diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index d3f5beecbb..c1e7bc502b 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -1,270 +1,12 @@ { "build_entry_point": "", - "need_generate_pdf": false, - "need_generate_intellisense": false, "docsets_to_publish": [ - { - "docset_name": "mdop-VSTS", - "build_source_folder": "mdop", - "build_output_subfolder": "mdop-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "windows-manage-VSTS", - "build_source_folder": "windows/manage", - "build_output_subfolder": "windows-manage-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "smb-VSTS", - "build_source_folder": "smb", - "build_output_subfolder": "smb-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "surface-hub-VSTS", - "build_source_folder": "devices/surface-hub", - "build_output_subfolder": "surface-hub-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "microsoft-edge-VSTS", - "build_source_folder": "browsers/edge", - "build_output_subfolder": "microsoft-edge-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "win-development-VSTS", - "build_source_folder": "windows/deployment", - "build_output_subfolder": "win-development-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "windows-plan-VSTS", - "build_source_folder": "windows/plan", - "build_output_subfolder": "windows-plan-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "win-client-management-VSTS", - "build_source_folder": "windows/client-management", - "build_output_subfolder": "win-client-management-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "win-threat-protection-VSTS", - "build_source_folder": "windows/threat-protection", - "build_output_subfolder": "win-threat-protection-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "win-app-management-VSTS", - "build_source_folder": "windows/application-management", - "build_output_subfolder": "win-app-management-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "windows-deploy-VSTS", - "build_source_folder": "windows/deploy", - "build_output_subfolder": "windows-deploy-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "keep-secure-VSTS", - "build_source_folder": "windows/keep-secure", - "build_output_subfolder": "keep-secure-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "surface-VSTS", - "build_source_folder": "devices/surface", - "build_output_subfolder": "surface-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "windows-hub-VSTS", - "build_source_folder": "windows/hub", - "build_output_subfolder": "windows-hub-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "internet-explorer-VSTS", - "build_source_folder": "browsers/internet-explorer", - "build_output_subfolder": "internet-explorer-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, { "docset_name": "bcs-VSTS", "build_source_folder": "bcs", "build_output_subfolder": "bcs-VSTS", "locale": "en-us", "monikers": [], - "moniker_groups": [], "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", @@ -273,40 +15,7 @@ }, "build_entry_point": "docs", "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "win-access-protection-VSTS", - "build_source_folder": "windows/access-protection", - "build_output_subfolder": "win-access-protection-VSTS", - "locale": "en-us", - "monikers": [], "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "win-device-security-VSTS", - "build_source_folder": "windows/device-security", - "build_output_subfolder": "win-device-security-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", "version": 0 }, { @@ -315,7 +24,6 @@ "build_output_subfolder": "education-VSTS", "locale": "en-us", "monikers": [], - "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -324,32 +32,31 @@ }, "build_entry_point": "docs", "template_folder": "_themes", + "moniker_groups": [], "version": 0 }, { - "docset_name": "store-for-business-VSTS", - "build_source_folder": "store-for-business", - "build_output_subfolder": "store-for-business-VSTS", + "docset_name": "gdpr", + "build_source_folder": "gdpr", + "build_output_subfolder": "gdpr", "locale": "en-us", "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, + "moniker_ranges": [], + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", "RestApi": "Content" }, "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 + "template_folder": "_themes" }, { - "docset_name": "win-configuration-VSTS", - "build_source_folder": "windows/configuration", - "build_output_subfolder": "win-configuration-VSTS", + "docset_name": "internet-explorer-VSTS", + "build_source_folder": "browsers/internet-explorer", + "build_output_subfolder": "internet-explorer-VSTS", "locale": "en-us", "monikers": [], - "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -358,40 +65,7 @@ }, "build_entry_point": "docs", "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "windows-update-VSTS", - "build_source_folder": "windows/update", - "build_output_subfolder": "windows-update-VSTS", - "locale": "en-us", - "monikers": [], "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "version": 0 - }, - { - "docset_name": "win-whats-new-VSTS", - "build_source_folder": "windows/whats-new", - "build_output_subfolder": "win-whats-new-VSTS", - "locale": "en-us", - "monikers": [], - "moniker_groups": [], - "open_to_public_contributors": true, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", "version": 0 }, { @@ -400,7 +74,6 @@ "build_output_subfolder": "itpro-hololens-VSTS", "locale": "en-us", "monikers": [], - "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -409,15 +82,15 @@ }, "build_entry_point": "docs", "template_folder": "_themes", + "moniker_groups": [], "version": 0 }, { - "docset_name": "windows-configure-VSTS", - "build_source_folder": "windows/configure", - "build_output_subfolder": "windows-configure-VSTS", + "docset_name": "keep-secure-VSTS", + "build_source_folder": "windows/keep-secure", + "build_output_subfolder": "keep-secure-VSTS", "locale": "en-us", "monikers": [], - "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -426,6 +99,24 @@ }, "build_entry_point": "docs", "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "mdop-VSTS", + "build_source_folder": "mdop", + "build_output_subfolder": "mdop-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], "version": 0 }, { @@ -434,7 +125,6 @@ "build_output_subfolder": "microsoft-365", "locale": "en-us", "monikers": [], - "moniker_groups": [], "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", @@ -443,6 +133,330 @@ }, "build_entry_point": "docs", "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "microsoft-edge-VSTS", + "build_source_folder": "browsers/edge", + "build_output_subfolder": "microsoft-edge-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "smb-VSTS", + "build_source_folder": "smb", + "build_output_subfolder": "smb-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "store-for-business-VSTS", + "build_source_folder": "store-for-business", + "build_output_subfolder": "store-for-business-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "surface-hub-VSTS", + "build_source_folder": "devices/surface-hub", + "build_output_subfolder": "surface-hub-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "surface-VSTS", + "build_source_folder": "devices/surface", + "build_output_subfolder": "surface-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "win-access-protection-VSTS", + "build_source_folder": "windows/access-protection", + "build_output_subfolder": "win-access-protection-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "win-app-management-VSTS", + "build_source_folder": "windows/application-management", + "build_output_subfolder": "win-app-management-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "win-client-management-VSTS", + "build_source_folder": "windows/client-management", + "build_output_subfolder": "win-client-management-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "win-configuration-VSTS", + "build_source_folder": "windows/configuration", + "build_output_subfolder": "win-configuration-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "win-development-VSTS", + "build_source_folder": "windows/deployment", + "build_output_subfolder": "win-development-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "win-device-security-VSTS", + "build_source_folder": "windows/device-security", + "build_output_subfolder": "win-device-security-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "windows-configure-VSTS", + "build_source_folder": "windows/configure", + "build_output_subfolder": "windows-configure-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "windows-deploy-VSTS", + "build_source_folder": "windows/deploy", + "build_output_subfolder": "windows-deploy-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "windows-hub-VSTS", + "build_source_folder": "windows/hub", + "build_output_subfolder": "windows-hub-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "windows-manage-VSTS", + "build_source_folder": "windows/manage", + "build_output_subfolder": "windows-manage-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "windows-plan-VSTS", + "build_source_folder": "windows/plan", + "build_output_subfolder": "windows-plan-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "windows-update-VSTS", + "build_source_folder": "windows/update", + "build_output_subfolder": "windows-update-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "win-threat-protection-VSTS", + "build_source_folder": "windows/threat-protection", + "build_output_subfolder": "win-threat-protection-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], + "version": 0 + }, + { + "docset_name": "win-whats-new-VSTS", + "build_source_folder": "windows/whats-new", + "build_output_subfolder": "win-whats-new-VSTS", + "locale": "en-us", + "monikers": [], + "open_to_public_contributors": true, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "moniker_groups": [], "version": 0 } ], @@ -452,9 +466,11 @@ "branches_to_filter": [ "" ], - "git_repository_url_open_to_public_contributors": "https://cpubwin.visualstudio.com/_git/it-client", + "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs", + "git_repository_branch_open_to_public_contributors": "master", "skip_source_output_uploading": false, "need_preview_pull_request": true, + "resolve_user_profile_using_github": true, "dependent_repositories": [ { "path_to_root": "_themes.pdf", @@ -480,7 +496,8 @@ ] }, "need_generate_pdf_url_template": true, - "resolve_user_profile_using_github": true, + "need_generate_pdf": false, + "need_generate_intellisense": false, "Targets": { "Pdf": { "template_folder": "_themes.pdf" diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 9ee61b0ad6..ef3741bb12 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -227,7 +227,12 @@ }, { "source_path": "windows/manage/set-up-a-device-for-anyone-to-use.md", -"redirect_url": "/windows/configuration/set-up-a-device-for-anyone-to-use", +"redirect_url": "/windows/configuration/kiosk-shared-pc", +"redirect_document_id": false +}, +{ +"source_path": "windows/configuration/set-up-a-device-for-anyone-to-use.md", +"redirect_url": "/windows/configuration/kiosk-shared-pc", "redirect_document_id": true }, { diff --git a/bcs/images/icon_video.svg b/bcs/images/icon_video.svg new file mode 100644 index 0000000000..76aebcbd5b --- /dev/null +++ b/bcs/images/icon_video.svg @@ -0,0 +1,59 @@ + + + + + 5 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/bcs/images/partner-fastrack-3.svg b/bcs/images/partner-fastrack-3.svg new file mode 100644 index 0000000000..6501c59e6f --- /dev/null +++ b/bcs/images/partner-fastrack-3.svg @@ -0,0 +1,82 @@ + + + + + ms365enterprise-partner-fastrack-3 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/bcs/images/partner-news-2.svg b/bcs/images/partner-news-2.svg new file mode 100644 index 0000000000..29eaeb8f09 --- /dev/null +++ b/bcs/images/partner-news-2.svg @@ -0,0 +1,123 @@ + + + + + ms365enterprise-partner-news-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/bcs/images/partner-resource-training-1.svg b/bcs/images/partner-resource-training-1.svg new file mode 100644 index 0000000000..f76cf7ea96 --- /dev/null +++ b/bcs/images/partner-resource-training-1.svg @@ -0,0 +1,72 @@ + + + + + ms365enterprise-partner-resource-training-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/bcs/index.md b/bcs/index.md index 01f7f2e27b..e36c8f7436 100644 --- a/bcs/index.md +++ b/bcs/index.md @@ -3,6 +3,7 @@ layout: HubPage hide_bc: true author: CelesteDG ms.author: celested +keywords: Microsoft 365 Business, Microsoft 365, business, Microsoft 365 Business documentation, docs, documentation ms.topic: hub-page ms.localizationpriority: high audience: microsoft-business  @@ -123,6 +124,7 @@ description: Learn about the product documentation and resources available for M +
  • - Device management -
    • +
  • + Advanced management + +
    • +
  • + Troubleshooting and support + +
    • +
  • + Video tutorials + +
    • +
  • + Partner resources + +
