From 9615c49dde309ebe2dea46cc256217869d86ab80 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 6 Nov 2021 10:20:31 +0500
Subject: [PATCH 1/6] Update deploy-wdac-policies-with-script.md
---
.../deploy-wdac-policies-with-script.md | 44 +++++++++++--------
1 file changed, 25 insertions(+), 19 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index 36243edbf3..817a23cb09 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -10,7 +10,7 @@ ms.reviewer: jogeurte
ms.author: jogeurte
ms.manager: jsuther
manager: dansimp
-ms.date: 04/14/2021
+ms.date: 11/06/2021
ms.technology: windows-sec
ms.topic: article
ms.localizationpriority: medium
@@ -32,7 +32,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
> [!NOTE]
> To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool.
-## Script-based deployment process for Windows 10 version 1903 and above
+## Deploying policies for Windows 10 version 1903 and above
1. Initialize the variables to be used by the script.
@@ -56,23 +56,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
& $RefreshPolicyTool
```
-### Deploying signed policies
-
-In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [MEM](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically.
-
-1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt:
-
- ```powershell
- mountvol J: /S
- J:
- mkdir J:\EFI\Microsoft\Boot\CiPolicies\Active
- ```
-
-2. Copy the signed policy binary as `{PolicyGUID}.cip` to `J:\EFI\Microsoft\Boot\CiPolicies\Active`.
-
-3. Reboot the system.
-
-## Script-based deployment process for Windows 10 versions earlier than 1903
+## Deploying policies for Windows 10 versions earlier than 1903
1. Initialize the variables to be used by the script.
@@ -93,3 +77,25 @@ In addition to the steps outlined above, the binary policy file must also be cop
```powershell
Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = $DestinationBinary}
```
+
+## Deploying signed policies
+
+In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [MEM](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically.
+
+1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt:
+
+ ```powershell
+ $MountPoint = 'C:\EFI'
+ $EFIDestinationFolder = "$MountPoint\Microsoft\Boot\CiPolicies\Active"
+ $EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0]
+ mkdir $EFIDestinationFolder
+ mountvol $MountPoint $EFIPartition
+ ```
+
+2. Copy the signed policy to the created folder:
+
+ ```powershell
+ Copy-Item -Path $PolicyBinary -Destination $EFIDestinationFolder -Force
+ ```
+
+3. Reboot the system.
From 8643fa1cf3ddfe1cde6b00590185d5940447da87 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 9 Nov 2021 16:41:34 +0500
Subject: [PATCH 2/6] Update wdsc-app-browser-control.md
---
.../wdsc-app-browser-control.md | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
index acfa2cee01..d9747dc21d 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
@@ -37,14 +37,11 @@ You can prevent users from modifying settings in the Exploit protection area. Th
You can only prevent users from modifying Exploit protection settings by using Group Policy.
> [!IMPORTANT]
->
-> ### Requirements
->
> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor** go to **Computer configuration**, select **Policies** and then **Administrative templates**.
3. Expand the tree to **Windows components > Windows Security > App and browser protection**.
@@ -59,14 +56,11 @@ You can choose to hide the entire section by using Group Policy. The section wil
This can only be done in Group Policy.
> [!IMPORTANT]
->
-> ### Requirements
->
-> You must have Windows 10, version 1709 (the Fall Creators Update). The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor** go to **Computer configuration**, select **Policies** and then **Administrative templates**.
3. Expand the tree to **Windows components > Windows Security > App and browser protection**.
@@ -77,4 +71,4 @@ This can only be done in Group Policy.
