit from Microsoft Defender Advanced Threat Protection (ATP) cloud app discovery signals, turn on Microsoft Cloud App Security integration.
+To benefit from Microsoft Defender for Endpoint cloud app discovery signals, turn on Microsoft Cloud App Security integration.
>[!NOTE]
>This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on devices running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions.
-> See [Microsoft Defender Advanced Threat Protection integration with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security.
+> See [Microsoft Defender for Endpoint integration with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security.
-## Enable Microsoft Cloud App Security in Microsoft Defender ATP
+## Enable Microsoft Cloud App Security in Microsoft Defender for Endpoint
1. In the navigation pane, select **Preferences setup** > **Advanced features**.
2. Select **Microsoft Cloud App Security** and switch the toggle to **On**.
3. Click **Save preferences**.
-Once activated, Microsoft Defender ATP will immediately start forwarding discovery signals to Cloud App Security.
+Once activated, Microsoft Defender for Endpoint will immediately start forwarding discovery signals to Cloud App Security.
## View the data collected
-To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security, see [Investigate devices in Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security).
+To view and access Microsoft Defender for Endpoint data in Microsoft Cloud Apps Security, see [Investigate devices in Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security).
For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
index a23303c507..87814b1b25 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
@@ -19,12 +19,12 @@ ms.topic: conceptual
ms.date: 10/18/2018
---
-# Microsoft Cloud App Security in Microsoft Defender ATP overview
+# Microsoft Cloud App Security in Defender for Endpoint overview
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[!include[Prerelease information](../../includes/prerelease.md)]
@@ -33,9 +33,9 @@ Microsoft Cloud App Security (Cloud App Security) is a comprehensive solution th
>[!NOTE]
>This feature is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on devices running Windows 10 version 1809 or later.
-## Microsoft Defender ATP and Cloud App Security integration
+## Microsoft Defender for Endpoint and Cloud App Security integration
-Cloud App Security discovery relies on cloud traffic logs being forwarded to it from enterprise firewall and proxy servers. Microsoft Defender ATP integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, providing unparalleled visibility to cloud app usage. The monitoring functionality is built into the device, providing complete coverage of network activity.
+Cloud App Security discovery relies on cloud traffic logs being forwarded to it from enterprise firewall and proxy servers. Microsoft Defender for Endpoint integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, providing unparalleled visibility to cloud app usage. The monitoring functionality is built into the device, providing complete coverage of network activity.
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4r4yQ]
@@ -44,9 +44,9 @@ The integration provides the following major improvements to the existing Cloud
- Available everywhere - Since the network activity is collected directly from the endpoint, it's available wherever the device is, on or off corporate network, as it's no longer depended on traffic routed through the enterprise firewall or proxy servers.
-- Works out of the box, no configuration required - Forwarding cloud traffic logs to Cloud App Security requires firewall and proxy server configuration. With the Microsoft Defender ATP and Cloud App Security integration, there's no configuration required. Just switch it on in Microsoft Defender Security Center settings and you're good to go.
+- Works out of the box, no configuration required - Forwarding cloud traffic logs to Cloud App Security requires firewall and proxy server configuration. With the Defender for Endpoint and Cloud App Security integration, there's no configuration required. Just switch it on in Microsoft Defender Security Center settings and you're good to go.
-- Device context - Cloud traffic logs lack device context. Microsoft Defender ATP network activity is reported with the device context (which device accessed the cloud app), so you are able to understand exactly where (device) the network activity took place, in addition to who (user) performed it.
+- Device context - Cloud traffic logs lack device context. Defender for Endpoint network activity is reported with the device context (which device accessed the cloud app), so you are able to understand exactly where (device) the network activity took place, in addition to who (user) performed it.
For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
index b37274b4cb..ff9263b229 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
@@ -24,14 +24,14 @@ ms.topic: conceptual
> For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy).
-Microsoft Defender Advanced Threat Protection is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
+Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4wDob]
-Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
+Defender for Endpoint uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
-- **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
+- **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.
- **Cloud security analytics**: Leveraging big-data, device-learning, and
@@ -42,12 +42,12 @@ Microsoft Defender ATP uses the following combination of technology built into W
- **Threat intelligence**: Generated by Microsoft hunters, security teams,
and augmented by threat intelligence provided by partners, threat
- intelligence enables Microsoft Defender ATP to identify attacker
+ intelligence enables Defender for Endpoint to identify attacker
tools, techniques, and procedures, and generate alerts when they
are observed in collected sensor data.
-Microsoft Defender ATP
Microsoft Defender for Endpoint
@@ -1059,23 +1066,23 @@ Validated Editions: Ultimate Edition
Threat & Vulnerability Management
-Microsoft Defender ATP includes Microsoft Secure Score for Devices to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
+Defender for Endpoint includes Microsoft Secure Score for Devices to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
**[Microsoft Threat Experts](microsoft-threat-experts.md)**
-Microsoft Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.
+Microsoft Defender for Endpoint's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.
>[!IMPORTANT]
->Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
- Microsoft Defender ATP directly integrates with various Microsoft solutions, including:
+ Defender for Endpoint directly integrates with various Microsoft solutions, including:
- Intune
- Office 365 ATP
- Azure ATP
@@ -132,8 +132,8 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf
- Microsoft Cloud App Security
**[Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**
- With Microsoft Threat Protection, Microsoft Defender ATP and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.
+ With Microsoft Threat Protection, Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.
## Related topic
-[Microsoft Defender ATP helps detect sophisticated threats](https://www.microsoft.com/en-us/itshowcase/microsoft-defender-atps-antivirus-capabilities-boost-malware-protection)
+[Microsoft Defender for Endpoint helps detect sophisticated threats](https://www.microsoft.com/en-us/itshowcase/microsoft-defender-atps-antivirus-capabilities-boost-malware-protection)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
index 4b4a872950..e71d9f1081 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
@@ -20,24 +20,24 @@ ms.collection:
ms.topic: conceptual
---
-# Microsoft Defender Advanced Threat Protection for Android
+# Microsoft Defender for Endpoint for Android
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-This topic describes how to install, configure, update, and use Microsoft Defender ATP for Android.
+This topic describes how to install, configure, update, and use Defender for Endpoint for Android.
> [!CAUTION]
-> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Android is likely to cause performance problems and unpredictable system errors.
+> Running other third-party endpoint protection products alongside Defender for Endpoint for Android is likely to cause performance problems and unpredictable system errors.
-## How to install Microsoft Defender ATP for Android
+## How to install Microsoft Defender for Endpoint for Android
### Prerequisites
- **For end users**
- - Microsoft Defender ATP license assigned to the end user(s) of the app. See [Microsoft Defender ATP licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
+ - Microsoft Defender for Endpoint license assigned to the end user(s) of the app. See [Microsoft Defender for Endpoint licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
- Intune Company Portal app can be downloaded from [Google
Play](https://play.google.com/store/apps/details?id=com.microsoft.windowsintune.companyportal)
@@ -57,7 +57,7 @@ This topic describes how to install, configure, update, and use Microsoft Defend
- Access to the Microsoft Defender Security Center portal.
> [!NOTE]
- > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender ATP for Android. Currently only enrolled devices are supported for enforcing Microsoft Defender ATP for Android related device compliance policies in Intune.
+ > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender for Endpoint for Android. Currently only enrolled devices are supported for enforcing Defender for Endpoint for Android related device compliance policies in Intune.
- Access [Microsoft Endpoint Manager admin
center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the
@@ -72,24 +72,24 @@ This topic describes how to install, configure, update, and use Microsoft Defend
### Installation instructions
-Microsoft Defender ATP for Android supports installation on both modes of
+Microsoft Defender for Endpoint for Android supports installation on both modes of
enrolled devices - the legacy Device Administrator and Android Enterprise modes.
**Currently, only Work Profile enrolled devices are supported in Android Enterprise. Support for other Android Enterprise modes will be announced when ready.**
-Deployment of Microsoft Defender ATP for Android is via Microsoft Intune (MDM).
-For more information, see [Deploy Microsoft Defender ATP for Android with Microsoft Intune](android-intune.md).
+Deployment of Microsoft Defender for Endpoint for Android is via Microsoft Intune (MDM).
+For more information, see [Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune](android-intune.md).
> [!NOTE]
-> **Microsoft Defender ATP for Android is available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx) now.**
You can connect to Google Play from Intune to deploy Microsoft Defender ATP app, across Device Administrator and Android Enterprise entrollment modes.
+> **Microsoft Defender for Endpoint for Android is available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx) now.**
You can connect to Google Play from Intune to deploy Microsoft Defender for Endpoint app, across Device Administrator and Android Enterprise entrollment modes.
-## How to Configure Microsoft Defender ATP for Android
+## How to Configure Microsoft Defender for Endpoint for Android
-Guidance on how to configure Microsoft Defender ATP for Android features is available in [Configure Microsoft Defender ATP for Android features](android-configure.md).
+Guidance on how to configure Microsoft Defender for Endpoint for Android features is available in [Configure Microsoft Defender for Endpoint for Android features](android-configure.md).
## Related topics
-- [Deploy Microsoft Defender ATP for with Microsoft Intune](android-intune.md)
-- [Configure Microsoft Defender ATP for Android features](android-configure.md)
+- [Deploy Microsoft Defender for Endpoint for with Microsoft Intune](android-intune.md)
+- [Configure Microsoft Defender for Endpoint for Android features](android-configure.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md
index 118ea48672..46b7669ddf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md
@@ -20,7 +20,7 @@ ms.collection:
ms.topic: conceptual
---
-# Microsoft Defender Advanced Threat Protection for iOS
+# Microsoft Defender for Endpoint for iOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
@@ -33,7 +33,7 @@ ms.topic: conceptual
> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments.
-The public preview of Microsoft Defender ATP for iOS will offer protection
+The public preview of Defender for Endpoint for iOS will offer protection
against phishing and unsafe network connections from websites, emails, and apps.
All alerts will be available through a single pane of glass in the Microsoft
Defender Security Center. The portal gives security teams a centralized view of threats on
@@ -44,7 +44,7 @@ iOS devices along with other platforms.
**For End Users**
-- Microsoft Defender ATP license assigned to the end user(s) of the app. Refer
+- Defender for Endpoint license assigned to the end user(s) of the app. Refer
[Assign licenses to
users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign)
for instructions on how to assign licenses.
@@ -74,5 +74,5 @@ iOS devices along with other platforms.
## Next steps
-- [Deploy Microsoft Defender ATP for iOS](ios-install.md)
-- [Configure Microsoft Defender ATP for iOS features](ios-configure-features.md)
\ No newline at end of file
+- [Deploy Microsoft Defender for Endpoint for iOS](ios-install.md)
+- [Configure Microsoft Defender for Endpoint for iOS features](ios-configure-features.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
index b53befb8a7..873df4353b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
@@ -20,17 +20,17 @@ ms.collection:
ms.topic: conceptual
---
-# Microsoft Defender ATP for Linux
+# Microsoft Defender for Endpoint for Linux
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-This topic describes how to install, configure, update, and use Microsoft Defender ATP for Linux.
+This topic describes how to install, configure, update, and use Microsoft Defender for Endpoint for Linux.
> [!CAUTION]
-> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Linux is likely to cause performance problems and unpredictable system errors.
+> Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint for Linux is likely to cause performance problems and unpredictable system errors.
-## How to install Microsoft Defender ATP for Linux
+## How to install Microsoft Defender for Endpoint for Linux
### Prerequisites
@@ -40,19 +40,19 @@ This topic describes how to install, configure, update, and use Microsoft Defend
### Installation instructions
-There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Linux.
+There are several methods and deployment tools that you can use to install and configure Microsoft Defender for Endpoint for Linux.
In general you need to take the following steps:
-- Ensure that you have a Microsoft Defender ATP subscription, and that you have access to the [Microsoft Defender ATP portal](microsoft-defender-security-center.md).
-- Deploy Microsoft Defender ATP for Linux using one of the following deployment methods:
+- Ensure that you have a Microsoft Defender for Endpoint subscription, and that you have access to the [Microsoft Defender for Endpoint portal](microsoft-defender-security-center.md).
+- Deploy Microsoft Defender for Endpoint for Linux using one of the following deployment methods:
- The command-line tool:
- [Manual deployment](linux-install-manually.md)
- Third-party management tools:
- [Deploy using Puppet configuration management tool](linux-install-with-puppet.md)
- [Deploy using Ansible configuration management tool](linux-install-with-ansible.md)
-If you experience any installation failures, refer to [Troubleshooting installation failures in Microsoft Defender ATP for Linux](linux-support-install.md).
+If you experience any installation failures, refer to [Troubleshooting installation failures in Microsoft Defender for Endpoint for Linux](linux-support-install.md).
### System requirements
@@ -68,7 +68,7 @@ If you experience any installation failures, refer to [Troubleshooting installat
- Minimum kernel version 3.10.0-327
- The `fanotify` kernel option must be enabled
> [!CAUTION]
- > Running Microsoft Defender ATP for Linux side by side with other `fanotify`-based security solutions is not supported. It can lead to unpredictable results, including hanging the operating system.
+ > Running Defender for Endpoint for Linux side by side with other `fanotify`-based security solutions is not supported. It can lead to unpredictable results, including hanging the operating system.
- Disk space: 1GB
- The solution currently provides real-time protection for the following file system types:
@@ -99,33 +99,33 @@ The following downloadable spreadsheet lists the services and their associated U
|**Spreadsheet of domains list**|**Description**|
|:-----|:-----|
-|
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS.
[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
+|
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS.
[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
> [!NOTE]
> For a more specific URL list, see [Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
-Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
+Defender for Endpoint can discover a proxy server by using the following discovery methods:
- Transparent proxy
- Manual static proxy configuration
-If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. For transparent proxies, no additional configuration is needed for Microsoft Defender ATP. For static proxy, follow the steps in [Manual Static Proxy Configuration](linux-static-proxy-configuration.md).
+If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. For transparent proxies, no additional configuration is needed for Defender for Endpoint. For static proxy, follow the steps in [Manual Static Proxy Configuration](linux-static-proxy-configuration.md).
> [!WARNING]
> PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used.
>
-> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
+> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Defender for Endpoint for Linux to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
-For troubleshooting steps, see [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](linux-support-connectivity.md).
+For troubleshooting steps, see [Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint for Linux](linux-support-connectivity.md).
-## How to update Microsoft Defender ATP for Linux
+## How to update Microsoft Defender for Endpoint for Linux
-Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Linux, refer to [Deploy updates for Microsoft Defender ATP for Linux](linux-updates.md).
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender for Endpoint for Linux, refer to [Deploy updates for Microsoft Defender for Endpoint for Linux](linux-updates.md).
-## How to configure Microsoft Defender ATP for Linux
+## How to configure Microsoft Defender for Endpoint for Linux
-Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md).
+Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
## Resources
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 4f2891c210..da5844b30c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -20,38 +20,38 @@ ms.collection:
ms.topic: conceptual
---
-# Microsoft Defender Advanced Threat Protection for Mac
+# Microsoft Defender for Endpoint for Mac
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-This topic describes how to install, configure, update, and use Microsoft Defender ATP for Mac.
+This topic describes how to install, configure, update, and use Defender for Endpoint for Mac.
> [!CAUTION]
-> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring MDATP for Mac antivirus functionality to run in [Passive mode](mac-preferences.md#enable--disable-passive-mode).
+> Running other third-party endpoint protection products alongside Defender for Endpoint for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring MDATP for Mac antivirus functionality to run in [Passive mode](mac-preferences.md#enable--disable-passive-mode).
## What’s new in the latest release
-[What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md)
+[What's new in Microsoft Defender for Endpoint](whats-new-in-microsoft-defender-atp.md)
-[What's new in Microsoft Defender ATP for Mac](mac-whatsnew.md)
+[What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md)
> [!TIP]
-> If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**.
+> If you have any feedback that you would like to share, submit it by opening Defender for Endpoint for Mac on your device and navigating to **Help** > **Send feedback**.
-To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender ATP to be an "Insider" device. See [Enable Microsoft Defender ATP Insider Device](endpoint-detection-response-mac-preview.md).
+To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Defender for Endpoint to be an "Insider" device. See [Enable Microsoft Defender for Endpoint Insider Device](endpoint-detection-response-mac-preview.md).
-## How to install Microsoft Defender ATP for Mac
+## How to install Microsoft Defender for Endpoint for Mac
### Prerequisites
-- A Microsoft Defender ATP subscription and access to the Microsoft Defender Security Center portal
+- A Defender for Endpoint subscription and access to the Microsoft Defender Security Center portal
- Beginner-level experience in macOS and BASH scripting
- Administrative privileges on the device (in case of manual deployment)
### Installation instructions
-There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
+There are several methods and deployment tools that you can use to install and configure Defender for Endpoint for Mac.
- Third-party management tools:
- [Microsoft Intune-based deployment](mac-install-with-intune.md)
@@ -74,15 +74,15 @@ After you've enabled the service, you may need to configure your network or fire
### Licensing requirements
-Microsoft Defender Advanced Threat Protection for Mac requires one of the following Microsoft Volume Licensing offers:
+Microsoft Defender for Endpoint for Mac requires one of the following Microsoft Volume Licensing offers:
- Microsoft 365 E5 (M365 E5)
- Microsoft 365 E5 Security
- Microsoft 365 A5 (M365 A5)
> [!NOTE]
-> Eligible licensed users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
-> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
+> Eligible licensed users may use Defender for Endpoint on up to five concurrent devices.
+> Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
### Network connections
@@ -92,11 +92,11 @@ The following downloadable spreadsheet lists the services and their associated U
|**Spreadsheet of domains list**|**Description**|
|:-----|:-----|
-|
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS.
[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
+|
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS.
[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
-Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
+Defender for Endpoint can discover a proxy server by using the following discovery methods:
- Proxy autoconfig (PAC)
- Web Proxy Autodiscovery Protocol (WPAD)
- Manual static proxy configuration
@@ -106,7 +106,7 @@ If a proxy or firewall is blocking anonymous traffic, make sure that anonymous t
> [!WARNING]
> Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used.
>
-> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
+> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Defender for Endpoint for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser.
@@ -125,25 +125,25 @@ The output from this command should be similar to the following:
> [!CAUTION]
> We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client devices. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
-Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal:
+Once Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal:
```bash
mdatp --connectivity-test
```
-## How to update Microsoft Defender ATP for Mac
+## How to update Microsoft Defender for Endpoint for Mac
-Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md)
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Defender for Endpoint for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see [Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md)
-## How to configure Microsoft Defender ATP for Mac
+## How to configure Microsoft Defender for Endpoint for Mac
-Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md).
+Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
## macOS kernel and system extensions
-In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender Advanced Threat Protection for Mac](mac-whatsnew.md) for relevant details.
+In alignment with macOS evolution, we are preparing a Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md) for relevant details.
## Resources
- For more information about logging, uninstalling, or other topics, see the [Resources](mac-resources.md) page.
-- [Privacy for Microsoft Defender ATP for Mac](mac-privacy.md)
+- [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
index e04a02313b..baaaf022b3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-Microsoft Defender Security Center is the portal where you can access Microsoft Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
+Microsoft Defender Security Center is the portal where you can access Microsoft Defender for Endpoint capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
## In this section
@@ -35,9 +35,9 @@ Get started | Learn about the minimum requirements, validate licensing and com
[Understand the portal](use.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
Investigate and remediate threats | Investigate alerts, devices, and take response actions to remediate threats.
API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from Microsoft Defender Security Center.
-Reporting | Create and build Power BI reports using Microsoft Defender ATP data.
+Reporting | Create and build Power BI reports using Defender for Endpoint data.
Check service health and sensor state | Verify that the service is running and check the sensor state on devices.
[Configure Microsoft Defender Security Center settings](preferences-setup.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
-[Access the Microsoft Defender ATP Community Center](community.md) | Access the Microsoft Defender ATP Community Center to learn, collaborate, and share experiences about the product.
+[Access the Microsoft Defender for Endpoint Community Center](community.md) | Access the Defender for Endpoint Community Center to learn, collaborate, and share experiences about the product.
[Troubleshoot service issues](troubleshoot-mdatp.md) | This section addresses issues that might arise as you use the Microsoft Defender Advanced Threat service.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
index 47fcaf8d7d..07c5bb4248 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
@@ -25,7 +25,7 @@ ms.topic: conceptual
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Microsoft Threat Experts is a managed threat hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don’t get missed.
@@ -40,7 +40,7 @@ Watch this video for a quick overview of Microsoft Threat Experts.
> [!NOTE]
> Discuss the eligibility requirements with your Microsoft Technical Service provider and account team before you apply to the managed threat hunting service.
-Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
+Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a 90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on-Demand subscription. See [Configure Microsoft Threat Experts capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#before-you-begin) for details.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
index 308308a4d0..24527c0a89 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
@@ -29,8 +29,8 @@ If you're considering switching from a non-Microsoft threat protection solution
|Scenario |Guidance |
|:--|:--|
-|You do not have an endpoint protection solution yet, and you want to know more about how Microsoft Defender for Endpoint & Microsoft Defender Antivirus work. |[Microsoft Defender ATP evaluation lab](evaluation-lab.md) |
-|You have Microsoft Defender for Endpoint & Microsoft Defender Antivirus and need some help getting everything set up and configured. |[Microsoft Defender Advanced Threat Protection deployment guide](deployment-phases.md) |
+|You do not have an endpoint protection solution yet, and you want to know more about how Microsoft Defender for Endpoint & Microsoft Defender Antivirus work. |[Microsoft Defender for Endpoint evaluation lab](evaluation-lab.md) |
+|You have Microsoft Defender for Endpoint & Microsoft Defender Antivirus and need some help getting everything set up and configured. |[Microsoft Defender for Endpoint deployment guide](deployment-phases.md) |
|You're planning to migrate from McAfee Endpoint Security (McAfee) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Switch from McAfee to Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-migration.md) |
|You're planning to migrate from Symantec Endpoint Protection (Symantec) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Switch from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md) |
|You're planning to migrate from a non-Microsoft endpoint protection solution (other than McAfee or Symantec) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Make the switch to Microsoft Defender for Endpoint](switch-to-microsoft-defender-migration.md) |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index 0f05ee52c8..7a36a23ea9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -17,25 +17,25 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
-# Minimum requirements for Microsoft Defender ATP
+# Minimum requirements for Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
There are some minimum requirements for onboarding devices to the service. Learn about the licensing, hardware and software requirements, and other configuration settings to onboard devices to the service.
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-minreqs-abovefoldlink).
+> Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-minreqs-abovefoldlink).
> [!TIP]
-> - Learn about the latest enhancements in Microsoft Defender ATP: [Microsoft Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced).
-> - Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
+> - Learn about the latest enhancements in Microsoft Defender for Endpoint: [Microsoft Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced).
+> - Defender for Endpoint demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
## Licensing requirements
-Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
+Microsoft Defender for Endpoint requires one of the following Microsoft Volume Licensing offers:
- Windows 10 Enterprise E5
- Windows 10 Education A5
@@ -44,18 +44,18 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
- Microsoft 365 A5 (M365 A5)
> [!NOTE]
-> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
-> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
+> Eligible Licensed Users may use Microsoft Defender for Endpoint on up to five concurrent devices.
+> Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
-Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options:
+Microsoft Defender for Endpoint, on Windows Server, requires one of the following licensing options:
- [Azure Security Center with Azure Defender enabled](https://docs.microsoft.com/azure/security-center/security-center-pricing)
-- Microsoft Defender ATP for Servers (one per covered server)
+- Defender for Endpoint for Servers (one per covered server)
> [!NOTE]
-> Customers with a combined minimum of 50 licenses for one or more of the following may acquire Server SLs for Microsoft Defender Advanced Threat Protection for Servers (one per covered Server OSE): Microsoft Defender Advanced Threat Protection, Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs. This license applies to Microsoft Defender ATP for Linux.
+> Customers with a combined minimum of 50 licenses for one or more of the following may acquire Server SLs for Microsoft Defender Defender for Endpoint for Servers (one per covered Server OSE): Microsoft Defender for Endpoint, Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs. This license applies to Defender for Endpoint for Linux.
For detailed licensing information, see the [Product Terms site](https://www.microsoft.com/licensing/terms/) and work with your account team to learn the detailed terms and conditions for the product.
@@ -64,7 +64,7 @@ For more information on the array of features in Windows 10 editions, see [Compa
For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://wfbdevicemanagementprod.blob.core.windows.net/windowsforbusiness/Windows10_CommercialEdition_Comparison.pdf).
## Browser requirements
-Access to Microsoft Defender ATP is done through a browser, supporting the following browsers:
+Access to Defender for Endpoint is done through a browser, supporting the following browsers:
- Microsoft Edge
- Internet Explorer version 11
- Google Chrome
@@ -94,7 +94,7 @@ Access to Microsoft Defender ATP is done through a browser, supporting the follo
Devices on your network must be running one of these editions.
-The hardware requirements for Microsoft Defender ATP on devices are the same for the supported editions.
+The hardware requirements for Defender for Endpoint on devices are the same for the supported editions.
> [!NOTE]
> Machines running mobile versions of Windows are not supported.
@@ -110,22 +110,22 @@ The hardware requirements for Microsoft Defender ATP on devices are the same for
- macOS
> [!NOTE]
-> You'll need to know the exact Linux distributions and versions of Android and macOS that are compatible with Microsoft Defender ATP for the integration to work.
+> You'll need to know the exact Linux distributions and versions of Android and macOS that are compatible with Defender for Endpoint for the integration to work.
### Network and data storage and configuration requirements
-When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
+When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender for Endpoint-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
> [!NOTE]
> - You cannot change your data storage location after the first-time setup.
-> - Review the [Microsoft Defender ATP data storage and privacy](data-storage-privacy.md) for more information on where and how Microsoft stores your data.
+> - Review the [Microsoft Defender for Endpoint data storage and privacy](data-storage-privacy.md) for more information on where and how Microsoft stores your data.
### Diagnostic data settings
> [!NOTE]
-> Microsoft Defender ATP doesn't require any specific diagnostic level as long as it's enabled.
+> Microsoft Defender for Endpoint doesn't require any specific diagnostic level as long as it's enabled.
Make sure that the diagnostic data service is enabled on all the devices in your organization.
By default, this service is enabled. It's good practice to check to ensure that you'll get sensor data from them.
@@ -176,7 +176,7 @@ You'll need to set the service to automatically start if the **START_TYPE** is n
#### Internet connectivity
Internet connectivity on devices is required either directly or through proxy.
-The Microsoft Defender ATP sensor can utilize a daily average bandwidth of 5 MB to communicate with the Microsoft Defender ATP cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth.
+The Defender for Endpoint sensor can utilize a daily average bandwidth of 5 MB to communicate with the Defender for Endpoint cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth.
For more information on additional proxy configuration settings, see [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md).
@@ -184,11 +184,11 @@ Before you onboard devices, the diagnostic data service must be enabled. The ser
## Microsoft Defender Antivirus configuration requirement
-The Microsoft Defender ATP agent depends on the ability of Microsoft Defender Antivirus to scan files and provide information about them.
+The Defender for Endpoint agent depends on the ability of Microsoft Defender Antivirus to scan files and provide information about them.
-Configure Security intelligence updates on the Microsoft Defender ATP devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
+Configure Security intelligence updates on the Defender for Endpoint devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
-When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Microsoft Defender ATP service, Microsoft Defender Antivirus goes on passive mode.
+When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Defender for Endpoint service, Microsoft Defender Antivirus goes on passive mode.
If your organization has turned off Microsoft Defender Antivirus through group policy or other methods, devices that are onboarded must be excluded from this group policy.
@@ -201,7 +201,7 @@ If you are onboarding servers and Microsoft Defender Antivirus is not the active
For more information, see [Microsoft Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
## Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
-If you're running Microsoft Defender Antivirus as the primary antimalware product on your devices, the Microsoft Defender ATP agent will successfully onboard.
+If you're running Microsoft Defender Antivirus as the primary antimalware product on your devices, the Defender for Endpoint agent will successfully onboard.
If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Configuration Manager (current branch), you'll need to ensure that the Microsoft Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Microsoft Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
index 36d7f8db37..73e5616d8b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
@@ -21,12 +21,12 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Logo |Partner name | Description
:---|:---|:---
| [BDO Digital](https://go.microsoft.com/fwlink/?linkid=2090394) | BDO Digital's Managed Defense leverages best practice tools, AI, and in-house security experts for 24/7/365 identity protection
-| [BlueVoyant](https://go.microsoft.com/fwlink/?linkid=2121401) | MDR for Microsoft Defender ATP provides support in monitoring, investigating, and mitigating advanced attacks on endpoints
+| [BlueVoyant](https://go.microsoft.com/fwlink/?linkid=2121401) | MDR for Microsoft Defender for Endpoint provides support in monitoring, investigating, and mitigating advanced attacks on endpoints
| [Cloud Security Center](https://go.microsoft.com/fwlink/?linkid=2099315) | InSpark's Cloud Security Center is a 24x7 managed service that delivers protect, detect & respond capabilities
| [Cloud SOC](https://go.microsoft.com/fwlink/?linkid=2104265) | Cloud SOC provides 24/7 security monitoring services based on Microsoft cloud and helps you to continuously improve your security posture
| [CSIS Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2091005) | 24/7 monitoring and analysis of security alerts giving companies actionable insights into what, when and how security incidents have taken place
@@ -36,8 +36,8 @@ Logo |Partner name | Description
| [Red Canary](https://go.microsoft.com/fwlink/?linkid=2103852) | Red Canary is a security operations partner for modern teams, MDR deployed in minutes
| [SecureWorks Managed Detection and Response Powered by Red Cloak](https://go.microsoft.com/fwlink/?linkid=2133634) | Secureworks combines threat intelligence and 20+ years of experience into SaaS and managed security solutions
| [sepagoSOC](https://go.microsoft.com/fwlink/?linkid=2090491) | Ensure holistic security through sophisticated automated workflows in your zero trust environment
-| [Trustwave Threat Detection & Response Services](https://go.microsoft.com/fwlink/?linkid=2127542) | Threat Detection and Response services for Azure leveraging integrations with Sentinel and Microsoft Defender ATP
-| [Wortell's cloud SOC](https://go.microsoft.com/fwlink/?linkid=2108415) | 24x7 managed Microsoft Defender ATP service for monitoring & response
+| [Trustwave Threat Detection & Response Services](https://go.microsoft.com/fwlink/?linkid=2127542) | Threat Detection and Response services for Azure leveraging integrations with Sentinel and Defender for Endpoint.
+| [Wortell's cloud SOC](https://go.microsoft.com/fwlink/?linkid=2108415) | 24x7 managed Defender for Endpoint service for monitoring & response
| [Zero Trust Analytics Platform (ZTAP)](https://go.microsoft.com/fwlink/?linkid=2090971) | Reduce your alerts by 99% and access a full range of security capabilities from mobile devices
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
index 6982d30ef4..e6d53ec221 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
@@ -23,18 +23,18 @@ ms.topic: conceptual
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
Security is recognized as a key component in running an enterprise, however some organizations might not have the capacity or expertise to have a dedicated security operations team to manage the security of their endpoints and network, others may want to have a second set of eyes to review alerts in their network.
-To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Microsoft Defender ATP.
+To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Defender for Endpoint.
-Microsoft Defender ATP adds partnership opportunities for this scenario and allows MSSPs to take the following actions:
+Defender for Endpoint adds partnership opportunities for this scenario and allows MSSPs to take the following actions:
- Get access to MSSP customer's Microsoft Defender Security Center portal
- Get email notifications, and
From f36d7d30ce0a9cc219de7bddc3499b4348434cfb Mon Sep 17 00:00:00 2001
From: Lovina Saldanha
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS.
[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
+|
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS.
[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
-Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
+Microsoft Defender for Endpoint can discover a proxy server by using the following discovery methods:
- Proxy autoconfig (PAC)
- Web Proxy Autodiscovery Protocol (WPAD)
- Manual static proxy configuration
@@ -106,7 +106,7 @@ If a proxy or firewall is blocking anonymous traffic, make sure that anonymous t
> [!WARNING]
> Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used.
>
-> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
+> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser.
@@ -125,25 +125,25 @@ The output from this command should be similar to the following:
> [!CAUTION]
> We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client devices. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
-Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal:
+Once Microsoft Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal:
```bash
mdatp --connectivity-test
```
-## How to update Microsoft Defender ATP for Mac
+## How to update Microsoft Defender for Endpoint for Mac
-Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md)
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender for Endpoint for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see [Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md)
-## How to configure Microsoft Defender ATP for Mac
+## How to configure Microsoft Defender for Endpoint for Mac
-Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md).
+Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
## macOS kernel and system extensions
-In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender Advanced Threat Protection for Mac](mac-whatsnew.md) for relevant details.
+In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md) for relevant details.
## Resources
- For more information about logging, uninstalling, or other topics, see the [Resources](mac-resources.md) page.
-- [Privacy for Microsoft Defender ATP for Mac](mac-privacy.md)
+- [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
index e04a02313b..df24150d36 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-Microsoft Defender Security Center is the portal where you can access Microsoft Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
+Microsoft Defender Security Center is the portal where you can access Microsoft Defender for Endpoint capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
## In this section
@@ -35,9 +35,9 @@ Get started | Learn about the minimum requirements, validate licensing and com
[Understand the portal](use.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
Investigate and remediate threats | Investigate alerts, devices, and take response actions to remediate threats.
API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from Microsoft Defender Security Center.
-Reporting | Create and build Power BI reports using Microsoft Defender ATP data.
+Reporting | Create and build Power BI reports using Microsoft Defender for Endpoint data.
Check service health and sensor state | Verify that the service is running and check the sensor state on devices.
[Configure Microsoft Defender Security Center settings](preferences-setup.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
-[Access the Microsoft Defender ATP Community Center](community.md) | Access the Microsoft Defender ATP Community Center to learn, collaborate, and share experiences about the product.
-[Troubleshoot service issues](troubleshoot-mdatp.md) | This section addresses issues that might arise as you use the Microsoft Defender Advanced Threat service.
+[Access the Microsoft Defender for Endpoint Community Center](community.md) | Access the Microsoft Defender for Endpoint Community Center to learn, collaborate, and share experiences about the product.
+[Troubleshoot service issues](troubleshoot-mdatp.md) | This section addresses issues that might arise as you use the Microsoft Defender for Endpoint service.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
index 47fcaf8d7d..d73aa55b7b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
@@ -25,7 +25,7 @@ ms.topic: conceptual
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Microsoft Threat Experts is a managed threat hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don’t get missed.
@@ -40,7 +40,7 @@ Watch this video for a quick overview of Microsoft Threat Experts.
> [!NOTE]
> Discuss the eligibility requirements with your Microsoft Technical Service provider and account team before you apply to the managed threat hunting service.
-Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
+Microsoft Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a 90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on-Demand subscription. See [Configure Microsoft Threat Experts capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#before-you-begin) for details.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
index 308308a4d0..24527c0a89 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
@@ -29,8 +29,8 @@ If you're considering switching from a non-Microsoft threat protection solution
|Scenario |Guidance |
|:--|:--|
-|You do not have an endpoint protection solution yet, and you want to know more about how Microsoft Defender for Endpoint & Microsoft Defender Antivirus work. |[Microsoft Defender ATP evaluation lab](evaluation-lab.md) |
-|You have Microsoft Defender for Endpoint & Microsoft Defender Antivirus and need some help getting everything set up and configured. |[Microsoft Defender Advanced Threat Protection deployment guide](deployment-phases.md) |
+|You do not have an endpoint protection solution yet, and you want to know more about how Microsoft Defender for Endpoint & Microsoft Defender Antivirus work. |[Microsoft Defender for Endpoint evaluation lab](evaluation-lab.md) |
+|You have Microsoft Defender for Endpoint & Microsoft Defender Antivirus and need some help getting everything set up and configured. |[Microsoft Defender for Endpoint deployment guide](deployment-phases.md) |
|You're planning to migrate from McAfee Endpoint Security (McAfee) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Switch from McAfee to Microsoft Defender for Endpoint](mcafee-to-microsoft-defender-migration.md) |
|You're planning to migrate from Symantec Endpoint Protection (Symantec) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Switch from Symantec to Microsoft Defender for Endpoint](symantec-to-microsoft-defender-atp-migration.md) |
|You're planning to migrate from a non-Microsoft endpoint protection solution (other than McAfee or Symantec) to Microsoft Defender for Endpoint & Microsoft Defender Antivirus. |[Make the switch to Microsoft Defender for Endpoint](switch-to-microsoft-defender-migration.md) |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index 0f05ee52c8..ac90bc5d2f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -17,25 +17,25 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
-# Minimum requirements for Microsoft Defender ATP
+# Minimum requirements for Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
There are some minimum requirements for onboarding devices to the service. Learn about the licensing, hardware and software requirements, and other configuration settings to onboard devices to the service.
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-minreqs-abovefoldlink).
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-minreqs-abovefoldlink).
> [!TIP]
-> - Learn about the latest enhancements in Microsoft Defender ATP: [Microsoft Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced).
-> - Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
+> - Learn about the latest enhancements in Defender for Endpoint: [Defender for Endpoint Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced).
+> - Defender for Endpoint demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
## Licensing requirements
-Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
+Defender for Endpoint requires one of the following Microsoft Volume Licensing offers:
- Windows 10 Enterprise E5
- Windows 10 Education A5
@@ -44,18 +44,18 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
- Microsoft 365 A5 (M365 A5)
> [!NOTE]
-> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
-> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
+> Eligible Licensed Users may use Defender for Endpoint on up to five concurrent devices.
+> Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
-Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options:
+Defender for Endpoint, on Windows Server, requires one of the following licensing options:
- [Azure Security Center with Azure Defender enabled](https://docs.microsoft.com/azure/security-center/security-center-pricing)
-- Microsoft Defender ATP for Servers (one per covered server)
+- Defender for Endpoint for Servers (one per covered server)
> [!NOTE]
-> Customers with a combined minimum of 50 licenses for one or more of the following may acquire Server SLs for Microsoft Defender Advanced Threat Protection for Servers (one per covered Server OSE): Microsoft Defender Advanced Threat Protection, Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs. This license applies to Microsoft Defender ATP for Linux.
+> Customers with a combined minimum of 50 licenses for one or more of the following may acquire Server SLs for Microsoft Defender Advanced Threat Protection for Servers (one per covered Server OSE): Defender for Endpoint, Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs. This license applies to Microsoft Defender for Endpoint for Linux.
For detailed licensing information, see the [Product Terms site](https://www.microsoft.com/licensing/terms/) and work with your account team to learn the detailed terms and conditions for the product.
@@ -64,7 +64,7 @@ For more information on the array of features in Windows 10 editions, see [Compa
For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://wfbdevicemanagementprod.blob.core.windows.net/windowsforbusiness/Windows10_CommercialEdition_Comparison.pdf).
## Browser requirements
-Access to Microsoft Defender ATP is done through a browser, supporting the following browsers:
+Access to Defender for Endpoint is done through a browser, supporting the following browsers:
- Microsoft Edge
- Internet Explorer version 11
- Google Chrome
@@ -94,7 +94,7 @@ Access to Microsoft Defender ATP is done through a browser, supporting the follo
Devices on your network must be running one of these editions.
-The hardware requirements for Microsoft Defender ATP on devices are the same for the supported editions.
+The hardware requirements for Defender for Endpoint on devices are the same for the supported editions.
> [!NOTE]
> Machines running mobile versions of Windows are not supported.
@@ -110,22 +110,22 @@ The hardware requirements for Microsoft Defender ATP on devices are the same for
- macOS
> [!NOTE]
-> You'll need to know the exact Linux distributions and versions of Android and macOS that are compatible with Microsoft Defender ATP for the integration to work.
+> You'll need to know the exact Linux distributions and versions of Android and macOS that are compatible with Defender for Endpoint for the integration to work.
### Network and data storage and configuration requirements
-When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
+When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender Advanced Threat Protection-Defender for Endpoint related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
> [!NOTE]
> - You cannot change your data storage location after the first-time setup.
-> - Review the [Microsoft Defender ATP data storage and privacy](data-storage-privacy.md) for more information on where and how Microsoft stores your data.
+> - Review the [Microsoft Defender for Endpoint data storage and privacy](data-storage-privacy.md) for more information on where and how Microsoft stores your data.
### Diagnostic data settings
> [!NOTE]
-> Microsoft Defender ATP doesn't require any specific diagnostic level as long as it's enabled.
+> Defender for Endpoint doesn't require any specific diagnostic level as long as it's enabled.
Make sure that the diagnostic data service is enabled on all the devices in your organization.
By default, this service is enabled. It's good practice to check to ensure that you'll get sensor data from them.
@@ -176,7 +176,7 @@ You'll need to set the service to automatically start if the **START_TYPE** is n
#### Internet connectivity
Internet connectivity on devices is required either directly or through proxy.
-The Microsoft Defender ATP sensor can utilize a daily average bandwidth of 5 MB to communicate with the Microsoft Defender ATP cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth.
+The Defender for Endpoint sensor can utilize a daily average bandwidth of 5 MB to communicate with the Defender for Endpoint cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth.
For more information on additional proxy configuration settings, see [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md).
@@ -184,11 +184,11 @@ Before you onboard devices, the diagnostic data service must be enabled. The ser
## Microsoft Defender Antivirus configuration requirement
-The Microsoft Defender ATP agent depends on the ability of Microsoft Defender Antivirus to scan files and provide information about them.
+The Defender for Endpoint agent depends on the ability of Microsoft Defender Antivirus to scan files and provide information about them.
-Configure Security intelligence updates on the Microsoft Defender ATP devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
+Configure Security intelligence updates on the Defender for Endpoint devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
-When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Microsoft Defender ATP service, Microsoft Defender Antivirus goes on passive mode.
+When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Defender for Endpoint service, Microsoft Defender Antivirus goes on passive mode.
If your organization has turned off Microsoft Defender Antivirus through group policy or other methods, devices that are onboarded must be excluded from this group policy.
@@ -201,7 +201,7 @@ If you are onboarding servers and Microsoft Defender Antivirus is not the active
For more information, see [Microsoft Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
## Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
-If you're running Microsoft Defender Antivirus as the primary antimalware product on your devices, the Microsoft Defender ATP agent will successfully onboard.
+If you're running Microsoft Defender Antivirus as the primary antimalware product on your devices, the Defender for Endpoint agent will successfully onboard.
If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Configuration Manager (current branch), you'll need to ensure that the Microsoft Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Microsoft Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
index 36d7f8db37..c4a27275f1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
@@ -21,12 +21,12 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Logo |Partner name | Description
:---|:---|:---
| [BDO Digital](https://go.microsoft.com/fwlink/?linkid=2090394) | BDO Digital's Managed Defense leverages best practice tools, AI, and in-house security experts for 24/7/365 identity protection
-| [BlueVoyant](https://go.microsoft.com/fwlink/?linkid=2121401) | MDR for Microsoft Defender ATP provides support in monitoring, investigating, and mitigating advanced attacks on endpoints
+| [BlueVoyant](https://go.microsoft.com/fwlink/?linkid=2121401) | MDR for Defender for Endpoint provides support in monitoring, investigating, and mitigating advanced attacks on endpoints
| [Cloud Security Center](https://go.microsoft.com/fwlink/?linkid=2099315) | InSpark's Cloud Security Center is a 24x7 managed service that delivers protect, detect & respond capabilities
| [Cloud SOC](https://go.microsoft.com/fwlink/?linkid=2104265) | Cloud SOC provides 24/7 security monitoring services based on Microsoft cloud and helps you to continuously improve your security posture
| [CSIS Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2091005) | 24/7 monitoring and analysis of security alerts giving companies actionable insights into what, when and how security incidents have taken place
@@ -36,8 +36,8 @@ Logo |Partner name | Description
| [Red Canary](https://go.microsoft.com/fwlink/?linkid=2103852) | Red Canary is a security operations partner for modern teams, MDR deployed in minutes
| [SecureWorks Managed Detection and Response Powered by Red Cloak](https://go.microsoft.com/fwlink/?linkid=2133634) | Secureworks combines threat intelligence and 20+ years of experience into SaaS and managed security solutions
| [sepagoSOC](https://go.microsoft.com/fwlink/?linkid=2090491) | Ensure holistic security through sophisticated automated workflows in your zero trust environment
-| [Trustwave Threat Detection & Response Services](https://go.microsoft.com/fwlink/?linkid=2127542) | Threat Detection and Response services for Azure leveraging integrations with Sentinel and Microsoft Defender ATP
-| [Wortell's cloud SOC](https://go.microsoft.com/fwlink/?linkid=2108415) | 24x7 managed Microsoft Defender ATP service for monitoring & response
+| [Trustwave Threat Detection & Response Services](https://go.microsoft.com/fwlink/?linkid=2127542) | Threat Detection and Response services for Azure leveraging integrations with Sentinel and Defender for Endpoint
+| [Wortell's cloud SOC](https://go.microsoft.com/fwlink/?linkid=2108415) | 24x7 managed Defender for Endpoint service for monitoring & response
| [Zero Trust Analytics Platform (ZTAP)](https://go.microsoft.com/fwlink/?linkid=2090971) | Reduce your alerts by 99% and access a full range of security capabilities from mobile devices
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
index 6982d30ef4..e6d53ec221 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
@@ -23,18 +23,18 @@ ms.topic: conceptual
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
Security is recognized as a key component in running an enterprise, however some organizations might not have the capacity or expertise to have a dedicated security operations team to manage the security of their endpoints and network, others may want to have a second set of eyes to review alerts in their network.
-To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Microsoft Defender ATP.
+To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Defender for Endpoint.
-Microsoft Defender ATP adds partnership opportunities for this scenario and allows MSSPs to take the following actions:
+Defender for Endpoint adds partnership opportunities for this scenario and allows MSSPs to take the following actions:
- Get access to MSSP customer's Microsoft Defender Security Center portal
- Get email notifications, and
diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
index eec4470439..51421ea4a3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
@@ -25,7 +25,7 @@ ms.custom: asr
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
@@ -38,7 +38,7 @@ For more details about how to enable network protection, see [Enable network pro
> [!TIP]
> You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
-Network protection works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+Network protection works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
When network protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
@@ -52,11 +52,11 @@ Windows 10 version | Microsoft Defender Antivirus
-|-
Windows 10 version 1709 or later | [Microsoft Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled
-## Review network protection events in the Microsoft Defender ATP Security Center
+## Review network protection events in the Microsoft Defender for Endpoint Security Center
-Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+Microsoft Defender for Endpoint provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
-You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how network protection settings would affect your environment if they were enabled.
+You can query Microsoft Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how network protection settings would affect your environment if they were enabled.
Here is an example query
diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
index 54a1538ebe..d0317cd1ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
@@ -23,9 +23,9 @@ ms.topic: overview
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat and vulnerability management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.
@@ -43,11 +43,11 @@ Vulnerability management is the first solution in the industry to bridge the gap
### Real-time discovery
-To discover endpoint vulnerabilities and misconfiguration, threat and vulnerability management uses the same agentless built-in Microsoft Defender ATP sensors to reduce cumbersome network scans and IT overhead.
+To discover endpoint vulnerabilities and misconfiguration, threat and vulnerability management uses the same agentless built-in Defender for Endpoint sensors to reduce cumbersome network scans and IT overhead.
It also provides:
-- **Real-time device inventory** - Devices onboarded to Microsoft Defender ATP automatically report and push vulnerability and security configuration data to the dashboard.
+- **Real-time device inventory** - Devices onboarded to Defender for Endpoint automatically report and push vulnerability and security configuration data to the dashboard.
- **Visibility into software and vulnerabilities** - Optics into the organization's software inventory, and software changes like installations, uninstalls, and patches. Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications.
- **Application runtime context** - Visibility on application usage patterns for better prioritization and decision-making.
- **Configuration posture** - Visibility into organizational security configuration or misconfigurations. Issues are reported in the dashboard with actionable security recommendations.
@@ -79,7 +79,7 @@ Watch this video for a comprehensive walk-through of threat and vulnerability ma
Area | Description
:---|:---
**Dashboard** | Get a high-level view of the organization exposure score, Microsoft Secure Score for Devices, device exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed device data.
-[**Security recommendations**](tvm-security-recommendation.md) | See the list of security recommendations and related threat information. When you select an item from the list, a flyout panel opens with vulnerability details, a link to open the software page, and remediation and exception options. You can also open a ticket in Intune if your devices are joined through Azure Active Directory and you've enabled your Intune connections in Microsoft Defender ATP.
+[**Security recommendations**](tvm-security-recommendation.md) | See the list of security recommendations and related threat information. When you select an item from the list, a flyout panel opens with vulnerability details, a link to open the software page, and remediation and exception options. You can also open a ticket in Intune if your devices are joined through Azure Active Directory and you've enabled your Intune connections in Defender for Endpoint.
[**Remediation**](tvm-remediation.md) | See remediation activities you've created and recommendation exceptions.
[**Software inventory**](tvm-software-inventory.md) | See the list of vulnerable software in your organization, along with weakness and threat information.
[**Weaknesses**](tvm-weaknesses.md) | See the list of common vulnerabilities and exposures (CVEs) in your organization.
@@ -91,7 +91,7 @@ Run threat and vulnerability management-related API calls to automate vulnerabil
See the following articles for related APIs:
-- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
+- [Supported Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
- [Machine APIs](machine.md)
- [Recommendation APIs](vulnerability.md)
- [Score APIs](score.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md
index 2de422a306..928c6f6e42 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md
@@ -18,12 +18,12 @@ ms.collection:
ms.topic: article
---
-# Microsoft Defender ATP for non-Windows platforms
+# Microsoft Defender for Endpoint for non-Windows platforms
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Microsoft has been on a journey to extend its industry leading endpoint security
@@ -36,44 +36,44 @@ have committed to building security solutions not just *for* Microsoft, but also
heterogenous environments. We're listening to customer feedback and partnering
closely with our customers to build solutions that meet their needs.
-With Microsoft Defender ATP, customers benefit from a unified view of all
+With Defender for Endpoint, customers benefit from a unified view of all
threats and alerts in the Microsoft Defender Security Center, across Windows and
non-Windows platforms, enabling them to get a full picture of what's happening
in their environment, which empowers them to more quickly assess and respond to
threats.
-## Microsoft Defender ATP for Mac
+## Microsoft Defender for Endpoint for Mac
-Microsoft Defender ATP for Mac offers AV and EDR capabilities for the three
+Microsoft Defender for Endpoint for Mac offers AV and EDR capabilities for the three
latest released versions of macOS. Customers can deploy and manage the solution
through Microsoft Endpoint Manager and Jamf. Just like with Microsoft Office
applications on macOS, Microsoft Auto Update is used to manage Microsoft
-Defender ATP for Mac updates. For information about the key features and
+Defender for Endpoint for Mac updates. For information about the key features and
benefits, read our
[announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/macOS).
-For more details on how to get started, visit the Microsoft Defender ATP for Mac
+For more details on how to get started, visit the Defender for Endpoint for Mac
[documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).
-## Microsoft Defender ATP for Linux
+## Microsoft Defender for Endpoint for Linux
-Microsoft Defender ATP for Linux offers preventative (AV) capabilities for Linux
+Microsoft Defender for Endpoint for Linux offers preventative (AV) capabilities for Linux
servers. This includes a full command line experience to configure and manage
the agent, initiate scans, and manage threats. We support recent versions of the
six most common Linux Server distributions: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu
16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2. Microsoft
-Defender ATP for Linux can be deployed and configured using Puppet, Ansible, or
+Defender for Endpoint for Linux can be deployed and configured using Puppet, Ansible, or
using your existing Linux configuration management tool. For information about
the key features and benefits, read our
[announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Linux).
-For more details on how to get started, visit the Microsoft Defender ATP for
+For more details on how to get started, visit the Microsoft Defender for Endpoint for
Linux
[documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux).
-## Microsoft Defender ATP for Android
+## Microsoft Defender for Endpoint for Android
-Microsoft Defender ATP for Android is our mobile threat defense solution for
+Microsoft Defender for Endpoint for Android is our mobile threat defense solution for
devices running Android 6.0 and higher. Both Android Enterprise (Work Profile)
and Device Administrator modes are supported. On Android, we offer web
protection, which includes anti-phishing, blocking of unsafe connections, and
@@ -83,7 +83,7 @@ through integration with Microsoft Endpoint Manager and Conditional Access. For
information about the key features and benefits, read our
[announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Android).
-For more details on how to get started, visit the Microsoft Defender ATP for
+For more details on how to get started, visit the Microsoft Defender for Endpoint for
Android
[documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android).
@@ -91,19 +91,19 @@ Android
## Licensing requirements
-Eligible Licensed Users may use Microsoft Defender ATP on up to five concurrent
-devices. Microsoft Defender ATP is also available for purchase from a Cloud
+Eligible Licensed Users may use Microsoft Defender for Endpoint on up to five concurrent
+devices. Microsoft Defender for Endpoint is also available for purchase from a Cloud
Solution Provider (CSP).
-Customers can obtain Microsoft Defender ATP for Mac through a standalone
-Microsoft Defender ATP license, as part of Microsoft 365 A5/E5, or Microsoft 365
+Customers can obtain Microsoft Defender for Endpoint for Mac through a standalone
+MDefender for Endpoint license, as part of Microsoft 365 A5/E5, or Microsoft 365
Security.
-Recently announced capabilities of Microsoft Defender ATP for Android and soon
+Recently announced capabilities of Microsoft Defender for Endpoint for Android and soon
iOS are included in the above mentioned offers as part of the five qualified
devices for eligible licensed users.
-Microsoft Defender ATP for Linux is available through the Microsoft Defender ATP
+ Defender for Endpoint for Linux is available through the Defender for Endpoint
for Server SKU that is available for both commercial and education customers.
Please contact your account team or CSP for pricing and additional eligibility
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
index 19496bd97c..8cc6f7bed9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
@@ -21,13 +21,13 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
-Offboard device from Microsoft Defender ATP.
+Offboard device from Defender for Endpoint.
## Limitations
@@ -41,7 +41,7 @@ Offboard device from Microsoft Defender ATP.
> This API is not supported on MacOS or Linux devices.
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
index 7d9a09d143..3eb9642bf4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
-# Offboard devices from the Microsoft Defender ATP service
+# Offboard devices from the Microsoft Defender for Endpoint service
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
@@ -27,10 +27,10 @@ ms.topic: conceptual
- Linux
- Windows Server 2012 R2
- Windows Server 2016
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-offboarddevices-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-offboarddevices-abovefoldlink)
Follow the corresponding instructions depending on your preferred deployment method.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
index dab5b79f99..1a625303aa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
@@ -17,24 +17,24 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
-# Onboard devices to the Microsoft Defender ATP service
+# Onboard devices to the Microsoft Defender for Endpoint service
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[!include[Prerelease information](../../includes/prerelease.md)]
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
-You'll need to go the onboarding section of the Microsoft Defender ATP portal to onboard any of the supported devices. Depending on the device, you'll be guided with appropriate steps and provided management and deployment tool options suitable for the device.
+You'll need to go the onboarding section of the Defender for Endpoint portal to onboard any of the supported devices. Depending on the device, you'll be guided with appropriate steps and provided management and deployment tool options suitable for the device.
In general, to onboard devices to the service:
- Verify that the device fulfills the [minimum requirements](minimum-requirements.md)
-- Depending on the device, follow the configuration steps provided in the onboarding section of the Microsoft Defender ATP portal
+- Depending on the device, follow the configuration steps provided in the onboarding section of the Defender for Endpoint portal
- Use the appropriate management tool and deployment method for your devices
- Run a detection test to verify that the devices are properly onboarded and reporting to the service
@@ -57,15 +57,15 @@ The following table lists the available tools based on the endpoint that you nee
## In this section
Topic | Description
:---|:---
-[Onboard previous versions of Windows](onboard-downlevel.md)| Onboard Windows 7 and Windows 8.1 devices to Microsoft Defender ATP.
-[Onboard Windows 10 devices](configure-endpoints.md) | You'll need to onboard devices for it to report to the Microsoft Defender ATP service. Learn about the tools and methods you can use to configure devices in your enterprise.
-[Onboard servers](configure-server-endpoints.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender ATP
-[Onboard non-Windows devices](configure-endpoints-non-windows.md) | Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products' sensor data.
-[Run a detection test on a newly onboarded device](run-detection-test.md) | Run a script on a newly onboarded device to verify that it is properly reporting to the Microsoft Defender ATP service.
-[Configure proxy and Internet settings](configure-proxy-internet.md)| Enable communication with the Microsoft Defender ATP cloud service by configuring the proxy and Internet connectivity settings.
+[Onboard previous versions of Windows](onboard-downlevel.md)| Onboard Windows 7 and Windows 8.1 devices to Defender for Endpoint.
+[Onboard Windows 10 devices](configure-endpoints.md) | You'll need to onboard devices for it to report to the Defender for Endpoint service. Learn about the tools and methods you can use to configure devices in your enterprise.
+[Onboard servers](configure-server-endpoints.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Defender for Endpoint
+[Onboard non-Windows devices](configure-endpoints-non-windows.md) | Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products' sensor data.
+[Run a detection test on a newly onboarded device](run-detection-test.md) | Run a script on a newly onboarded device to verify that it is properly reporting to the Defender for Endpoint service.
+[Configure proxy and Internet settings](configure-proxy-internet.md)| Enable communication with the Defender for Endpoint cloud service by configuring the proxy and Internet connectivity settings.
[Troubleshoot onboarding issues](troubleshoot-onboarding.md) | Learn about resolving issues that might arise during onboarding.
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
index ca403709b0..f99a9fbab3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
@@ -28,32 +28,32 @@ ms.topic: article
- Windows 7 SP1 Pro
- Windows 8.1 Pro
- Windows 8.1 Enterprise
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevel-abovefoldlink).
+>Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevel-abovefoldlink).
-Microsoft Defender ATP extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions.
+Defender for Endpoint extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions.
-To onboard down-level Windows client endpoints to Microsoft Defender ATP, you'll need to:
+To onboard down-level Windows client endpoints to Defender for Endpoint, you'll need to:
- Configure and update System Center Endpoint Protection clients.
-- Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP as instructed below.
+- Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Defender for Endpoint as instructed below.
> [!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Defender for Endpoint endpoint](run-detection-test.md).
## Configure and update System Center Endpoint Protection clients
> [!IMPORTANT]
> This step is required only if your organization uses System Center Endpoint Protection (SCEP).
-Microsoft Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
+Defender for Endpoint integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
The following steps are required to enable this integration:
- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie)
- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting
- Configure your network to allow connections to the Microsoft Defender Antivirus cloud. For more information, see [Allow connections to the Microsoft Defender Antivirus cloud](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus#allow-connections-to-the-microsoft-defender-antivirus-cloud)
-## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP
+## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender for Endpoint
### Before you begin
Review the following details to verify minimum system requirements:
@@ -77,7 +77,7 @@ Review the following details to verify minimum system requirements:
1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604).
2. Obtain the workspace ID:
- - In the Microsoft Defender ATP navigation pane, select **Settings > Device management > Onboarding**
+ - In the Defender for Endpoint navigation pane, select **Settings > Device management > Onboarding**
- Select **Windows 7 SP1 and 8.1** as the operating system
- Copy the workspace ID and workspace key
@@ -93,10 +93,10 @@ Once completed, you should see onboarded endpoints in the portal within an hour.
### Configure proxy and Internet connectivity settings
- Each Windows endpoint must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-gateway).
-- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you [enable access to Microsoft Defender ATP service URLs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
+- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you [enable access to Defender for Endpoint service URLs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
## Offboard client endpoints
-To offboard, you can uninstall the MMA agent from the endpoint or detach it from reporting to your Microsoft Defender ATP workspace. After offboarding the agent, the endpoint will no longer send sensor data to Microsoft Defender ATP.
+To offboard, you can uninstall the MMA agent from the endpoint or detach it from reporting to your Defender for Endpoint workspace. After offboarding the agent, the endpoint will no longer send sensor data to Defender for Endpoint.
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevele-belowfoldlink).
+> Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevele-belowfoldlink).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
index 41098d9b2e..e3aea210fc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
@@ -18,7 +18,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
-# Onboard devices without Internet access to Microsoft Defender ATP
+# Onboard devices without Internet access to Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
@@ -47,25 +47,25 @@ For more information about onboarding methods, see the following articles:
- Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:
- [Azure Log Analytics Agent](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
- - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-for-endpoint) point to Microsoft Defender ATP Workspace key & ID
+ - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-for-endpoint) point to Defender for Endpoint Workspace key & ID
- Offline devices in the same network of Azure Log Analytics
- Configure MMA to point to:
- Azure Log Analytics IP as a proxy
- - Microsoft Defender ATP workspace key & ID
+ - Defender for Endpoint workspace key & ID
## Azure virtual machines
- Configure and enable [Azure Log Analytics workspace](https://docs.microsoft.com/azure/azure-monitor/platform/gateway)
- Setup Azure Log Analytics Gateway (formerly known as OMS Gateway) to act as proxy or hub:
- [Azure Log Analytics Gateway](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
- - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-for-endpoint) point to Microsoft Defender ATP Workspace key & ID
+ - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-for-endpoint) point to Defender for Endpoint Workspace key & ID
- Offline Azure VMs in the same network of OMS Gateway
- Configure Azure Log Analytics IP as a proxy
- Azure Log Analytics Workspace Key & ID
- Azure Security Center (ASC)
- [Security Policy \> Log Analytics Workspace](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
- - [Threat Detection \> Allow Microsoft Defender ATP to access my data](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
+ - [Threat Detection \> Allow Defender for Endpoint to access my data](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
For more information, see [Working with security policies](https://docs.microsoft.com/azure/security-center/tutorial-security-policy).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md
index 78edeae3ef..d35f1668f8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md
@@ -18,15 +18,15 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
-# Configure and manage Microsoft Defender ATP capabilities
+# Configure and manage Microsoft Defender for Endpoint capabilities
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-Configure and manage all the Microsoft Defender ATP capabilities to get the best security protection for your organization.
+Configure and manage all the Defender for Endpoint capabilities to get the best security protection for your organization.
## In this section
@@ -35,7 +35,7 @@ Topic | Description
[Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) | By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitation.
[Configure next-generation protection](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) | Configure next-generation protection to catch all types of emerging threats.
[Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts.
-[Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Microsoft Defender ATP.
+[Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Defender for Endpoint.
[Management and API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/management-apis)| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports.
[Configure Microsoft Defender Security Center settings](preferences-setup.md) | Configure portal-related settings such as general settings, advanced features, enable the preview experience and others.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
index 7435ab66b6..3098a40473 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
@@ -24,11 +24,11 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
This article is part of the Deployment guide and acts as an example onboarding method that guides users in:
- Step 1: Onboarding Windows devices to the service
-- Step 2: Configuring Microsoft Defender ATP capabilities
+- Step 2: Configuring Defender for Endpoint capabilities
This onboarding guidance will walk you through the following basic steps that you need to take when using Microsoft Endpoint Configuration Manager:
- **Creating a collection in Microsoft Endpoint Configuration Manager**
@@ -37,7 +37,7 @@ This onboarding guidance will walk you through the following basic steps that yo
>[!NOTE]
>Only Windows devices are covered in this example deployment.
-While Microsoft Defender ATP supports onboarding of various endpoints and tools, this article does not cover them.
+While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them.
For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md).
@@ -100,7 +100,7 @@ Follow the steps below to onboard endpoints using Microsoft Endpoint Configurati
After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment.
-## Step 2: Configure Microsoft Defender ATP capabilities
+## Step 2: Configure Microsoft Defender for Endpoint capabilities
This section guides you in configuring the following capabilities using Microsoft Endpoint Configuration Manager on Windows devices:
- [**Endpoint detection and response**](#endpoint-detection-and-response)
@@ -120,11 +120,11 @@ Manager and deploy that policy to Windows 10 devices.
2. Under Deployment method select the supported version of **Microsoft Endpoint Configuration Manager**.
- 
+ 
3. Select **Download package**.
- 
+ 
4. Save the package to an accessible location.
5. In Microsoft Endpoint Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**.
@@ -156,7 +156,7 @@ Manager and deploy that policy to Windows 10 devices.
15. Click **Close** when the Wizard completes.
-16. In the Microsoft Endpoint Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**.
+16. In the Microsoft Endpoint Configuration Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**.
@@ -166,7 +166,7 @@ Manager and deploy that policy to Windows 10 devices.
#### Previous versions of Windows Client (Windows 7 and Windows 8.1)
-Follow the steps below to identify the Microsoft Defender ATP Workspace ID and Workspace Key, that will be required for the onboarding of previous versions of Windows.
+Follow the steps below to identify the Defender for Endpoint Workspace ID and Workspace Key, that will be required for the onboarding of previous versions of Windows.
1. From a Microsoft Defender Security Center Portal, select **Settings > Onboarding**.
@@ -264,7 +264,7 @@ After completing this task, you now have successfully configured Windows
Defender Antivirus.
### Attack surface reduction
-The attack surface reduction pillar of Microsoft Defender ATP includes the feature set that is available under Exploit Guard. Attack surface reduction (ASR) rules, Controlled Folder Access, Network Protection and Exploit
+The attack surface reduction pillar of Defender for Endpoint includes the feature set that is available under Exploit Guard. Attack surface reduction (ASR) rules, Controlled Folder Access, Network Protection and Exploit
Protection.
All these features provide an audit mode and a block mode. In audit mode there is no end-user impact. All it does is collect additional telemetry and make it available in the Microsoft Defender Security Center. The goal with a deployment is to step-by-step move security controls into block mode.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
index 29548856da..f1112b1d8d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
@@ -24,14 +24,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
This article is part of the Deployment guide and acts as an example onboarding method that guides users in:
- Step 1: Onboarding devices to the service by creating a group in Microsoft Endpoint Manager (MEM) to assign configurations on
-- Step 2: Configuring Microsoft Defender ATP capabilities using Microsoft Endpoint Manager
+- Step 2: Configuring Defender for Endpoint capabilities using Microsoft Endpoint Manager
This onboarding guidance will walk you through the following basic steps that you need to take when using Microsoft Endpoint Manager:
@@ -43,7 +43,7 @@ This onboarding guidance will walk you through the following basic steps that yo
- In Microsoft Endpoint Manager, we'll guide you in creating a separate policy for each capability.
-While Microsoft Defender ATP supports onboarding of various endpoints and tools, this article does not cover them.
+While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them.
For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md).
@@ -100,11 +100,11 @@ needs.
8. Your testing group now has a member to test.
-## Step 2: Create configuration policies to configure Microsoft Defender ATP capabilities
+## Step 2: Create configuration policies to configure Microsoft Defender for Endpoint capabilities
In the following section, you'll create a number of configuration policies.
First is a configuration policy to select which groups of users or devices will
-be onboarded to Microsoft Defender ATP.
+be onboarded to Defender for Endpoint.
Then you will continue by creating several
different types of endpoint security policies.
@@ -137,9 +137,9 @@ different types of endpoint security policies.
> 
> [!NOTE]
- > In this instance, this has been auto populated as Microsoft Defender ATP has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender ATP in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-configure#to-enable-microsoft-defender-atp).
+ > In this instance, this has been auto populated as Defender for Endpoint has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender for Endpoint in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-configure#to-enable-microsoft-defender-atp).
>
- > The following image is an example of what you'll see when Microsoft Defender ATP is NOT integrated with Intune:
+ > The following image is an example of what you'll see when Microsoft Defender for Endpoint is NOT integrated with Intune:
>
> 
@@ -350,13 +350,13 @@ To confirm that the configuration policy has been applied to your test device, f
### Endpoint detection and response
-1. Before applying the configuration, the Microsoft Defender ATP
+1. Before applying the configuration, the Defender for Endpoint
Protection service should not be started.
> [!div class="mx-imgBorder"]
> [  ](images/b418a232a12b3d0a65fc98248dbb0e31.png#lightbox)
-2. After the configuration has been applied, the Microsoft Defender ATP
+2. After the configuration has been applied, the Defender for Endpoint
Protection Service should be started.
> [!div class="mx-imgBorder"]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
index 30c80bb608..ff6119eee4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
@@ -23,7 +23,7 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Create a notification rule so that when a local onboarding or offboardiing script is used, you'll be notified.
@@ -48,7 +48,7 @@ You'll need to have access to:
-4. Select the + button to add a new action. The new action will be an HTTP request to the Microsoft Defender ATP security center device(s) API. You can also replace it with the out-of-the-box "WDATP Connector" (action: "Machines - Get list of machines").
+4. Select the + button to add a new action. The new action will be an HTTP request to the Defender for Endpoint security center device(s) API. You can also replace it with the out-of-the-box "WDATP Connector" (action: "Machines - Get list of machines").