  • diff --git a/bcs/support/microsoft-365-business-faqs.md b/bcs/support/microsoft-365-business-faqs.md index 9626e4deb5..1d00e4154c 100644 --- a/bcs/support/microsoft-365-business-faqs.md +++ b/bcs/support/microsoft-365-business-faqs.md @@ -1,4 +1,4 @@ ----  +--- title: Microsoft 365 Business Frequently Asked Questions  description: Find answers to the most frequently asked questions about Microsoft 365 Business, a new solution designed for small and midsize businesses (SMB).  author: CelesteDG  @@ -11,6 +11,7 @@ keywords: Microsoft 365 Business, Microsoft 365, SMB, FAQ, frequently asked ques ms.date: 08/04/2017 --- + # Microsoft 365 Business Frequently Asked Questions ## Introduction @@ -331,4 +332,4 @@ What is the GDPR and how does Microsoft 365 Business help customers with their c ------------------------------------------------------------------------------------------------------- The General Data Protection Regulation (GDPR) is a comprehensive new privacy law that gives residents of the European Union (EU) greater control over their “personal data” and requires organizations to maintain the integrity of that personal data. The GDPR requires organizations that control, or process personal data tied to EU residents to only use third-party data processors that meet the GDPR’s requirements for personal data processing. In March 2017, Microsoft made -available contractual guarantees that provide these assurances. Customers who have questions about how Microsoft can help them meet their additional GDPR obligations should learn about the advanced compliance and security capabilities available as add-ons (e.g. Azure Information Protection) and in other Suites (e.g. Microsoft 365 Enterprise E5). To learn more, visit [www.microsoft.com/gdpr](http://www.microsoft.com/gdpr). \ No newline at end of file +available contractual guarantees that provide these assurances. Customers who have questions about how Microsoft can help them meet their additional GDPR obligations should learn about the advanced compliance and security capabilities available as add-ons (e.g. Azure Information Protection) and in other Suites (e.g. Microsoft 365 Enterprise E5). To learn more, visit [www.microsoft.com/gdpr](http://www.microsoft.com/gdpr). diff --git a/browsers/edge/Index.md b/browsers/edge/Index.md index 4188a5ce94..5893fdf819 100644 --- a/browsers/edge/Index.md +++ b/browsers/edge/Index.md @@ -23,7 +23,7 @@ Microsoft Edge is the new, default web browser for Windows 10, helping you to e Microsoft Edge lets you stay up-to-date through the Windows Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools. >[!Note] ->For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892). +>For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956). For a detailed report that provides you with a framework to evaluate the potential financial impact of adopting Microsoft Edge within your organization, you can download the full study here: [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847). >Also, if you've arrived here looking for Internet Explorer 11 content, you'll need to go to the [Internet Explorer 11 (IE11)](https://docs.microsoft.com/en-us/internet-explorer/) area. @@ -37,6 +37,7 @@ Microsoft Edge lets you stay up-to-date through the Windows Store and to manage | [Available policies for Microsoft Edge](available-policies.md) |Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings.

    Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. | | [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) |If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11.

    Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. | | [Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md) |Microsoft Edge is designed with significant security improvements over existing browsers, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. | +|[Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md)|Answering frequently asked questions about Microsoft Edge features, integration, support, and potential problems. ## Interoperability goals and enterprise guidance @@ -58,7 +59,9 @@ You'll need to keep running them using IE11. If you don't have IE11 installed an ## Related topics -- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892) +- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956) + +- [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847) - [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956) diff --git a/browsers/edge/TOC.md b/browsers/edge/TOC.md index fb5ad0c6f2..9a9115a9ac 100644 --- a/browsers/edge/TOC.md +++ b/browsers/edge/TOC.md @@ -5,4 +5,5 @@ ##[Available policies for Microsoft Edge](available-policies.md) ##[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) ##[Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md) +##[Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 097833b6a3..b7642204dd 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -21,7 +21,7 @@ Microsoft Edge works with Group Policy and Microsoft Intune to help you manage y By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. > [!NOTE] -> For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924). +> For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924). ## Group Policy settings Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations: @@ -1027,5 +1027,4 @@ These are additional Windows 10-specific MDM policy settings that work with Mic - **1 (default).** Employees can sync between PCs. ## Related topics -* [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514) * [Mobile Device Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885) \ No newline at end of file diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md index e3c6a0b2d7..83fb456c61 100644 --- a/browsers/edge/change-history-for-microsoft-edge.md +++ b/browsers/edge/change-history-for-microsoft-edge.md @@ -12,6 +12,11 @@ This topic lists new and updated topics in the Microsoft Edge documentation for For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/microsoft-edge/platform/changelog/). +## September 2017 +|New or changed topic | Description | +|---------------------|-------------| +|[Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros](microsoft-edge-faq.md) | New | + ## February 2017 |New or changed topic | Description | |----------------------|-------------| @@ -47,4 +52,4 @@ For a detailed feature list of what's in the current Microsoft Edge releases, th |New or changed topic | Description | |----------------------|-------------| -|[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. | \ No newline at end of file +|[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. | diff --git a/browsers/edge/microsoft-edge-faq.md b/browsers/edge/microsoft-edge-faq.md new file mode 100644 index 0000000000..bb633e1460 --- /dev/null +++ b/browsers/edge/microsoft-edge-faq.md @@ -0,0 +1,84 @@ +--- +title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros (Microsoft Edge for IT Pros) +description: Answering frequently asked questions about Microsoft Edge features, integration, support, and potential problems. +author: eross-msft +ms.author: lizross +ms.prod: edge +ms.mktglfcycl: general +ms.sitesec: library +ms.localizationpriority: high +ms.date: 09/07/2017 +--- + +# Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros + +**Applies to:** + +- Windows 10 +- Windows 10 Mobile + +**Q: What is the difference between Microsoft Edge and Internet Explorer 11? How do I know which one to use?