Merge pull request #1211 from MicrosoftDocs/tamper-protect

Tamper protection

windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md

@@ -1,6 +1,6 @@
 ---
 title: Onboard non-Windows machines to the Microsoft Defender ATP service
-description: Configure non-Winodws machines so that they can send sensor data to the Microsoft Defender ATP service.
+description: Configure non-Windows machines so that they can send sensor data to the Microsoft Defender ATP service.
 keywords: onboard non-Windows machines, macos, linux, machine management, configure Windows ATP machines, configure Microsoft Defender Advanced Threat Protection machines
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -27,14 +27,10 @@ ms.topic: article
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) 
 
-
-
 Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. 
 
 You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. 
 
-
-
 ## Onboarding non-Windows machines
 You'll need to take the following steps to onboard non-Windows machines:
 1. Select your preferred method of onboarding:

windows/security/threat-protection/microsoft-defender-atp/preview.md

@@ -46,8 +46,6 @@ The following features are included in the preview release:
 
 - [API Explorer](api-explorer.md)<br> The API explorer makes it easy to construct and perform API queries, test and send requests for any available Microsoft Defender ATP API endpoint.
 
-- [Tamper Protection settings in Intune](../windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md#turn-tamper-protection-on-or-off-for-your-organization-with-intune)<br/>You can now turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune).
-
 - [Microsoft Threat Experts - Experts on Demand](microsoft-threat-experts.md) <BR> You now have the option to consult with Microsoft Threat Experts from several places in the portal to help you in the context of your investigation.   
 
 - [Indicators for IP addresses, URLs/Domains](manage-indicators.md) <BR> You can now allow or block URLs/domains using your own threat intelligence. 

windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md

@@ -4,6 +4,7 @@ description: What's in the Threat & Vulnerability Management dashboard and how i
 keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score    
 search.appverid: met150
 search.product: eADQiWindows 10XVcnh
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security

windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md

@@ -25,11 +25,13 @@ ms.topic: conceptual
 
 The following features are generally available (GA) in the latest release of Microsoft Defender ATP as well as security features in Windows 10 and Windows Server.
 
-
 For more information preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection).
 
 
 ## September 2019
+
+- [Tamper Protection settings using Intune](../windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md#turn-tamper-protection-on-or-off-for-your-organization-using-intune)<br/>You can now turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune).
+
 - [Live response](live-response.md)<BR> Get instantaneous access to a machine using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats - real-time.
 
 - [Evaluation lab](evaluation-lab.md) <BR> The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can

windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md

@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management a
 ms.assetid: 46a3c3a2-1d2e-4a6f-b5e6-29f9592f535d
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: ws10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security

windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md

@@ -46,9 +46,9 @@ Tamper Protection doesn't prevent you from viewing your security settings. And,
 
 ### What do you want to do?
 
-[Turn Tamper Protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine)
+[Turn Tamper Protection on (or off) for an individual machine using Windows Security](#turn-tamper-protection-on-or-off-for-an-individual-machine)
 
-[Turn Tamper Protection on (or off) for your organization with Intune (Preview)](#turn-tamper-protection-on-or-off-for-your-organization-with-intune)
+[Turn Tamper Protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune)
 
 ## Turn Tamper Protection on (or off) for an individual machine
 
@@ -68,11 +68,9 @@ If you are a home user, or you are not subject to settings managed by a security
 > Once you’ve made this update, Tamper Protection will continue to protect your registry settings, and will also log attempts to modify them without returning errors.
 
 
-## Turn Tamper Protection on (or off) for your organization with Intune
+## Turn Tamper Protection on (or off) for your organization using Intune
 
-If you are part of your organization's security team, the ability to turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune) is now in preview. "In preview" means this feature is rolling out to business customers who have [Microsoft Defender ATP](../microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) and who have agreed to participate in the preview program. As a preview feature, the following applies:
-
-*Some information in this section relates to prereleased product that might be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.*
+If you are part of your organization's security team, you can turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune). (This feature is rolling out now; if you don't have it yet, you should very soon, assuming your organization has [Microsoft Defender ATP](../microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) and that you meet the prerequisites listed below.) 
 