@@ -164,7 +164,7 @@ You'll need to have access to:
10. Extract the values from the JSON call and check if the onboarded device(s) is / are already registered at the SharePoint list as an example:
- If yes, no notification will be triggered
-- If no, will register the new onboarded device(s) in the SharePoint list and a notification will be sent to the Microsoft Defender ATP admin
+- If no, will register the new onboarded device(s) in the SharePoint list and a notification will be sent to the Defender for Endpoint admin
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
index f26781b856..f79266bf23 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
@@ -19,32 +19,32 @@ ms.collection:
ms.topic: article
---
-# Onboard to the Microsoft Defender ATP service
+# Onboard to the Microsoft Defender for Endpoint service
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-Deploying Microsoft Defender ATP is a three-phase process:
+Deploying Defender for Endpoint is a three-phase process:
@@ -993,13 +1000,13 @@ Validated Editions: Ultimate Edition
-
+
Phase 1: Prepare
-
+
Phase 2: Set up
-
@@ -54,13 +54,13 @@ Deploying Microsoft Defender ATP is a three-phase process:
You are currently in the onboarding phase.
-These are the steps you need to take to deploy Microsoft Defender ATP:
+These are the steps you need to take to deploy Defender for Endpoint:
- Step 1: Onboard endpoints to the service
- Step 2: Configure capabilities
## Step 1: Onboard endpoints using any of the supported management tools
-The [Plan deployment](deployment-strategy.md) topic outlines the general steps you need to take to deploy Microsoft Defender ATP.
+The [Plan deployment](deployment-strategy.md) topic outlines the general steps you need to take to deploy Defender for Endpoint.
After identifying your architecture, you'll need to decide which deployment method to use. The deployment tool you choose influences how you onboard endpoints to the service.
@@ -88,7 +88,7 @@ The tools in the example deployments are:
- [Onboarding using Microsoft Endpoint Configuration Manager](onboarding-endpoint-configuration-manager.md)
- [Onboarding using Microsoft Endpoint Manager](onboarding-endpoint-manager.md)
-Using the mentioned deployment tools above, you'll then be guided in configuring the following Microsoft Defender ATP capabilities:
+Using the mentioned deployment tools above, you'll then be guided in configuring the following Defender for Endpoint capabilities:
- Endpoint detection and response configuration
- Next-generation protection configuration
- Attack surface reduction configuration
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md
index 6af7ba9c0f..6f7a10acf3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md
@@ -26,7 +26,7 @@ ms.topic: conceptual
**Applies to:**
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Help reduce your attack surfaces, by minimizing the places where your organization is vulnerable to cyberthreats and attacks. Use the following resources to configure protection for the devices and applications in your organization.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
index 0f3c036938..f79f0792f3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
@@ -25,15 +25,15 @@ ms.topic: conceptual
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
+Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called an _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4o1j5]
-Inspired by the "assume breach" mindset, Microsoft Defender ATP continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors.
+Inspired by the "assume breach" mindset, Defender for Endpoint continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors.
The response capabilities give you the power to promptly remediate threats by acting on the affected entities.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
index 8b32269fe0..c1705995b8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
@@ -22,9 +22,9 @@ ms.date: 09/07/2018
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Microsoft Defender ATP.
+Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Microsoft Defender for Endpoint.
| Feature | Description |
|------------|-------------|
diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index 822b5afaab..0edc028048 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -18,21 +18,21 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
-# Partner applications in Microsoft Defender ATP
+# Partner applications in Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
+Microsoft Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
-The support for third-party solutions helps to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender ATP; enabling security teams to effectively respond better to modern threats.
+The support for third-party solutions helps to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender for Endpoint; enabling security teams to effectively respond better to modern threats.
-Microsoft Defender ATP seamlessly integrates with existing security solutions. The integration provides integration with the following solutions such as:
+Microsoft Defender for Endpoint seamlessly integrates with existing security solutions. The integration provides integration with the following solutions such as:
- SIEM
- Ticketing and IT service management solutions
- Managed security service providers (MSSP)
@@ -47,16 +47,16 @@ Microsoft Defender ATP seamlessly integrates with existing security solutions. T
Logo |Partner name | Description
:---|:---|:---
-| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates Microsoft Defender ATP is configured properly by launching continuous attacks safely on production assets
+| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates Defender for Endpoint is configured properly by launching continuous attacks safely on production assets
| [AzureSentinel](https://go.microsoft.com/fwlink/?linkid=2135705) | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel
- | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Microsoft Defender ATP findings with simulated attacks to validate accurate detection and effective response actions
+ | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Defender for Endpoint findings with simulated attacks to validate accurate detection and effective response actions
 | [Elastic Security](https://go.microsoft.com/fwlink/?linkid=2139303) | Elastic Security is a free and open solution for preventing, detecting, and responding to threats
- | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Microsoft Defender ATP
- | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections
- | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API
- | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations
+ | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Defender for Endpoint.
+ | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Defender for Endpoint detections
+ | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Defender for Endpoint Alerts to RSA NetWitness leveraging Microsoft Graph Security API
+ | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Defender for Endpoint security events that are automatically correlated with SafeBreach simulations
 | [Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467) | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network, and threat context to uncover your riskiest vulnerabilities
- | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk
+ | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Defender for Endpoint Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk
 | [XM Cyber](https://go.microsoft.com/fwlink/?linkid=2136700) | Prioritize your response to an alert based on risk factors and high value assets
### Orchestration and automation
@@ -64,31 +64,31 @@ Logo |Partner name | Description
Logo |Partner name | Description
:---|:---|:---
- | [CyberSponse CyOps](https://go.microsoft.com/fwlink/?linkid=2115943) | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks
- | [Delta Risk ActiveEye](https://go.microsoft.com/fwlink/?linkid=2127468) | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform, ActiveEye.
- | [Demisto, a Palo Alto Networks Company](https://go.microsoft.com/fwlink/?linkid=2108414) | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment, and response
- | [Microsoft Flow & Azure Functions](https://go.microsoft.com/fwlink/?linkid=2114300) | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
- | [Rapid7 InsightConnect](https://go.microsoft.com/fwlink/?linkid=2116040) | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes
+ | [CyberSponse CyOps](https://go.microsoft.com/fwlink/?linkid=2115943) | CyOps integrates with Defender for Endpoint to automate customers' high-speed incident response playbooks
+ | [Delta Risk ActiveEye](https://go.microsoft.com/fwlink/?linkid=2127468) | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Defender for Endpoint with its cloud-native SOAR platform, ActiveEye.
+ | [Demisto, a Palo Alto Networks Company](https://go.microsoft.com/fwlink/?linkid=2108414) | Demisto integrates with Defender for Endpoint to enable security teams to orchestrate and automate endpoint security monitoring, enrichment, and response
+ | [Microsoft Flow & Azure Functions](https://go.microsoft.com/fwlink/?linkid=2114300) | Use the Defender for Endpoint connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
+ | [Rapid7 InsightConnect](https://go.microsoft.com/fwlink/?linkid=2116040) | InsightConnect integrates with Defender for Endpoint to accelerate, streamline, and integrate your time-intensive security processes
 | [ServiceNow](https://go.microsoft.com/fwlink/?linkid=2135621) | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration
- | [Swimlane](https://go.microsoft.com/fwlink/?linkid=2113902) | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together
+ | [Swimlane](https://go.microsoft.com/fwlink/?linkid=2113902) | Maximize incident response capabilities utilizing Swimlane and Defender for Endpoint together
### Threat intelligence
Logo |Partner name | Description
:---|:---|:---
- | [MISP (Malware Information Sharing Platform)](https://go.microsoft.com/fwlink/?linkid=2127543) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender ATP environment
- | [Palo Alto Networks](https://go.microsoft.com/fwlink/?linkid=2099582) | Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender ATP using MineMeld
- | [ThreatConnect](https://go.microsoft.com/fwlink/?linkid=2114115) | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender ATP indicators
+ | [MISP (Malware Information Sharing Platform)](https://go.microsoft.com/fwlink/?linkid=2127543) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Defender for Endpoint environment
+ | [Palo Alto Networks](https://go.microsoft.com/fwlink/?linkid=2099582) | Enrich your endpoint protection by extending Autofocus and other threat feeds to Defender for Endpoint using MineMeld
+ | [ThreatConnect](https://go.microsoft.com/fwlink/?linkid=2114115) | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Defender for Endpoint indicators
### Network security
Logo |Partner name | Description
:---|:---|:---
- | [Aruba ClearPass Policy Manager](https://go.microsoft.com/fwlink/?linkid=2127544) | Ensure Microsoft Defender ATP is installed and updated on each endpoint before allowing access to the network
+ | [Aruba ClearPass Policy Manager](https://go.microsoft.com/fwlink/?linkid=2127544) | Ensure Defender for Endpoint is installed and updated on each endpoint before allowing access to the network
 | [Blue Hexagon for Network](https://go.microsoft.com/fwlink/?linkid=2104613) | Blue Hexagon has built the industry's first real-time deep learning platform for network threat protection
- | [CyberMDX](https://go.microsoft.com/fwlink/?linkid=2135620) | Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Microsoft Defender ATP environment
+ | [CyberMDX](https://go.microsoft.com/fwlink/?linkid=2135620) | Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Defender for Endpoint environment
 |[Vectra Network Detection and Response (NDR)](https://go.microsoft.com/fwlink/?linkid=866934)| Vectra applies AI & security research to detect and respond to cyber-attacks in real time
@@ -100,13 +100,13 @@ Logo |Partner name | Description
| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution — Protect your mobile devices with granular visibility and control from Corrata
| [Lookout](https://go.microsoft.com/fwlink/?linkid=866935)| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices
 | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect, and prevent security threats and vulnerabilities on mobile devices
-| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Microsoft Defender ATP to iOS and Android with Machine Learning-based Mobile Threat Defense
+| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense
## Additional integrations
Logo |Partner name | Description
:---|:---|:---
-| [Cyren Web Filter](https://go.microsoft.com/fwlink/?linkid=2108221)| Enhance your Microsoft Defender ATP with advanced Web Filtering
+| [Cyren Web Filter](https://go.microsoft.com/fwlink/?linkid=2108221)| Enhance your Defender for Endpoint with advanced Web Filtering
| [Morphisec](https://go.microsoft.com/fwlink/?linkid=2086215)| Provides Moving Target Defense-powered advanced threat prevention and integrates forensics data directly into WD Security Center dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information
| [THOR Cloud](https://go.microsoft.com/fwlink/?linkid=862988)| Provides on-demand live forensics scans using a signature base with focus on persistent threats
@@ -114,27 +114,27 @@ Logo |Partner name | Description
## SIEM integration
-Microsoft Defender ATP supports SIEM integration through a variety of methods — specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration.md).
+Defender for Endpoint supports SIEM integration through a variety of methods — specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration.md).
## Ticketing and IT service management
-Ticketing solution integration helps to implement manual and automatic response processes. Microsoft Defender ATP can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API.
+Ticketing solution integration helps to implement manual and automatic response processes. Defender for Endpoint can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API.
## Security orchestration and automation response (SOAR) integration
-Orchestration solutions can help build playbooks and integrate the rich data model and actions that Microsoft Defender ATP APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others.
+Orchestration solutions can help build playbooks and integrate the rich data model and actions that Defender for Endpoint APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others.
## External alert correlation and Automated investigation and remediation
-Microsoft Defender ATP offers unique automated investigation and remediation capabilities to drive incident response at scale.
+Defender for Endpoint offers unique automated investigation and remediation capabilities to drive incident response at scale.
Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices.
-External alerts can be pushed into Microsoft Defender ATP and is presented side by side with additional device-based alerts from Microsoft Defender ATP. This view provides a full context of the alert — with the real process and the full story of attack.
+External alerts can be pushed into Defender for Endpoint and is presented side by side with additional device-based alerts from Defender for Endpoint. This view provides a full context of the alert — with the real process and the full story of attack.
## Indicators matching
You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs).
-Microsoft Defender ATP allows you to integrate with such solutions and act on IoCs by correlating its rich telemetry and creating alerts when there's a match; leveraging prevention and automated response capabilities to block execution and take remediation actions when there's a match.
+Defender for Endpoint allows you to integrate with such solutions and act on IoCs by correlating its rich telemetry and creating alerts when there's a match; leveraging prevention and automated response capabilities to block execution and take remediation actions when there's a match.
-Microsoft Defender ATP currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.
+Defender for Endpoint currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.
## Support for non-Windows platforms
-Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network.
+Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network.
From 6b5a7798026e58b0c71eb82f6cc125fbe4a05cab Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
+
Phase 3: Onboard
@@ -47,35 +47,35 @@ In the event message, scroll to the very bottom, and check the [Reason Code](htt
*Example: event ID 6272 (Audit Success)*
-The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, Wired AutoConfig operational log is equivalent one.
+The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, the Wired AutoConfig operational log is an equivalent one.
-On the client side, navigate to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, navigate to **..\Wired-AutoConfig/Operational**. See the following example:
+On the client side, go to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, go to **..\Wired-AutoConfig/Operational**. See the following example:
-Most 802.1X authentication issues are due to problems with the certificate that is used for client or server authentication (e.g. invalid certificate, expiration, chain verification failure, revocation check failure, etc.).
+Most 802.1X authentication issues are because of problems with the certificate that's used for client or server authentication. Examples include invalid certificate, expiration, chain verification failure, and revocation check failure.
-First, validate the type of EAP method being used:
+First, validate the type of EAP method that's used:
-If a certificate is used for its authentication method, check if the certificate is valid. For server (NPS) side, you can confirm what certificate is being used from the EAP property menu. In **NPS snap-in**, go to **Policies** > **Network Policies**. Right click on the policy and select **Properties**. In the pop-up window, go to the **Constraints** tab and select the **Authentication Methods** section.
+If a certificate is used for its authentication method, check whether the certificate is valid. For the server (NPS) side, you can confirm what certificate is being used from the EAP property menu. In **NPS snap-in**, go to **Policies** > **Network Policies**. Select and hold (or right-click) the policy, and then select **Properties**. In the pop-up window, go to the **Constraints** tab, and then select the **Authentication Methods** section.
-The CAPI2 event log will be useful for troubleshooting certificate-related issues.
-This log is not enabled by default. You can enable this log by expanding **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2**, right-clicking **Operational** and then clicking **Enable Log**.
+The CAPI2 event log is useful for troubleshooting certificate-related issues.
+By default, this log isn't enabled. To enable this log, expand **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2**, select and hold (or right-click) **Operational**, and then select **Enable Log**.
-The following article explains how to analyze CAPI2 event logs:
+For information about how to analyze CAPI2 event logs, see
[Troubleshooting PKI Problems on Windows Vista](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-vista/cc749296%28v=ws.10%29).
-When troubleshooting complex 802.1X authentication issues, it is important to understand the 802.1X authentication process. The following figure is an example of wireless connection process with 802.1X authentication:
+When troubleshooting complex 802.1X authentication issues, it's important to understand the 802.1X authentication process. Here's an example of wireless connection process with 802.1X authentication:
-If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both the client and the server (NPS) side, you can see a flow like the one below. Type **EAPOL** in the Display Filter in for a client side capture, and **EAP** for an NPS side capture. See the following examples:
+If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both the client and the server (NPS) side, you can see a flow like the one below. Type **EAPOL** in the Display Filter for a client-side capture, and **EAP** for an NPS-side capture. See the following examples:
*Client-side packet capture data*
@@ -85,16 +85,16 @@ If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both
> [!NOTE]
-> If you have a wireless trace, you can also [view ETL files with network monitor](https://docs.microsoft.com/windows/desktop/ndf/using-network-monitor-to-view-etl-files) and apply the **ONEX_MicrosoftWindowsOneX** and **WLAN_MicrosoftWindowsWLANAutoConfig** Network Monitor filters. Follow the instructions under the **Help** menu in Network Monitor to load the reqired [parser](https://blogs.technet.microsoft.com/netmon/2010/06/04/parser-profiles-in-network-monitor-3-4/) if needed. See the example below.
+> If you have a wireless trace, you can also [view ETL files with network monitor](https://docs.microsoft.com/windows/desktop/ndf/using-network-monitor-to-view-etl-files) and apply the **ONEX_MicrosoftWindowsOneX** and **WLAN_MicrosoftWindowsWLANAutoConfig** Network Monitor filters. If you need to load the required [parser](https://blogs.technet.microsoft.com/netmon/2010/06/04/parser-profiles-in-network-monitor-3-4/), see the instructions under the **Help** menu in Network Monitor. Here's an example:
## Audit policy
-NPS audit policy (event logging) for connection success and failure is enabled by default. If you find that one or both types of logging are disabled, use the following steps to troubleshoot.
+By default, NPS audit policy (event logging) for connection success and failure is enabled. If you find that one or both types of logging are disabled, use the following steps to troubleshoot.
View the current audit policy settings by running the following command on the NPS server:
-```
+```console
auditpol /get /subcategory:"Network Policy Server"
```
@@ -106,13 +106,12 @@ Logon/Logoff
Network Policy Server Success and Failure
-If it shows ‘No auditing’, you can run this command to enable it:
-
-```
+If it says, "No auditing," you can run this command to enable it:
+```console
auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
```
-Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing via Group Policy. The success/failure setting can be found under **Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Logon/Logoff -> Audit Network Policy Server**.
+Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing by using Group Policy. To get to the success/failure setting, select **Computer Configuration** > **Policies** > **Windows Settings** > **Security Settings** > **Advanced Audit Policy Configuration** > **Audit Policies** > **Logon/Logoff** > **Audit Network Policy Server**.
## Additional references
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index dc31960057..2950a6c6d9 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -19,13 +19,13 @@ ms.topic: article
- Windows 10, Windows Server 2016
-You can now manage the pages that are shown in the Settings app by using Group Policy. This lets you hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
-To make use of the Settings App group polices on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update.
+You can now manage the pages that are shown in the Settings app by using Group Policy. When you use Group Policy to manage pages, you can hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
+To make use of the Settings App group policies on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update.
>[!Note]
>Each server that you want to manage access to the Settings App must be patched.
-To centrally manage the new policies copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) if your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management.
+If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra).
This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app.
@@ -39,7 +39,7 @@ Policy paths:
## Configuring the Group Policy
-The Group Policy can be configured in one of two ways: specify a list of pages that are shown or specify a list of pages to hide. To do this, add either **ShowOnly:** or **Hide:** followed by a semicolon delimited list of URIs in **Settings Page Visiblity**. For a full list of URIs, see the URI scheme reference section in [Launch the Windows Settings app](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference).
+The Group Policy can be configured in one of two ways: specify a list of pages that are shown or specify a list of pages to hide. To do this, add either **ShowOnly:** or **Hide:** followed by a semicolon-delimited list of URIs in **Settings Page Visibility**. For a full list of URIs, see the URI scheme reference section in [Launch the Windows Settings app](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference).
>[!NOTE]
> When you specify the URI in the Settings Page Visibility textbox, don't include **ms-settings:** in the string.
diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md
index 79545b45cc..43f44a4d2a 100644
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/mdm/esim-enterprise-management.md
@@ -12,15 +12,15 @@ ms.topic: conceptual
---
# How Mobile Device Management Providers support eSIM Management on Windows
-The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to leverage an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will leverage the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and installation happens on the background and not impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
- If you are a Mobile Device Management (MDM) Provider and would like to support eSIM Management on Windows, you should do the following:
+The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to use an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will use the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and the installation happen in the background without impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
+ If you are a Mobile Device Management (MDM) Provider and want to support eSIM Management on Windows, perform the following steps:
- Onboard to Azure Active Directory
-- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties.
+- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows doesn't limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, contact them and learn more about their onboarding. If you want to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties.
- Assess solution type that you would like to provide your customers
- Batch/offline solution
- IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices.
-- Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
+- Operator doesn't have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
- Real-time solution
- MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time.
- Operator is notified of the status of each eSIM profile and has visibility on which devices are being used
-**Note:** The solution type is not noticeable to the end-user. The choice between the two is made between the MDM and the Mobile Operator.
+**Note:** End users don't notice the solution type. The choice between the two is made between the MDM and the Mobile Operator.
diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md
index 0bdc744338..bdb67e2528 100644
--- a/windows/client-management/troubleshoot-inaccessible-boot-device.md
+++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md
@@ -1,6 +1,6 @@
---
title: Advanced advice for Stop error 7B, Inaccessible_Boot_Device
-description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device. This error may occur after some changes are made to the computer,
+description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device. This error might occur after some changes are made to the computer,
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
@@ -15,27 +15,27 @@ manager: dansimp
# Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device
-This article provides steps to troubleshoot **Stop error 7B: Inaccessible_Boot_Device**. This error may occur after some changes are made to the computer, or immediately after you deploy Windows on the computer.
+This article provides steps to troubleshoot **Stop error 7B: Inaccessible_Boot_Device**. This error might occur after some changes are made to the computer, or immediately after you deploy Windows on the computer.
## Causes of the Inaccessible_Boot_Device Stop error
-Any one of the following factors may cause the stop error:
+Any one of the following factors might cause the stop error:
-* Missing, corrupted, or misbehaving filter drivers that are related to the storage stack
+* Missing, corrupted, or misbehaving filter drivers that are related to the storage stack
-* File system corruption
+* File system corruption
-* Changes to the storage controller mode or settings in the BIOS
+* Changes to the storage controller mode or settings in the BIOS
-* Using a different storage controller than the one that was used when Windows was installed
+* Using a different storage controller than the one that was used when Windows was installed
-* Moving the hard disk to a different computer that has a different controller
+* Moving the hard disk to a different computer that has a different controller
-* A faulty motherboard or storage controller, or faulty hardware
+* A faulty motherboard or storage controller, or faulty hardware
-* In unusual cases: the failure of the TrustedInstaller service to commit newly installed updates because of Component Based Store corruptions
+* In unusual cases, the failure of the TrustedInstaller service to commit newly installed updates is because of component-based store corruptions
-* Corrupted files in the **Boot** partition (for example, corruption in the volume that is labeled **SYSTEM** when you run the `diskpart` > `list vol` command)
+* Corrupted files in the **Boot** partition (for example, corruption in the volume that's labeled **SYSTEM** when you run the `diskpart` > `list vol` command)
## Troubleshoot this error
@@ -43,9 +43,9 @@ Start the computer in [Windows Recovery Mode (WinRE)](https://docs.microsoft.com
1. Start the system by using [the installation media for the installed version of Windows](https://support.microsoft.com/help/15088).
-2. On the **Install Windows** screen, select **Next** > **Repair your computer** .
+2. On the **Install Windows** screen, select **Next** > **Repair your computer**.
-3. On the **System Recovery Options** screen, select **Next** > **Command Prompt** .
+3. On the **System Recovery Options** screen, select **Next** > **Command Prompt**.
### Verify that the boot disk is connected and accessible
@@ -55,7 +55,7 @@ Start the computer in [Windows Recovery Mode (WinRE)](https://docs.microsoft.com
A list of the physical disks that are attached to the computer should be displayed and resemble the following display:
-```
+```console
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
@@ -65,7 +65,7 @@ A list of the physical disks that are attached to the computer should be display
If the computer uses a Unified Extensible Firmware Interface (UEFI) startup interface, there will be an asterisk () in the **GPT* column.
-If the computer uses a basic input/output system (BIOS) interface, there will not be an asterisk in the **Dyn** column.
+If the computer uses a basic input/output system (BIOS) interface, there won't be an asterisk in the **Dyn** column.
#### Step 2
@@ -73,7 +73,7 @@ If the `list disk` command lists the OS disks correctly, run the `list vol` comm
`list vol` generates an output that resembles the following display:
-```
+```console
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
@@ -86,7 +86,7 @@ If the `list disk` command lists the OS disks correctly, run the `list vol` comm
```
>[!NOTE]
->If the disk that contains the OS is not listed in the output, you will have to engage the OEM or virtualization manufacturer.
+>If the disk that contains the OS isn't listed in the output, you'll have to engage the OEM or virtualization manufacturer.
### Verify the integrity of Boot Configuration Database
@@ -94,57 +94,57 @@ Check whether the Boot Configuration Database (BCD) has all the correct entries.
To verify the BCD entries:
-1. Examine the **Windows Boot Manager** section that has the **{bootmgr}** identifier. Make sure that the **device** and **path** entries point to the correct device and boot loader file.
+1. Examine the **Windows Boot Manager** section that has the **{bootmgr}** identifier. Make sure that the **device** and **path** entries point to the correct device and boot loader file.
- An example output if the computer is UEFI-based:
+ If the computer is UEFI-based, here's example output:
- ```
+ ```cmd
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
```
- An example output if the machine is BIOS based:
- ```
+ If the machine is BIOS-based, here's example output:
+ ```cmd
Device partition=C:
```
>[!NOTE]
- >This output may not contain a path.
+ >This output might not contain a path.
-2. In the **Windows Boot Loader** that has the **{default}** identifier, make sure that **device**, **path**, **osdevice**, and **systemroot** point to the correct device or partition, winload file, OS partition or device, and OS folder.
+2. In the **Windows Boot Loader** that has the **{default}** identifier, make sure that **device**, **path**, **osdevice**, and **systemroot** point to the correct device or partition, winload file, OS partition or device, and OS folder.
> [!NOTE]
- > If the computer is UEFI-based, the filepath value specified in the **path** parameter of **{bootmgr}** and **{default}** will contain an **.efi** extension.
+ > If the computer is UEFI-based, the file path value that's specified in the **path** parameter of **{bootmgr}** and **{default}** contains an **.efi** extension.
-If any of the information is wrong or missing, we recommend that you create a backup of the BCD store. To do this, run `bcdedit /export C:\temp\bcdbackup`. This command creates a backup in **C:\\temp\\** that is named **bcdbackup** . To restore the backup, run `bcdedit /import C:\temp\bcdbackup`. This command overwrites all BCD settings by using the settings in **bcdbackup** .
+If any of the information is wrong or missing, we recommend that you create a backup of the BCD store. To do this, run `bcdedit /export C:\temp\bcdbackup`. This command creates a backup in **C:\\temp\\** that's named **bcdbackup**. To restore the backup, run `bcdedit /import C:\temp\bcdbackup`. This command overwrites all BCD settings by using the settings in **bcdbackup**.
-After the backup is completed, run the following command to make the changes:
+After the backup completes, run the following command to make the changes:
bcdedit /set *{identifier}* option value
-For example, if the device under {default} is wrong or missing, run the following command to set it: `bcdedit /set {default} device partition=C:`
+For example, if the device under {default} is wrong or missing, run this command to set it: `bcdedit /set {default} device partition=C:`
- If you want to re-create the BCD completely, or if you get a message that states that "**The boot configuration data store could not be opened. The system could not find the file specified,** " run `bootrec /rebuildbcd`.
+ If you want to completely re-create the BCD, or if you get a message that states that "**The boot configuration data store could not be opened. The system could not find the file specified,** " run `bootrec /rebuildbcd`.
-If the BCD has the correct entries, check whether the **winload** and **bootmgr** entries exist in the correct location per the path that is specified in the **bcdedit** command. By default, **bootmgr** in the BIOS partition will be in the root of the **SYSTEM** partition. To see the file, run `Attrib -s -h -r`.
+If the BCD has the correct entries, check whether the **winload** and **bootmgr** entries exist in the correct location, which is in the specified path in the **bcdedit** command. By default, **bootmgr** in the BIOS partition is in the root of the **SYSTEM** partition. To see the file, run `Attrib -s -h -r`.
If the files are missing, and you want to rebuild the boot files, follow these steps:
-1. Copy all the contents under the **SYSTEM** partition to another location. Alternatively, you can use the command prompt to navigate to the OS drive, create a new folder, and then copy all the files and folders from the **SYSTEM** volume, as follows:
+1. Copy all the contents under the **SYSTEM** partition to another location. Alternatively, you can use the command prompt to navigate to the OS drive, create a new folder, and then copy all the files and folders from the **SYSTEM** volume, like shown here:
-```
-D:\> Mkdir BootBackup
-R:\> Copy *.* D:\BootBackup
-```
+ ```cmd
+ D:\> Mkdir BootBackup
+ R:\> Copy *.* D:\BootBackup
+ ```
-2. If you are using Windows 10, or if you are troubleshooting by using a Windows 10 ISO at the Windows Pre-Installation Environment command prompt, you can use the **bcdboot** command to re-create the boot files, as follows:
+2. If you're using Windows 10, or if you're troubleshooting by using a Windows 10 ISO at the Windows Pre-Installation Environment command prompt, you can use the **bcdboot** command to re-create the boot files, like shown here:
```cmd
Bcdboot <**OSDrive* >:\windows /s <**SYSTEMdrive* >: /f ALL
```
- For example: if we assign the `
We recommend monitoring Failure access attempts: the volume should not be very high. You will be able to see who was not able to get access to a file or folder on a network share on a computer. |
-| Member Server | IF | Yes | IF | Yes | IF – If a server has shared network folders which typically get many access requests (File Server, for example), the volume of events might be very high. If you really need to track all successful access events for every file or folder located on a shared folder, enable Success auditing or use the [Audit File System](audit-file-system.md) subcategory, although that subcategory excludes some information in Audit Detailed File Share, for example, the client’s IP address.
The volume of Failure events for member servers should not be very high (if they are not File Servers). With Failure auditing, you will be able to see who was not able to get access to a file or folder on a network share on this computer. |
-| Workstation | IF | Yes | IF | Yes | IF – If a workstation has shared network folders which typically get many access requests, the volume of events might be very high. If you really need to track all successful access events for every file or folder located on a shared folder, enable Success auditing or use Audit File System subcategory, although that subcategory excludes some information in Audit Detailed File Share, for example, the client’s IP address.
The volume of Failure events for workstations should not be very high. With Failure auditing, you will be able to see who was not able to get access to a file or folder on a network share on this computer. |
+| Domain Controller | No | Yes | No | Yes | Audit Success for this subcategory on domain controllers typically will lead to high volume of events, especially for SYSVOL share.
We recommend monitoring Failure access attempts: the volume should not be high. You will be able to see who was not able to get access to a file or folder on a network share on a computer. |
+| Member Server | IF | Yes | IF | Yes | IF – If a server has shared network folders that typically get many access requests (File Server, for example), the volume of events might be high. If you really need to track all successful access events for every file or folder located on a shared folder, enable Success auditing or use the [Audit File System](audit-file-system.md) subcategory, although that subcategory excludes some information in Audit Detailed File Share, for example, the client’s IP address.
The volume of Failure events for member servers should not be high (if they are not File Servers). With Failure auditing, you can see who can't access a file or folder on a network share on this computer. |
+| Workstation | IF | Yes | IF | Yes | IF – If a workstation has shared network folders that typically get many access requests, the volume of events might be high. If you really need to track all successful access events for every file or folder located on a shared folder, enable Success auditing or use Audit File System subcategory, although that subcategory excludes some information in Audit Detailed File Share, for example, the client’s IP address.
The volume of Failure events for workstations should not be high. With Failure auditing, you can see who can't access a file or folder on a network share on this computer. |
**Events List:**
diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md
index e9047b6c8a..5775f97220 100644
--- a/windows/security/threat-protection/auditing/audit-group-membership.md
+++ b/windows/security/threat-protection/auditing/audit-group-membership.md
@@ -1,6 +1,6 @@
---
title: Audit Group Membership (Windows 10)
-description: The advanced security audit policy setting, Audit Group Membership, enables you to audit group memberships when they are enumerated on the client PC.
+description: Using the advanced security audit policy setting, Audit Group Membership, you can audit group memberships when they're enumerated on the client PC.
ms.assetid: 1CD7B014-FBD9-44B9-9274-CC5715DE58B9
ms.reviewer:
manager: dansimp
@@ -20,8 +20,7 @@ ms.date: 04/19/2017
- Windows 10
- Windows Server 2016
-
-Audit Group Membership enables you to audit group memberships when they are enumerated on the client computer.
+By using Audit Group Membership, you can audit group memberships when they're enumerated on the client computer.
This policy allows you to audit the group membership information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created.
@@ -33,15 +32,15 @@ Multiple events are generated if the group membership information cannot fit in
**Event volume**:
-- Low on a client computer.
+- Low on a client computer.
-- Medium on a domain controller or network servers.
+- Medium on a domain controller or network servers.
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | Yes | No | Yes | No | Group membership information for logged in user can help to detect that member of specific domain or local group logged in to the machine (for example, member of database administrators, built-in local administrators, domain administrators, service accounts group or other high value groups).
For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Member Server | Yes | No | Yes | No | Group membership information for logged in user can help to detect that member of specific domain or local group logged in to the machine (for example, member of database administrators, built-in local administrators, domain administrators, service accounts group or other high value groups).
For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Workstation | Yes | No | Yes | No | Group membership information for logged in user can help to detect that member of specific domain or local group logged in to the machine (for example, member of database administrators, built-in local administrators, domain administrators, service accounts group or other high value groups).
For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | Yes | No | Yes | No | Group membership information for a logged-in user can help to detect that member of specific domain or local group logged in to the machine (for example, member of database administrators, built-in local administrators, domain administrators, service accounts group, or other high value groups).
For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.
This subcategory doesn’t have Failure events, so this subcategory doesn't have a recommendation to enable Failure auditing. |
+| Member Server | Yes | No | Yes | No | Group membership information for logged in user can help to detect that member of specific domain or local group logged in to the machine (for example, member of database administrators, built-in local administrators, domain administrators, service accounts group, or other high value groups).
For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.
This subcategory doesn’t have Failure events, so this subcategory doesn't have a recommendation to enable Failure auditing. |
+| Workstation | Yes | No | Yes | No | Group membership information for a logged-in user can help to detect that member of specific domain or local group logged in to the machine (for example, member of database administrators, built-in local administrators, domain administrators, service accounts group, or other high value groups).
For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.
This subcategory doesn’t have Failure events, so this subcategory doesn't have a recommendation to enable Failure auditing. |
**Events List:**
diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md
index c4d6606795..011a5d397c 100644
--- a/windows/security/threat-protection/auditing/audit-logoff.md
+++ b/windows/security/threat-protection/auditing/audit-logoff.md
@@ -23,7 +23,7 @@ ms.date: 07/16/2018
Audit Logoff determines whether the operating system generates audit events when logon sessions are terminated.
-These events occur on the computer that was accessed. In the case of an interactive logon, these events are generated on the computer that was logged on to.
+These events occur on the computer that was accessed. For an interactive logon, these events are generated on the computer that was logged on to.
There is no failure event in this subcategory because failed logoffs (such as when a system abruptly shuts down) do not generate an audit record.
@@ -31,13 +31,13 @@ Logon events are essential to understanding user activity and detecting potentia
**Event volume**: High.
-This subcategory allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to.
+This subcategory allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff, the security audit event is generated on the computer that the user account logged on to.
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | No | No | Yes | No | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It is more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.
Enable Success audit if you want to track, for example, for how long session was active (in correlation with [Audit Logon](audit-logon.md) events) and when user actually logged off.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Member Server | No | No | Yes | No | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It is more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.
Enable Success audit if you want to track, for example, for how long session was active (in correlation with [Audit Logon](audit-logon.md) events) and when user actually logged off.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Workstation | No | No | Yes | No | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It is more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.