> [!NOTE]
> If you hide all sections then the app will show a restricted interface, as in the following screenshot:
>
-> 
\ No newline at end of file
+> 
From 6e35141f9b73dc0c219ee7a055f47eb231441e1a Mon Sep 17 00:00:00 2001
From: UCOwner <91348318+UCOwner@users.noreply.github.com>
Date: Tue, 9 Nov 2021 09:55:35 -0800
Subject: [PATCH 3/6] Update update-compliance-schema-waasdeploymentstatus.md
added NotStarted State in detailedStatus
---
.../update/update-compliance-schema-waasdeploymentstatus.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
index 9f0ddd10ef..70d139c004 100644
--- a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
@@ -26,7 +26,7 @@ WaaSDeploymentStatus records track a specific update's installation progress on
|**DeploymentError** |[string](/azure/kusto/query/scalar-data-types/string) |`Disk Error` |A readable string describing the error, if any. If empty, there is either no string matching the error or there is no error. |
|**DeploymentErrorCode** |[int](/azure/kusto/query/scalar-data-types/int) |`8003001E` |Microsoft internal error code for the error, if any. If empty, there is either no error or there is *no error code*, meaning that the issue raised does not correspond to an error, but some inferred issue. |
|**DeploymentStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Failed` |The high-level status of installing this update on this device. Possible values are:
**Update completed**: Device has completed the update installation. **In Progress**: Device is in one of the various stages of installing an update, detailed in `DetailedStatus`. **Deferred**: A device's deferral policy is preventing the update from being offered by Windows Update. **Canceled**: The update was canceled. **Blocked**: There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update. **Unknown**: Update Compliance generated WaaSDeploymentStatus records for devices as soon as it detects an update newer than the one installed on the device. Devices that have not sent any deployment data for that update will have the status `Unknown`. **Update paused**: Devices are paused via Windows Update for Business Pause policies, preventing the update from being offered by Windows Update. **Failed**: Device encountered a failure in the update process, preventing it from installing the update. This may result in an automatic retry in the case of Windows Update, unless the `DeploymentError` indicates the issue requires action before the update can continue.|
-|**DetailedStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:
**Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred. **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered. **Update offered**: The device has been offered the update, but has not begun downloading it. **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update. **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information, see [Feature Update Status report](update-compliance-feature-update-status.md#safeguard-holds). **Download started**: The update has begun downloading on the device. **Download Succeeded**: The update has successfully completed downloading. **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed. **Install Started**: Installation of the update has begun. **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed. **Reboot Pending**: The device has a scheduled reboot to apply the update. **Reboot Initiated**: The scheduled reboot has been initiated. **Commit**: Changes are being committed post-reboot. This is another step of the installation process. **Update Completed**: The update has successfully installed.|
+|**DetailedStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:
**Not Started**: Update hasn't started because the device is not targetting the latest 2 builds **Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred. **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered. **Update offered**: The device has been offered the update, but has not begun downloading it. **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update. **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information, see [Feature Update Status report](update-compliance-feature-update-status.md#safeguard-holds). **Download started**: The update has begun downloading on the device. **Download Succeeded**: The update has successfully completed downloading. **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed. **Install Started**: Installation of the update has begun. **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed. **Reboot Pending**: The device has a scheduled reboot to apply the update. **Reboot Initiated**: The scheduled reboot has been initiated. **Commit**: Changes are being committed post-reboot. This is another step of the installation process. **Update Completed**: The update has successfully installed.|
|**ExpectedInstallDate** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`3/28/2020, 1:00:01.318 PM`|Rather than the expected date this update will be installed, this should be interpreted as the minimum date Windows Update will make the update available for the device. This takes into account Deferrals. |
|**LastScan** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 1:00:01.318 PM`|The last point in time that this device sent Update Session data. |
|**OriginBuild** |[string](/azure/kusto/query/scalar-data-types/string) |`18363.719` |The build originally installed on the device when this Update Session began. |
@@ -43,4 +43,4 @@ WaaSDeploymentStatus records track a specific update's installation progress on
|**TimeGenerated** |[datetime](/azure/kusto/query/scalar-data-types/datetime) |`3/22/2020, 1:00:01.318 PM`|A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
|**UpdateCategory** |[string](/azure/kusto/query/scalar-data-types/string) |`Quality` |The high-level category of content type this Windows Update belongs to. Possible values are **Feature** and **Quality**. |
|**UpdateClassification** |[string](/azure/kusto/query/scalar-data-types/string) |`Security` |Similar to UpdateCategory, this more specifically determines whether a Quality update is a security update or not. |
-|**UpdateReleasedDate** |[datetime](/azure/kusto/query/scalar-data-types/datetime) |`3/22/2020, 1:00:01.318 PM`|A DateTime corresponding to the time the update came available on Windows Update. |