** + +**A:** Microsoft Edge is the default browser for all Windows 10 devices. It is built to be highly compatible with the modern web. For some enterprise web apps and a small set of sites on the web that were built to work with older technologies like ActiveX, [you can use Enterprise Mode](https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility) to automatically send users to Internet Explorer 11 for those sites. + +For more information on how Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge, see [Legacy apps in the enterprise](https://blogs.windows.com/msedgedev/2017/04/07/legacy-web-apps-enterprise/#RAbtRvJSYFaKu2BI.97). + +**Q: Does Microsoft Edge work with Enterprise Mode?** + +**A:** [Enterprise Mode](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) offers better backward compatibility and enables customers to run many legacy web applications. Microsoft Edge and Internet Explorer can be configured to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps. For guidance and additional resources, please visit the [Microsoft Edge IT Center](https://technet.microsoft.com/en-us/microsoft-edge). + + +**Q: I have Windows 10, but I don’t seem to have Microsoft Edge. Why?** + +**A:** Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, don't include Microsoft Edge or many other Universal Windows Platform (UWP) apps. These apps and their services are frequently updated with new functionality and can't be supported on systems running LTSB operating systems. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11. + +**Q: How do I get the latest Canary/Beta/Preview version of Microsoft Edge?** + +**A:** You can access the latest preview version of Microsoft Edge by updating to the latest Windows 10 preview via the [Windows Insider Program](https://insider.windows.com/). To run the preview version of Microsoft Edge on a stable version of Windows 10 (or any other OS), you can download a [Virtual Machine](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/windows/) that we provide or use the upcoming RemoteEdge service. + +**Q: How do I customize Microsoft Edge and related settings for my organization?** + +**A:** You can use Group Policy or Microsoft Intune to manage settings related to Microsoft Edge, such as security settings, folder redirection, and preferences. See [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies) for a list of available policies for Microsoft Edge. + +**Q: Is Adobe Flash supported in Microsoft Edge?** + +**A:** Currently, Adobe Flash is supported as a built-in feature of Microsoft Edge on devices running the desktop version of Windows 10. In July 2017, Adobe announced that Flash will no longer be supported after 2020. We will phase out Flash from Microsoft Edge and Internet Explorer, culminating in the removal of Flash from Windows entirely by the end of 2020. This process began already for Microsoft Edge with [Click-to-Run for Flash](https://blogs.windows.com/msedgedev/2016/12/14/edge-flash-click-run/) in the Windows 10 Creators Update. + +For more information about the phasing out of Flash, read the [End of an Era – Next Steps for Adobe Flash](https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#85ZBy7aiVlDQHebO.97) blog post. + +**Q: Does Microsoft Edge support ActiveX controls or BHOs like Silverlight or Java?** + +**A:** No, ActiveX controls and BHOs such as Silverlight or Java are not supported in Microsoft Edge. The need for ActiveX controls has been significantly reduced by modern web standards, which are more interoperable across browsers. We are working on plans for an extension model based on the modern web platform in Microsoft Edge. We look forward to sharing more details on these plans soon. Not supporting legacy controls in Microsoft Edge provides many benefits including better interoperability with other modern browsers, as well as increased performance, security, and reliability. + +**Q: How often will Microsoft Edge be updated?** + +**A:** In Windows 10, we are delivering Windows as a service, updated on a cadence driven by quality and the availability of new features. Microsoft Edge security updates are released every two to four weeks, and the bigger feature updates are currently pushed out with the Windows 10 releases on a semi-annual cadence. + +**Q: How can I provide feedback on Microsoft Edge?** + +**A:** Microsoft Edge is an evergreen browser and we will continue to evolve both the web platform and the user interface with regular updates. To send feedback on user experience, or on broken or malicious sites, you can use the **Send Feedback** option under the ellipses icon (**...**) in the Microsoft Edge toolbar. You can also provide feedback through the [Microsoft Edge Dev Twitter](https://twitter.com/MSEdgeDev) account. + +**Q: Will Internet Explorer 11 continue to receive updates?** + +**A:** We will continue to deliver security updates to Internet Explorer 11 through its supported lifespan. To ensure consistent behavior across Windows versions, we will evaluate Internet Explorer 11 bugs for servicing on a case by case basis. The latest features and platform updates will only be available in Microsoft Edge. + +**Q: I loaded a web page and Microsoft Edge sent me to Internet Explorer - what happened?** + +**A:** In some cases, Internet Explorer loads automatically for sites that still rely on legacy technologies such as ActiveX. For more information, read [Legacy web apps in the enterprise](https://blogs.windows.com/msedgedev/2017/04/07/legacy-web-apps-enterprise/#uHpbs94kAaVsU1qB.97). + +**Q: Why is Do Not Track (DNT) off by default in Microsoft Edge?** + +**A:** When Microsoft first set the Do Not Track setting to “On” by default in Internet Explorer 10, industry standards had not yet been established. We are now making this default change as the World Wide Web Consortium (W3C) formalizes industry standards to recommend that default settings allow customers to actively indicate whether they want to enable DNT. As a result, DNT will not be enabled by default in upcoming versions of Microsoft’s browsers, but we will provide customers with clear information on how to turn this feature on in the browser settings should you wish to do so. + +**Q: How do I find out what version of Microsoft Edge I have?** + +**A:** Open Microsoft Edge. In the upper right corner click the ellipses icon (**…**), and then click **Settings**. Look in the **About this app** section to find your version. + +**Q: What is Microsoft EdgeHTML?** + +**A:** Microsoft EdgeHTML is the new web rendering engine that powers the Microsoft Edge web browser and Windows 10 web app platform, and that helps web developers build and maintain a consistent site across all modern browsers. The Microsoft EdgeHTML engine also helps to defend against hacking through support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks, and support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant), which helps ensure that connections to important sites, such as to your bank, are always secured. + +**Q: Will Windows 7 or Windows 8.1 users get Microsoft Edge or the new Microsoft EdgeHTML rendering engine?