Enable Success audit if you want to track, for example, for how long session was active (in correlation with [Audit Logon](audit-logon.md) events) and when user actually logged off.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | No | No | Yes | No | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It's more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.
Enable Success audit if you want to track, for example, for how long a session was active (in correlation with [Audit Logon](audit-logon.md) events) and when a user logged off.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Member Server | No | No | Yes | No | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It's more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.
Enable Success audit if you want to track, for example, for how long a session was active (in correlation with [Audit Logon](audit-logon.md) events) and when a user logged off.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Workstation | No | No | Yes | No | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It's more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.
Enable Success audit if you want to track, for example, for how long a session was active (in correlation with [Audit Logon](audit-logon.md) events) and when a user logged off.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
**Events List:**
diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
index f1227802bd..b75e993891 100644
--- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
@@ -1,6 +1,6 @@
---
-title: Audit Non Sensitive Privilege Use (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used.
+title: Audit Non-Sensitive Privilege Use (Windows 10)
+description: This article for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used.
ms.assetid: 8fd74783-1059-443e-aa86-566d78606627
ms.reviewer:
manager: dansimp
@@ -14,14 +14,14 @@ author: dansimp
ms.date: 04/19/2017
---
-# Audit Non Sensitive Privilege Use
+# Audit Non-Sensitive Privilege Use
**Applies to**
- Windows 10
- Windows Server 2016
-Audit Non Sensitive Privilege Use contains events that show usage of non-sensitive privileges. This is the list of non-sensitive privileges:
+Audit Non-Sensitive Privilege Use contains events that show usage of non-sensitive privileges. This is the list of non-sensitive privileges:
- Access Credential Manager as a trusted caller
From c7dc0cc6df273fb0e50f92cebb62bc177e1a12a2 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha
@@ -870,11 +877,11 @@ Validated Editions: Windows 7, Windows 7 SP1
-
+
Phase 1: Prepare
-
+
Phase 2: Set up
@@ -68,7 +68,7 @@ Deploying Microsoft Defender ATP is a three-phase process:
You are currently in the preparation phase.
-Preparation is key to any successful deployment. In this article, you'll be guided on the points you'll need to consider as you prepare to deploy Microsoft Defender ATP.
+Preparation is key to any successful deployment. In this article, you'll be guided on the points you'll need to consider as you prepare to deploy Defender for Endpoint.
## Stakeholders and approval
@@ -111,8 +111,7 @@ required in technologies or processes.
## Role-based access control
-Microsoft recommends using the concept of least privileges. Microsoft Defender
-ATP leverages built-in roles within Azure Active Directory. Microsoft recommends
+Microsoft recommends using the concept of least privileges. Defender for Endpoint leverages built-in roles within Azure Active Directory. Microsoft recommends
[review the different roles that are
available](https://docs.microsoft.com/azure/active-directory/active-directory-assign-admin-roles-azure-portal)
and choose the right one to solve your needs for each persona for this
@@ -132,7 +131,7 @@ Management](https://docs.microsoft.com/azure/active-directory/active-directory-p
to manage your roles to provide additional auditing, control, and access review
for users with directory permissions.
-Microsoft Defender ATP supports two ways to manage permissions:
+Defender for Endpoint supports two ways to manage permissions:
- **Basic permissions management**: Set permissions to either full access or
read-only. In the case of basic permissions management users with Global
@@ -144,7 +143,7 @@ Microsoft Defender ATP supports two ways to manage permissions:
groups access to device groups. For more information. see [Manage portal access using role-based access control](rbac.md).
Microsoft recommends leveraging RBAC to ensure that only users that have a
-business justification can access Microsoft Defender ATP.
+business justification can access Defender for Endpoint.
You can find details on permission guidelines
[here](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group).
@@ -167,16 +166,16 @@ place. The bare minimum every organization should have been an antivirus solutio
Historically, replacing any security solution used to be time intensive and difficult
to achieve due to the tight hooks into the application layer and infrastructure
-dependencies. However, because Microsoft Defender ATP is built into the
+dependencies. However, because Defender for Endpoint is built into the
operating system, replacing third-party solutions is now easy to achieve.
-Choose the component of Microsoft Defender ATP to be used and remove the ones
+Choose the component of Defender for Endpoint to be used and remove the ones
that do not apply. The table below indicates the order Microsoft recommends for
how the endpoint security suite should be enabled.
| Component | Description | Adoption Order Rank |
|-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|
-| Endpoint Detection & Response (EDR) | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 |
+| Endpoint Detection & Response (EDR) | Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 |
|Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including:
- Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
- Invaluable device vulnerability context during incident investigations
- Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager
[Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 |
| Next-generation protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes:
-Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.
- Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").
- Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research.
[Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). |3 |
| Attack Surface Reduction (ASR) | Attack surface reduction capabilities in Microsoft Defender ATP help protect the devices and applications in the organization from new and emerging threats.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) | 4 |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
index 0609532537..8c1f70f474 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
@@ -16,15 +16,15 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
-# Turn on the preview experience in Microsoft Defender ATP
+# Turn on the preview experience in Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-previewsettings-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-previewsettings-abovefoldlink)
Turn on the preview experience setting to be among the first to try upcoming features.
@@ -36,8 +36,8 @@ Turn on the preview experience setting to be among the first to try upcoming fea
2. Toggle the setting between **On** and **Off** and select **Save preferences**.
## Related topics
-- [Update general settings in Microsoft Defender ATP](data-retention-settings.md)
-- [Turn on advanced features in Microsoft Defender ATP](advanced-features.md)
-- [Configure email notifications in Microsoft Defender ATP](configure-email-notifications.md)
-- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
+- [Update general settings in Microsoft Defender for Endpoint](data-retention-settings.md)
+- [Turn on advanced features in Microsoft Defender for Endpoint](advanced-features.md)
+- [Configure email notifications in Microsoft Defender for Endpoint](configure-email-notifications.md)
+- [Enable SIEM integration in Microsoft Defender for Endpoint](enable-siem-integration.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md
index 5ed93079a0..f8bc3dccad 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md
@@ -19,7 +19,7 @@ ms.collection:
ms.topic: conceptual
---
-# Microsoft Defender ATP preview features
+# Microsoft Defender for Endpoint preview features
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
@@ -27,19 +27,19 @@ ms.topic: conceptual
>The preview versions are provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-The Microsoft Defender ATP service is constantly being updated to include new feature enhancements and capabilities.
+The Defender for Endpoint service is constantly being updated to include new feature enhancements and capabilities.
> [!TIP]
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-abovefoldlink)
-Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
+Learn about new features in the Defender for Endpoint preview release and be among the first to try upcoming features by turning on the preview experience.
>[!TIP]
>Get notified when this page is updated by copying and pasting the following URL into your feed reader: `https://docs.microsoft.com/api/search/rss?search=%22Microsoft+Defender+ATP+preview+features%22&locale=en-us`
-For more information on new capabilities that are generally available, see [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md).
+For more information on new capabilities that are generally available, see [What's new in Defender for Endpoint](whats-new-in-microsoft-defender-atp.md).
## Turn on preview features
@@ -54,22 +54,22 @@ Turn on the preview experience setting to be among the first to try upcoming fea
## Preview features
The following features are included in the preview release:
-- [Microsoft Defender ATP for iOS](microsoft-defender-atp-ios.md)
Microsoft Defender ATP now adds support for iOS. Learn how to install, configure, and use Microsoft Defender ATP for iOS.
+- [Microsoft Defender for Endpoint for iOS](microsoft-defender-atp-ios.md)
Microsoft Defender ATP now adds support for iOS. Learn how to install, configure, and use Microsoft Defender ATP for iOS.
-- [Microsoft Defender ATP for Android](microsoft-defender-atp-android.md)
Microsoft Defender ATP now adds support for Android. Learn how to install, configure, and use Microsoft Defender ATP for Android.
+- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint for Android.
-- [Web Content Filtering](web-content-filtering.md)
Web content filtering is part of web protection capabilities in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
+- [Web Content Filtering](web-content-filtering.md)
Web content filtering is part of web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
- [Device health and compliance report](machine-reports.md)
The device health and compliance report provides high-level information about the devices in your organization.
- [Information protection](information-protection-in-windows-overview.md)
-Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. Microsoft Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices.
+Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. Microsoft Defender for Endpoint is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices.
>[!NOTE]
>Partially available from Windows 10, version 1809.
-- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-version-1803-and-windows-server-2019)
Microsoft Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client devices.
+- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-version-1803-and-windows-server-2019)
Microsoft Defender for Endpoint now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client devices.
> [!TIP]
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-belowfoldlink)
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-belowfoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
index a1c3772e14..516c64e1b5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
@@ -20,28 +20,28 @@ ms.collection:
ms.topic: article
---
-# Set up Microsoft Defender ATP deployment
+# Set up Microsoft Defender for Endpoint deployment
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-Deploying Microsoft Defender ATP is a three-phase process:
+Deploying Defender for Endpoint is a three-phase process:
-\[9\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
+\[9\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
-\[10\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
+\[10\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
-\[11\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
+\[11\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
-\[12\] Applies only to Pro, Enterprise and Enterprise LTSB
+\[12\] Applies only to Pro, Enterprise, and Enterprise LTSB
\[13\] Applies only to Enterprise and Enterprise LTSB
@@ -690,25 +697,25 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
-
+
Phase 1: Prepare
-
+
Phase 2: Set up
@@ -63,7 +63,7 @@ In this deployment scenario, you'll be guided through the steps on:
>[!NOTE]
->For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Microsoft Defender ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender ATP](onboard-configure.md).
+>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md).
## Check license state
@@ -94,11 +94,11 @@ To gain access into which licenses are provisioned to your company, and to check
## Tenant Configuration
-When accessing Microsoft Defender Security Center for the first time, a wizard that will guide you through some initial steps. At the end of the setup wizard, there will be a dedicated cloud instance of Microsoft Defender ATP created. The easiest method is to perform these steps from a Windows 10 client device.
+When accessing Microsoft Defender Security Center for the first time, a wizard that will guide you through some initial steps. At the end of the setup wizard, there will be a dedicated cloud instance of Defender for Endpoint created. The easiest method is to perform these steps from a Windows 10 client device.
1. From a web browser, navigate to
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS.
[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
+|
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS.
[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)
-### Microsoft Defender ATP service backend IP range
+### Microsoft Defender for Endpoint service backend IP range
If you network devices don't support the URLs listed in the prior section, you can use the following information.
-Microsoft Defender ATP is built on Azure cloud, deployed in the following regions:
+Defender for Endpoint is built on Azure cloud, deployed in the following regions:
- \+\
[Phase 3: Onboard](onboarding.md) | Onboard devices to the service so that the Microsoft Defender ATP service can get sensor data from them.
+|
[Phase 3: Onboard](onboarding.md) | Onboard devices to the service so that the Microsoft Defender for Endpoint service can get sensor data from them.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
index 5ded65750b..d656f995c8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
@@ -17,24 +17,24 @@ ms.collection: M365-security-compliance
ms.topic: article
---
-# Pull Microsoft Defender ATP detections using SIEM REST API
+# Pull Microsoft Defender for Endpoint detections using SIEM REST API
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink)
>[!Note]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
->- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
->-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
+>- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
+>- [Microsoft Defender for Endpoint Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
+>-The Microsoft Defender for Endpoint Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
-Microsoft Defender ATP supports the OAuth 2.0 protocol to pull detections from the API.
+Microsoft Defender for Endpoint supports the OAuth 2.0 protocol to pull detections from the API.
In general, the OAuth 2.0 protocol supports four types of flows:
- Authorization grant flow
@@ -44,19 +44,19 @@ In general, the OAuth 2.0 protocol supports four types of flows:
For more information about the OAuth specifications, see the [OAuth Website](http://www.oauth.net).
-Microsoft Defender ATP supports the _Authorization grant flow_ and _Client credential flow_ to obtain access to pull detections, with Azure Active Directory (AAD) as the authorization server.
+Microsoft Defender for Endpoint supports the _Authorization grant flow_ and _Client credential flow_ to obtain access to pull detections, with Azure Active Directory (AAD) as the authorization server.
The _Authorization grant flow_ uses user credentials to get an authorization code, which is then used to obtain an access token.
-The _Client credential flow_ uses client credentials to authenticate against the Microsoft Defender ATP endpoint URL. This flow is suitable for scenarios when an OAuth client creates requests to an API that doesn't require user credentials.
+The _Client credential flow_ uses client credentials to authenticate against the Microsoft Defender for Endpoint endpoint URL. This flow is suitable for scenarios when an OAuth client creates requests to an API that doesn't require user credentials.
-Use the following method in the Microsoft Defender ATP API to pull detections in JSON format.
+Use the following method in the Microsoft Defender for Endpoint API to pull detections in JSON format.
>[!NOTE]
>Microsoft Defender Security Center merges similar alert detections into a single alert. This API pulls alert detections in its raw form based on the query parameters you set, enabling you to apply your own grouping and filtering.
## Before you begin
-- Before calling the Microsoft Defender ATP endpoint to pull detections, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md).
+- Before calling the Microsoft Defender for Endpoint endpoint to pull detections, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Microsoft Defender for Endpoint](enable-siem-integration.md).
- Take note of the following values in your Azure application registration. You need these values to configure the OAuth flow in your service or daemon app:
- Application ID (unique to your application)
@@ -67,7 +67,7 @@ Use the following method in the Microsoft Defender ATP API to pull detections in
## Get an access token
Before creating calls to the endpoint, you'll need to get an access token.
-You'll use the access token to access the protected resource, which are detections in Microsoft Defender ATP.
+You'll use the access token to access the protected resource, which are detections in Microsoft Defender for Endpoint.
To get an access token, you'll need to do a POST request to the token issuing endpoint. Here is a sample request:
@@ -92,10 +92,10 @@ The response will include an access token and expiry information.
"access_token":"eyJ0eXaioJJOIneiowiouqSuzNiZ345FYOVkaJL0625TueyaJasjhIjEnbMlWqP..."
}
```
-You can now use the value in the *access_token* field in a request to the Microsoft Defender ATP API.
+You can now use the value in the *access_token* field in a request to the Defender for Endpoint API.
## Request
-With an access token, your app can make authenticated requests to the Microsoft Defender ATP API. Your app must append the access token to the Authorization header of each request.
+With an access token, your app can make authenticated requests to the Microsoft Defender for Endpoint API. Your app must append the access token to the Authorization header of each request.
### Request syntax
Method | Request URI
@@ -200,7 +200,7 @@ Here is an example return value:
## Code examples
### Get access token
-The following code examples demonstrate how to obtain an access token for calling the Microsoft Defender ATP SIEM API.
+The following code examples demonstrate how to obtain an access token for calling the Microsoft Defender for Endpoint SIEM API.
```csharp
AuthenticationContext context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId));
@@ -250,7 +250,7 @@ echo ${tokenArr[1]} | cut -d "\"" -f2 | cut -d "\"" -f1 >> $scriptDir/LatestSIEM
```
### Use token to connect to the detections endpoint
-The following code examples demonstrate how to use an access token for calling the Microsoft Defender ATP SIEM API to get alerts.
+The following code examples demonstrate how to use an access token for calling the Defender for Endpoint SIEM API to get alerts.
```csharp
HttpClient httpClient = new HttpClient();
@@ -318,7 +318,7 @@ echo $apiResponse
```
## Error codes
-The Microsoft Defender ATP REST API returns the following error codes caused by an invalid request.
+The Microsoft Defender for Endpoint REST API returns the following error codes caused by an invalid request.
HTTP error code | Description
:---|:---
@@ -327,8 +327,8 @@ HTTP error code | Description
500 | Error in the service.
## Related topics
-- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-- [Configure ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
-- [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)
-- [Microsoft Defender ATP Detection fields](api-portal-mapping.md)
+- [Enable SIEM integration in Microsoft Defender for Endpoint](enable-siem-integration.md)
+- [Configure ArcSight to pull Microsoft Defender for Endpoint detections](configure-arcsight.md)
+- [Configure Splunk to pull Microsoft Defender for Endpoint detections](configure-splunk.md)
+- [Microsoft Defender for Endpoint Detection fields](api-portal-mapping.md)
- [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
index 3dd71c46a6..9e61246a70 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
@@ -17,16 +17,16 @@ ms.collection: M365-security-compliance
ms.topic: article
---
-# Configure Microsoft Defender ATP to stream Advanced Hunting events to your Azure Event Hubs
+# Configure Microsoft Defender for Endpoint to stream Advanced Hunting events to your Azure Event Hubs
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
+Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
## Before you begin:
@@ -65,7 +65,7 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w
- Each event hub message in Azure Event Hubs contains list of records.
- Each record contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**".
-- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](advanced-hunting-overview.md).
+- For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](advanced-hunting-overview.md).
- In Advanced Hunting, the **DeviceInfo** table has a column named **MachineGroup** which contains the group of the device. Here every event will be decorated with this column as well. See [Device Groups](machine-groups.md) for more information.
## Data types mapping:
@@ -88,6 +88,6 @@ To get the data types for event properties do the following:
## Related topics
- [Overview of Advanced Hunting](advanced-hunting-overview.md)
-- [Microsoft Defender ATP streaming API](raw-data-export.md)
-- [Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)
+- [Microsoft Defender for Endpoint streaming API](raw-data-export.md)
+- [Stream Microsoft Defender for Endpoint events to your Azure storage account](raw-data-export-storage.md)
- [Azure Event Hubs documentation](https://docs.microsoft.com/azure/event-hubs/)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
index ae061aa91b..804a1ff98e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
@@ -17,16 +17,16 @@ ms.collection: M365-security-compliance
ms.topic: article
---
-# Configure Microsoft Defender ATP to stream Advanced Hunting events to your Storage account
+# Configure Microsoft Defender for Endpoint to stream Advanced Hunting events to your Storage account
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
+Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
## Before you begin:
@@ -36,7 +36,7 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w
## Enable raw data streaming:
-1. Log in to [Microsoft Defender ATP portal](https://securitycenter.windows.com) with Global Admin user.
+1. Log in to [Microsoft Defender for Endpoint portal](https://securitycenter.windows.com) with Global Admin user.
2. Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center.
3. Click on **Add data export settings**.
4. Choose a name for your new settings.
@@ -65,8 +65,8 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w
```
- Each blob contains multiple rows.
-- Each row contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "properties".
-- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](advanced-hunting-overview.md).
+- Each row contains the event name, the time Defender for Endpoint received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "properties".
+- For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](advanced-hunting-overview.md).
- In Advanced Hunting, the **DeviceInfo** table has a column named **MachineGroup** which contains the group of the device. Here every event will be decorated with this column as well. See [Device Groups](machine-groups.md) for more information.
## Data types mapping:
@@ -89,6 +89,6 @@ In order to get the data types for our events properties do the following:
## Related topics
- [Overview of Advanced Hunting](advanced-hunting-overview.md)
-- [Microsoft Defender Advanced Threat Protection Streaming API](raw-data-export.md)
-- [Stream Microsoft Defender Advanced Threat Protection events to your Azure storage account](raw-data-export-storage.md)
+- [Microsoft Defender for Endpoint Streaming API](raw-data-export.md)
+- [Stream Microsoft Defender for Endpoint events to your Azure storage account](raw-data-export-storage.md)
- [Azure Storage Account documentation](https://docs.microsoft.com/azure/storage/common/storage-account-overview)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
index e5a93c9ecf..d619e6803f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
@@ -24,13 +24,13 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
## Stream Advanced Hunting events to Event Hubs and/or Azure storage account.
-Microsoft Defender ATP supports streaming all the events available through [Advanced Hunting](advanced-hunting-overview.md) to an [Event Hubs](https://docs.microsoft.com/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/azure/event-hubs/).
+Defender for Endpoint supports streaming all the events available through [Advanced Hunting](advanced-hunting-overview.md) to an [Event Hubs](https://docs.microsoft.com/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/azure/event-hubs/).
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4r4ga]
@@ -39,8 +39,8 @@ Microsoft Defender ATP supports streaming all the events available through [Adva
Topic | Description
:---|:---
-[Stream Microsoft Defender ATP events to Azure Event Hubs](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](advanced-hunting-overview.md) to Event Hubs.
-[Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](advanced-hunting-overview.md) to your Azure storage account.
+[Stream Microsoft Defender for Endpoint events to Azure Event Hubs](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure Defender for Endpoint to stream [Advanced Hunting](advanced-hunting-overview.md) to Event Hubs.
+[Stream Defender for Endpoint events to your Azure storage account](raw-data-export-storage.md)| Learn about enabling the streaming API in your tenant and configure Defender for Endpoint to stream [Advanced Hunting](advanced-hunting-overview.md) to your Azure storage account.
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/rbac.md b/windows/security/threat-protection/microsoft-defender-atp/rbac.md
index d0659c30a2..754b84fd55 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/rbac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/rbac.md
@@ -24,9 +24,9 @@ ms.topic: article
**Applies to:**
- Azure Active Directory
- Office 365
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-rbac-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-rbac-abovefoldlink)
Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the portal. Based on the roles and groups you create, you have fine-grained control over what users with access to the portal can see and do.
@@ -41,10 +41,10 @@ Tier 1 | **Local security operations team / IT team**
This team usually tri
Tier 2 | **Regional security operations team**
This team can see all the devices for their region and perform remediation actions.
Tier 3 | **Global security operations team**
This team consists of security experts and are authorized to see and perform all actions from the portal.
-Microsoft Defender ATP RBAC is designed to support your tier- or role-based model of choice and gives you granular control over what roles can see, devices they can access, and actions they can take. The RBAC framework is centered around the following controls:
+Defender for Endpoint RBAC is designed to support your tier- or role-based model of choice and gives you granular control over what roles can see, devices they can access, and actions they can take. The RBAC framework is centered around the following controls:
- **Control who can take specific action**
- - Create custom roles and control what Microsoft Defender ATP capabilities they can access with granularity.
+ - Create custom roles and control what Defender for Endpoint capabilities they can access with granularity.
- **Control who can see information on specific device group or groups**
- [Create device groups](machine-groups.md) by specific criteria such as names, tags, domains, and others, then grant role access to them using a specific Azure Active Directory (Azure AD) user group.
@@ -61,18 +61,18 @@ Before using RBAC, it's important that you understand the roles that can grant p
When you first log in to Microsoft Defender Security Center, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD.
-Someone with a Microsoft Defender ATP Global administrator role has unrestricted access to all devices, regardless of their device group association and the Azure AD user groups assignments
+Someone with a Defender for Endpoint Global administrator role has unrestricted access to all devices, regardless of their device group association and the Azure AD user groups assignments
> [!WARNING]
> Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in Microsoft Defender Security Center, therefore, having the right groups ready in Azure AD is important.
>
> **Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role.**
>
->Users with admin permissions are automatically assigned the default built-in Microsoft Defender ATP global administrator role with full permissions. After opting in to use RBAC, you can assign additional users that are not Azure AD Global or Security Administrators to the Microsoft Defender ATP global administrator role.
+>Users with admin permissions are automatically assigned the default built-in Defender for Endpoint global administrator role with full permissions. After opting in to use RBAC, you can assign additional users that are not Azure AD Global or Security Administrators to the Defender for Endpoint global administrator role.
>
> After opting in to use RBAC, you cannot revert to the initial roles as when you first logged into the portal.
## Related topic
-- [Create and manage device groups in Microsoft Defender ATP](machine-groups.md)
+- [Create and manage device groups in Microsoft Defender for Endpoint](machine-groups.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
index 4e9bf9b693..4d71206462 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
@@ -21,9 +21,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
index b22362ce0a..336099ffa7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
@@ -24,11 +24,11 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[!include[Prerelease information](../../includes/prerelease.md)]
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-responddile-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-responddile-abovefoldlink)
Quickly respond to detected attacks by stopping and quarantining files or blocking a file. After taking action on files, you can check activity details in the Action center.
@@ -131,7 +131,7 @@ You can roll back and remove a file from quarantine if you’ve determined that
> [!NOTE]
> In some scenarios, the **ThreatName** may appear as: EUS:Win32/CustomEnterpriseBlock!cl.
>
-> Microsoft Defender ATP will restore all custom blocked files that were quarantined on this device in the last 30 days.
+> Defender for Endpoint will restore all custom blocked files that were quarantined on this device in the last 30 days.
## Add indicator to block or allow a file
@@ -177,7 +177,7 @@ When you select this action, a fly-out will appear. From the fly-out, you can re
-If a file is not already stored by Microsoft Defender ATP, you cannot download it. Instead, you will see a **Collect file** button in the same location. If a file has not been seen in the organization in the past 30 days, **Collect file** will be disabled.
+If a file is not already stored by Defender for Endpoint, you cannot download it. Instead, you will see a **Collect file** button in the same location. If a file has not been seen in the organization in the past 30 days, **Collect file** will be disabled.
## Consult a threat expert
@@ -216,7 +216,7 @@ Use the deep analysis feature to investigate the details of any file, usually du
>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4aAYy?rel=0]
-**Submit for deep analysis** is enabled when the file is available in the Microsoft Defender ATP backend sample collection, or if it was observed on a Windows 10 device that supports submitting to deep analysis.
+**Submit for deep analysis** is enabled when the file is available in the Defender for Endpoint backend sample collection, or if it was observed on a Windows 10 device that supports submitting to deep analysis.
> [!NOTE]
> Only files from Windows 10 can be automatically collected.
@@ -224,9 +224,9 @@ Use the deep analysis feature to investigate the details of any file, usually du
You can also manually submit a sample through the [Microsoft Security Center Portal](https://www.microsoft.com/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 device, and wait for **Submit for deep analysis** button to become available.
> [!NOTE]
-> Due to backend processing flows in the Microsoft Security Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Microsoft Defender ATP.
+> Due to backend processing flows in the Microsoft Security Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Defender for Endpoint.
-When the sample is collected, Microsoft Defender ATP runs the file in is a secure environment and creates a detailed report of observed behaviors and associated artifacts, such as files dropped on devices, communication to IPs, and registry modifications.
+When the sample is collected, Defender for Endpoint runs the file in is a secure environment and creates a detailed report of observed behaviors and associated artifacts, such as files dropped on devices, communication to IPs, and registry modifications.
**Submit files for deep analysis:**
@@ -249,7 +249,7 @@ A progress bar is displayed and provides information on the different stages of
**View deep analysis reports**
-View the deep analysis report that Microsoft Defender ATP provides to see the details of the deep analysis that was conducted on the file you submitted. This feature is available in the file view context.
+View the deep analysis report that Defender for Endpoint provides to see the details of the deep analysis that was conducted on the file you submitted. This feature is available in the file view context.
You can view the comprehensive report that provides details on the following sections:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
index 89647f9832..4bb5a90936 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
@@ -23,9 +23,9 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-respondmachine-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-respondmachine-abovefoldlink)
Quickly respond to detected attacks by isolating devices or collecting an investigation package. After taking action on devices, you can check activity details on the Action center.
@@ -128,7 +128,7 @@ One you have selected **Run antivirus scan**, select the scan type that you'd li
The Action center will show the scan information and the device timeline will include a new event, reflecting that a scan action was submitted on the device. Microsoft Defender AV alerts will reflect any detections that surfaced during the scan.
>[!NOTE]
->When triggering a scan using Microsoft Defender ATP response action, Microsoft Defender antivirus 'ScanAvgCPULoadFactor' value still applies and limits the CPU impact of the scan.
+>When triggering a scan using Defender for Endpoint response action, Microsoft Defender antivirus 'ScanAvgCPULoadFactor' value still applies and limits the CPU impact of the scan.
>If ScanAvgCPULoadFactor is not configured, the default value is a limit of 50% maximum CPU load during a scan.
>For more information, see [configure-advanced-scan-types-microsoft-defender-antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus).
@@ -163,7 +163,7 @@ Depending on the severity of the attack and the sensitivity of the device, you m
>- Full isolation is available for devices on Windows 10, version 1703.
>- Selective isolation is available for devices on Windows 10, version 1709 or later.
-This device isolation feature disconnects the compromised device from the network while retaining connectivity to the Microsoft Defender ATP service, which continues to monitor the device.
+This device isolation feature disconnects the compromised device from the network while retaining connectivity to the Defender for Endpoint service, which continues to monitor the device.
On Windows 10, version 1709 or later, you'll have additional control over the network isolation level. You can also choose to enable Outlook, Microsoft Teams, and Skype for Business connectivity (a.k.a 'Selective Isolation').
@@ -175,7 +175,7 @@ Once you have selected **Isolate device** on the device page, type a comment and
>[!NOTE]
->The device will remain connected to the Microsoft Defender ATP service even if it is isolated from the network. If you've chosen to enable Outlook and Skype for Business communication, then you'll be able to communicate to the user while the device is isolated.
+>The device will remain connected to the Defender for Endpoint service even if it is isolated from the network. If you've chosen to enable Outlook and Skype for Business communication, then you'll be able to communicate to the user while the device is isolated.
**Notification on device user**:
When a device is being isolated, the following notification is displayed to inform the user that the device is being isolated from the network:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
index 7b9e53a6e8..414c106934 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
@@ -21,9 +21,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
@@ -37,7 +37,7 @@ Restrict execution of all applications on the device except a predefined set.
[!include[Device actions note](../../includes/machineactionsnote.md)]
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
index 821c82fed3..28ce3b1696 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
@@ -18,18 +18,18 @@ ms.topic: conceptual
ms.date: 5/1/2020
---
-# Review alerts in Microsoft Defender Advanced Threat Protection
+# Review alerts in Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
-The alert page in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) provides full context to the alert, by combining attack signals and alerts related to the selected alert, to construct a detailed alert story.
+The alert page in Microsoft Defender for Endpoint provides full context to the alert, by combining attack signals and alerts related to the selected alert, to construct a detailed alert story.
Quickly triage, investigate, and take effective action on alerts that affect your organization. Understand why they were triggered, and their impact from one location. Learn more in this overview.
@@ -37,7 +37,7 @@ Quickly triage, investigate, and take effective action on alerts that affect you
## Getting started with an alert
-Clicking on an alert's name in Microsoft Defender ATP will land you on its alert page. On the alert page, all the information will be shown in context of the selected alert. Each alert page consists of 4 sections:
+Clicking on an alert's name in Defender for Endpoint will land you on its alert page. On the alert page, all the information will be shown in context of the selected alert. Each alert page consists of 4 sections:
1. **The alert title** shows the alert's name and is there to remind you which alert started your current investigation regardless of what you have selected on the page.
2. [**Affected assets**](#review-affected-assets) lists cards of devices and users affected by this alert that are clickable for further information and actions.
@@ -46,7 +46,7 @@ Clicking on an alert's name in Microsoft Defender ATP will land you on its alert
-Note the detection status for your alert. Blocked, prevented, or remediated means actions were already taken by Microsoft Defender ATP.
+Note the detection status for your alert. Blocked, prevented, or remediated means actions were already taken by Defender for Endpoint.
Start by reviewing the *automated investigation details* in your alert's [details pane](#take-action-from-the-details-pane), to see which actions were already taken, as well as reading the alert's description for recommended actions.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
index 91772a215f..ce6887fc58 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@@ -22,9 +22,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## Limitations
1. You can only run a query on data from the last 30 days.
@@ -36,7 +36,7 @@ ms.topic: article
5. 429 response will represent reaching quota limit either by number of requests or by CPU. The 429 response body will also indicate the time until the quota is renewed.
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
@@ -137,6 +137,6 @@ Here is an example of the response.
```
## Related topic
-- [Microsoft Defender ATP APIs introduction](apis-intro.md)
+- [Microsoft Defender for Endpoint APIs introduction](apis-intro.md)
- [Advanced Hunting from Portal](advanced-hunting-query-language.md)
- [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
index dfb227ec23..cc1e69bc35 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
@@ -22,7 +22,7 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Run advanced queries using PowerShell, see [Advanced Hunting API](run-advanced-query-api.md).
@@ -65,7 +65,7 @@ $aadToken = $response.access_token
where
- $tenantId: ID of the tenant on behalf of which you want to run the query (that is, the query will be run on the data of this tenant)
-- $appId: ID of your Azure AD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
+- $appId: ID of your Azure AD app (the app must have 'Run advanced queries' permission to Defender for Endpoint)
- $appSecret: Secret of your Azure AD app
## Run query
@@ -117,6 +117,6 @@ $results | ConvertTo-Json | Set-Content file1.json
## Related topic
-- [Microsoft Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender for Endpoint APIs](apis-intro.md)
- [Advanced Hunting API](run-advanced-query-api.md)
- [Advanced Hunting using Python](run-advanced-query-sample-python.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
index 55f4d1ec1b..c7d5c9e145 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
@@ -24,7 +24,7 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Run advanced queries using Python, see [Advanced Hunting API](run-advanced-query-api.md).
@@ -68,7 +68,7 @@ aadToken = jsonResponse["access_token"]
where
- tenantId: ID of the tenant on behalf of which you want to run the query (that is, the query will be run on the data of this tenant)
-- appId: ID of your Azure AD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
+- appId: ID of your Azure AD app (the app must have 'Run advanced queries' permission to Microsoft Defender for Endpoint)
- appSecret: Secret of your Azure AD app
## Run query
@@ -147,6 +147,6 @@ outputFile.close()
## Related topic
-- [Microsoft Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender for Endpoint APIs](apis-intro.md)
- [Advanced Hunting API](run-advanced-query-api.md)
- [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
index ac66c55986..9525f7a282 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
@@ -21,9 +21,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
@@ -37,7 +37,7 @@ Initiate Microsoft Defender Antivirus scan on a device.
[!include[Device actions note](../../includes/machineactionsnote.md)]
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
index 21efcfa495..0ade180410 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
@@ -19,7 +19,7 @@ ms.collection:
ms.topic: article
---
-# Run a detection test on a newly onboarded Microsoft Defender ATP device
+# Run a detection test on a newly onboarded Microsoft Defender for Endpoint device
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
@@ -30,10 +30,10 @@ ms.topic: article
- Windows Server 2016
- Windows Server, version 1803
- Windows Server, 2019
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-Run the following PowerShell script on a newly onboarded device to verify that it is properly reporting to the Microsoft Defender ATP service.
+Run the following PowerShell script on a newly onboarded device to verify that it is properly reporting to the Defender for Endpoint service.
