Merge branch 'atp-powerbi' into atp-public-preview

mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md

@@ -89,6 +89,14 @@ You can use your preferred method to view WMI. If you use PowerShell, run `gwmi
 <td align="left"><p>14</p></td>
 <td align="left"><p>AutoUnlock unsafe unless the OS volume is encrypted.</p></td>
 </tr>
+<tr class="even">
+<td align="left"><p>15</p></td>
+<td align="left"><p>Policy requires minimum cypher strength is XTS-AES-128 bit, actual cypher strength is weaker than that.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>16</p></td>
+<td align="left"><p>Policy requires minimum cypher strength is XTS-AES-256 bit, actual cypher strength is weaker than that.</p></td>
+</tr>
 </tbody>
 </table>
 

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -1025,10 +1025,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>Defender/AttackSurfaceReductionRules</li>
 <li>Defender/CloudBlockLevel </li>
 <li>Defender/CloudExtendedTimeout</li>
-<li>Defender/EnableGuardMyFolders</li>
+<li>Defender/ControlledFolderAccessAllowedApplications</li>
+<li>Defender/ControlledFolderAccessProtectedFolders</li>
+<li>Defender/EnableControlledFolderAccess</li>
 <li>Defender/EnableNetworkProtection</li>
-<li>Defender/GuardedFoldersAllowedApplications</li>
-<li>Defender/GuardedFoldersList</li>
 <li>Education/DefaultPrinterName</li>
 <li>Education/PreventAddingNewPrinters</li>
 <li>Education/PrinterNames</li>
@@ -1427,6 +1427,12 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>Privacy/PublishUserActivities</li>
 </ul>
 <p>Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutoPilotResetCredentials.</p>
+<p>Changed the names of the following policies:</p>
+<ul>
+<li>Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications</li>
+<li>Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders</li>
+<li>Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess</li>
+</ul>
 <p>Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).</p>
 </td></tr>
 </tbody>

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -667,7 +667,7 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-defender.md#defender-daystoretaincleanedmalware" id="defender-daystoretaincleanedmalware">Defender/DaysToRetainCleanedMalware</a>
   </dd>
   <dd>
-    <a href="./policy-csp-defender.md#defender-enableguardmyfolders" id="defender-enableguardmyfolders">Defender/EnableGuardMyFolders</a>
+    <a href="./policy-csp-defender.md#defender-enablecontrolledfolderaccess" id="defender-enablecontrolledfolderaccess">Defender/EnableControlledFolderAccess</a>
   </dd>
   <dd>
     <a href="./policy-csp-defender.md#defender-enablenetworkprotection" id="defender-enablenetworkprotection">Defender/EnableNetworkProtection</a>
@@ -682,10 +682,10 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-defender.md#defender-excludedprocesses" id="defender-excludedprocesses">Defender/ExcludedProcesses</a>
   </dd>
   <dd>
-    <a href="./policy-csp-defender.md#defender-guardedfoldersallowedapplications" id="defender-guardedfoldersallowedapplications">Defender/GuardedFoldersAllowedApplications</a>
+    <a href="./policy-csp-defender.md#defender-controlledfolderaccessallowedapplications" id="defender-controlledfolderaccessallowedapplications">Defender/ControlledFolderAccessAllowedApplications</a>
   </dd>
   <dd>
-    <a href="./policy-csp-defender.md#defender-guardedfolderslist" id="defender-guardedfolderslist">Defender/GuardedFoldersList</a>
+    <a href="./policy-csp-defender.md#defender-controlledfolderaccessprotectedfolders" id="defender-controlledfolderaccessprotectedfolders">Defender/ControlledFolderAccessProtectedFolders</a>
   </dd>
   <dd>
     <a href="./policy-csp-defender.md#defender-puaprotection" id="defender-puaprotection">Defender/PUAProtection</a>

windows/client-management/mdm/policy-csp-defender.md

@@ -782,7 +782,7 @@ Value type is string.
 <!--EndDescription-->
 <!--EndPolicy-->
 <!--StartPolicy-->
-<a href="" id="defender-enableguardmyfolders"></a>**Defender/EnableGuardMyFolders**  
+<a href="" id="defender-enablecontrolledfolderaccess"></a>**Defender/EnableControlledFolderAccess**  
 
 <!--StartSKU-->
 <table>
@@ -809,13 +809,13 @@ Value type is string.
 <!--EndSKU-->
 <!--StartDescription-->
 > [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
+> This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders  and changed to EnableControlledFolderAccess.
 
 <p style="margin-left: 20px">Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2.  
 
-- 0 (default) - Off
-- 1 - Audit mode
-- 2 - Enforcement mode
+- 0 (default) - Disabled
+- 1 - Enabled
+- 2 - Audit Mode
 
 <!--EndDescription-->
 <!--EndPolicy-->
@@ -977,7 +977,7 @@ Value type is string.
 <!--EndDescription-->
 <!--EndPolicy-->
 <!--StartPolicy-->
-<a href="" id="defender-guardedfoldersallowedapplications"></a>**Defender/GuardedFoldersAllowedApplications**  
+<a href="" id="defender-controlledfolderaccessallowedapplications"></a>**Defender/ControlledFolderAccessAllowedApplications**  
 
 <!--StartSKU-->
 <table>
@@ -1004,14 +1004,14 @@ Value type is string.
 <!--EndSKU-->
 <!--StartDescription-->
 > [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
+> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications.
 