** + +**A:** Microsoft Edge has been designed and built to showcase Windows 10 features like Cortana, and is built on top of the Universal Windows Platform. Although we don’t have any plans to bring Microsoft Edge to Windows 7 or Windows 8.1 at this time, you can test Microsoft Edge with older versions of Internet Explorer using [free virtual machines](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/). + diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md index 74d61c7720..82f4db6262 100644 --- a/devices/surface-hub/TOC.md +++ b/devices/surface-hub/TOC.md @@ -40,6 +40,7 @@ ### [Using a room control system](use-room-control-system-with-surface-hub.md) ## [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) ## [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) +## [Top support solutions for Surface Hub](support-solutions-surface-hub.md) ## [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) ## [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) ## [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md index 308ce30051..03fe635e2e 100644 --- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md +++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker -ms.date: 08/16/2017 +ms.date: 09/25/2017 ms.localizationpriority: medium --- @@ -298,11 +298,6 @@ PrintSuccess "Connected to Lync Server Remote PowerShell" Import-PSSession $sessExchange -AllowClobber -WarningAction SilentlyContinue Import-PSSession $sessLync -AllowClobber -WarningAction SilentlyContinue -# In case there was any uncaught errors -ExitIfError("Remote connections failed. Please check your credentials and try again.") - - - ## Create the Exchange mailbox ## # Note: These exchange commandlets do not always throw their errors as exceptions @@ -669,11 +664,6 @@ catch Import-PSSession $sessExchange -AllowClobber -WarningAction SilentlyContinue Import-PSSession $sessCS -AllowClobber -WarningAction SilentlyContinue - -# In case there was any uncaught errors -ExitIfError "Remote connection failed. Please check your credentials and try again." - - ## Create the Exchange mailbox ## # Note: These exchange commandlets do not always throw their errors as exceptions @@ -1571,8 +1561,7 @@ catch Import-PSSession $sessCS -AllowClobber -# In case there was any uncaught errors -ExitIfError("Remote connection failed. Please check your credentials and try again.") + Write-Host "--------------------------------------------------------------." -foregroundcolor "magenta" # Getting registrar pool diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index 6fc60ccb51..2d6c513d65 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker -ms.date: 08/17/2017 +ms.date: 09/25/2017 ms.localizationpriority: medium --- @@ -16,6 +16,13 @@ ms.localizationpriority: medium This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md). +## September 2017 + +New or changed topic | Description +--- | --- +[Top support solutions for Surface Hub](support-solutions-surface-hub.md) | New +[PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | Updated account creation scripts + ## August 2017 diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md index 91ea69d286..41b4b78342 100644 --- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md @@ -114,6 +114,7 @@ Use this procedure if you use Exchange on-prem. Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-prem](#skype-for-business-on-prem), or [Skype for Business hybrid](#skype-for-business-hybrid). + ### Skype for Business Online To enable Skype for Business online, your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). The following table explains which plans or additional services you need. @@ -309,18 +310,10 @@ Use this procedure if you use Exchange online. Next, you enable the device account with [Skype for Business Online](#sfb-online), [Skype for Business on-prem](#sfb-onprem), or [Skype for Business hybrid](#sfb-hybrid). - + ### Skype for Business Online -In order to enable Skype for Business, your environment will need to meet the following prerequisites: - -- You'll need to have Lync Online (Plan 2) or higher in your O365 plan. The plan needs to support conferencing capability. - -- If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Lync Online (Plan 3). - -- Your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). - -- Your Surface Hub account does require a Lync Online (Plan 2) or Lync Online (Plan 3) license, but it does not require an Exchange Online license. +In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](#sfb-online). 1. Start by creating a remote PowerShell session to the Skype for Business online environment from a PC. diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md index ab8cbc200f..cdde9fd95e 100644 --- a/devices/surface-hub/index.md +++ b/devices/surface-hub/index.md @@ -44,6 +44,7 @@ In some ways, adding your new Surface Hub is just like adding any other Microsof | [Manage Microsoft Surface Hub](manage-surface-hub.md) | How to manage your Surface Hub after finishing the first-run program. | | [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | | [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. | PowerShell scripts to help set up and manage your Surface Hub. | +| [Top support solutions for Surface Hub](support-solutions-surface-hub.md) | These are the top Microsoft Support solutions for common issues experienced using Surface Hub. | | [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) | Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. | | [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) | Learn how to resolve Miracast issues. | | [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | This topic provides links to useful Surface Hub documents, such as product datasheets, the site readiness guide, and user's guide. | diff --git a/devices/surface-hub/manage-surface-hub.md b/devices/surface-hub/manage-surface-hub.md index 25cca9e168..bd66726afe 100644 --- a/devices/surface-hub/manage-surface-hub.md +++ b/devices/surface-hub/manage-surface-hub.md @@ -40,3 +40,6 @@ Learn about managing and updating Surface Hub. | [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) | You can use Miracast on your wireless network or LAN to connect to Surface Hub. | | [Using a room control system]( https://technet.microsoft.com/itpro/surface-hub/use-room-control-system-with-surface-hub) | Room control systems can be used with your Microsoft Surface Hub.