1. Create a folder: 'C:\test-MDATP-test'.
2. Open an elevated command-line prompt on the device and run the script:
@@ -55,4 +55,4 @@ The Command Prompt window will close automatically. If successful, the detection
## Related topics
- [Onboard Windows 10 devices](configure-endpoints.md)
- [Onboard servers](configure-server-endpoints.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)
From 4d5eac991e3f43d22066314a81ade73bd5298df8 Mon Sep 17 00:00:00 2001
From: Tina Burden
Also, verify that the package that you are installing matches the processor architecture of the Windows version that you are using. For example, an x86-based update cannot be installed on x64-based installations of Windows. |
-|Missing prerequisite update|Some updates require a prerequisite update before they can be applied to a system. If you are missing a prerequisite update, you may encounter this error message. For example, KB 2919355 must be installed on Windows 8.1 and Windows Server 2012 R2 computers before many of the updates that were released after April 2014 can be installed.|Check the related articles about the package in the Microsoft Knowledge Base (KB) to make sure that you have the prerequisite updates installed. For example, if you encounter the error message on Windows 8.1 or Windows Server 2012 R2, you may have to install the April 2014 update 2919355 as a prerequisite and one or more pre-requisite servicing updates (KB 2919442 and KB 3173424).
Note: To determine if these prerequisite updates are installed, run the following PowerShell command:
get-hotfix KB3173424,KB2919355,KB2919442
If the updates are installed, the command will return the installed date in the "InstalledOn" section of the output.
+|Missing prerequisite update|Some updates require a prerequisite update before they can be applied to a system. If you are missing a prerequisite update, you may encounter this error message. For example, KB 2919355 must be installed on Windows 8.1 and Windows Server 2012 R2 computers before many of the updates that were released after April 2014 can be installed.|Check the related articles about the package in the Microsoft Knowledge Base (KB) to make sure that you have the prerequisite updates installed. For example, if you encounter the error message on Windows 8.1 or Windows Server 2012 R2, you may have to install the April 2014 update 2919355 as a prerequisite and one or more pre-requisite servicing updates (KB 2919442 and KB 3173424).
To determine if these prerequisite updates are installed, run the following PowerShell command:
`get-hotfix KB3173424,KB2919355, KB2919442`.
If the updates are installed, the command will return the installed date in the `InstalledOn` section of the output.
## Issues related to firewall configuration
-Error that may be seen in the WU logs:
+Error that you might see in Windows Update logs:
```console
DownloadManager Error 0x800706d9 occurred while downloading update; notifying dependent calls.
```
@@ -150,33 +149,34 @@ DownloadManager [0]12F4.1FE8::09/29/2017-13:45:08.530 [agent]DO job {C6E2F6DC-5B
Go to Services.msc and ensure that Windows Firewall Service is enabled. Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft. For more information, see [I need to disable Windows Firewall](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc766337(v=ws.10)).
## Issues arising from configuration of conflicting policies
-Windows Update provides a wide range configuration policies to control the behavior of WU service in a managed environment. While these policies let you configure the settings at a granular level, misconfiguration or setting conflicting polices may lead to unexpected behaviors.
+Windows Update provides a wide range configuration policy to control the behavior of the Windows Update service in a managed environment. While these policies let you configure the settings at a granular level, misconfiguration or setting conflicting policies may lead to unexpected behaviors.
See [How to configure automatic updates by using Group Policy or registry settings](https://support.microsoft.com/help/328010/how-to-configure-automatic-updates-by-using-group-policy-or-registry-s) for more information.
## Device cannot access update files
-Check that your device can access these Windows Update endpoints:
-- `http://windowsupdate.microsoft.com`
-- `http://*.windowsupdate.microsoft.com`
-- `https://*.windowsupdate.microsoft.com`
-- `http://*.update.microsoft.com`
-- `https://*.update.microsoft.com`
-- `http://*.windowsupdate.com`
-- `http://download.windowsupdate.com`
-- `https://download.microsoft.com`
-- `http://*.download.windowsupdate.com`
-- `http://wustat.windows.com`
-- `http://ntservicepack.microsoft.com`
-- `https://*.prod.do.dsp.mp.microsoft.com`
-- `http://*.dl.delivery.mp.microsoft.com`
-- `https://*.delivery.mp.microsoft.com`
-- `https://tsfe.trafficshaping.dsp.mp.microsoft.com`
-
- Allow these endpoints for future use.
+Ensure that devices can reach necessary Windows Update endpoints through the firewall. For example, for Windows 10, version 2004, the following protocols must be able to reach these respective endpoints:
+
+
+|Protocol |Endpoint URL |
+|---------|---------|
+|TLS 1.2 | `*.prod.do.dsp.mp.microsoft.com` |
+|HTTP | `emdl.ws.microsoft.com` |
+|HTTP | `*.dl.delivery.mp.microsoft.com` |
+|HTTP | `*.windowsupdate.com` |
+|HTTPS | `*.delivery.mp.microsoft.com` |
+|TLS 1.2 | `*.update.microsoft.com` |
+|TLS 1.2 | `tsfe.trafficshaping.dsp.mp.microsoft.com` |
+
+> [!NOTE]
+> Be sure not to use HTTPS for those endpoints that specify HTTP, and vice versa. The connection will fail.
+
+The specific endpoints can vary between Windows 10 versions. See, for example, [Windows 10 2004 Enterprise connection endpoints](https://docs.microsoft.com/windows/privacy/manage-windows-2004-endpoints). Similar articles for other Windows 10 versions are available in the table of contents nearby.
+
## Updates aren't downloading from the intranet endpoint (WSUS or Configuration Manager)
-Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps:
+Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps:
+
1. Start Windows PowerShell as an administrator.
2. Run \$MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager".
3. Run \$MUSM.Services.
@@ -192,14 +192,14 @@ Check the output for the Name and OffersWindowsUPdates parameters, which you can
|- Name: Windows Update
- OffersWindowsUpdates: True|- The source is Windows Update.
- The client is configured to receive updates from Windows Update Online.|
## You have a bad setup in the environment
-If we look at the GPO being set through registry, the system is configured to use WSUS to download updates:
+In this example, per the Group Policy set through registry, the system is configured to use WSUS to download updates (note the second line):
```console
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
-"UseWUServer"=dword:00000001 ===================================> it says use WSUS server.
+"UseWUServer"=dword:00000001
```
-From the WU logs:
+From Windows Update logs:
```console
2018-08-06 09:33:31:085 480 1118 Agent ** START ** Agent: Finding updates [CallerId = OperationalInsight Id = 49]
2018-08-06 09:33:31:085 480 1118 Agent *********
@@ -215,7 +215,7 @@ From the WU logs:
In the above log snippet, we see that the Criteria = "IsHidden = 0 AND DeploymentAction=*". "*" means there is nothing specified from the server. So, the scan happens but there is no direction to download or install to the agent. So it just scans the update and provides the results.
-Now if you look at the below logs, the Automatic update runs the scan and finds no update approved for it. So it reports there are 0 updates to install or download. This is due to bad setup or configuration in the environment. The WSUS side should approve the patches for WU so that it fetches the updates and installs it on the specified time according to the policy. Since this scenario doesn't include Configuration Manager, there's no way to install unapproved updates. And that is the problem you are facing. You expect that the scan should be done by the operational insight agent and automatically trigger download and install but that won’t happen here.
+Now if you look at the below logs, the Automatic update runs the scan and finds no update approved for it. So it reports there are no updates to install or download. This is due to an incorrect configuration. The WSUS side should approve the updates for Windows Update so that it fetches the updates and installs them at the specified time according to the policy. Since this scenario doesn't include Configuration Manager, there's no way to install unapproved updates. You're expecting the operational insight agent to do the scan and automatically trigger the download and installation but that won’t happen with this configuration.
```console
2018-08-06 10:58:45:992 480 5d8 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 57]
From 25a70fc716fcc93b42f4abdbde37c09489239c3b Mon Sep 17 00:00:00 2001
From: Beth Woodbury <40870842+levinec@users.noreply.github.com>
Date: Wed, 11 Nov 2020 12:06:56 -0800
Subject: [PATCH 47/85] Update exploits-malware.md
---
.../threat-protection/intelligence/exploits-malware.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/security/threat-protection/intelligence/exploits-malware.md b/windows/security/threat-protection/intelligence/exploits-malware.md
index 36ef30a468..ac9b1e0cb1 100644
--- a/windows/security/threat-protection/intelligence/exploits-malware.md
+++ b/windows/security/threat-protection/intelligence/exploits-malware.md
@@ -37,11 +37,11 @@ Several notable threats, including Wannacry, exploit the Server Message Block (S
Examples of exploit kits:
-- Angler / [Axpergle](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Axpergle)
+- Angler / [Axpergle](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Axpergle)
-- [Neutrino](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?name=JS/NeutrinoEK)
+- [Neutrino](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=JS/NeutrinoEK)
-- [Nuclear](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Neclu)
+- [Nuclear](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Neclu)
To learn more about exploits, read this blog post on [taking apart a double zero-day sample discovered in joint hunt with ESET.](https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/)
From 4454ae46ef7f425612416cc3c618104de597a2e4 Mon Sep 17 00:00:00 2001
From: Beth Woodbury <40870842+levinec@users.noreply.github.com>
Date: Wed, 11 Nov 2020 12:08:58 -0800
Subject: [PATCH 48/85] Update exploits-malware.md
---
.../threat-protection/intelligence/exploits-malware.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/intelligence/exploits-malware.md b/windows/security/threat-protection/intelligence/exploits-malware.md
index ac9b1e0cb1..f7895be9f2 100644
--- a/windows/security/threat-protection/intelligence/exploits-malware.md
+++ b/windows/security/threat-protection/intelligence/exploits-malware.md
@@ -37,11 +37,11 @@ Several notable threats, including Wannacry, exploit the Server Message Block (S
Examples of exploit kits:
-- Angler / [Axpergle](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Axpergle)
+- Angler / [Axpergle](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=JS/Axpergle)
- [Neutrino](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=JS/NeutrinoEK)
-- [Nuclear](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Neclu)
+- [Nuclear](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=JS/Neclu)
To learn more about exploits, read this blog post on [taking apart a double zero-day sample discovered in joint hunt with ESET.](https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/)
From 69d5498bc33f85474f0bb932c1443d39afa58ac5 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila
-> Even though Microsoft Defender for Endpoint for Mac new implementation based on system extensions is only applicable to devices running macOS version 10.15.4 or later, deploying configuration proactively across the entire macOS fleet will ensure that even down-level devices are prepared for the day when Apple releases macOS 11 Big Sur and will ensure that Microsoft Defender for Endpoint for Mac continues protecting all macOS devices regardless OS version they were running prior to the Big Sur upgrade.
->
-> 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
-> 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
+> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue.
## 101.10.72
@@ -57,9 +40,6 @@ ms.topic: conceptual
- This product version has been validated on macOS Big Sur 11 beta 9
- > [!IMPORTANT]
- > Extensive testing of MDE (Microsoft Defender for Endpoint) with new macOS system extensions revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue.
-
- The new syntax for the `mdatp` command-line tool is now the default one. For more information on the new syntax, see [Resources for Microsoft Defender for Endpoint for Mac](mac-resources.md#configuring-from-the-command-line)
> [!NOTE]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index e0e09fc815..808f3f9bc1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -65,10 +65,13 @@ There are several methods and deployment tools that you can use to install and c
The three most recent major releases of macOS are supported.
+> [!IMPORTANT]
+> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue.
+
- 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
- Disk space: 1GB
-Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on January 1, 2020.
+Beta versions of macOS are not supported.
After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
From 3627397d9d4378249e7963165e0237b76b1ae28e Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Wed, 11 Nov 2020 23:23:52 +0200
Subject: [PATCH 50/85] Fix broken link
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8578
Used social technet link instead of web.archive one.
---
.../information-protection/bitlocker/bitlocker-overview.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md
index 131a256f82..2b79e081bc 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md
@@ -62,7 +62,7 @@ A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant B
The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment.
> [!IMPORTANT]
-> From Windows 7, you can encrypt an OS drive without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://blogs.technet.microsoft.com/tip_of_the_day/2014/01/22/tip-of-the-day-bitlocker-without-tpm-or-usb/).
+> From Windows 7, you can encrypt an OS drive without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://social.technet.microsoft.com/Forums/en-US/eac2cc67-8442-42db-abad-2ed173879751/bitlocker-without-tpm?forum=win10itprosetup).
> [!NOTE]
> TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature.
From 6b5b3b3dd2d785f4d14f95af57360b2b3a8ba962 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
10.0.15063
#3095
-
+
Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)10.0.15063
#3094
-
@@ -333,40 +340,40 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
+
Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)Boot Manager
10.0.15063
#3089
-
Windows OS Loader
10.0.15063
#3090
-
Windows Resume[1]
10.0.15063
#3091
-FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
+FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
BitLocker® Dump Filter[2]
10.0.15063
#3092
-FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790)
+FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790)
Code Integrity (ci.dll)
10.0.15063
#3093
-
@@ -401,7 +408,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
Secure Kernel Code Integrity (skci.dll)[3]
10.0.15063
#3096
-Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
10.0.14393
#2937
-
+
Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)Kernel Mode Cryptographic Primitives Library (cng.sys)
10.0.14393
#2936
-
+
Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)Boot Manager
10.0.14393
#2931
-
@@ -434,7 +441,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
BitLocker® Windows OS Loader (winload)
10.0.14393
#2932
-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
Other algorithms: NDRNG; MD5BitLocker® Windows Resume (winresume)[1]
10.0.14393
#2933
-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
@@ -442,13 +449,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
Other algorithms: MD5BitLocker® Dump Filter (dumpfve.sys)[2]
10.0.14393
#2934
-FIPS Approved algorithms: AES (Certs. #4061 and #4064)
+FIPS approved algorithms: AES (Certs. #4061 and #4064)
@@ -520,7 +527,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
Code Integrity (ci.dll)
10.0.14393
#2935
-
+
Other algorithms: AES (non-compliant); MD5Secure Kernel Code Integrity (skci.dll)[3]
10.0.14393
#2938
-
+
Other algorithms: MD5Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
10.0.10586
#2606
-
+
Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)Kernel Mode Cryptographic Primitives Library (cng.sys)
10.0.10586
#2605
-
+
Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)Boot Manager[4]
10.0.10586
#2700
-FIPS Approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)
+FIPS approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)
Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)BitLocker® Windows OS Loader (winload)[5]
10.0.10586
#2701
-FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)
+FIPS approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)
@@ -528,7 +535,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
Other algorithms: MD5; NDRNGBitLocker® Windows Resume (winresume)[6]
10.0.10586
#2702
-FIPS Approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)
+FIPS approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)
@@ -536,13 +543,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
Other algorithms: MD5BitLocker® Dump Filter (dumpfve.sys)[7]
10.0.10586
#2703
-FIPS Approved algorithms: AES (Certs. #3653)
+FIPS approved algorithms: AES (Certs. #3653)
@@ -618,7 +625,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
Code Integrity (ci.dll)
10.0.10586
#2604
-
+
Other algorithms: AES (non-compliant); MD5Secure Kernel Code Integrity (skci.dll)[8]
10.0.10586
#2607
-
+
Other algorithms: MD5Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
10.0.10240
#2606
-
+
Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)Kernel Mode Cryptographic Primitives Library (cng.sys)
10.0.10240
#2605
-
+
Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)Boot Manager[9]
10.0.10240
#2600
-FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)
+FIPS approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)
Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)BitLocker® Windows OS Loader (winload)[10]
10.0.10240
#2601
-FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
+FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
@@ -626,7 +633,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
Other algorithms: MD5; NDRNGBitLocker® Windows Resume (winresume)[11]
10.0.10240
#2602
-FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
+FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
@@ -634,13 +641,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface
Other algorithms: MD5BitLocker® Dump Filter (dumpfve.sys)[12]
10.0.10240
#2603
-FIPS Approved algorithms: AES (Certs. #3497 and #3498)
+FIPS approved algorithms: AES (Certs. #3497 and #3498)
Code Integrity (ci.dll)
10.0.10240
#2604
-
+
Other algorithms: AES (non-compliant); MD5Secure Kernel Code Integrity (skci.dll)[13]
10.0.10240
#2607
-
+
Other algorithms: MD5Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
6.3.9600 6.3.9600.17031
#2357
-
+
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys)
6.3.9600 6.3.9600.17042
#2356
-
+
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
@@ -716,7 +723,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
Boot Manager
6.3.9600 6.3.9600.17031
#2351
-FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)BitLocker® Windows OS Loader (winload)
6.3.9600 6.3.9600.17031
#2352
-FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
@@ -724,7 +731,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
Other algorithms: MD5; NDRNGBitLocker® Windows Resume (winresume)[14]
6.3.9600 6.3.9600.17031
#2353
-FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
@@ -732,7 +739,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
Other algorithms: MD5BitLocker® Dump Filter (dumpfve.sys)
6.3.9600 6.3.9600.17031
#2354
-FIPS Approved algorithms: AES (Cert. #2832)
+FIPS approved algorithms: AES (Cert. #2832)
@@ -740,7 +747,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded
Other algorithms: N/ACode Integrity (ci.dll)
6.3.9600 6.3.9600.17031
#2355#2355
-
+
Other algorithms: MD5Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
6.2.9200
#1892
-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
@@ -777,17 +784,17 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
Kernel Mode Cryptographic Primitives Library (cng.sys)
6.2.9200
#1891
-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
@@ -795,7 +802,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
Boot Manager
6.2.9200
#1895
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
Other algorithms: MD5BitLocker® Windows OS Loader (WINLOAD)
6.2.9200
#1896
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
@@ -803,7 +810,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNGBitLocker® Windows Resume (WINRESUME)[15]
6.2.9200
#1898
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
@@ -811,7 +818,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
Other algorithms: MD5BitLocker® Dump Filter (DUMPFVE.SYS)
6.2.9200
#1899
-FIPS Approved algorithms: AES (Certs. #2196 and #2198)
+FIPS approved algorithms: AES (Certs. #2196 and #2198)
@@ -819,7 +826,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
Other algorithms: N/ACode Integrity (CI.DLL)
6.2.9200
#1897
-FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
@@ -827,19 +834,19 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
Other algorithms: MD5Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
6.2.9200
#1893
-FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Cert., vendor affirmed)
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed)
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert., key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced Cryptographic Provider (RSAENH.DLL)
6.2.9200
#1894
-FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
1329
-FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)
-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Kernel Mode Cryptographic Primitives Library (cng.sys)
@@ -887,16 +894,16 @@ Validated Editions: Windows 7, Windows 7 SP1
1328
-FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
@@ -932,7 +939,7 @@ Validated Editions: Windows 7, Windows 7 SP1
Boot Manager
1319
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)
@@ -913,7 +920,7 @@ Validated Editions: Windows 7, Windows 7 SP1
1326
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)
Other algorithms: MD51332
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
@@ -945,7 +952,7 @@ Validated Editions: Windows 7, Windows 7 SP1
Other algorithms: Elephant Diffuser1327
-FIPS Approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)
+FIPS approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)
@@ -954,7 +961,7 @@ Validated Editions: Windows 7, Windows 7 SP1
Other algorithms: MD56.1.7600.16385
(no change in SP1)1331
-FIPS Approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
@@ -963,9 +970,9 @@ Validated Editions: Windows 7, Windows 7 SP1
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC46.1.7600.16385
(no change in SP1)1330
-FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength)Boot Manager (bootmgr)
6.0.6001.18000 and 6.0.6002.18005
978
-FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753)
+FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753)
@@ -1007,37 +1014,37 @@ Validated Editions: Ultimate Edition
Winload OS Loader (winload.exe)
6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596
979
-FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)
+FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)
Other algorithms: MD5Code Integrity (ci.dll)
6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005
980
-FIPS Approved algorithms: RSA (Cert. #354); SHS (Cert. #753)
+FIPS approved algorithms: RSA (Cert. #354); SHS (Cert. #753)
Other algorithms: MD5
Kernel Mode Security Support Provider Interface (ksecdd.sys)
-6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869
+6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869
1000
-
Cryptographic Primitives Library (bcrypt.dll)
-6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872
+6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872
1001
-
Enhanced Cryptographic Provider (RSAENH)
-6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005
+6.0.6001.22202 and 6.0.6002.18005
1002
-
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
-6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005
+6.0.6001.18000 and 6.0.6002.18005
1003
-Enhanced Cryptographic Provider (RSAENH)
6.0.6000.16386
893
-FIPS Approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+FIPS approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
6.0.6000.16386
894
-FIPS Approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
@@ -1083,9 +1090,9 @@ Validated Editions: Ultimate Edition
BitLocker™ Drive Encryption
6.0.6000.16386
947
-FIPS Approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)
+FIPS approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)
Other algorithms: Elephant DiffuserKernel Mode Security Support Provider Interface (ksecdd.sys)
6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067
891
-FIPS Approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+FIPS approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5
@@ -1111,22 +1118,22 @@ Validated Editions: Ultimate Edition
-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5Kernel Mode Cryptographic Module (FIPS.SYS)
5.1.2600.5512
997
-
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
5.1.2600.5507
990
-
@@ -1152,14 +1159,14 @@ Validated Editions: Ultimate Edition
Enhanced Cryptographic Provider (RSAENH)
5.1.2600.5507
989
-DSS/Diffie-Hellman Enhanced Cryptographic Provider
5.1.2600.2133
240
-
@@ -1186,7 +1193,7 @@ Validated Editions: Ultimate Edition
Microsoft Enhanced Cryptographic Provider
5.1.2600.2161
238
-Microsoft Enhanced Cryptographic Provider
5.1.2600.1029
238
-Kernel Mode Cryptographic Module
5.1.2600.0
241
-Kernel Mode Cryptographic Module (FIPS.SYS)
5.0.2195.1569
106
-
@@ -1250,7 +1257,7 @@ Validated Editions: Ultimate Edition
@@ -1277,7 +1284,7 @@ Validated Editions: Ultimate Edition
103
-Kernel Mode Cryptographic Module (FIPS.SYS)
5.0.2195.1569
106
-
@@ -1291,7 +1298,7 @@ Validated Editions: Ultimate Edition
@@ -1321,7 +1328,7 @@ Validated Editions: Ultimate Edition
103
-103
-Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
5.0.2150.1
76
-Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
5.0.1877.6 and 5.0.1877.7
75
-Base Cryptographic Provider
5.0.1877.6 and 5.0.1877.7
68
-FIPS Approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)
+FIPS approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)
@@ -1631,7 +1638,7 @@ Validated Editions: Standard, Datacenter, Storage Server
Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
10.0.14393
2937
-FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
@@ -1639,7 +1646,7 @@ Validated Editions: Standard, Datacenter, Storage Server
Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)Kernel Mode Cryptographic Primitives Library (cng.sys)
10.0.14393
2936
-FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
@@ -1647,14 +1654,14 @@ Validated Editions: Standard, Datacenter, Storage Server
Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)Boot Manager
10.0.14393
2931
-
@@ -1662,7 +1669,7 @@ Validated Editions: Standard, Datacenter, Storage Server
BitLocker® Windows OS Loader (winload)
10.0.14393
2932
-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
Other algorithms: NDRNG; MD5BitLocker® Windows Resume (winresume)
10.0.14393
2933
-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
@@ -1670,13 +1677,13 @@ Validated Editions: Standard, Datacenter, Storage Server
Other algorithms: MD5BitLocker® Dump Filter (dumpfve.sys)
10.0.14393
2934
-FIPS Approved algorithms: AES (Certs. #4061 and #4064)
+FIPS approved algorithms: AES (Certs. #4061 and #4064)
@@ -1684,7 +1691,7 @@ Validated Editions: Standard, Datacenter, Storage Server
Code Integrity (ci.dll)
10.0.14393
2935
-FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
Other algorithms: AES (non-compliant); MD5Secure Kernel Code Integrity (skci.dll)
10.0.14393
2938
-FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
+FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
@@ -1710,23 +1717,23 @@ Validated Editions: Server, Storage Server,
Other algorithms: MD5Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
6.3.9600 6.3.9600.17031
2357
-FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys)
6.3.9600 6.3.9600.17042
2356
-FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
@@ -1734,7 +1741,7 @@ Validated Editions: Server, Storage Server,
Boot Manager
6.3.9600 6.3.9600.17031
2351
-FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)BitLocker® Windows OS Loader (winload)
6.3.9600 6.3.9600.17031
2352
-FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
@@ -1742,7 +1749,7 @@ Validated Editions: Server, Storage Server,
Other algorithms: MD5; NDRNGBitLocker® Windows Resume (winresume)[16]
6.3.9600 6.3.9600.17031
2353
-FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
@@ -1750,7 +1757,7 @@ Validated Editions: Server, Storage Server,
Other algorithms: MD5BitLocker® Dump Filter (dumpfve.sys)[17]
6.3.9600 6.3.9600.17031
2354
-FIPS Approved algorithms: AES (Cert. #2832)
+FIPS approved algorithms: AES (Cert. #2832)
@@ -1758,7 +1765,7 @@ Validated Editions: Server, Storage Server,
Other algorithms: N/ACode Integrity (ci.dll)
6.3.9600 6.3.9600.17031
2355
-FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
+FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
@@ -1766,9 +1773,9 @@ Validated Editions: Server, Storage Server,
-\[16\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
+\[16\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
-\[17\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
+\[17\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
**Windows Server 2012**
@@ -1786,27 +1793,27 @@ Validated Editions: Server, Storage Server
Other algorithms: MD5Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
6.2.9200
1892
-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys)
6.2.9200
1891
-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
@@ -1814,7 +1821,7 @@ Validated Editions: Server, Storage Server
Boot Manager
6.2.9200
1895
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
Other algorithms: MD5BitLocker® Windows OS Loader (WINLOAD)
6.2.9200
1896
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
@@ -1822,7 +1829,7 @@ Validated Editions: Server, Storage Server
Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNGBitLocker® Windows Resume (WINRESUME)
6.2.9200
1898
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
@@ -1830,7 +1837,7 @@ Validated Editions: Server, Storage Server
Other algorithms: MD5BitLocker® Dump Filter (DUMPFVE.SYS)
6.2.9200
1899
-FIPS Approved algorithms: AES (Certs. #2196 and #2198)
+FIPS approved algorithms: AES (Certs. #2196 and #2198)
@@ -1838,7 +1845,7 @@ Validated Editions: Server, Storage Server
Other algorithms: N/ACode Integrity (CI.DLL)
6.2.9200
1897
-FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
@@ -1846,7 +1853,7 @@ Validated Editions: Server, Storage Server
Other algorithms: MD5Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
6.2.9200
1893
-FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
@@ -1854,9 +1861,9 @@ Validated Editions: Server, Storage Server
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)Enhanced Cryptographic Provider (RSAENH.DLL)
6.2.9200
1894
-FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
@@ -1874,65 +1881,65 @@ Validated Editions: Server, Storage Server
-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Boot Manager (bootmgr)
-6.1.7600.16385 or 6.1.7601.175146.1.7600.16385 or 6.1.7601.17514
+6.1.7600.16385 or 6.1.7601.17514
1321
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)
Other algorithms: MD5
Winload OS Loader (winload.exe)
-6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216756.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675
+6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675
1333
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)
Other algorithms: MD5
Code Integrity (ci.dll)
-6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221086.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108
+6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108
1334
-FIPS Approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)
+FIPS approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)
Other algorithms: MD5
Kernel Mode Cryptographic Primitives Library (cng.sys)
-6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220766.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076
+6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076
1335
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
--Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Cryptographic Primitives Library (bcryptprimitives.dll)
-66.1.7600.16385 or 6.1.7601.1751466.1.7600.16385 or 6.1.7601.17514
+66.1.7600.16385 or 6.1.7601.17514
1336
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4
Enhanced Cryptographic Provider (RSAENH)
6.1.7600.16385
1337
-FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
6.1.7600.16385
1338
-FIPS Approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
@@ -1952,61 +1959,61 @@ Validated Editions: Server, Storage Server
BitLocker™ Drive Encryption
-6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216756.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675
+6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675
1339
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
Other algorithms: Elephant Diffuser
Boot Manager (bootmgr)
-6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224976.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497
+6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497
1004
-FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)
+FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)
Other algorithms: N/A
Winload OS Loader (winload.exe)
-6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225966.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596
+6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596
1005
-FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)
+FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)
Other algorithms: MD5
Code Integrity (ci.dll)
-6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005
+6.0.6001.18000 and 6.0.6002.18005
1006
-FIPS Approved algorithms: RSA (Cert. #355); SHS (Cert. #753)
+FIPS approved algorithms: RSA (Cert. #355); SHS (Cert. #753)
Other algorithms: MD5
Kernel Mode Security Support Provider Interface (ksecdd.sys)
-6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869
+6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869
1007
-FIPS Approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+FIPS approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert. and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert. and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Cryptographic Primitives Library (bcrypt.dll)
-6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872
+6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872
1008
-FIPS Approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+FIPS approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
-6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005
+6.0.6001.18000 and 6.0.6002.18005
1009
-FIPS Approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
+-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
--Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
@@ -2032,22 +2039,22 @@ Validated Editions: Server, Storage Server
Enhanced Cryptographic Provider (RSAENH)
-6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005
+6.0.6001.22202 and 6.0.6002.18005
1010
-FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)
+FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
5.2.3790.3959
875
-
Kernel Mode Cryptographic Module (FIPS.SYS)
5.2.3790.3959
869
-
@@ -2073,7 +2080,7 @@ Validated Editions: Server, Storage Server
Enhanced Cryptographic Provider (RSAENH)
5.2.3790.3959
868
-Kernel Mode Cryptographic Module (FIPS.SYS)
5.2.3790.1830 [SP1]
405
-
[2] SP1 x86, x64, IA64Enhanced Cryptographic Provider (RSAENH)
5.2.3790.1830 [Service Pack 1])
382
-
[2] SP1 x86, x64, IA64Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
5.2.3790.1830 [Service Pack 1]
381
-
[2] SP1 x86, x64, IA64Kernel Mode Cryptographic Module (FIPS.SYS)
5.2.3790.0
405
-
[2] SP1 x86, x64, IA64Enhanced Cryptographic Provider (RSAENH)
5.2.3790.0
382
-
[2] SP1 x86, x64, IA64Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
5.2.3790.0
381
-
[2] SP1 x86, x64, IA64Enhanced Cryptographic Provider
7.00.2872 [1] and 8.00.6246 [2]
2957
-
@@ -2204,7 +2211,7 @@ Validated Editions: Server, Storage Server
Cryptographic Primitives Library (bcrypt.dll)
7.00.2872 [1] and 8.00.6246 [2]
2956
-Enhanced Cryptographic Provider
6.00.1937 [1] and 7.00.1687 [2]
825
-
@@ -2320,7 +2327,7 @@ The following tables are organized by cryptographic algorithms with their modes,
Outlook Cryptographic Provider (EXCHCSP)
-SR-1A (3821)SR-1A (3821)
+SR-1A (3821)
110
-
@@ -2393,7 +2400,7 @@ The following tables are organized by cryptographic algorithms with their modes,
@@ -2499,7 +2506,7 @@ The following tables are organized by cryptographic algorithms with their modes,
@@ -2606,7 +2613,7 @@ The following tables are organized by cryptographic algorithms with their modes,
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
-GMAC_Supported
+GMAC supported
XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064
Version 10.0.14393
CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
-GMAC_Supported
+GMAC supported
XTS((KS: XTS_128((e/d) (f)) KS: XTS_256((e/d) (f))
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
@@ -2856,8 +2863,8 @@ GMAC_Supported
CMAC(Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
-GMAC_Supported
+GMAC supported
XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
Version 10.0.10240
CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
AES Val#2832
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations #2848
Version 6.3.9600
CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); AAD Lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96BitIV_Supported;
+
IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported;
OtherIVLen_Supported
-GMAC_Supported
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
+GMAC supportedWindows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
Version 6.3.9600
GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
-IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); AAD Lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96BitIV_Supported
-GMAC_Supported
+GMAC supported
CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16 ) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
+CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
AES Val#2196
+
AES Val#1168
Windows Server 2008 R2 and SP1 CNG algorithms #1187
Windows 7 Ultimate and SP1 CNG algorithms #1178
+
AES Val#1168
Windows Server 2008 CNG algorithms #757
Windows Vista Ultimate SP1 CNG algorithms #756
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
Version 6.3.9600
PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)]
-SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256); ]
+SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SHS: Val#3790
DRBG: Val# 1555
@@ -3289,16 +3296,16 @@ Deterministic Random Bit Generator (DRBG)-PQG(ver)PARMS TESTED: [(1024,160) SHA(1); ]
-SIG(ver)PARMS TESTED: [(1024,160) SHA(1); ]
+PQG(ver)PARMS TESTED: [(1024,160) SHA(1)]
+SIG(ver)PARMS TESTED: [(1024,160) SHA(1)]
SHS: Val# 3649
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188
Version 7.00.2872
-PQG(ver)PARMS TESTED: [(1024,160) SHA(1); ]
-SIG(ver)PARMS TESTED: [(1024,160) SHA(1); ]
+PQG(ver)PARMS TESTED: [(1024,160) SHA(1)]
+SIG(ver)PARMS TESTED: [(1024,160) SHA(1)]
SHS: Val#3648
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187
Version 8.00.6246
PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)]
SIG(gen)PARMS TESTED: [(2048,256)
-SHA(256); (3072,256) SHA(256); ]
+SHA(256); (3072,256) SHA(256)]
SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SHS: Val# 3347
DRBG: Val# 1217
FIPS186-4:
PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
-KeyPairGen: [(2048,256); (3072,256)] SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256); ]
+KeyPairGen: [(2048,256); (3072,256)] SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
DRBG: Val# 868
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983
@@ -3345,11 +3352,11 @@ PQG(gen)PARMS TESTED: [PQG(ver)PARMS TESTED: [(2048,256)
SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)]
-SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256); ]
+SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
Version 6.3.9600
DRBG: #258
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.
SIG(ver) MOD(1024);
SHS: #1902
DRBG: #258
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#686.
SHS: Val# 1773
DRBG: Val# 193
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#645.
SHS: Val# 1081
DRBG: Val# 23
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386.
Windows Server 2008 R2 and SP1 CNG algorithms #391
Windows 7 Ultimate and SP1 CNG algorithms #386
SHS: Val# 1081
RNG: Val# 649
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385.
Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390
Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385
SIG(ver) MOD(1024);
SHS: Val# 753
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.
Windows Server 2008 CNG algorithms #284
Windows Vista Ultimate SP1 CNG algorithms #283
SHS: Val# 753
RNG: Val# 435
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281.
Windows Server 2008 Enhanced DSS (DSSENH) #282
Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281
SHS: Val# 618
RNG: Val# 321
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226.
Windows Vista CNG algorithms #227
Windows Vista Enhanced DSS (DSSENH) #226
SHS: Val# 784
RNG: Val# 448
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#292.
SHS: Val# 783
RNG: Val# 447
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#291.