\ No newline at end of file
+|**UpdateReleasedDate** |[datetime](/azure/kusto/query/scalar-data-types/datetime) |`3/22/2020, 1:00:01.318 PM`|A DateTime corresponding to the time the update came available on Windows Update. |
From f6ea95f80b2c554ff7fba4baf8190fee300434ff Mon Sep 17 00:00:00 2001
From: Diana Hanson
Date: Tue, 9 Nov 2021 12:17:48 -0700
Subject: [PATCH 4/6] Update update-compliance-schema-waasdeploymentstatus.md
Sync PR: https://github.com/MicrosoftDocs/windows-docs-pr/pull/5937
Fixed Acro spelling
---
.../update/update-compliance-schema-waasdeploymentstatus.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
index 70d139c004..5d923146e5 100644
--- a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
@@ -26,7 +26,7 @@ WaaSDeploymentStatus records track a specific update's installation progress on
|**DeploymentError** |[string](/azure/kusto/query/scalar-data-types/string) |`Disk Error` |A readable string describing the error, if any. If empty, there is either no string matching the error or there is no error. |
|**DeploymentErrorCode** |[int](/azure/kusto/query/scalar-data-types/int) |`8003001E` |Microsoft internal error code for the error, if any. If empty, there is either no error or there is *no error code*, meaning that the issue raised does not correspond to an error, but some inferred issue. |
|**DeploymentStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Failed` |The high-level status of installing this update on this device. Possible values are:
**Update completed**: Device has completed the update installation. **In Progress**: Device is in one of the various stages of installing an update, detailed in `DetailedStatus`. **Deferred**: A device's deferral policy is preventing the update from being offered by Windows Update. **Canceled**: The update was canceled. **Blocked**: There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update. **Unknown**: Update Compliance generated WaaSDeploymentStatus records for devices as soon as it detects an update newer than the one installed on the device. Devices that have not sent any deployment data for that update will have the status `Unknown`. **Update paused**: Devices are paused via Windows Update for Business Pause policies, preventing the update from being offered by Windows Update. **Failed**: Device encountered a failure in the update process, preventing it from installing the update. This may result in an automatic retry in the case of Windows Update, unless the `DeploymentError` indicates the issue requires action before the update can continue.|
-|**DetailedStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:
**Not Started**: Update hasn't started because the device is not targetting the latest 2 builds **Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred. **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered. **Update offered**: The device has been offered the update, but has not begun downloading it. **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update. **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information, see [Feature Update Status report](update-compliance-feature-update-status.md#safeguard-holds). **Download started**: The update has begun downloading on the device. **Download Succeeded**: The update has successfully completed downloading. **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed. **Install Started**: Installation of the update has begun. **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed. **Reboot Pending**: The device has a scheduled reboot to apply the update. **Reboot Initiated**: The scheduled reboot has been initiated. **Commit**: Changes are being committed post-reboot. This is another step of the installation process. **Update Completed**: The update has successfully installed.|
+|**DetailedStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:
**Not Started**: Update hasn't started because the device is not targeting the latest 2 builds **Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred. **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered. **Update offered**: The device has been offered the update, but has not begun downloading it. **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update. **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information, see [Feature Update Status report](update-compliance-feature-update-status.md#safeguard-holds). **Download started**: The update has begun downloading on the device. **Download Succeeded**: The update has successfully completed downloading. **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed. **Install Started**: Installation of the update has begun. **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed. **Reboot Pending**: The device has a scheduled reboot to apply the update. **Reboot Initiated**: The scheduled reboot has been initiated. **Commit**: Changes are being committed post-reboot. This is another step of the installation process. **Update Completed**: The update has successfully installed.|
|**ExpectedInstallDate** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`3/28/2020, 1:00:01.318 PM`|Rather than the expected date this update will be installed, this should be interpreted as the minimum date Windows Update will make the update available for the device. This takes into account Deferrals. |
|**LastScan** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 1:00:01.318 PM`|The last point in time that this device sent Update Session data. |
|**OriginBuild** |[string](/azure/kusto/query/scalar-data-types/string) |`18363.719` |The build originally installed on the device when this Update Session began. |
From 4b6794ec3e4f7008e876076e9313dee94b747d70 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 10 Nov 2021 10:32:51 +0500
Subject: [PATCH 5/6] Update
windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
.../deployment/deploy-wdac-policies-with-script.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index 817a23cb09..4368a1ce60 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -98,4 +98,4 @@ In addition to the steps outlined above, the binary policy file must also be cop
Copy-Item -Path $PolicyBinary -Destination $EFIDestinationFolder -Force
```
-3. Reboot the system.