| +## Related topics + +- [View Power BI presentation mode on Surface Hub & Windows 10](https://powerbi.microsoft.com/documentation/powerbi-mobile-win10-app-presentation-mode/) \ No newline at end of file diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md index 146dddaaa1..91423ffc82 100644 --- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md @@ -83,11 +83,8 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -PasswordNeverExpires $true ``` -7. Surface Hub requires a license for Skype for Business functionality. - - Your Surface Hub account requires a Lync Online (Plan 2) or Lync Online (Plan 3) license, but it does not require an Exchange Online license. - - You'll need to have Lync Online (Plan 2) or higher in your O365 plan. The plan needs to support conferencing capability. - - If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Lync Online (Plan 3). - +7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online). + Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant. Once you list out the SKUs, you can add a license using the `Set-MsolUserLicense` cmdlet. In this case, `$strLicense` is the SKU code that you see (for example, *contoso:STANDARDPACK*). diff --git a/devices/surface-hub/support-solutions-surface-hub.md b/devices/surface-hub/support-solutions-surface-hub.md new file mode 100644 index 0000000000..f6eeed64e8 --- /dev/null +++ b/devices/surface-hub/support-solutions-surface-hub.md @@ -0,0 +1,50 @@ +--- +title: Top support solutions for Microsoft Surface Hub +description: Find top solutions for common issues using Surface Hub. +ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A +keywords: Troubleshoot common problems, setup issues +ms.prod: w10 +ms.mktglfcycl: support +ms.sitesec: library +ms.pagetype: surfacehub +author: kaushika-msft +ms.author: jdecker +ms.date: 09/07/2017 +ms.localizationpriority: medium +--- + +# Top support solutions for Microsoft Surface Hub + +Microsoft regularly releases both updates and solutions for Surface Hub. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface Hub devices updated. For a complete listing of the update history, see [Surface Hub update history](https://www.microsoft.com/surface/support/surface-hub/surface-hub-update-history) and [Known issues and additional information about Microsoft Surface Hub](https://support.microsoft.com/help/4025643). + + +These are the top Microsoft Support solutions for common issues experienced when using Surface Hub. + +## Setup and install issues + +- [Setup troubleshooting](troubleshoot-surface-hub.md#setup-troubleshooting) +- [Exchange ActiveSync errors](troubleshoot-surface-hub.md#exchange-activesync-errors) + +## Miracast issues + +- [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) + +## Download updates issues + +- [Surface Hub can't download updates from Windows Update](https://support.microsoft.com/help/3191418/surface-hub-can-t-download-updates-from-windows-update) + +## Connect app issues + +- [The Connect app in Surface Hub exits unexpectedly](https://support.microsoft.com/help/3157417/the-connect-app-in-surface-hub-exits-unexpectedly) + + + +  + + +  + + + + + diff --git a/devices/surface-hub/troubleshoot-surface-hub.md b/devices/surface-hub/troubleshoot-surface-hub.md index 46b82e72e3..8fb31f0492 100644 --- a/devices/surface-hub/troubleshoot-surface-hub.md +++ b/devices/surface-hub/troubleshoot-surface-hub.md @@ -20,8 +20,6 @@ Troubleshoot common problems, including setup issues, Exchange ActiveSync errors Common issues are listed in the following table, along with causes and possible fixes. The [Setup troubleshooting](#setup-troubleshooting) section contains a listing of on-device problems, along with several types of issues that may be encountered during the first-run experience. The [Exchange ActiveSync errors](#exchange-activesync-errors) section lists common errors the device may encounter when trying to synchronize with an Microsoft Exchange ActiveSync server. -- [Setup troubleshooting](#setup-troubleshooting) -- [Exchange ActiveSync errors](#exchange-activesync-errors) ## Setup troubleshooting diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index 192f88b5e0..45393cc7e9 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -26,6 +26,7 @@ ### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md) ## [Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md) ## [Surface Data Eraser](microsoft-surface-data-eraser.md) +## [Top support solutions for Surface devices](support-solutions-surface.md) ## [Change history for Surface documentation](change-history-for-surface.md) diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index 33992b2d0a..04cd11e9f1 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -11,6 +11,12 @@ author: jdeckerms This topic lists new and updated topics in the Surface documentation library. +## September 2017 + +New or changed topic | Description +--- | --- +[Top support solutions for Surface devices](support-solutions-surface.md) | New + ## June 2017 |New or changed topic | Description | diff --git a/devices/surface/deploy-surface-app-with-windows-store-for-business.md b/devices/surface/deploy-surface-app-with-windows-store-for-business.md index 1e6ca989c9..52626b026e 100644 --- a/devices/surface/deploy-surface-app-with-windows-store-for-business.md +++ b/devices/surface/deploy-surface-app-with-windows-store-for-business.md @@ -1,6 +1,6 @@ --- title: Deploy Surface app with Microsoft Store for Business or Microsoft Store for Education (Surface) -description: Find out how to add and download Surface app with Windows Store for Business or Microsoft Store for Education, as well as install Surface app with PowerShell and MDT. +description: Find out how to add and download Surface app with Microsoft Store for Business or Microsoft Store for Education, as well as install Surface app with PowerShell and MDT. keywords: surface app, app, deployment, customize ms.prod: w10 ms.mktglfcycl: deploy @@ -31,7 +31,7 @@ The Surface app is a lightweight Windows Store app that provides control of many * Quick access to support documentation and information for your device -If your organization is preparing images that will be deployed to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Windows Store or your Windows Store for Business. +If your organization is preparing images that will be deployed to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Windows Store or your Microsoft Store for Business. ##Surface app overview @@ -45,11 +45,11 @@ Before users can install or deploy an app from a company’s Microsoft Store for 2. Log on to the portal. -3. Enable offline licensing: click **Manage->Store settings**, and then select the **Show offline licensed apps to people shopping in the store** checkbox, as shown in Figure 1. For more information about Microsoft Store for Business app licensing models, see [Apps in Windows Store for Business](https://technet.microsoft.com/itpro/windows/manage/apps-in-windows-store-for-business#licensing_model).