Prerequisite: SHS #2373, DRBG #489
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263
Version 6.3.9600
SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) -
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
Version 6.3.9600
DRBG: #258
-SIG(ver):CURVES(P-256 P-384 P-521)
+SIG(ver): CURVES(P-256 P-384 P-521)
SHS: #1903
DRBG: #258
FIPS186-4:
@@ -3909,7 +3916,7 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
SHS: #1903
DRBG: #258
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.
SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
SHS: Val#1773
DRBG: Val# 193
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.
SIG(ver): CURVES(P-256 P-384 P-521)
SHS: Val#1081
DRBG: Val# 23
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.
Windows Server 2008 R2 and SP1 CNG algorithms #142
Windows 7 Ultimate and SP1 CNG algorithms #141
SHS: Val#753
SIG(ver): CURVES(P-256 P-384 P-521)
SHS: Val#753
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.
Windows Server 2008 CNG algorithms #83
Windows Vista Ultimate SP1 CNG algorithms #82
SIG(ver): CURVES(P-256 P-384 P-521)
SHS: Val#618
RNG: Val# 321
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.
HMAC-SHA512 (Key Size Ranges Tested: KSBS)
SHS Val#2373
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
Version 6.3.9600
- Key Agreement Roles: Initiator, Responder
- Parameter Sets: @@ -4802,7 +4809,7 @@ SHS [StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
SHS Val#2373 ECDSA Val#505 DRBG Val#489
-Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47
Version 6.3.9600
KAS (SP 800–56A)
key agreement
-key establishment methodology provides 80 to 256 bits of encryption strength
key establishment methodology provides 80 bits to 256 bits of encryption strength
Windows 7 and SP1, vendor-affirmed
Windows Server 2008 R2 and SP1, vendor-affirmed
CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30
Version 6.3.9600
PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3) -
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487
Version 6.3.9600
SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA Val#2373
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493
Version 6.3.9600
Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
SHA Val#2373
-Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519
Version 6.3.9600
Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512))
SHA #1903 -
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132.
SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052.
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051.
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568.
ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560.
Windows Server 2008 R2 and SP1 CNG algorithms #567
Windows 7 and SP1 CNG algorithms #560
ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 23
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559.
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557.
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#395.
SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#783
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#371.
ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357.
Windows Server 2008 CNG algorithms #358
Windows Vista SP1 CNG algorithms #357
SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354.
Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355
Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354
ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353.
ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: Val# 321
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258.
ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#257. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#257.
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255.
SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#245.
SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#230.
SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#222.
ALG[RSASSA-PKCS1_V1_5]:
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#364
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81.
SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#52.
FIPS186-2:
-– PKCS#1 v1.5, signature generation and verification
+– PKCS#1 v1.5, signature generation, and verification
– Mod sizes: 1024, 1536, 2048, 3072, 4096
– SHS: SHA–1/256/384/512
Windows XP, vendor-affirmed
@@ -6452,7 +6459,7 @@ Version 6.3.9600SHA-384 (BYTE-only)
SHA-512 (BYTE-only) -
+
Version 6.3.9600
Version 10.0.16299
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459
Version 10.0.15063
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,)
TECB(KO 1 e/d);
+TCBC(KO 1 e/d)
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384
Version 8.00.6246
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,)
TECB(KO 1 e/d);
+TCBC(KO 1 e/d)
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383
Version 8.00.6246
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,);
+TECB(KO 1 e/d);
+TCBC(KO 1 e/d);
CTR (int only)
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382
Version 7.00.2872
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,)
TECB(KO 1 e/d);
+TCBC(KO 1 e/d)
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381
Version 8.00.6246
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,);
-TCFB8(KO 1 e/d,);
-TCFB64(KO 1 e/d,)
TECB(KO 1 e/d);
+TCBC(KO 1 e/d);
+TCFB8(KO 1 e/d);
+TCFB64(KO 1 e/d)
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227
Version 10.0.14393
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,);
-TCFB8(KO 1 e/d,);
-TCFB64(KO 1 e/d,)
TECB(KO 1 e/d);
+TCBC(KO 1 e/d);
+TCFB8(KO 1 e/d);
+TCFB64(KO 1 e/d)
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024
Version 10.0.10586
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,);
-TCFB8(KO 1 e/d,);
-TCFB64(KO 1 e/d,)
TECB(KO 1 e/d);
+TCBC(KO 1 e/d);
+TCFB8(KO 1 e/d);
+TCFB64(KO 1 e/d)
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969
Version 10.0.10240
TECB(KO 1 e/d,);
-TCBC(KO 1 e/d,);
-TCFB8(KO 1 e/d,);
-TCFB64(KO 1 e/d,)
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692
+TECB(KO 1 e/d);
+TCBC(KO 1 e/d);
+TCFB8(KO 1 e/d);
+TCFB64(KO 1 e/d)
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692
Version 6.3.9600
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540 + | Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540 Version 6.3.9600 |
||||||||||||||||||||||||||||
Microsoft Surface Hub MsBignum Cryptographic Implementations #1517 + | Microsoft Surface Hub MsBignum Cryptographic Implementations #1517 Version 10.0.15063.674 |
||||||||||||||||||||||||||||
Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900 Version 10.0.15063.674 |
Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899 Version 10.0.15254 |
@@ -2665,7 +2665,7 @@ The following tables are organized by cryptographic algorithms with their modes,
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898 Version 10.0.16299 |
@@ -2678,7 +2678,7 @@ The following tables are organized by cryptographic algorithms with their modes,
Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896 Version 10.0.15063.674 |
@@ -2691,7 +2691,7 @@ The following tables are organized by cryptographic algorithms with their modes,
Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895 Version 10.0.15254 |
@@ -2704,7 +2704,7 @@ The following tables are organized by cryptographic algorithms with their modes,
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894 Version 10.0.16299 |
@@ -2718,13 +2718,13 @@ The following tables are organized by cryptographic algorithms with their modes,
||||||||||||||||||||||||
KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048) -AES Val#4624 |
+
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626 Version 10.0.15063 |
||||||||||||||||||||||||||||
CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) -AES Val#4624 +
|
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625 Version 10.0.15063 |
@@ -2801,25 +2801,25 @@ Version 10.0.14393
||||||||||||||||||||||||||||
KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048) -AES Val#4064 |
+
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062 Version 10.0.14393 |
||||||||||||||||||||||||||||
CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) -AES Val#4064 |
+
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061 Version 10.0.14393 |
||||||||||||||||||||||||||||
KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048) -AES Val#3629 |
+
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652 Version 10.0.10586 |
||||||||||||||||||||||||||||
CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) -AES Val#3629 |
+
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653 Version 10.0.10586 |
||||||||||||||||||||||||||||
KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048) -AES Val#3497 |
+
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507 Version 10.0.10240 |
||||||||||||||||||||||||||||
CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) -AES Val#3497 |
+
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498 Version 10.0.10240 |
||||||||||||||||||||||||||||
CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) -AES Val#2832 |
+
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations #2848 Version 6.3.9600 |
||||||||||||||||||||||||||||
CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC (Generation/Verification) (KS: 128; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) |
|||||||||||||||||||||||||||||
CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) -AES Val#2196 |
+
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198 | ||||||||||||||||||||||||||||
| CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) -AES Val#1168 |
+AES validation number 1168
Windows Server 2008 R2 and SP1 CNG algorithms #1187 Windows 7 Ultimate and SP1 CNG algorithms #1178 |
||||||||||||||||||||||||||||
| CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16) -AES Val#1168 |
+AES validation number 1168
Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177 | ||||||||||||||||||||||||||||
| CTR_DRBG: [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4627)] | +CTR_DRBG: [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4627)] | Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556 Version 10.0.15063 |
|||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#4624)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 4624)] | Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555 Version 10.0.15063 |
|||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4434)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4434)] | Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433 Version 7.00.2872 |
|||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4433)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4433)] | Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432 Version 8.00.6246 |
|||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4431)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4431)] | Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430 Version 7.00.2872 |
|||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4430)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4430)] | Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429 Version 8.00.6246 |
|||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4074)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4074)] | Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222 Version 10.0.14393 |
|||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#4064)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 4064)] | Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217 Version 10.0.14393 |
|||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#3629)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3629)] | Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955 Version 10.0.10586 |
|||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#3497)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3497)] | Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868 Version 10.0.10240 |
|||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#2832)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2832)] | Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489 Version 6.3.9600 |
|||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#2197)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2197)] | Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258 | |||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#2023)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 2023)] | Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193 | |||||||||||||||||||||||||||
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#1168)] | +CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 1168)] | Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23 | |||||||||||||||||||||||||||
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223 Version 10.0.15063 |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188 Version 7.00.2872 |
@@ -3306,7 +3306,7 @@ SHS: Val#3648
+SHS: validation number 3648
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187 Version 8.00.6246 |
@@ -3319,8 +3319,8 @@ KeyPairGen: [(2048,256); (3072,256)]Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098 Version 10.0.14393 |
@@ -3329,8 +3329,8 @@ DRBG: Val# 3047Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024 Version 10.0.10586 |
@@ -3340,8 +3340,8 @@ PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983 Version 10.0.10240 |
@@ -3354,8 +3354,8 @@ SHA(256); (3072,256) SHA(256)]Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855 Version 6.3.9600 |
@@ -3372,7 +3372,7 @@ PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687 | ||||||||||||||||||||||
| Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686 | |||||||||||||||||||||||||||||
| FIPS186-2: SIG(ver) MOD(1024); -SHS: Val# 1773 -DRBG: Val# 193 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#645. |
+SHS: validation number 1773Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645 | ||||||||||||||||||||||||||||
| FIPS186-2: SIG(ver) MOD(1024); -SHS: Val# 1081 -DRBG: Val# 23 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386. |
+SHS: validation number 1081Windows Server 2008 R2 and SP1 CNG algorithms #391 Windows 7 Ultimate and SP1 CNG algorithms #386 |
||||||||||||||||||||||||||||
| FIPS186-2: SIG(ver) MOD(1024); -SHS: Val# 1081 -RNG: Val# 649 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385. |
+SHS: validation number 1081Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390 Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385 |
||||||||||||||||||||||||||||
| FIPS186-2: SIG(ver) MOD(1024); -SHS: Val# 753 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283. |
+SHS: validation number 753Windows Server 2008 CNG algorithms #284 Windows Vista Ultimate SP1 CNG algorithms #283 |
||||||||||||||||||||||||||||
| FIPS186-2: SIG(ver) MOD(1024); -SHS: Val# 753 -RNG: Val# 435 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281. |
+SHS: validation number 753Windows Server 2008 Enhanced DSS (DSSENH) #282 Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281 |
||||||||||||||||||||||||||||
| FIPS186-2: SIG(ver) MOD(1024); -SHS: Val# 618 -RNG: Val# 321 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226. |
+SHS: validation number 618Windows Vista CNG algorithms #227 Windows Vista Enhanced DSS (DSSENH) #226 |
||||||||||||||||||||||||||||
| FIPS186-2: SIG(ver) MOD(1024); -SHS: Val# 784 -RNG: Val# 448 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#292. |
+SHS: validation number 784Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292 | ||||||||||||||||||||||||||||
| FIPS186-2: SIG(ver) MOD(1024); -SHS: Val# 783 -RNG: Val# 447 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#291. |
+SHS: validation number 783Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291 | ||||||||||||||||||||||||||||
| Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221 | |||||||||||||||||||||||||||||
| Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146 | |||||||||||||||||||||||||||||
| Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95 | @@ -3801,8 +3801,8 @@ SHS: SHA-1 (BYTE)|||||||||||||||||||||||||||||
| FIPS186-4: PKG: CURVES(P-256 P-384 TestingCandidates) -SHS: Val#3790 -DRBG: Val# 1555 |
+SHS: validation number 3790Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136 Version 10.0.15063 |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135 Version 10.0.15063 |
@@ -3823,8 +3823,8 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133 Version 10.0.15063 |
@@ -3834,8 +3834,8 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073 Version 7.00.2872 |
@@ -3845,8 +3845,8 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072 Version 8.00.6246 |
@@ -3856,8 +3856,8 @@ PKG: CURVES(P-256 P-384 TestingCandidates)Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920 Version 10.0.14393 |
@@ -3867,8 +3867,8 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911 Version 10.0.14393 |
@@ -3877,8 +3877,8 @@ DRBG: Val# 3047Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760 Version 10.0.10586 |
@@ -3887,8 +3887,8 @@ DRBG: Val# 2886Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706 Version 10.0.10240 |
@@ -3897,8 +3897,8 @@ DRBG: Val#2373Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505 Version 6.3.9600 |
@@ -3916,57 +3916,57 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341 | ||||||||||||||||||
FIPS186-2: +DRBG: validation number 193 FIPS186-4: |
+SHS: validation number 1773Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295 | ||||||||||||||||||||||||||||
| FIPS186-2: PKG: CURVES(P-256 P-384 P-521) -SHS: Val#1081 -DRBG: Val# 23 +SHS: validation number 1081 +DRBG: validation number 23 SIG(ver): CURVES(P-256 P-384 P-521) -SHS: Val#1081 -DRBG: Val# 23 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141. |
+SHS: validation number 1081Windows Server 2008 R2 and SP1 CNG algorithms #142 Windows 7 Ultimate and SP1 CNG algorithms #141 |
||||||||||||||||||||||||||||
| FIPS186-2: PKG: CURVES(P-256 P-384 P-521) -SHS: Val#753 +SHS: validation number 753 SIG(ver): CURVES(P-256 P-384 P-521) -SHS: Val#753 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82. |
+SHS: validation number 753Windows Server 2008 CNG algorithms #83 Windows Vista Ultimate SP1 CNG algorithms #82 |
||||||||||||||||||||||||||||
| FIPS186-2: PKG: CURVES(P-256 P-384 P-521) -SHS: Val#618 -RNG: Val# 321 +SHS: validation number 618 +RNG: validation number 321 SIG(ver): CURVES(P-256 P-384 P-521) -SHS: Val#618 -RNG: Val# 321 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60. |
+SHS: validation number 618Windows Vista CNG algorithms #60 | ||||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3790 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3790 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3790 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3790 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790 |
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062 Version 10.0.15063 |
|||||||||||||||||||||||||||
HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS Val#3790 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3790 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3790 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val#3790 |
+HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS validation number 3790 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3790 |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061 Version 10.0.15063 |
|||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3652 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3652 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3652 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3652 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3652 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3652 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3652 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3652 |
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946 Version 7.00.2872 |
|||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3651 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3651 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3651 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3651 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3651 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3651 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3651 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3651 |
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945 Version 8.00.6246 |
|||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val# 3649 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val# 3649 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val# 3649 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal# 3649 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3649 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3649 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3649 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3649 |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943 Version 7.00.2872 |
|||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3648 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3648 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3648 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3648 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3648 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3648 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3648 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3648 |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942 Version 8.00.6246 |
|||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) HMAC-SHA384 (Key Size Ranges Tested: KSBS) |
+SHS validation number 3347
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661 Version 10.0.14393 |
||||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val# 3347 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val# 3347 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val# 3347 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val# 3347 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3347 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3347 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3347 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3347 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651 Version 10.0.14393 |
|||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) HMAC-SHA384 (Key Size Ranges Tested: KSBS) HMAC-SHA512 (Key Size Ranges Tested: KSBS) |
+SHS validation number 3047
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381 Version 10.0.10586 |
||||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) HMAC-SHA384 (Key Size Ranges Tested: KSBS) HMAC-SHA512 (Key Size Ranges Tested: KSBS) |
+SHSvalidation number 2886
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233 Version 10.0.10240 |
||||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) HMAC-SHA384 (Key Size Ranges Tested: KSBS) HMAC-SHA512 (Key Size Ranges Tested: KSBS) |
+SHS validation number 2373
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773 Version 6.3.9600 |
||||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#2764 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#2764 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#2764 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val#2764 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 2764 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 2764 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 2764 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 2764 |
Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122 Version 5.2.29344 |
|||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1773 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1773 -Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1773 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1773 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1773 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773 +Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773 |
Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364 | |||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1774 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1774 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1774 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1774 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1774 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774 |
Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227 | |||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1081 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1081 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1081 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1081 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1081 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081 |
Windows Server 2008 R2 and SP1 CNG algorithms #686 Windows 7 and SP1 CNG algorithms #677 Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687 Windows 7 Enhanced Cryptographic Provider (RSAENH) #673 |
|||||||||||||||||||||||||||
HMAC-SHA1(Key Sizes Ranges Tested: KSVal#1081 -HMAC-SHA256 (Key Size Ranges Tested: KSVal#1081 |
+HMAC-SHA1(Key Sizes Ranges Tested: KSvalidation number 1081 +HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 1081 |
Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675 | |||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#816 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#816 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#816 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#816 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 816 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 816 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 816 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 816 |
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452 | |||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#753 -HMAC-SHA256 (Key Size Ranges Tested: KSVal#753 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 753 +HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 753 |
Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415 | |||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#753 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#753 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#753 -HMAC-SHA512 (Key Size Ranges Tested: KSBS)SHS Val#753 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 753 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 753 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 753 +HMAC-SHA512 (Key Size Ranges Tested: KSBS)SHS validation number 753 |
Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408 Windows Vista Enhanced Cryptographic Provider (RSAENH) #407 |
|||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHSVal#618 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#618 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#618 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#618 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHSvalidation number 618 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 618 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 618 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 618 |
Windows Vista Enhanced Cryptographic Provider (RSAENH) #297 | |||||||||||||||||||||||||||
| HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#785 | +HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 785 | Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429 Windows XP, vendor-affirmed |
|||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#783 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#783 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#783 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#783 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 783 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 783 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 783 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 783 |
Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428 | |||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#613 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#613 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#613 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#613 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 613 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 613 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 613 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 613 |
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289 | |||||||||||||||||||||||||||
| HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#610 | +HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 610 | Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287 | |||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#753 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#753 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#753 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#753 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 753 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 753 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 753 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 753 |
Windows Server 2008 CNG algorithms #413 Windows Vista Ultimate SP1 CNG algorithms #412 |
|||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#737 -HMAC-SHA256 (Key Size Ranges Tested: KSVal#737 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 737 +HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 737 |
Windows Vista Ultimate BitLocker Drive Encryption #386 | |||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#618 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#618 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#618 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#618 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 618 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 618 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 618 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 618 |
Windows Vista CNG algorithms #298 | |||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#589 -HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHSVal#589 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#589 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#589 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 589 +HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHSvalidation number 589 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 589 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 589 |
Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267 | |||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#578 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#578 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#578 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#578 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 578 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 578 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 578 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 578 |
Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260 | |||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#495 -HMAC-SHA256 (Key Size Ranges Tested: KSVal#495 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 495 +HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 495 |
Windows Vista BitLocker Drive Encryption #199 | |||||||||||||||||||||||||||
| HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#364 | +HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 364 | Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99 Windows XP, vendor-affirmed |
|||||||||||||||||||||||||||
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#305 -HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#305 -HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#305 -HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#305 |
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 305 +HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 305 +HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 305 +HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 305 |
Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31 | ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration) SCHEMES [FullUnified (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC)] - |
+Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128 Version 10.0.15063 |
@@ -4939,16 +4939,16 @@ DRBG Val#3790Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127 Version 10.0.15063 |
@@ -4956,9 +4956,9 @@ DRBG Val# 3649Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114 Version 8.00.6246 |
|||||||||||||||||||||||
ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration) |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93 Version 10.0.14393 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92 Version 10.0.14393 |
@@ -5007,11 +5007,11 @@ DRBG Val# 3047 DSA Val#1024 DRBG Val#955
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72 Version 10.0.10586 |
@@ -5019,11 +5019,11 @@ DRBG Val# 2886 DSA Val#983 DRBG Val#868
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64 Version 10.0.10240 |
@@ -5031,11 +5031,11 @@ DRBG Val#2373 DSA Val#855 DRBG Val#489
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47 Version 6.3.9600 |
@@ -5044,12 +5044,12 @@ DRBG #1903 DSA Val#687 DRBG #258
+SHS #1903 DSA validation number 687 DRBG #258
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36 | |||||||||||||||||||||||
| CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32])) -KAS Val#128 -DRBG Val#1556 -MAC Val#3062 |
+KAS validation number 128Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141 Version 10.0.15063 |
||||||||||||||||||||||||||||
| CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) -KAS Val#127 -AES Val#4624 -DRBG Val#1555 -MAC Val#3061 |
+KAS validation number 127Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140 Version 10.0.15063 |
||||||||||||||||||||||||||||
CTR_Mode: (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32])) - |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102 Version 10.0.14393 |
||||||||||||||||||||||||||||
CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) - |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101 Version 10.0.14393 |
||||||||||||||||||||||||||||
CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) - |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72 Version 10.0.10586 |
||||||||||||||||||||||||||||
CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) - |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66 Version 10.0.10240 |
||||||||||||||||||||||||||||
CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) - |
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30 Version 6.3.9600 |
||||||||||||||||||||||||||||
CTR_Mode: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) - |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3 | Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524 Version 10.0.15063 |
|||||||||||||||||||||||||||
| FIPS186-4: ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) -SHA Val#3790 |
+SHA validation number 3790
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523 Version 10.0.15063 |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522 Version 10.0.15063 |
@@ -5894,65 +5894,65 @@ PGM(ProbRandom: (2048, 3072) PPTT:(C.2)Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521 Version 10.0.15063 |
||||||||||||||||||||||||||
FIPS186-2: +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3652, SHA-384validation number 3652, SHA-512validation number 3652 +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3652, SHA-256validation number 3652, SHA-384validation number 3652, SHA-512validation number 3652 FIPS186-4: |
+SHA validation number 3652
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415 Version 7.00.2872 |
||||||||||||||||||||||||||||
FIPS186-2: +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3651, SHA-384validation number 3651, SHA-512validation number 3651 +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3651, SHA-256validation number 3651, SHA-384validation number 3651, SHA-512validation number 3651 FIPS186-4: |
+SHA validation number 3651
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414 Version 8.00.6246 |
||||||||||||||||||||||||||||
FIPS186-2: +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3649, SHA-256validation number 3649, SHA-384validation number 3649, SHA-512validation number 3649 FIPS186-4: |
+SHA validation number 3649Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412 Version 7.00.2872 |
||||||||||||||||||||||||||||
FIPS186-2: +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3648, SHA-256validation number 3648, SHA-384validation number 3648, SHA-512validation number 3648 FIPS186-4: |
+SHA validation number 3648Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411 Version 8.00.6246 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206 Version 10.0.14393 |
@@ -5970,14 +5970,14 @@ Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(
FIPS186-4: |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195 Version 10.0.14393 |
|||||||||||||||||||||||||
FIPS186-4: SHA Val#3346 |
+
soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194 Version 10.0.14393 |
FIPS186-4: |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193 Version 10.0.14393 |
@@ -5993,7 +5993,7 @@ ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384
FIPS186-4: Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) - |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192 Version 10.0.14393 |
@@ -6001,14 +6001,14 @@ ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384
FIPS186-4: |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889 Version 10.0.10586 |
||||||||||||||||||||||
FIPS186-4: SHA Val#3048 |
+
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871 Version 10.0.10586 |
FIPS186-4: SHA Val# 3047 |
+
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888 Version 10.0.10586 |
@@ -6024,7 +6024,7 @@ ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384
FIPS186-4: SHA Val# 3047 |
+
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887 Version 10.0.10586 |
@@ -6032,21 +6032,21 @@ ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384
FIPS186-4: |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798 Version 10.0.10240 |
||||||||||||||||||||||
FIPS186-4: SHA Val#2871 |
+
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784 Version 10.0.10240 |
||||||||||||||||||||||||||||
FIPS186-4: SHA Val#2871 |
+
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783 Version 10.0.10240 |
FIPS186-4: SHA Val# 2886 |
+
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802 Version 10.0.10240 |
@@ -6062,14 +6062,14 @@ Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen
FIPS186-4: |
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487 Version 6.3.9600 |
||||||||||||||||||||||||
FIPS186-4: SHA Val#2373 |
+
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494 Version 6.3.9600 |
FIPS186-4: SHA Val#2373 |
+
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493 Version 6.3.9600 |
@@ -6085,7 +6085,7 @@ SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1,
FIPS186-4: SHA Val#2373 |
+
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519 Version 6.3.9600 |
@@ -6096,7 +6096,7 @@ SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072
[RSASSA-PSS]: Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134 | |||||||||||||||||||||||
| Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132 | |||||||||||||||||||||||||||||
| FIPS186-2: ALG[ANSIX9.31]: -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774 -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774, -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052. |
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052 | ||||||||||||||||||||||||||||
| FIPS186-2: -ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 193 -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773, -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051. |
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: validation number 193Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051 | ||||||||||||||||||||||||||||
| FIPS186-2: -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081, -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#568. |
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568 | ||||||||||||||||||||||||||||
| FIPS186-2: -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081, -ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081 -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560. |
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,Windows Server 2008 R2 and SP1 CNG algorithms #567 Windows 7 and SP1 CNG algorithms #560 |
||||||||||||||||||||||||||||
| FIPS186-2: -ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 23 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#559. |
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: validation number 23Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559 | ||||||||||||||||||||||||||||
| FIPS186-2: -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081, -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#557. |
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557 | ||||||||||||||||||||||||||||
| FIPS186-2: ALG[ANSIX9.31]: -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816, -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#395. |
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 816, SHA-384validation number 816, SHA-512validation number 816,Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395 | ||||||||||||||||||||||||||||
| FIPS186-2: ALG[ANSIX9.31]: -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#783 -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783, -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#371. |
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 783Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371 | ||||||||||||||||||||||||||||
| FIPS186-2: -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753, -ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753 -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357. |
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,Windows Server 2008 CNG algorithms #358 Windows Vista SP1 CNG algorithms #357 |
||||||||||||||||||||||||||||
| FIPS186-2: ALG[ANSIX9.31]: -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753 -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753, -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354. |
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355 Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354 |
||||||||||||||||||||||||||||
| FIPS186-2: ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#353. |
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 353.
Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353 | ||||||||||||||||||||||||||||
| FIPS186-2: -ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: Val# 321 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#258. |
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: validation number 321Windows Vista RSA key generation implementation #258 | ||||||||||||||||||||||||||||
| FIPS186-2: -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618, -ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618 -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#257. |
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,Windows Vista CNG algorithms #257 | ||||||||||||||||||||||||||||
| FIPS186-2: -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618, -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#255. |
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,Windows Vista Enhanced Cryptographic Provider (RSAENH) #255 | ||||||||||||||||||||||||||||
| FIPS186-2: ALG[ANSIX9.31]: -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613 -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613, -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#245. |
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 613Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245 | ||||||||||||||||||||||||||||
| FIPS186-2: ALG[ANSIX9.31]: -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589 -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589, -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#230. |
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 589Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230 | ||||||||||||||||||||||||||||
| FIPS186-2: ALG[ANSIX9.31]: -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578 -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578, -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#222. |
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 578Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222 | ||||||||||||||||||||||||||||
| FIPS186-2: ALG[RSASSA-PKCS1_V1_5]: -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#364 -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#81. |
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 364Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81 | ||||||||||||||||||||||||||||
| FIPS186-2: ALG[ANSIX9.31]: -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305 -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305, -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305, -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#52. |
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 305Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52 | ||||||||||||||||||||||||||||
| Threat & vulnerability management |
@@ -37,7 +37,7 @@ ms.topic: conceptual
|||||||||||||
@@ -73,7 +73,7 @@ The attack surface reduction set of capabilities provide the first line of defen **[Next-generation protection](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)**
-To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next-generation protection designed to catch all types of emerging threats. +To further reinforce the security perimeter of your network,Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats. - [Behavior monitoring](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) - [Cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus) @@ -98,7 +98,7 @@ Endpoint detection and response capabilities are put in place to detect, investi **[Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)**
-In addition to quickly responding to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. +In addition to quickly responding to advanced attacks, Microsoft Defender for Endpoint offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. - [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) - [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md) @@ -107,16 +107,16 @@ In addition to quickly responding to advanced attacks, Microsoft Defender ATP of **[Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)**
-Microsoft Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights. Microsoft Threat Experts further empowers Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately. +Microsoft Defender for Endpoint's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights. Microsoft Threat Experts further empowers Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately. - [Targeted attack notification](microsoft-defender-atp/microsoft-threat-experts.md) - [Experts-on-demand](microsoft-defender-atp/microsoft-threat-experts.md) -- [Configure your Microsoft Threat Protection managed hunting service](microsoft-defender-atp/configure-microsoft-threat-experts.md) +- [Configure your Microsoft 365 Defender managed hunting service](microsoft-defender-atp/configure-microsoft-threat-experts.md) **[Centralized configuration and administration, APIs](microsoft-defender-atp/management-apis.md)**
-Integrate Microsoft Defender Advanced Threat Protection into your existing workflows. +Integrate Microsoft Defender for Endpoint into your existing workflows. - [Onboarding](microsoft-defender-atp/onboard-configure.md) - [API and SIEM integration](microsoft-defender-atp/configure-siem.md) - [Exposed APIs](microsoft-defender-atp/apis-intro.md) @@ -125,14 +125,14 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf **[Integration with Microsoft solutions](microsoft-defender-atp/threat-protection-integration.md)**
- Microsoft Defender ATP directly integrates with various Microsoft solutions, including: + Microsoft Defender for Endpoint directly integrates with various Microsoft solutions, including: - Intune -- Office 365 ATP -- Azure ATP -- Azure Security Center +- Microsoft Defender for Office 365 +- Microsoft Defender for Identity +- Azure Defender - Skype for Business - Microsoft Cloud App Security -**[Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**
- With Microsoft Threat Protection, Microsoft Defender ATP and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks. +**[Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**
+ With Microsoft 365 Defender, Microsoft Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks. diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index eaef387dbf..ca627315b9 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -106,7 +106,7 @@ Microsoft Defender Antivirus in Windows 10 uses a multi-pronged approach to impr For more information, see [Windows Defender in Windows 10](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md) and [Windows Defender Overview for Windows Server](https://docs.microsoft.com/windows-server/security/windows-defender/windows-defender-overview-windows-server). -For information about Microsoft Defender Advanced Threat Protection, a service that helps enterprises to detect, investigate, and respond to advanced and targeted attacks on their networks, see [Microsoft Defender Advanced Threat Protection (ATP)](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (resources) and [Microsoft Defender Advanced Threat Protection (ATP)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) (documentation). +For information about Microsoft Defender for Endpoint, a service that helps enterprises to detect, investigate, and respond to advanced and targeted attacks on their networks, see [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (resources) and [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) (documentation). ### Data Execution Prevention @@ -445,14 +445,14 @@ Examples: #### EMET-related products -Microsoft Consulting Services (MCS) and Microsoft Support/Premier Field Engineering (PFE) offer a range of options for EMET, support for EMET, and EMET-related reporting and auditing products such as the EMET Enterprise Reporting Service (ERS). For any enterprise customers who use such products today or who are interested in similar capabilities, we recommend evaluating [Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) (ATP). +Microsoft Consulting Services (MCS) and Microsoft Support/Premier Field Engineering (PFE) offer a range of options for EMET, support for EMET, and EMET-related reporting and auditing products such as the EMET Enterprise Reporting Service (ERS). For any enterprise customers who use such products today or who are interested in similar capabilities, we recommend evaluating [Microsoft Defender for Endpoint](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md). ## Related topics - [Security and Assurance in Windows Server 2016](https://docs.microsoft.com/windows-server/security/security-and-assurance) -- [Microsoft Defender Advanced Threat Protection (ATP) - resources](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) -- [Microsoft Defender Advanced Threat Protection (ATP) - documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) +- [Microsoft Defender for Endpoint - resources](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) +- [Microsoft Microsoft Defender for Endpoint - documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) - [Exchange Online Advanced Threat Protection Service Description](https://docs.microsoft.com/office365/servicedescriptions/office-365-advanced-threat-protection-service-description) -- [Office 365 Advanced Threat Protection](https://products.office.com/en-us/exchange/online-email-threat-protection) +- [Microsoft Defender for Office 365](https://products.office.com/en-us/exchange/online-email-threat-protection) - [Microsoft Malware Protection Center](https://www.microsoft.com/security/portal/mmpc/default.aspx) diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index f3e4867a56..c3ec4500b4 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -110,10 +110,11 @@ Several new features and management options have been added to Windows Defender - [Run a Windows Defender scan from the command line](/windows/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus). - [Detect and block Potentially Unwanted Applications with Windows Defender](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) during download and install times. -### Windows Defender Advanced Threat Protection (ATP) -With the growing threat from more sophisticated targeted attacks, a new security solution is imperative in securing an increasingly complex network ecosystem. Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks. +### Microsoft Defender for Endpoint -[Learn more about Windows Defender Advanced Threat Protection (ATP)](/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). +With the growing threat from more sophisticated targeted attacks, a new security solution is imperative in securing an increasingly complex network ecosystem. Microsoft Defender for Endpoint is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks. + +[Learn more about Microsoft Defender for Endpoint](/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). ## Management diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 9d74b2f7b8..2346ec23c7 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -96,9 +96,9 @@ For details, see [MBR2GPT.EXE](/windows/deployment/mbr-to-gpt). ## Security -### Windows Defender Advanced Threat Protection +### Microsoft Defender for Endpoint -New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10, version 1703 include: +New features in Microsoft Defender for Endpoint for Windows 10, version 1703 include: - **Detection**
Enhancements to the detection capabilities include: - [Use the threat intelligence API to create custom alerts](/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) - Understand threat intelligence concepts, enable the threat intel application, and create custom threat intelligence alerts for your organization. @@ -107,12 +107,12 @@ New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10 - Historical detection capability ensures new detection rules apply to up to six months of stored data to detect previous attacks that might not have been noticed - **Investigation**
- Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus detections and Device Guard blocks being surfaced in the Windows Defender ATP portal. Other capabilities have been added to help you gain a holistic view on investigations. + Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus detections and Device Guard blocks being surfaced in the Microsoft Defender for Endpoint portal. Other capabilities have been added to help you gain a holistic view on investigations. Other investigation enhancements include: - [Investigate a user account](/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection) - Identify user accounts with the most active alerts and investigate cases of potential compromised credentials. - [Alert process tree](/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection#alert-process-tree) - Aggregates multiple detections and related events into a single view to reduce case resolution time. - - [Pull alerts using REST API](/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection) - Use REST API to pull alerts from Windows Defender ATP. + - [Pull alerts using REST API](/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection) - Use REST API to pull alerts from Microsoft Defender for Endpoint. - **Response**
When detecting an attack, security response teams can now take immediate action to contain a breach: @@ -121,11 +121,11 @@ New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10 - **Other features** - - [Check sensor health state](/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection) - Check an endpoint's ability to provide sensor data and communicate with the Windows Defender ATP service and fix known issues. + - [Check sensor health state](/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection) - Check an endpoint's ability to provide sensor data and communicate with the Microsoft Defender for Endpoint service and fix known issues. -You can read more about ransomware mitigations and detection capability in Windows Defender Advanced Threat Protection in the blog: [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/). +You can read more about ransomware mitigations and detection capability in Microsoft Defender for Endpoint in the blog: [Averting ransomware epidemics in corporate networks with Microsoft Defender for Endpoint](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/). -Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see [Windows Defender ATP for Windows 10 Creators Update](https://technet.microsoft.com/windows/mt782787). +Get a quick, but in-depth overview of Microsoft Defender for Endpoint for Windows 10 and the new capabilities in Windows 10, version 1703 see [Microsoft Defender for Endpoint for Windows 10 Creators Update](https://technet.microsoft.com/windows/mt782787). ### Microsoft Defender Antivirus Windows Defender is now called Microsoft Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10). diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index 468c6ddce9..b33762e67f 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -85,9 +85,9 @@ The AssignedAccess CSP has been expanded to make it easy for administrators to c **Windows security baselines** have been updated for Windows 10. A [security baseline](https://docs.microsoft.com/windows/device-security/windows-security-baselines) is a group of Microsoft-recommended configuration settings and explains their security impact. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](https://docs.microsoft.com/windows/device-security/security-compliance-toolkit-10). -### Windows Defender ATP +### Microsoft Defender for Endpoint -Windows Defender ATP has been expanded with powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management. For more information, see [View the Windows Defender Advanced Threat Protection Security analytics dashboard](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection). +Microsoft Defender for Endpoint has been expanded with powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management. For more information, see [View the Microsoft Defender for Endpoint Security analytics dashboard](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection). ### Windows Defender Application Guard @@ -149,7 +149,7 @@ Several network stack enhancements are available in this release. Some of these [Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features.