 <p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the Unicode &#xF000; as the substring separator.
 
 <!--EndDescription-->
 <!--EndPolicy-->
 <!--StartPolicy-->
-<a href="" id="defender-guardedfolderslist"></a>**Defender/GuardedFoldersList**  
+<a href="" id="defender-controlledfolderaccessprotectedfolders"></a>**Defender/ControlledFolderAccessProtectedFolders**  
 
 <!--StartSKU-->
 <table>
@@ -1038,7 +1038,7 @@ Value type is string.
 <!--EndSKU-->
 <!--StartDescription-->
 > [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
+> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders.
 
 <p style="margin-left: 20px">Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the Unicode &#xF000; as the substring separator.
 

windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md

@@ -52,10 +52,9 @@ Whenever a change or comment is made to an alert, it is recorded in the **Commen
 Added comments instantly appear on the pane.
 
 ## Suppress alerts
+There might be scenarios where you need to suppress alerts from appearing in the Windows Defender ATP portal. Windows Defender ATP lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. 
 
-Windows Defender ATP lets you create suppression rules so you can limit the alerts you see in the **Alerts queue**.
-
-Suppression rules can be created from an existing alert.
+Suppression rules can be created from an existing alert. They can be disabled and reenabled if needed.
 
 When a suppression rule is created, it will take effect from the point when the rule is created. The rule will not affect existing alerts already in the queue prior to the rule creation. The rule will only be applied on alerts that satisfy the conditions set after the rule is created.
 
@@ -64,7 +63,9 @@ There are two contexts for a suppression rule that you can choose from:
 - **Suppress alert on this machine**
 - **Suppress alert in my organization**
 
-The context of the rule lets you tailor the queue to ensure that only alerts you are interested in will appear. You can use the examples in the following table to help you choose the context for a suppression rule:
+The context of the rule lets you tailor what gets surfaced into the portal and ensure that only real security alerts are surfaced into the portal.
+
+You can use the examples in the following table to help you choose the context for a suppression rule:
 
 | **Context**                           | **Definition**                                                                                                                                              | **Example scenarios**                                                                                                                                                                                                  |
 |:--------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -87,35 +88,28 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
 
   > [!NOTE]
   > You cannot create a custom or blank suppression rule. You must start from an existing alert.
+
 4. Specify the conditions for when the rule is applied:
-  - Alert title
-  - Indicator of compromise (IOC)
-  - Suppression conditions
+    - Alert title
+    - Indicator of compromise (IOC)
+    - Suppression conditions
 
     > [!NOTE]
-    > The SHA1 of the alert cannot be modified
-5. Specify the action and scope on the alert. You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue. You can also specify to suppress the alert on the machine only or the whole organization.
+    > The SHA1 of the alert cannot be modified, however you can clear the SHA1 to remove it from the suppression conditions.
+    
+5. Specify the action and scope on the alert. <br>
+   You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue. Alerts that are marked as hidden will be suppressed from the entire system, both on the machine's associated alerts and from the dashboard. You can also specify to suppress the alert on the machine only or the whole organization.
 
 6. Click **Save and close**.
 
 
-**See the list of suppression rules:**
+### View the list of suppression rules
 
-1. Click the settings icon ![The settings icon looks like a cogwheel or gear](images/settings.png) on the main menu bar at the top of the Windows Defender ATP screen.
-2. Click **Suppression rules**.
+1. Click **Alerts queue** > **Suppression rules**.
 
-  ![Click the settings icon and then Suppression rules to create and modify rules](images/atp-suppression-rules.png)
-
-The list of suppression rules shows all the rules that users in your organization have created.
-![Suppression rules show the rule name or title, the context, the date, and an icon to delete the rule](images/rules-legend.png)
-
-Each rule shows:
-
-- (1) The title of the alert that is suppressed
-- (2) Whether the alert was suppressed for a single machine (clicking the machine name will allow you to investigate the machine) or the entire organization
-- (3) The date when the alert was suppressed
-- (4) An option to delete the suppression rule, which will cause alerts with this title to be displayed in the queue from this point onwards.
+2. The list of suppression rules shows all the rules that users in your organization have created.
 
+You can select rules to open up the **Alert management** pane. From there, you can activate previously disabled rules.
 
 ## Related topics
 - [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)

windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md

@@ -41,7 +41,7 @@ Windows Defender ATP makes it easy to create a Power BI dashboard by providing a
 
     ![Preferences setup with create dashboard button](images/atp-create-dashboard.png)
 
-    >[NOTE]
+    >[!NOTE]
     >Loading your data in the Power BI service can take a few minutes.
 
 3. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.