    +3. Enable offline licensing: click **Manage->Store settings**, and then select the **Show offline licensed apps to people shopping in the store** checkbox, as shown in Figure 1. For more information about Microsoft Store for Business app licensing models, see [Apps in Microsoft Store for Business](https://technet.microsoft.com/itpro/windows/manage/apps-in-windows-store-for-business#licensing_model).

    ![Show offline licenses apps checkbox](images/deploysurfapp-figure1-enablingapps.png "Show offline licenses apps checkbox")
    *Figure 1. Enable apps for offline use* -4. Add Surface app to your Micrososft Store for Business account by following this procedure: +4. Add Surface app to your Microsoft Store for Business account by following this procedure: * Click the **Shop** menu. * In the search box, type **Surface app**, and then click the search icon. * After the Surface app is presented in the search results, click the app’s icon. @@ -68,9 +68,9 @@ Before users can install or deploy an app from a company’s Microsoft Store for * Click **OK**. ##Download Surface app from a Microsoft Store for Business account -After you add an app to the Windows Store for Business account in Offline mode, you can download and add the app as an AppxBundle to a deployment share. +After you add an app to the Microsoft Store for Business account in Offline mode, you can download and add the app as an AppxBundle to a deployment share. 1. Log on to the Microsoft Store for Business account at https://businessstore.microsoft.com. -2. Click **Manage->Apps & software**. A list of all of your company’s apps is displayed, including the Surface app you added in the [Add Surface app to a Windows Store for Business account](#add-surface-app-to-a-windows-store-for-business-account) section of this article. +2. Click **Manage->Apps & software**. A list of all of your company’s apps is displayed, including the Surface app you added in the [Add Surface app to a Microsoft Store for Business account](#add-surface-app-to-a-microsoft-store-for-business-account) section of this article. 3. Under **Actions**, click the ellipsis (**…**), and then click **Download for offline use** for the Surface app. 4. Select the desired **Platform** and **Architecture** options from the available selections for the selected app, as shown in Figure 4. @@ -78,7 +78,7 @@ After you add an app to the Windows Store for Business account in Offline mode, *Figure 4. Download the AppxBundle package for an app* 5. Click **Download**. The AppxBundle package will be downloaded. Make sure you note the path of the downloaded file because you’ll need that later in this article. -6. Click either the **Encoded license** or **Unencoded license** option. Use the Encoded license option with management tools like System Center Configuration Manager or when you use Windows Imaging and Configuration Designer (Windows ICD). Select the Unencoded license option when you use Deployment Image Servicing and Management (DISM) or deployment solutions based on imaging, including the Microsoft Deployment Toolkit (MDT). +6. Click either the **Encoded license** or **Unencoded license** option. Use the Encoded license option with management tools like System Center Configuration Manager or when you use Windows Configuration Designer to create a provisioning package. Select the Unencoded license option when you use Deployment Image Servicing and Management (DISM) or deployment solutions based on imaging, including the Microsoft Deployment Toolkit (MDT). 7. Click **Generate** to generate and download the license for the app. Make sure you note the path of the license file because you’ll need that later in this article. >[!NOTE] @@ -102,9 +102,12 @@ To download the required frameworks for the Surface app, follow these steps: ##Install Surface app on your computer with PowerShell The following procedure provisions the Surface app onto your computer and makes it available for any user accounts created on the computer afterwards. -1. Using the procedure described in the [How to download Surface app from a Windows Store for Business account](#download-surface-app-from-a-windows-store-for-business-account) section of this article, download the Surface app AppxBundle and license file. +1. Using the procedure described in the [How to download Surface app from a Microsoft Store for Business account](#download-surface-app-from-a-microsoft-store-for-business-account) section of this article, download the Surface app AppxBundle and license file. 2. Begin an elevated PowerShell session. ->**Note:**  If you don’t run PowerShell as an Administrator, the session won’t have the required permissions to install the app. + + >[!NOTE] + >If you don’t run PowerShell as an Administrator, the session won’t have the required permissions to install the app. + 3. In the elevated PowerShell session, copy and paste the following command: ``` Add-AppxProvisionedPackage –Online –PackagePath \ Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle –LicensePath \ Microsoft.SurfaceHub_8wekyb3d8bbwe_a53ef8ab-9dbd-dec1-46c5-7b664d4dd003.xml @@ -118,7 +121,9 @@ The following procedure provisions the Surface app onto your computer and makes ``` 4. The Surface app will now be available on your current Windows computer. + Before the Surface app is functional on the computer where it has been provisioned, you must also provision the frameworks described earlier in this article. To provision these frameworks, use the following procedure in the elevated PowerShell session you used to provision the Surface app. + 5. In the elevated PowerShell session, copy and paste the following command: ``` Add-AppxProvisionedPackage –Online –SkipLicense –PackagePath \Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx @@ -130,7 +135,7 @@ Before the Surface app is functional on the computer where it has been provision ##Install Surface app with MDT The following procedure uses MDT to automate installation of the Surface app at the time of deployment. The application is provisioned automatically by MDT during deployment and thus you can use this process with existing images. This is the recommended process to deploy the Surface app as part of a Windows deployment to Surface devices because it does not reduce the cross platform compatibility of the Windows image. -1. Using the procedure described [earlier in this article](#download-surface-app-from-a-windows-store-for-business-account), download the Surface app AppxBundle and license file. +1. Using the procedure described [earlier in this article](#download-surface-app-from-a-microsoft-store-for-business-account), download the Surface app AppxBundle and license file. 2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**. 