[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.
[What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware.
-[Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709. +[Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Microsoft Defender for Endpoint in Windows 10, version 1709. [Threat protection on Windows 10](https://docs.microsoft.com/windows/security/threat-protection/):Detects advanced attacks and data breaches, automates security incidents and improves security posture.
diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index 93bcfb411b..f18ad34787 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -173,7 +173,7 @@ The new [security baseline for Windows 10 version 1803](https://docs.microsoft.c ### Microsoft Defender Antivirus -Microsoft Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). +Microsoft Defender Antivirus now shares detection status between M365 services and interoperates with Microsoft Defender for Endpoint. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus). ### Windows Defender Exploit Guard @@ -181,15 +181,15 @@ Windows Defender Exploit Guard enhanced attack surface area reduction, extended For more information, see [Reduce attack surfaces](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction) -### Windows Defender ATP +### Microsoft Defender for Endpoint -[Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) has been enhanced with many new capabilities. For more information, see the following topics: +[Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) has been enhanced with many new capabilities. For more information, see the following topics: -- [Query data using Advanced hunting in Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) +- [Query data using Advanced hunting in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) - [Use Automated investigations to investigate and remediate threats](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) - [Enable conditional access to better protect users, devices, and data](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection) -Also see [New capabilities of Windows Defender ATP further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97) +Also see [New capabilities of Microsoft Defender for Endpoint further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97) ### Windows Defender Application Guard @@ -233,5 +233,5 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu - [Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features. - [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10. - [What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware. -- [Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709. +- [Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Microsoft Defender for Endpoint in Windows 10, version 1709. diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index 309ce421df..f748bb87cf 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -133,32 +133,32 @@ Windows Defender Credential Guard has always been an optional feature, but Windo A network connection is now required to set up a new device. As a result, we removed the “skip for now” option in the network setup page in Out Of Box Experience (OOBE). -### Windows Defender ATP +### Microsoft Defender for Endpoint -[Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) has been enhanced with many new capabilities. For more information, see the following topics: +[Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) has been enhanced with many new capabilities. For more information, see the following topics: - [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics)
-Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. +Threat Analytics is a set of interactive reports published by the Microsoft Defender for Endpoint research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. - [Custom detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-custom-detections)
With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. - [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection)
-Windows Defender ATP adds support for this scenario by providing MSSP integration. +Microsoft Defender for Endpoint adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Windows Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools. -- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center)
-Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers. +- [Integration with Azure Defender](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center)
+Microsoft Defender for Endpoint integrates with Azure Defender to provide a comprehensive server protection solution. With this integration Azure Defender can leverage the power of Microsoft Defender for Endpoint to provide improved threat detection for Windows Servers. - [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration)
-Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines. +Microsoft Cloud App Security leverages Microsoft Defender for Endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender for Endpoint monitored machines. - [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019)
-Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. +Microsoft Defender for Endpoint now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. - [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)
-Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor +Onboard supported versions of Windows machines so that they can send sensor data to the Microsoft Defender for Endpoint sensor ## Cloud Clipboard diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md index aed8001e95..fe276072a2 100644 --- a/windows/whats-new/whats-new-windows-10-version-1903.md +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -66,7 +66,7 @@ SetupDiag is a command-line tool that can help diagnose why a Windows 10 update ### Windows Information Protection -With this release, Windows Defender ATP extends discovery and protection of sensitive information with [Auto Labeling](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels#how-wip-protects-automatically-classified-files). +With this release, Microsoft Defender for Endpoint extends discovery and protection of sensitive information with [Auto Labeling](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels#how-wip-protects-automatically-classified-files). ### Security configuration framework @@ -80,15 +80,15 @@ The draft release of the [security configuration baseline settings](https://blog [Intune Security Baselines](https://docs.microsoft.com/intune/security-baselines) (Preview): Now includes many settings supported by Intune that you can use to help secure and protect your users and devices. You can automatically set these settings to values recommended by security teams. -### Microsoft Defender Advanced Threat Protection (ATP): +### Microsoft Defender for Endpoint - [Attack surface area reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) – IT admins can configure devices with advanced web protection that enables them to define allow and deny lists for specific URL’s and IP addresses. - [Next generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) – Controls have been extended to protection from ransomware, credential misuse, and attacks that are transmitted through removable storage. - Integrity enforcement capabilities – Enable remote runtime attestation of Windows 10 platform. - - Tamper-proofing capabilities – Uses virtualization-based security to isolate critical ATP security capabilities away from the OS and attackers. -- [Platform support](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114) – In addition to Windows 10, Windows Defender ATP’s functionality has been extended to support Windows 7 and Windows 8.1 clients, as well as macOS, Linux, and Windows Server with both its Endpoint Detection (EDR) and Endpoint Protection Platform (EPP) capabilities. + - Tamper-proofing capabilities – Uses virtualization-based security to isolate critical Microsoft Defender for Endpoint security capabilities away from the OS and attackers. +- [Platform support](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114) – In addition to Windows 10, Microsoft Defender for Endpoint’s functionality has been extended to support Windows 7 and Windows 8.1 clients, as well as macOS, Linux, and Windows Server with both its Endpoint Detection (EDR) and Endpoint Protection Platform (EPP) capabilities. -### Microsoft Defender ATP next-gen protection technologies: +### Microsoft Defender for Endpoint next-gen protection technologies: - **Advanced machine learning**: Improved with advanced machine learning and AI models that enable it to protect against apex attackers using innovative vulnerability exploit techniques, tools and malware. - **Emergency outbreak protection**: Provides emergency outbreak protection which will automatically update devices with new intelligence when a new outbreak has been detected. diff --git a/windows/whats-new/whats-new-windows-10-version-20H2.md b/windows/whats-new/whats-new-windows-10-version-20H2.md index 8600af198f..b5bcef856d 100644 --- a/windows/whats-new/whats-new-windows-10-version-20H2.md +++ b/windows/whats-new/whats-new-windows-10-version-20H2.md @@ -86,9 +86,9 @@ For more information about what's new in MDM, see [What's new in mobile device e ## Security -### Microsoft Defender Advanced Threat Protection (ATP) +### Microsoft Defender for Endpoint -This release includes improved support for non-ASCII file paths has been added for Microsoft Defender ATP Auto Incident Response (IR). +This release includes improved support for non-ASCII file paths has been added for Microsoft Defender for Endpoint Auto Incident Response (IR). The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) parameter is deprecated in this release. From 0769e70bc9c5f5fad9d0e2f01c600337d3c74154 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) | |EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)
- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)
- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) | -|EDR |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) | +|EDR |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) | |[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)
- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)
| -|Antivirus |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) | -|Antivirus |Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) | +|Antivirus |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) | +|Antivirus |Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) | ## Next step diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md index 38143cfd5f..2ff2a9a7c7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md @@ -71,7 +71,7 @@ To verify that your onboarded devices are properly connected to Microsoft Defend |---------|---------| |- Windows 10
- Windows Server 2019
- Windows Server, version 1803
- Windows Server 2016
- Windows Server 2012 R2 |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test).
Visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. | |macOS
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy).
For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac). | -|Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**:
`mdatp health --field real_time_protection_enabled`.
2. Open a Terminal window, and run the following command:
`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`.
3. Run the following command to list any detected threats:
`mdatp threat list`.
For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). | +|Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**:
`mdatp health --field real_time_protection_enabled`.
2. Open a Terminal window, and run the following command:
`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`.
3. Run the following command to list any detected threats:
`mdatp threat list`.
For more information, see [Microsoft Defender for Endpoint for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). | ## Uninstall Symantec diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md index cc678c90eb..f4f06cbc7b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md +++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md @@ -82,10 +82,10 @@ To enable communication between your devices and Microsoft Defender for Endpoint |:----|:----|:---| |[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) | |EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)
- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)
- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)
- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) | -|EDR |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) | +|EDR |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) | |[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information)
- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)
- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)
- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)
| -|Antivirus |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) | -|Antivirus |Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) | +|Antivirus |macOS:
- 10.15 (Catalina)
- 10.14 (Mojave)
- 10.13 (High Sierra) |[Microsoft -Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) | +|Antivirus |Linux:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) | ## Next step diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md index 7736f20b59..cb44743101 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md @@ -25,7 +25,7 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) With more sophisticated adversaries and new threats emerging frequently and prevalently, it's critical to be able to quickly: diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md index 0e1e460db8..32cb4825cb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md @@ -24,9 +24,9 @@ ms.topic: conceptual **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) +>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) Event timeline is a risk news feed that helps you interpret how risk is introduced into the organization through new vulnerabilities or exploits. You can view events that may impact your organization's risk. For example, you can find new vulnerabilities that were introduced, vulnerabilities that became exploitable, exploit that was added to an exploit kit, and more. diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md b/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md index a7fc785038..b59077b758 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md @@ -23,15 +23,15 @@ ms.topic: conceptual **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-threatindicator-abovefoldlink) +>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-threatindicator-abovefoldlink) Advanced cybersecurity attacks comprise of multiple complex malicious events, attributes, and contextual information. Identifying and deciding which of these activities qualify as suspicious can be a challenging task. Your knowledge of known attributes and abnormal activities specific to your industry is fundamental in knowing when to call an observed behavior as suspicious. -With Microsoft Defender ATP, you can create custom threat alerts that can help you keep track of possible attack activities in your organization. You can flag suspicious events to piece together clues and possibly stop an attack chain. These custom threat alerts will only appear in your organization and will flag events that you set it to track. +With Microsoft Defender for Endpoint, you can create custom threat alerts that can help you keep track of possible attack activities in your organization. You can flag suspicious events to piece together clues and possibly stop an attack chain. These custom threat alerts will only appear in your organization and will flag events that you set it to track. Before creating custom threat alerts, it's important to know the concepts behind alert definitions and indicators of compromise (IOCs) and the relationship between them. @@ -42,9 +42,9 @@ Alert definitions are contextual attributes that can be used collectively to ide IOCs are individually-known malicious events that indicate that a network or device has already been breached. Unlike alert definitions, these indicators are considered as evidence of a breach. They are often seen after an attack has already been carried out and the objective has been reached, such as exfiltration. Keeping track of IOCs is also important during forensic investigations. Although it might not provide the ability to intervene with an attack chain, gathering these indicators can be useful in creating better defenses for possible future attacks. ## Relationship between alert definitions and IOCs -In the context of Microsoft Defender ATP, alert definitions are containers for IOCs and defines the alert, including the metadata that is raised in case of a specific IOC match. Various metadata is provided as part of the alert definitions. Metadata such as alert definition name of attack, severity, and description is provided along with other options. +In the context of Microsoft Defender for Endpoint, alert definitions are containers for IOCs and defines the alert, including the metadata that is raised in case of a specific IOC match. Various metadata is provided as part of the alert definitions. Metadata such as alert definition name of attack, severity, and description is provided along with other options. -Each IOC defines the concrete detection logic based on its type and value as well as its action, which determines how it is matched. It is bound to a specific alert definition that defines how a detection is displayed as an alert on the Microsoft Defender ATP console. +Each IOC defines the concrete detection logic based on its type and value as well as its action, which determines how it is matched. It is bound to a specific alert definition that defines how a detection is displayed as an alert on the Microsoft Defender for Endpoint console. Here is an example of an IOC: - Type: Sha1 @@ -58,11 +58,11 @@ IOCs have a many-to-one relationship with alert definitions such that an alert d Topic | Description :---|:--- [Pull detections to your SIEM tools](configure-siem.md)| Learn about different ways to pull detections. -[Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools. -[Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)| Learn about installing the REST API Modular Input App and other configuration settings to enable Splunk to pull Microsoft Defender ATP detections. -[Configure HP ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Microsoft Defender ATP detections. -[Microsoft Defender ATP Detection fields](api-portal-mapping.md) | Understand what data fields are exposed as part of the alerts API and how they map to Microsoft Defender Security Center. -[Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md) | Use the Client credentials OAuth 2.0 flow to pull detections from Microsoft Defender ATP using REST API. +[Enable SIEM integration in Microsoft Defender for Endpoint](enable-siem-integration.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools. +[Configure Splunk to pull Microsoft Defender for Endpoint detections](configure-splunk.md)| Learn about installing the REST API Modular Input App and other configuration settings to enable Splunk to pull Microsoft Defender for Endpoint detections. +[Configure HP ArcSight to pull Microsoft Defender for Endpoint detections](configure-arcsight.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Microsoft Defender for Endpoint detections. +[Microsoft Defender for Endpoint Detection fields](api-portal-mapping.md) | Understand what data fields are exposed as part of the alerts API and how they map to Microsoft Defender Security Center. +[Pull Microsoft Defender for Endpoint detections using REST API](pull-alerts-using-rest-api.md) | Use the Client credentials OAuth 2.0 flow to pull detections from Microsoft Defender for Endpoint using REST API. [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md) | Address issues you might encounter when using the SIEM integration feature. diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md index 937906e7a6..6d2a5bffc3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md @@ -18,37 +18,37 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- -# Microsoft Defender ATP and other Microsoft solutions +# Microsoft Defender for Endpoint and other Microsoft solutions [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) ## Integrate with other Microsoft solutions - Microsoft Defender ATP directly integrates with various Microsoft solutions. + Microsoft Defender for Endpoint directly integrates with various Microsoft solutions. ### Azure Advanced Threat Protection (Azure ATP) - Suspicious activities are processes running under a user context. The integration between Microsoft Defender ATP and Azure ATP provides the flexibility of conducting cyber security investigation across activities and identities. + Suspicious activities are processes running under a user context. The integration between Microsoft Defender for Endpoint and Azure ATP provides the flexibility of conducting cyber security investigation across activities and identities. ### Azure Security Center -Microsoft Defender ATP provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers. +Microsoft Defender for Endpoint provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers. ### Azure Information Protection Keep sensitive data secure while enabling productivity in the workplace through data discovery and data protection. ### Conditional Access -Microsoft Defender ATP's dynamic device risk score is integrated into the Conditional Access evaluation, ensuring that only secure devices have access to resources. +Microsoft Defender for Endpoint's dynamic device risk score is integrated into the Conditional Access evaluation, ensuring that only secure devices have access to resources. ### Microsoft Cloud App Security -Microsoft Cloud App Security leverages Microsoft Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender ATP monitored devices. +Microsoft Cloud App Security leverages Microsoft Defender for Endpoint endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender for Endpoint monitored devices. ### Office 365 Advanced Threat Protection (Office 365 ATP) -[Office 365 ATP](https://docs.microsoft.com/office365/securitycompliance/office-365-atp) helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Office 365 ATP and Microsoft Defender ATP enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked. +[Office 365 ATP](https://docs.microsoft.com/office365/securitycompliance/office-365-atp) helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Office 365 ATP and Microsoft Defender for Endpoint enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked. >[!NOTE] > Office 365 ATP data is displayed for events within the last 30 days. For alerts, Office 365 ATP data is displayed based on first activity time. After that, the data is no longer available in Office 365 ATP. @@ -57,7 +57,7 @@ Microsoft Cloud App Security leverages Microsoft Defender ATP endpoint signals t The Skype for Business integration provides a way for analysts to communicate with a potentially compromised user or device owner through a simple button from the portal. ## Microsoft Threat Protection - With Microsoft Threat Protection, Microsoft Defender ATP and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks. + With Microsoft Threat Protection, Microsoft Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks. [Learn more about Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md index 6690a9a308..221de57589 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md @@ -17,13 +17,13 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Threat protection report in Microsoft Defender ATP +# Threat protection report in Microsoft Defender for Endpoint [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) The threat protection report provides high-level information about alerts generated in your organization. The report includes trending information showing the detection sources, categories, severities, statuses, classifications, and determinations of alerts across time. @@ -61,7 +61,7 @@ While the alert trends shows trending alert information, the alert summary shows ## Alert attributes The report is made up of cards that display the following alert attributes: -- **Detection sources**: shows information about the sensors and detection technologies that provide the data used by Microsoft Defender ATP to trigger alerts. +- **Detection sources**: shows information about the sensors and detection technologies that provide the data used by Microsoft Defender for Endpoint to trigger alerts. - **Threat categories**: shows the types of threat or attack activity that triggered alerts, indicating possible focus areas for your security operations. diff --git a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md index a527797436..2b37172304 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md @@ -21,9 +21,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - See the corresponding [Indicators page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal. diff --git a/windows/security/threat-protection/microsoft-defender-atp/time-settings.md b/windows/security/threat-protection/microsoft-defender-atp/time-settings.md index 173c407eda..f8fe1639aa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/time-settings.md +++ b/windows/security/threat-protection/microsoft-defender-atp/time-settings.md @@ -23,11 +23,11 @@ ms.topic: article **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-settings-abovefoldlink) +>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-settings-abovefoldlink) Use the **Time zone** menu  to configure the time zone and view license information. @@ -36,27 +36,27 @@ The aspect of time is important in the assessment and analysis of perceived and Cyberforensic investigations often rely on time stamps to piece together the sequence of events. It’s important that your system reflects the correct time zone settings. -Microsoft Defender ATP can display either Coordinated Universal Time (UTC) or local time. +Microsoft Defender for Endpoint can display either Coordinated Universal Time (UTC) or local time. -Your current time zone setting is shown in the Microsoft Defender ATP menu. You can change the displayed time zone in the **Time zone** menu. +Your current time zone setting is shown in the Microsoft Defender for Endpoint menu. You can change the displayed time zone in the **Time zone** menu. . ### UTC time zone -Microsoft Defender ATP uses UTC time by default. +Microsoft Defender for Endpoint uses UTC time by default. -Setting the Microsoft Defender ATP time zone to UTC will display all system timestamps (alerts, events, and others) in UTC for all users. This can help security analysts working in different locations across the globe to use the same time stamps while investigating events. +Setting the Microsoft Defender for Endpoint time zone to UTC will display all system timestamps (alerts, events, and others) in UTC for all users. This can help security analysts working in different locations across the globe to use the same time stamps while investigating events. ### Local time zone -You can choose to have Microsoft Defender ATP use local time zone settings. All alerts and events will be displayed using your local time zone. +You can choose to have Microsoft Defender for Endpoint use local time zone settings. All alerts and events will be displayed using your local time zone. -The local time zone is taken from your device’s regional settings. If you change your regional settings, the Microsoft Defender ATP time zone will also change. Choosing this setting means that the timestamps displayed in Microsoft Defender ATP will be aligned to local time for all Microsoft Defender ATP users. Analysts located in different global locations will now see the Microsoft Defender ATP alerts according to their regional settings. +The local time zone is taken from your device’s regional settings. If you change your regional settings, the Microsoft Defender for Endpoint time zone will also change. Choosing this setting means that the timestamps displayed in Microsoft Defender for Endpoint will be aligned to local time for all Microsoft Defender for Endpoint users. Analysts located in different global locations will now see the Microsoft Defender for Endpoint alerts according to their regional settings. Choosing to use local time can be useful if the analysts are located in a single location. In this case it might be easier to correlate events to local time, for example – when a local user clicked on a suspicious email link. ### Set the time zone -The Microsoft Defender ATP time zone is set by default to UTC. -Setting the time zone also changes the times for all Microsoft Defender ATP views. +The Microsoft Defender for Endpoint time zone is set by default to UTC. +Setting the time zone also changes the times for all Microsoft Defender for Endpoint views. To set the time zone: 1. Click the **Time zone** menu . @@ -64,7 +64,7 @@ To set the time zone: 3. Select **Timezone UTC** or your local time zone, for example -7:00. ### Regional settings -To apply different date formats for Microsoft Defender ATP, use regional settings for Internet Explorer (IE) and Microsoft Edge (Edge). If you're using another browser such as Google Chrome, follow the required steps to change the time and date settings for that browser. +To apply different date formats for Microsoft Defender for Endpoint, use regional settings for Internet Explorer (IE) and Microsoft Edge (Edge). If you're using another browser such as Google Chrome, follow the required steps to change the time and date settings for that browser. **Internet Explorer (IE) and Microsoft Edge** diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md index 5869c9d23d..f860930a0a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md @@ -24,7 +24,7 @@ ms.custom: asr **Applies to:** -* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) When you use [attack surface reduction rules](attack-surface-reduction.md) you may run into issues, such as: diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md index 30017b4ca8..d61d81721d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md @@ -17,20 +17,20 @@ ms.collection: M365-security-compliance ms.topic: troubleshooting --- -# Collect support logs in Microsoft Defender ATP using live response +# Collect support logs in Microsoft Defender for Endpoint using live response **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -When contacting support, you may be asked to provide the output package of the Microsoft Defender ATP Client Analyzer tool. +When contacting support, you may be asked to provide the output package of the Microsoft Defender for Endpoint Client Analyzer tool. This topic provides instructions on how to run the tool via Live Response. 1. Download the appropriate script - * Microsoft Defender ATP client sensor logs only: [LiveAnalyzer.ps1 script](https://aka.ms/MDATPLiveAnalyzer). + * Microsoft Defender for Endpoint client sensor logs only: [LiveAnalyzer.ps1 script](https://aka.ms/MDATPLiveAnalyzer). - Result package approximate size: ~100Kb - * Microsoft Defender ATP client sensor and Antivirus logs: [LiveAnalyzer+MDAV.ps1 script](https://aka.ms/MDATPLiveAnalyzerAV). + * Microsoft Defender for Endpoint client sensor and Antivirus logs: [LiveAnalyzer+MDAV.ps1 script](https://aka.ms/MDATPLiveAnalyzerAV). - Result package approximate size: ~10Mb 2. Initiate a [Live Response session](live-response.md#initiate-a-live-response-session-on-a-device) on the machine you need to investigate. @@ -72,4 +72,4 @@ This topic provides instructions on how to run the tool via Live Response. > GetFile "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\MDATPClientAnalyzerResult.zip" -auto > ``` > -> - For more information on gathering data locally on a machine in case the machine isn't communicating with Microsoft Defender ATP cloud services, or does not appear in MDATP portal as expected, see [Verify client connectivity to Microsoft Defender ATP service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls). +> - For more information on gathering data locally on a machine in case the machine isn't communicating with Microsoft Defender for Endpoint cloud services, or does not appear in MDATP portal as expected, see [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls). diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md index aff164b095..3b515a9853 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md @@ -23,7 +23,7 @@ manager: dansimp **Applies to:** -* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) When you create a set of exploit protection mitigations (known as a configuration), you might find that the configuration export and import process does not remove all unwanted mitigations. diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md index e044d0457b..01836bb8c5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md @@ -37,13 +37,13 @@ Make sure that `*.securitycenter.windows.com` is included the proxy allow list. > [!NOTE] > You must use the HTTPS protocol when adding the following endpoints. -## Microsoft Defender ATP service shows event or error logs in the Event Viewer +## Microsoft Defender for Endpoint service shows event or error logs in the Event Viewer -See the topic [Review events and errors using Event Viewer](event-error-codes.md) for a list of event IDs that are reported by the Microsoft Defender ATP service. The topic also contains troubleshooting steps for event errors. +See the topic [Review events and errors using Event Viewer](event-error-codes.md) for a list of event IDs that are reported by the Microsoft Defender for Endpoint service. The topic also contains troubleshooting steps for event errors. -## Microsoft Defender ATP service fails to start after a reboot and shows error 577 +## Microsoft Defender for Endpoint service fails to start after a reboot and shows error 577 -If onboarding devices successfully completes but Microsoft Defender ATP does not start after a reboot and shows error 577, check that Windows Defender is not disabled by a policy. +If onboarding devices successfully completes but Microsoft Defender for Endpoint does not start after a reboot and shows error 577, check that Windows Defender is not disabled by a policy. For more information, see [Ensure that Microsoft Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy). @@ -65,15 +65,15 @@ The following date and time formats are currently not supported: **Use of comma to indicate thousand**
Support of use of comma as a separator in numbers are not supported. Regions where a number is separated with a comma to indicate a thousand, will only see the use of a dot as a separator. For example, 15,5K is displayed as 15.5K. ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-troubleshoot-belowfoldlink) +>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-troubleshoot-belowfoldlink) -## Microsoft Defender ATP tenant was automatically created in Europe -When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created. The Microsoft Defender ATP data is stored in Europe by default. +## Microsoft Defender for Endpoint tenant was automatically created in Europe +When you use Azure Security Center to monitor servers, a Microsoft Defender for Endpoint tenant is automatically created. The Microsoft Defender for Endpoint data is stored in Europe by default. ## Related topics -- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md) +- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md) - [Review events and errors using Event Viewer](event-error-codes.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md index bea92c57cf..522973a893 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md @@ -23,7 +23,7 @@ manager: dansimp **Applies to:** -* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) * IT administrators diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md index 73945ccbcd..ce25cadea3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md @@ -24,19 +24,19 @@ ms.topic: troubleshooting **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink) +>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink) -This page provides detailed steps to troubleshoot issues that might occur when setting up your Microsoft Defender ATP service. +This page provides detailed steps to troubleshoot issues that might occur when setting up your Microsoft Defender for Endpoint service. If you receive an error message, Microsoft Defender Security Center will provide a detailed explanation on what the issue is and relevant links will be supplied. ## No subscriptions found -If while accessing Microsoft Defender Security Center you get a **No subscriptions found** message, it means the Azure Active Directory (Azure AD) used to log in the user to the portal, does not have a Microsoft Defender ATP license. +If while accessing Microsoft Defender Security Center you get a **No subscriptions found** message, it means the Azure Active Directory (Azure AD) used to log in the user to the portal, does not have a Microsoft Defender for Endpoint license. Potential reasons: - The Windows E5 and Office E5 licenses are separate licenses. @@ -44,14 +44,14 @@ Potential reasons: - It could be a license provisioning issue. - It could be you inadvertently provisioned the license to a different Microsoft Azure AD than the one used for authentication into the service. -For both cases, you should contact Microsoft support at [General Microsoft Defender ATP Support](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636419533611396913) or +For both cases, you should contact Microsoft support at [General Microsoft Defender for Endpoint Support](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636419533611396913) or [Volume license support](https://www.microsoft.com/licensing/servicecenter/Help/Contact.aspx).  ## Your subscription has expired -If while accessing Microsoft Defender Security Center you get a **Your subscription has expired** message, your online service subscription has expired. Microsoft Defender ATP subscription, like any other online service subscription, has an expiration date. +If while accessing Microsoft Defender Security Center you get a **Your subscription has expired** message, your online service subscription has expired. Microsoft Defender for Endpoint subscription, like any other online service subscription, has an expiration date. You can choose to renew or extend the license at any point in time. When accessing the portal after the expiration date a **Your subscription has expired** message will be presented with an option to download the device offboarding package, should you choose to not renew the license. @@ -62,7 +62,7 @@ You can choose to renew or extend the license at any point in time. When accessi ## You are not authorized to access the portal -If you receive a **You are not authorized to access the portal**, be aware that Microsoft Defender ATP is a security monitoring, incident investigation and response product, and as such, access to it is restricted and controlled by the user. +If you receive a **You are not authorized to access the portal**, be aware that Microsoft Defender for Endpoint is a security monitoring, incident investigation and response product, and as such, access to it is restricted and controlled by the user. For more information, see, [**Assign user access to the portal**](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection).  diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index 673f3f624c..f6e7c7fc29 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -17,18 +17,18 @@ ms.collection: M365-security-compliance ms.topic: troubleshooting --- -# Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues +# Troubleshoot Microsoft Defender for Endpoint onboarding issues [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Windows Server 2012 R2 - Windows Server 2016 -You might need to troubleshoot the Microsoft Defender ATP onboarding process if you encounter issues. +You might need to troubleshoot the Microsoft Defender for Endpoint onboarding process if you encounter issues. This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the devices. ## Troubleshoot issues with onboarding tools @@ -102,10 +102,10 @@ If none of the event logs and troubleshooting steps work, download the Local scr Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps :---:|:---|:---|:---|:--- 0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding
Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields.
**Troubleshooting steps:**
Check the event IDs in the [View agent onboarding errors in the device event log](#view-agent-onboarding-errors-in-the-device-event-log) section.
Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10). - | | | | Onboarding
Offboarding
SampleSharing | **Possible cause:** Microsoft Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it.
**Troubleshooting steps:** Ensure that the following registry key exists: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
If it doesn't exist, open an elevated command and add the key. + | | | | Onboarding
Offboarding
SampleSharing | **Possible cause:** Microsoft Defender for Endpoint Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it.
**Troubleshooting steps:** Ensure that the following registry key exists: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
If it doesn't exist, open an elevated command and add the key. | | | | SenseIsRunning
OnboardingState
OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed.
**Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot onboarding issues on the device](#troubleshoot-onboarding-issues-on-the-device).
Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10). - | | | | All | **Possible cause:** Attempt to deploy Microsoft Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.
Currently supported platforms:
Enterprise, Education, and Professional.
Server is not supported. - 0x87D101A9 | -2016345687 |SyncML(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | **Possible cause:** Attempt to deploy Microsoft Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.
Currently supported platforms:
Enterprise, Education, and Professional. + | | | | All | **Possible cause:** Attempt to deploy Microsoft Defender for Endpoint on non-supported SKU/Platform, particularly Holographic SKU.
Currently supported platforms:
Enterprise, Education, and Professional.
Server is not supported. + 0x87D101A9 | -2016345687 |SyncML(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | **Possible cause:** Attempt to deploy Microsoft Defender for Endpoint on non-supported SKU/Platform, particularly Holographic SKU.
Currently supported platforms:
Enterprise, Education, and Professional. #### Known issues with non-compliance @@ -127,11 +127,11 @@ Channel name: Admin ID | Severity | Event description | Troubleshooting steps :---|:---|:---|:--- -1819 | Error | Microsoft Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Download the [Cumulative Update for Windows 10, 1607](https://go.microsoft.com/fwlink/?linkid=829760). +1819 | Error | Microsoft Defender for Endpoint CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Download the [Cumulative Update for Windows 10, 1607](https://go.microsoft.com/fwlink/?linkid=829760). ## Troubleshoot onboarding issues on the device -If the deployment tools used does not indicate an error in the onboarding process, but devices are still not appearing in the devices list in an hour, go through the following verification topics to check if an error occurred with the Microsoft Defender ATP agent. +If the deployment tools used does not indicate an error in the onboarding process, but devices are still not appearing in the devices list in an hour, go through the following verification topics to check if an error occurred with the Microsoft Defender for Endpoint agent. - [View agent onboarding errors in the device event log](#view-agent-onboarding-errors-in-the-device-event-log) - [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled) @@ -146,7 +146,7 @@ If the deployment tools used does not indicate an error in the onboarding proces 2. In the **Event Viewer (Local)** pane, expand **Applications and Services Logs** > **Microsoft** > **Windows** > **SENSE**. > [!NOTE] - > SENSE is the internal name used to refer to the behavioral sensor that powers Microsoft Defender ATP. + > SENSE is the internal name used to refer to the behavioral sensor that powers Microsoft Defender for Endpoint. 3. Select **Operational** to load the log. @@ -160,17 +160,17 @@ If the deployment tools used does not indicate an error in the onboarding proces Event ID | Message | Resolution steps :---:|:---|:--- - `5` | Microsoft Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the device has Internet access](#ensure-the-device-has-an-internet-connection). - `6` | Microsoft Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-script.md). - `7` | Microsoft Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the device has Internet access](#ensure-the-device-has-an-internet-connection), then run the entire onboarding process again. - `9` | Microsoft Defender Advanced Threat Protection service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script.md).
If the event happened during offboarding, contact support. -`10` | Microsoft Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script.md).
If the problem persists, contact support. -`15` | Microsoft Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the device has Internet access](#ensure-the-device-has-an-internet-connection). -`17` | Microsoft Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | [Run the onboarding script again](configure-endpoints-script.md). If the problem persists, contact support. -`25` | Microsoft Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support. -`27` | Failed to enable Microsoft Defender Advanced Threat Protection mode in Windows Defender. Onboarding process failed. Failure code: variable | Contact support. + `5` | Microsoft Defender for Endpoint service failed to connect to the server at _variable_ | [Ensure the device has Internet access](#ensure-the-device-has-an-internet-connection). + `6` | Microsoft Defender for Endpoint service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-script.md). + `7` | Microsoft Defender for Endpoint service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the device has Internet access](#ensure-the-device-has-an-internet-connection), then run the entire onboarding process again. + `9` | Microsoft Defender for Endpoint service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script.md).
If the event happened during offboarding, contact support. +`10` | Microsoft Defender for Endpoint service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script.md).