 You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations, to perform the following task. 
 
@@ -118,7 +116,7 @@ Tamper Protection will not have any impact on such devices.
 
 If you are a home user, see [Turn Tamper Protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine).
 
-If you are an organization using [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage Tamper Protection in Intune similar to how you manage other endpoint protection features. See [Turn Tamper Protection on (or off) for your organization with Intune](#turn-tamper-protection-on-or-off-for-your-organization-with-intune).
+If you are an organization using [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage Tamper Protection in Intune similar to how you manage other endpoint protection features. See [Turn Tamper Protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune).
 
  
 ### How does configuring Tamper Protection in Intune affect how I manage Windows Defender through my group policy?

windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md

@@ -7,6 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: mdsakibMSFT
+ms.author: mdsakib
 ms.date: 05/21/2019
 ---
 

windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md

@@ -1,9 +1,6 @@
-ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6
-ms.reviewer: 
 ---
 title: Use a reference device to create and maintain AppLocker policies (Windows 10)
 description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
-
 ms.author: macapara
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -16,6 +13,8 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6
+ms.reviewer: 
 ---
 
 # Use a reference device to create and maintain AppLocker policies

windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md

@@ -7,6 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: mdsakibMSFT
+ms.author: mdsakib
 ms.date: 05/17/2019
 ---
 

windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md

@@ -7,6 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: mdsakibMSFT
+ms.author: mdsakib
 ms.date: 05/17/2019
 ---
 

windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md

@@ -5,7 +5,7 @@ keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
-ms.author: appcompatguy
+ms.author: cjacks
 author: appcompatguy
 manager: dansimp
 audience: ITPro
@@ -177,7 +177,7 @@ Microsoft recommends using [the rings methodology](https://docs.microsoft.com/wi
 | Network / Network Connections | Prohibit use of Internet Connection Sharing on your DNS domain network | Enabled | Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer. |
 | Network / Network Provider | Hardened UNC Paths | \\\\\*\\SYSVOL and \\\\\*\\NETLOGON RequireMutualAuthentication = 1, RequireIntegrity = 1 | This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. |
 | Network / Windows Connection Manager | Prohibit connection to non-domain networks when connected to domain authenticated network | Enabled | This policy setting prevents computers from connecting to both a domain-based network and a non-domain-based network at the same time. |
-| System / Credentials Delegation | Encryption Oracle Remediation | Force Updated Clients | Enryption Oracle Remediation |
+| System / Credentials Delegation | Encryption Oracle Remediation | Force Updated Clients | Encryption Oracle Remediation |
 | System / Credentials Delegation | Remote host allows delegation of non-exportable credentials | Enabled | When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host. If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode. |
 | System / Device Installation / Device Installation Restrictions  | Prevent installation of devices that match any of these device IDs  | [[[main setting]]] = Enabled <br/> Also apply to matching devices that are already installed = True <br/> 1 = PCI\CC_0C0A  | This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. if you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in a list that you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.  |
 | System / Device Installation / Device Installation Restrictions  | Prevent installation of devices using drivers that match these device setup classes | [[[main setting]]] = Enabled <br/> Also apply to matching devices that are already installed = True <br/> 1 = {d48179be-ec20-11d1-b6b8-00c04fa372a7}  | This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. if you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.  |

windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md

@@ -5,7 +5,7 @@ keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
-ms.author: appcompatguy
+ms.author: cjacks
 author: appcompatguy
 manager: dansimp
 audience: ITPro

windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md

@@ -5,7 +5,7 @@ keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
-ms.author: appcompatguy
+ms.author: cjacks
 author: appcompatguy
 manager: dansimp
 audience: ITPro