+3. Restart the system.
From a71d36e78a05b967bc6cbb46487148d23bf40101 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Wed, 10 Nov 2021 08:46:33 -0800
Subject: [PATCH 6/6] Update submission-guide.md
---
.../threat-protection/intelligence/submission-guide.md | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/windows/security/threat-protection/intelligence/submission-guide.md b/windows/security/threat-protection/intelligence/submission-guide.md
index 44bcc3e46e..4033a6633b 100644
--- a/windows/security/threat-protection/intelligence/submission-guide.md
+++ b/windows/security/threat-protection/intelligence/submission-guide.md
@@ -23,7 +23,7 @@ If you have a file that you suspect might be malware or is being incorrectly det
## How do I send a malware file to Microsoft?
-You can send us files that you think might be malware or files that have been incorrectly detected through the [sample submission portal](https://www.microsoft.com/wdsi/filesubmission).
+You can send us files that you think might be malware or files that have been incorrectly detected through the [sample submission portal](https://www.microsoft.com/en-us/wdsi/filesubmission).
We receive a large number of samples from many sources. Our analysis is prioritized by the number of file detections and the type of submission. You can help us complete a quick analysis by providing detailed information about the product you were using and what you were doing when you found the file.
@@ -31,7 +31,7 @@ After you sign in, you will be able to track your submissions.
## Can I send a sample by email?
-No, we only accept submissions through our [sample submission portal](https://www.microsoft.com/wdsi/filesubmission).
+No, we only accept submissions through our [sample submission portal](https://www.microsoft.com/en-us/wdsi/filesubmission).
## Can I submit a sample without signing in?
@@ -43,7 +43,7 @@ The [Software Assurance ID (SAID)](https://www.microsoft.com/licensing/licensing
### How do I dispute the detection of my program?
-[Submit the file](https://www.microsoft.com/wdsi/filesubmission) in question as a software developer. Wait until your submission has a final determination.
+[Submit the file](https://www.microsoft.com/en-us/wdsi/filesubmission) in question as a software developer. Wait until your submission has a final determination.
If you’re not satisfied with our determination of the submission, use the developer contact form provided with the submission results to reach Microsoft. We will use the information you provide to investigate further if necessary.
@@ -51,7 +51,7 @@ We encourage all software vendors and developers to read about [how Microsoft id
## How do I track or view past sample submissions?
-You can track your submissions through the [submission history page](https://www.microsoft.com/wdsi/submissionhistory).
+You can track your submissions through the [submission history page](https://www.microsoft.com/en-us/wdsi/submissionhistory).
## What does the submission status mean?
@@ -63,7 +63,7 @@ Each submission is shown to be in one of the following status types:
* Closed—a final determination has been given by an analyst
-You can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/wdsi/submissionhistory).
+You can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/en-us/wdsi/submissionhistory).
## How does Microsoft prioritize submissions