If the problem persists, contact support. +`15` | Microsoft Defender for Endpoint cannot start command channel with URL: _variable_ | [Ensure the device has Internet access](#ensure-the-device-has-an-internet-connection). +`17` | Microsoft Defender for Endpoint service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | [Run the onboarding script again](configure-endpoints-script.md). If the problem persists, contact support. +`25` | Microsoft Defender for Endpoint service failed to reset health status in the registry. Failure code: _variable_ | Contact support. +`27` | Failed to enable Microsoft Defender for Endpoint mode in Windows Defender. Onboarding process failed. Failure code: variable | Contact support. `29` | Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 | Ensure the device has Internet access, then run the entire offboarding process again. -`30` | Failed to disable $(build.sense.productDisplayName) mode in Microsoft Defender Advanced Threat Protection. Failure code: %1 | Contact support. +`30` | Failed to disable $(build.sense.productDisplayName) mode in Microsoft Defender for Endpoint. Failure code: %1 | Contact support. `32` | $(build.sense.productDisplayName) service failed to request to stop itself after offboarding process. Failure code: %1 | Verify that the service start type is manual and reboot the device. `55` | Failed to create the Secure ETW autologger. Failure code: %1 | Reboot the device. `63` | Updating the start type of external service. Name: %1, actual start type: %2, expected start type: %3, exit code: %4 | Identify what is causing changes in start type of mentioned service. If the exit code is not 0, fix the start type manually to expected start type. @@ -180,7 +180,7 @@ Event ID | Message | Resolution steps
-There are additional components on the device that the Microsoft Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Microsoft Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly. +There are additional components on the device that the Microsoft Defender for Endpoint agent depends on to function properly. If there are no onboarding related errors in the Microsoft Defender for Endpoint agent event log, proceed with the following steps to ensure that the additional components are configured correctly. @@ -242,11 +242,11 @@ First, you should check that the service is set to start automatically when Wind ### Ensure the device has an Internet connection -The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service. +The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender for Endpoint service. WinHTTP is independent of the Internet browsing proxy settings and other user context applications and must be able to detect the proxy servers that are available in your particular environment. -To ensure that sensor has service connectivity, follow the steps described in the [Verify client connectivity to Microsoft Defender ATP service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls) topic. +To ensure that sensor has service connectivity, follow the steps described in the [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls) topic. If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) topic. @@ -257,11 +257,11 @@ If the verification fails and your environment is using a proxy to connect to th > > The update ensures that Microsoft Defender Antivirus cannot be turned off on client devices via system policy. -**Problem**: The Microsoft Defender ATP service does not start after onboarding. +**Problem**: The Microsoft Defender for Endpoint service does not start after onboarding. **Symptom**: Onboarding successfully completes, but you see error 577 or error 1058 when trying to start the service. -**Solution**: If your devices are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not turned off by a system policy. +**Solution**: If your devices are running a third-party antimalware client, the Microsoft Defender for Endpoint agent needs the Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not turned off by a system policy. - Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are cleared: @@ -297,9 +297,9 @@ If you encounter issues while onboarding a server, go through the following veri You might also need to check the following: -- Check that there is a Microsoft Defender Advanced Threat Protection Service running in the **Processes** tab in **Task Manager**. For example: +- Check that there is a Microsoft Defender for Endpoint Service running in the **Processes** tab in **Task Manager**. For example: -  +  - Check **Event Viewer** > **Applications and Services Logs** > **Operation Manager** to see if there are any errors. @@ -325,7 +325,7 @@ The steps below provide guidance for the following scenario: - In this scenario, the SENSE service will not start automatically even though onboarding package was deployed > [!NOTE] -> The following steps are only relevant when using Microsoft Endpoint Configuration Manager. For more details about onboarding using Microsoft Endpoint Configuration Manager, see [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection). +> The following steps are only relevant when using Microsoft Endpoint Configuration Manager. For more details about onboarding using Microsoft Endpoint Configuration Manager, see [Microsoft Defender for Endpoint](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection). 1. Create an application in Microsoft Endpoint Configuration Manager. @@ -447,6 +447,6 @@ The steps below provide guidance for the following scenario: ## Related topics -- [Troubleshoot Microsoft Defender ATP](troubleshoot-mdatp.md) +- [Troubleshoot Microsoft Defender for Endpoint](troubleshoot-mdatp.md) - [Onboard devices](onboard-configure.md) - [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md index 765a21fe20..e98e9a3f71 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md @@ -23,7 +23,7 @@ ms.topic: troubleshooting **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) @@ -75,11 +75,11 @@ If you encounter an error when trying to enable the SIEM connector application, ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-troubleshootsiem-belowfoldlink) +>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-troubleshootsiem-belowfoldlink) ## Related topics -- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md) -- [Configure ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md) -- [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md) -- [Microsoft Defender ATP Detection fields](api-portal-mapping.md) -- [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md) +- [Enable SIEM integration in Microsoft Defender for Endpoint](enable-siem-integration.md) +- [Configure ArcSight to pull Microsoft Defender for Endpoint detections](configure-arcsight.md) +- [Configure Splunk to pull Microsoft Defender for Endpoint detections](configure-splunk.md) +- [Microsoft Defender for Endpoint Detection fields](api-portal-mapping.md) +- [Pull Microsoft Defender for Endpoint detections using REST API](pull-alerts-using-rest-api.md) From 5d7a5a9450585db474a01585a10974bd162fc5b9 Mon Sep 17 00:00:00 2001 From: DanPandre <54847950+DanPandre@users.noreply.github.com> Date: Thu, 12 Nov 2020 09:18:42 -0500 Subject: [PATCH 63/85] Update surfacehub-csp.md Added SleepMode documentation --- windows/client-management/mdm/surfacehub-csp.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 330dddba01..f359333477 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -474,6 +474,16 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
The data type is integer. Supported operation is Get and Replace. +**Properties/SleepMode** +
Added in Windows 10, version 20H2. Specifies the type of sleep mode for the Surface Hub. + +
Valid values: + +- 0 - Connected Standby (default) +- 1 - Hibernate + +
The data type is integer. Supported operation is Get and Replace. + **Properties/AllowSessionResume**
Added in Windows 10, version 1703. Specifies whether to allow the ability to resume a session when the session times out.
From 240e29b0064234b17d5b3918ff3eea5985c81004 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha The data type is boolean. Supported operation is Get and Replace.
**InBoxApps/Welcome/CurrentBackgroundPath**
- Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
+ Background image for the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
The data type is string. Supported operation is Get and Replace.
@@ -333,7 +333,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
-> For more information, see [Microsoft Defender ATP preview features](preview.md).
+> For more information, see [Microsoft Defender for Endpoint preview features](preview.md).
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
index 7d007181d1..e9ead66986 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
@@ -23,12 +23,12 @@ ms.topic: conceptual
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
-Threat and vulnerability management uses the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities.
+Threat and vulnerability management uses the same signals in Defender for Endpoint's endpoint protection to scan and detect vulnerabilities.
The **Weaknesses** page lists the software vulnerabilities your devices are exposed to by listing the Common Vulnerabilities and Exposures (CVE) ID. You can also view the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, threat insights, and more.
@@ -152,4 +152,4 @@ Report a false positive when you see any vague, inaccurate, or incomplete inform
- [Security recommendations](tvm-security-recommendation.md)
- [Software inventory](tvm-software-inventory.md)
- [Dashboard insights](tvm-dashboard-insights.md)
-- [View and organize the Microsoft Defender ATP Devices list](machines-view-overview.md)
+- [View and organize the Microsoft Defender for Endpoint Devices list](machines-view-overview.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
index 62b6465eab..be9573342b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
@@ -25,10 +25,10 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
A zero-day vulnerability is a publicly disclosed vulnerability for which no official patches or security updates have been released. Zero-day vulnerabilities often have high severity levels and are actively exploited.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
index 1833077b2c..211e184891 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
@@ -22,9 +22,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
@@ -38,7 +38,7 @@ Undo isolation of a device.
[!include[Device actions note](../../includes/machineactionsnote.md)]
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
index f05f9a4644..49037547d6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
@@ -21,9 +21,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
@@ -37,7 +37,7 @@ Enable execution of any application on the device.
[!include[Device actions note](../../includes/machineactionsnote.md)]
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
index 8d2e4f9a6a..a62ac7611a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
@@ -21,9 +21,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
@@ -38,7 +38,7 @@ Updates properties of existing [Alert](alerts.md).
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/use.md b/windows/security/threat-protection/microsoft-defender-atp/use.md
index a2838a56d7..3b37769671 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/use.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/use.md
@@ -24,11 +24,11 @@ ms.topic: conceptual
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-usewdatp-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-usewdatp-abovefoldlink)
-Microsoft Defender Security Center is the portal where you can access Microsoft Defender Advanced Threat Protection capabilities.
+Microsoft Defender Security Center is the portal where you can access Microsoft Defender for Endpoint capabilities.
Use the **Security operations** dashboard to gain insight on the various alerts on devices and users in your network.
@@ -41,6 +41,6 @@ Use the **Threat analytics** dashboard to continually assess and control risk ex
Topic | Description
:---|:---
[Portal overview](portal-overview.md) | Understand the portal layout and area descriptions.
-[View the Security operations dashboard](security-operations-dashboard.md) | The Microsoft Defender ATP **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the devices on your network, investigate devices, files, and URLs, and see snapshots of threats seen on devices.
+[View the Security operations dashboard](security-operations-dashboard.md) | The Microsoft Defender for Endpoint **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the devices on your network, investigate devices, files, and URLs, and see snapshots of threats seen on devices.
[View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) | The **Threat & Vulnerability Management dashboard** lets you view exposure and Microsoft Secure Score for Devices side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed devices.
[View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to threats. Use the charts to quickly identify devices for the presence or absence of mitigations.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
index 4c08836f95..fa2af61c92 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
@@ -23,9 +23,9 @@ ms.topic: article
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-roles-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-roles-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]
@@ -68,7 +68,7 @@ The following steps guide you on how to create roles in Microsoft Defender Secur
- **Manage portal system settings** - Configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups
> [!NOTE]
- > This setting is only available in the Microsoft Defender ATP administrator (default) role.
+ > This setting is only available in the Microsoft Defender for Endpoint administrator (default) role.
- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab
diff --git a/windows/security/threat-protection/microsoft-defender-atp/user.md b/windows/security/threat-protection/microsoft-defender-atp/user.md
index 3a38c1edfc..948460d6a9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/user.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/user.md
@@ -21,9 +21,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Method|Return Type |Description
:---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
index 9742f5aa9e..df9ae6390d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
@@ -18,12 +18,12 @@ ms.collection: M365-security-compliance
ms.topic: article
---
-# View and organize the Microsoft Defender Advanced Threat Protection Incidents queue
+# View and organize the Microsoft Defender for Endpoint Incidents queue
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
The **Incidents queue** shows a collection of incidents that were flagged from devices in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md
index d91dfe2c07..eaaa313b18 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md
@@ -21,9 +21,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
index 4dd4166246..d8daf9644c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
@@ -24,11 +24,11 @@ ms.topic: article
> [!IMPORTANT]
> **Web content filtering is currently in public preview**
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
-> For more information, see [Microsoft Defender ATP preview features](preview.md).
+> For more information, see [Microsoft Defender for Endpoint preview features](preview.md).
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
-Web content filtering is part of [Web protection](web-protection-overview.md) capabilities in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
+Web content filtering is part of [Web protection](web-protection-overview.md) capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
Configure policies across your device groups to block certain categories. Blocking a category prevents users within specified device groups from accessing URLs associated with the category. For any category that's not blocked, the URLs are automatically audited. Your users can access the URLs without disruption, and you'll gather access statistics to help create a more custom policy decision. Your users will see a block notification if an element on the page they're viewing is making calls to a blocked resource.
@@ -37,7 +37,7 @@ Web content filtering is available on the major web browsers, with blocks perfor
Summarizing the benefits:
- Users are prevented from accessing websites in blocked categories, whether they're browsing on-premises or away
-- Conveniently deploy policies to groups of users using device groups defined in [Microsoft Defender ATP role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
+- Conveniently deploy policies to groups of users using device groups defined in [Microsoft Defender for Endpoint role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
- Access web reports in the same central location, with visibility over actual blocks and web usage
## User experience
@@ -58,7 +58,7 @@ If Windows Defender SmartScreen isn't turned on, Network Protection will take ov
## Data handling
-We will follow whichever region you have elected to use as part of your [Microsoft Defender ATP data handling settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds.
+We will follow whichever region you have elected to use as part of your [Microsoft Defender for Endpoint data handling settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds.
## Turn on web content filtering
diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md
index 071d86602f..8bc1e5811a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md
@@ -21,7 +21,7 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
Web protection lets you monitor your organization’s web browsing security through reports under **Reports > Web protection** in the Microsoft Defender Security Center. The report contains cards that provide web threat detection statistics.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md
index 717f128f7c..998d416c2a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md
@@ -22,9 +22,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
-Web protection in Microsoft Defender ATP is a capability made up of [Web threat protection](web-threat-protection.md) and [Web content filtering](web-content-filtering.md). Web protection lets you secure your devices against web threats and helps you regulate unwanted content. You can find Web protection reports in the Microsoft Defender Security Center by going to **Reports > Web protection**.
+Web protection in Microsoft Defender for Endpoint is a capability made up of [Web threat protection](web-threat-protection.md) and [Web content filtering](web-content-filtering.md). Web protection lets you secure your devices against web threats and helps you regulate unwanted content. You can find Web protection reports in the Microsoft Defender Security Center by going to **Reports > Web protection**.
@@ -43,7 +43,7 @@ The cards that comprise web content filtering are **Web activity by category**,
Web content filtering includes:
- Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away
-- You can conveniently deploy varied policies to various sets of users using the device groups defined in the [Microsoft Defender ATP role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
+- You can conveniently deploy varied policies to various sets of users using the device groups defined in the [Microsoft Defender for Endpoint role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
- You can access web reports in the same central location, with visibility over actual blocks and web usage
## In this section
diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md
index 41fb1e22a8..4d52993b4d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md
@@ -22,12 +22,12 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
-Web protection in Microsoft Defender ATP lets you efficiently investigate and respond to alerts related to malicious websites and websites in your custom indicator list.
+Web protection in Microsoft Defender for Endpoint lets you efficiently investigate and respond to alerts related to malicious websites and websites in your custom indicator list.
## View web threat alerts
-Microsoft Defender ATP generates the following [alerts](manage-alerts.md) for malicious or suspicious web activity:
+Microsoft Defender for Endpoint generates the following [alerts](manage-alerts.md) for malicious or suspicious web activity:
- **Suspicious connection blocked by network protection** — this alert is generated when an attempt to access a malicious website or a website in your custom indicator list is *stopped* by network protection in *block* mode
- **Suspicious connection detected by network protection** — this alert is generated when an attempt to access a malicious website or a website in your custom indicator list is detected by network protection in *audit only* mode
@@ -40,7 +40,7 @@ Each alert provides the following information:
>[!Note]
->To reduce the volume of alerts, Microsoft Defender ATP consolidates web threat detections for the same domain on the same device each day to a single alert. Only one alert is generated and counted into the [web protection report](web-protection-monitoring.md).
+>To reduce the volume of alerts, Microsoft Defender for Endpoint consolidates web threat detections for the same domain on the same device each day to a single alert. Only one alert is generated and counted into the [web protection report](web-protection-monitoring.md).
## Inspect website details
You can dive deeper by selecting the URL or domain of the website in the alert. This opens a page about that particular URL or domain with various information, including:
@@ -59,7 +59,7 @@ You can also check the device that attempted to access a blocked URL. Selecting
## Web browser and Windows notifications for end users
-With web protection in Microsoft Defender ATP, your end users will be prevented from visiting malicious or unwanted websites using Microsoft Edge or other browsers. Because blocking is performed by [network protection](network-protection.md), they will see a generic error from the web browser. They will also see a notification from Windows.
+With web protection in Microsoft Defender for Endpoint, your end users will be prevented from visiting malicious or unwanted websites using Microsoft Edge or other browsers. Because blocking is performed by [network protection](network-protection.md), they will see a generic error from the web browser. They will also see a notification from Windows.
*Web threat blocked on Microsoft Edge*
diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
index 7e173b6a93..48024183fa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
@@ -19,16 +19,16 @@ ms.collection:
ms.topic: conceptual
---
-# What's new in Microsoft Defender ATP
+# What's new in Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-The following features are generally available (GA) in the latest release of Microsoft Defender ATP as well as security features in Windows 10 and Windows Server.
+The following features are generally available (GA) in the latest release of Microsoft Defender for Endpoint as well as security features in Windows 10 and Windows Server.
For more information preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection).
@@ -41,16 +41,16 @@ For more information preview features, see [Preview features](https://docs.micro
> ```
## September 2020
-- [Microsoft Defender ATP for Android](microsoft-defender-atp-android.md)
Microsoft Defender ATP now adds support for Android. Learn how to install, configure, update, and use Microsoft Defender ATP for Android.
+- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Android.
- [Threat and vulnerability management macOS support](tvm-supported-os.md)
Threat and vulnerability management for macOS is now in public preview, and will continuously detect vulnerabilities on your macOS devices to help you prioritize remediation by focusing on risk. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-adds-depth-and-breadth-to-threat/ba-p/1695824).
## July 2020
- [Create indicators for certificates](manage-indicators.md)
Create indicators to allow or block certificates.
## June 2020
-- [Microsoft Defender ATP for Linux](microsoft-defender-atp-linux.md)
Microsoft Defender ATP now adds support for Linux. Learn how to install, configure, update, and use Microsoft Defender ATP for Linux.
+- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
Microsoft Defender for Endpoint now adds support for Linux. Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Linux.
-- [Attack simulators in the evaluation lab](evaluation-lab.md#threat-simulator-scenarios)
Microsoft Defender ATP has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal.
+- [Attack simulators in the evaluation lab](evaluation-lab.md#threat-simulator-scenarios)
Microsoft Defender for Endpoint has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal.
## April 2020
@@ -59,7 +59,7 @@ For more information preview features, see [Preview features](https://docs.micro
## November-December 2019
-- [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md)
Microsoft Defender ATP for Mac brings the next-generation protection to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices, including [endpoint detection and response](endpoint-detection-response-mac-preview.md).
+- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md)
Microsoft Defender for Endpoint for Mac brings the next-generation protection to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices, including [endpoint detection and response](endpoint-detection-response-mac-preview.md).
- [Threat & Vulnerability Management application and application version end-of-life information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
Applications and application versions which have reached their end-of-life are tagged or labeled as such so you are aware that they will no longer be supported, and can take action to either uninstall or replace. Doing so will help lessen the risks related to various vulnerability exposures due to unpatched applications.
@@ -74,9 +74,9 @@ For more information preview features, see [Preview features](https://docs.micro
- [Microsoft Threat Experts - Experts on Demand](microsoft-threat-experts.md)
You now have the option to consult with Microsoft Threat Experts from several places in the portal to help you in the context of your investigation.
-- [Connected Azure AD applications](connected-applications.md)
The Connected applications page provides information about the Azure AD applications connected to Microsoft Defender ATP in your organization.
+- [Connected Azure AD applications](connected-applications.md)
The Connected applications page provides information about the Azure AD applications connected to Microsoft Defender for Endpoint in your organization.
-- [API Explorer](api-explorer.md)
The API explorer makes it easy to construct and perform API queries, test and send requests for any available Microsoft Defender ATP API endpoint.
+- [API Explorer](api-explorer.md)
The API explorer makes it easy to construct and perform API queries, test and send requests for any available Microsoft Defender for Endpoint API endpoint.
## September 2019
@@ -85,7 +85,7 @@ For more information preview features, see [Preview features](https://docs.micro
- [Live response](live-response.md)
Get instantaneous access to a device using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats - real-time.
-- [Evaluation lab](evaluation-lab.md)
The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can
+- [Evaluation lab](evaluation-lab.md)
The Microsoft Defender for Endpoint evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can
focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-2008-r2-sp1--windows-server-2012-r2-and-windows-server-2016)
You can now onboard Windows Server 2008 R2 SP1.
@@ -102,25 +102,25 @@ For more information preview features, see [Preview features](https://docs.micro
- [Threat protection reports](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection)
The threat protection report provides high-level information about alerts generated in your organization.
-- [Microsoft Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)
Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.
+- [Microsoft Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)
Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender for Endpoint that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.
- [Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ti-indicator)
APIs for indicators are now generally available.
-- [Interoperability](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/partner-applications)
Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
+- [Interoperability](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/partner-applications)
Microsoft Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
## April 2019
- [Microsoft Threat Experts Targeted Attack Notification capability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts#targeted-attack-notification)
Microsoft Threat Experts' Targeted Attack Notification alerts are tailored to organizations to provide as much information as can be quickly delivered thus bringing attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion.
-- [Microsoft Defender ATP API](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/apis-intro)
Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities.
+- [Microsoft Defender for Endpoint API](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/apis-intro)
Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender for Endpoint capabilities.
## February 2019
-- [Incidents](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/incidents-queue)
Incident is a new entity in Microsoft Defender ATP that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats.
+- [Incidents](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/incidents-queue)
Incident is a new entity in Microsoft Defender for Endpoint that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats.
-- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)
Onboard supported versions of Windows devices so that they can send sensor data to the Microsoft Defender ATP sensor.
+- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)
Onboard supported versions of Windows devices so that they can send sensor data to the Microsoft Defender for Endpoint sensor.
## October 2018
@@ -130,16 +130,16 @@ For more information preview features, see [Preview features](https://docs.micro
- [Custom detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-custom-detections)
With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of advanced hunting through the creation of custom detection rules.
-- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center)
Microsoft Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers.
+- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center)
Microsoft Defender for Endpoint integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Microsoft Defender for Endpoint to provide improved threat detection for Windows Servers.
-- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection)
Microsoft Defender ATP adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Microsoft Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools.
+- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection)
Microsoft Defender for Endpoint adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Microsoft Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools.
-- [Removable device control](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/)
Microsoft Defender ATP provides multiple monitoring and control features to help prevent threats from removable devices, including new settings to allow or block specific hardware IDs.
+- [Removable device control](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/)
Microsoft Defender for Endpoint provides multiple monitoring and control features to help prevent threats from removable devices, including new settings to allow or block specific hardware IDs.
- [Support for iOS and Android devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection#turn-on-third-party-integration)
iOS and Android devices are now supported and can be onboarded to the service.
- [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics)
-Threat Analytics is a set of interactive reports published by the Microsoft Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
+Threat Analytics is a set of interactive reports published by the Microsoft Defender for Endpoint research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
- New in Windows 10 version 1809, there are two new attack surface reduction rules:
- Block Adobe Reader from creating child processes
@@ -154,7 +154,7 @@ Threat Analytics is a set of interactive reports published by the Microsoft Defe
## March 2018
- [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
-Query data using advanced hunting in Microsoft Defender ATP.
+Query data using advanced hunting in Microsoft Defender for Endpoint.
- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
New attack surface reduction rules:
@@ -171,21 +171,21 @@ Query data using advanced hunting in Microsoft Defender ATP.
- [Conditional Access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection)
Enable conditional access to better protect users, devices, and data.
-- [Microsoft Defender ATP Community center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection)
- The Microsoft Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product.
+- [Microsoft Defender for Endpoint Community center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection)
+ The Microsoft Defender for Endpoint Community Center is a place where community members can learn, collaborate, and share experiences about the product.
- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)
You can now block untrusted processes from writing to disk sectors using Controlled Folder Access.
- [Onboard non-Windows devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection)
- Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network.
+ Microsoft Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network.
- [Role-based access control (RBAC)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection)
Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the portal.
- [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
-Microsoft Defender Antivirus now shares detection status between M365 services and interoperates with Microsoft Defender ATP. For more information, see [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus).
+Microsoft Defender Antivirus now shares detection status between M365 services and interoperates with Microsoft Defender for Endpoint. For more information, see [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus).
Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus).
From f98eda8a43e56ebb3221d08eb13f80dbcd382f6b Mon Sep 17 00:00:00 2001
From: Daniel Simpson
-To further reinforce the security perimeter of your network,Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats.
+To further reinforce the security perimeter of your network, Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats.
- [Behavior monitoring](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus)
- [Cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus)
From 0361ec4031b0b08e7e20bce057194c4a2f06e2d9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
+0
-Never timeout Never time out
1
1 minute
@@ -385,7 +385,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
+0
-Never timeout Never time out
1
1 minute (default)
@@ -437,7 +437,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
+0
-Never timeout Never time out
1
1 minute
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 125734b5c8..6517390e32 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -52,7 +52,7 @@ Supported operations include Get, Add, and Delete.
Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect.
**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId
-A sequential integer identifier which allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers.
+A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers.
Supported operations include Get, Add, Replace, and Delete.
@@ -132,7 +132,7 @@ Returns the namespace type. This value can be one of the following:
Value type is chr. Supported operation is Get.
**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DnsServers**
-List of comma separated DNS Server IP addresses to use for the namespace.
+List of comma-separated DNS Server IP addresses to use for the namespace.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@@ -202,7 +202,7 @@ Numeric value from 0-255 representing the IP protocol to allow. For example, TCP
Value type is int. Supported operations include Get, Add, Replace, and Delete.
**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/LocalPortRanges**
-A list of comma separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`.
+A list of comma-separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`.
> [!NOTE]
> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
@@ -210,7 +210,7 @@ A list of comma separated values specifying local port ranges to allow. For exam
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RemotePortRanges**
-A list of comma separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`.
+A list of comma-separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`.
> [!NOTE]
> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
@@ -218,12 +218,12 @@ A list of comma separated values specifying remote port ranges to allow. For exa
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/LocalAddressRanges**
-A list of comma separated values specifying local IP address ranges to allow.
+A list of comma-separated values specifying local IP address ranges to allow.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RemoteAddressRanges**
-A list of comma separated values specifying remote IP address ranges to allow.
+A list of comma-separated values specifying remote IP address ranges to allow.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@@ -243,7 +243,7 @@ Added in Windows 10, version 2004. Specifies the traffic direction to apply this
- Outbound - The rule applies to all outbound traffic
- Inbound - The rule applies to all inbound traffic
-If no inbound filter is provided, then by default all unsolicated inbound traffic will be blocked.
+If no inbound filter is provided, then by default all unsolicited inbound traffic will be blocked.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@@ -327,7 +327,7 @@ Valid values:
- True = Register the connection's addresses in DNS.
**VPNv2/**ProfileName**/DnsSuffix**
-Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
+Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@@ -436,7 +436,7 @@ Required for native profiles. Public or routable IP address or DNS name for the
The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name.
-You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com.
+You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
From 78eaf0bfa833e9f160ebc18a366886df93882aac Mon Sep 17 00:00:00 2001
From: Anna-Li <70676128+xl989@users.noreply.github.com>
Date: Fri, 13 Nov 2020 14:27:49 +0800
Subject: [PATCH 75/85] CI_125045_Update_credential-guard-manage.md
---
.../credential-guard/credential-guard-manage.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 742dd80951..1d0b90717a 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -160,7 +160,7 @@ You can view System Information to check that Windows Defender Credential Guard
2. Click **System Summary**.
-3. Confirm that **Credential Guard** is shown next to **Virtualization-based security Services Configured**.
+3. Confirm that **Credential Guard** is shown next to **Virtualization-based security Services Running**.
Here's an example:
From 57d4a81f864e20be0868457bc01c3c9220fed7e3 Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Fri, 13 Nov 2020 17:28:00 +0100
Subject: [PATCH 76/85] Update configure-server-endpoints.md
Use the Workspace ID you obtained and replacing `WorkspaceID`
updated script as it did not work :)
---
.../microsoft-defender-atp/configure-server-endpoints.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index ad4b3d8853..0af0c2d391 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -249,12 +249,14 @@ To offboard the Windows server, you can use either of the following methods:
2. Open an elevated PowerShell and run the following command. Use the Workspace ID you obtained and replacing `WorkspaceID`:
```powershell
+ $ErrorActionPreference = "SilentlyContinue"
# Load agent scripting object
$AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg
# Remove OMS Workspace
- $AgentCfg.RemoveCloudWorkspace($WorkspaceID)
+ $AgentCfg.RemoveCloudWorkspace("WorkspaceID")
# Reload the configuration and apply changes
$AgentCfg.ReloadConfiguration()
+
```
## Related topics
- [Onboard Windows 10 devices](configure-endpoints.md)
From a8bfdbb3d3ad86781d5ed8b0c041c354b0bd8652 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
- If the app you want to configure is already listed, click it and then click **Edit**.
- If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app.
- - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
- - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
+ - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
+ - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You are notified if you need to restart the process or app, or if you need to restart Windows.
@@ -70,12 +70,12 @@ You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Au
If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work:
-Enabled in **Program settings** | Enabled in **System settings** | Behavior
--|-|-
-[!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)] | As defined in **Program settings**
-[!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | As defined in **Program settings**
-[!include[Check mark no](../images/svg/check-no.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | As defined in **System settings**
-[!include[Check mark no](../images/svg/check-no.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | Default as defined in **Use default** option
+|Enabled in **Program settings** | Enabled in **System settings** | Behavior |
+|:---|:---|:---|
+|[!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)] | As defined in **Program settings** |
+|[!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | As defined in **Program settings** |
+|[!include[Check mark no](../images/svg/check-no.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | As defined in **System settings** |
+|[!include[Check mark no](../images/svg/check-no.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | Default as defined in **Use default** option |
### Example 1: Mikael configures Data Execution Prevention in system settings section to be off by default
@@ -98,8 +98,8 @@ The result will be that DEP will be enabled for *test.exe*. DEP will not be enab
3. Go to **Program settings** and choose the app you want to apply mitigations to.
- If the app you want to configure is already listed, click it and then click **Edit**.
- If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app.
- - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
- - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
+ - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
+ - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
@@ -209,29 +209,29 @@ Set-Processmitigation -Name test.exe -Remove -Disable DEP
This table lists the PowerShell cmdlets (and associated audit mode cmdlet) that can be used to configure each mitigation.
-Mitigation | Applies to | PowerShell cmdlets | Audit mode cmdlet
--|-|-|-
-Control flow guard (CFG) | System and app-level | CFG, StrictCFG, SuppressExports | Audit not available
-Data Execution Prevention (DEP) | System and app-level | DEP, EmulateAtlThunks | Audit not available
-Force randomization for images (Mandatory ASLR) | System and app-level | ForceRelocateImages | Audit not available
-Randomize memory allocations (Bottom-Up ASLR) | System and app-level | BottomUp, HighEntropy | Audit not available
-Validate exception chains (SEHOP) | System and app-level | SEHOP, SEHOPTelemetry | Audit not available
-Validate heap integrity | System and app-level | TerminateOnHeapError | Audit not available
-Arbitrary code guard (ACG) | App-level only | DynamicCode | AuditDynamicCode
-Block low integrity images | App-level only | BlockLowLabel | AuditImageLoad
-Block remote images | App-level only | BlockRemoteImages | Audit not available
-Block untrusted fonts | App-level only | DisableNonSystemFonts | AuditFont, FontAuditOnly
-Code integrity guard | App-level only | BlockNonMicrosoftSigned, AllowStoreSigned | AuditMicrosoftSigned, AuditStoreSigned
-Disable extension points | App-level only | ExtensionPoint | Audit not available
-Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall
-Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess
-Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter \[1\] | Audit not available\[2\]
-Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available\[2\]
-Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available\[2\]
-Validate API invocation (CallerCheck) | App-level only | EnableRopCallerCheck | Audit not available\[2\]
-Validate handle usage | App-level only | StrictHandle | Audit not available
-Validate image dependency integrity | App-level only | EnforceModuleDepencySigning | Audit not available
-Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot | Audit not available\[2\]
+|Mitigation | Applies to | PowerShell cmdlets | Audit mode cmdlet |
+|:---|:---|:---|:---|
+|Control flow guard (CFG) | System and app-level | CFG, StrictCFG, SuppressExports | Audit not available |
+|Data Execution Prevention (DEP) | System and app-level | DEP, EmulateAtlThunks | Audit not available |
+|Force randomization for images (Mandatory ASLR) | System and app-level | ForceRelocateImages | Audit not available |
+|Randomize memory allocations (Bottom-Up ASLR) | System and app-level | BottomUp, HighEntropy | Audit not available
+|Validate exception chains (SEHOP) | System and app-level | SEHOP, SEHOPTelemetry | Audit not available
+|Validate heap integrity | System and app-level | TerminateOnHeapError | Audit not available
+|Arbitrary code guard (ACG) | App-level only | DynamicCode | AuditDynamicCode
+|Block low integrity images | App-level only | BlockLowLabel | AuditImageLoad
+|Block remote images | App-level only | BlockRemoteImages | Audit not available
+|Block untrusted fonts | App-level only | DisableNonSystemFonts | AuditFont, FontAuditOnly
+|Code integrity guard | App-level only | BlockNonMicrosoftSigned, AllowStoreSigned | AuditMicrosoftSigned, AuditStoreSigned
+|Disable extension points | App-level only | ExtensionPoint | Audit not available
+|Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall
+|Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess
+|Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter \[1\] | Audit not available\[2\] |
+||Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available\[2\] |
+|Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available\[2\] |
+|Validate API invocation (CallerCheck) | App-level only | EnableRopCallerCheck | Audit not available\[2\] |
+|Validate handle usage | App-level only | StrictHandle | Audit not available |
+|Validate image dependency integrity | App-level only | EnforceModuleDepencySigning | Audit not available |
+|Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot | Audit not available\[2\] |
\[1\]: Use the following format to enable EAF modules for DLLs for a process:
@@ -243,7 +243,7 @@ Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlu
See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
-## Related topics
+## See also
* [Evaluate exploit protection](evaluate-exploit-protection.md)
* [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
From f537f713a3ae332b1944c41305e4149343b44399 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
- [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) |
+| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node:
-Properties/SleepMode |
## October 2020
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index ee9ee3c5f7..15c29f831f 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -27,6 +27,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
|New or updated article|Description|
|-----|-----|
| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
- [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
- [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
- [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) |
+| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node:
-Properties/SleepMode |
| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node:
- Settings/AllowWindowsDefenderApplicationGuard |
## What’s new in MDM for Windows 10, version 2004
From 91b3e607050566f388d91047328a959114925e75 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila
`file2.log` | `file123.log`
+>[!NOTE]
+>The product attempts to resolve firmlinks when evaluating exclusions. Firmlink resolution does not work when the exclusion contains wildcards or the target file (on the `Data` volume) does not exist.
+
## How to configure the list of exclusions
### From the management console
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 719aa6fb32..b40f3ea88c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -23,6 +23,9 @@ ms.topic: conceptual
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+> [!IMPORTANT]
+> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md).
+
> [!IMPORTANT]
> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. In the meantime, if you encounter such a kernel panic, please submit a feedback report to Apple through the Feedback Assistant app.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 0121869dec..44dd5225e9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -65,6 +65,9 @@ There are several methods and deployment tools that you can use to install and c
The three most recent major releases of macOS are supported.
+> [!IMPORTANT]
+> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md).
+
> [!IMPORTANT]
> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. In the meantime, if you encounter such a kernel panic, please submit a feedback report to Apple through the Feedback Assistant app.
From 03cb3db29569f61c3f44d14ceedd7bc0f20feb07 Mon Sep 17 00:00:00 2001
From: Tina Burden