3. On the **Command Details** page of the New Application Wizard, specify the default **Working Directory** and for the **Command** specify the file name of the AppxBundle, as follows: diff --git a/devices/surface/index.md b/devices/surface/index.md index 65fba37343..eeecfa1314 100644 --- a/devices/surface/index.md +++ b/devices/surface/index.md @@ -30,6 +30,7 @@ For more information on planning for, deploying, and managing Surface devices in | [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) | See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization. | | [Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md) | Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device. | | [Surface Data Eraser](microsoft-surface-data-eraser.md) | Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices. | +| [Top support solutions for Surface devices](support-solutions-surface.md) | These are the top Microsoft Support solutions for common issues experienced using Surface devices in an enterprise. | | [Change history for Surface documentation](change-history-for-surface.md) | This topic lists new and updated topics in the Surface documentation library. | diff --git a/devices/surface/support-solutions-surface.md b/devices/surface/support-solutions-surface.md new file mode 100644 index 0000000000..432c5dfe34 --- /dev/null +++ b/devices/surface/support-solutions-surface.md @@ -0,0 +1,64 @@ +--- +title: Top support solutions for Surface devices +description: Find top solutions for common issues using Surface devices in the enterprise. +ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A +keywords: Troubleshoot common problems, setup issues +ms.prod: w10 +ms.mktglfcycl: support +ms.sitesec: library +ms.pagetype: surfacehub +author: kaushika-msft +ms.author: jdecker +ms.date: 09/07/2017 +ms.localizationpriority: medium +--- + +# Top support solutions for Surface devices + +Microsoft regularly releases both updates and solutions for Surface devices. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface devices updated. For a complete listing of the update history, see [Surface update history](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) and [Install Surface and Windows updates](https://www.microsoft.com/surface/support/performance-and-maintenance/install-software-updates-for-surface?os=windows-10&=undefined). + + +These are the top Microsoft Support solutions for common issues experienced when using Surface devices in an enterprise. + +## Screen cracked or scratched issues + +- [Cracked screen and physical damage](https://www.microsoft.com/surface/support/warranty-service-and-recovery/surface-is-damaged) + + +##Device cover or keyboard issues + +- [Troubleshoot your Surface Type Cover or keyboard](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-surface-keyboards) +- [Troubleshoot problems with Surface Keyboard, Surface Ergonomic Keyboard, and Microsoft Modern Keyboard with Fingerprint ID](https://www.microsoft.com/surface/support/touch-mouse-and-search/surface-keyboard-troubleshooting) +- [Set up Microsoft Modern Keyboard with Fingerprint ID](https://www.microsoft.com/surface/support/touch-mouse-and-search/microsoft-modern-keyboard-fingerprintid-set-up) +- [Enabling Surface Laptop keyboard during MDT deployment](https://blogs.technet.microsoft.com/askcore/2017/08/18/enabling-surface-laptop-keyboard-during-mdt-deployment/) + + +## Device won't wake from sleep or hibernation issues + +- [Surface won’t turn on or wake from sleep](https://www.microsoft.com/surface/support/warranty-service-and-recovery/surface-wont-turn-on-or-wake-from-sleep?os=windows-10&=undefined) +- [Surface Pro 4 or Surface Book doesn't hibernate in Windows 10](https://support.microsoft.com/help/3122682) +- [Surface Pro 3 doesn't hibernate after four hours in connected standby](https://support.microsoft.com/help/2998588/surface-pro-3-doesn-t-hibernate-after-four-hours-in-connected-standby) +- [Surface Pro 3 Hibernation Doesn’t Occur on Enterprise Install](https://blogs.technet.microsoft.com/askcore/2014/11/05/surface-pro-3-hibernation-doesnt-occur-on-enterprise-install/) + + +## Other common issues + +- [Trouble installing Surface updates](https://www.microsoft.com/surface/support/performance-and-maintenance/troubleshoot-updates?os=windows-10&=undefined) +- [Troubleshooting common Surface Pro 3 issues post-deployment](http://blogs.technet.com/b/askcore/archive/2015/03/19/troubleshooting-common-surface-pro-3-issues-post-deployment.aspx) +- [Surface Pro 3 hibernation doesn't occur on enterprise install](https://blogs.technet.microsoft.com/askcore/2014/11/05/surface-pro-3-hibernation-doesnt-occur-on-enterprise-install/) +- [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manger OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd) +- [Troubleshoot docking stations for Surface Pro and Surface 3](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-docking-station?os=windows-8.1-update-1&=undefined) +- [What to do if Surface is running slower](https://www.microsoft.com/surface/support/performance-and-maintenance/what-to-do-if-surface-is-running-slower?os=windows-10&=undefined) + + + + +  + + +  + + + + + diff --git a/education/get-started/TOC.md b/education/get-started/TOC.md index 4d7123cb43..20de4cd93d 100644 --- a/education/get-started/TOC.md +++ b/education/get-started/TOC.md @@ -1,7 +1,6 @@ # [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) ## [Set up an Office 365 education tenant](set-up-office365-edu-tenant.md) ## [Use School Data Sync to import student data](use-school-data-sync.md) -## [Enable Microsoft Teams for your school](enable-microsoft-teams.md) ## [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) ## [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) ## [Set up Windows 10 education devices](set-up-windows-10-education-devices.md) diff --git a/education/get-started/configure-microsoft-store-for-education.md b/education/get-started/configure-microsoft-store-for-education.md index 8b6ac1363e..0de78d8a9c 100644 --- a/education/get-started/configure-microsoft-store-for-education.md +++ b/education/get-started/configure-microsoft-store-for-education.md @@ -15,6 +15,10 @@ ms.date: 07/10/2017 # Configure Microsoft Store for Education +> [!div class="step-by-step"] +[<< Use School Data Sync to import student data](use-school-data-sync.md) +[Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md) + You'll need to configure Microsoft Store for Education to accept the services agreement and make sure your Microsoft Store account is associated with Intune for Education. You can watch the video to see how this is done, or follow the step-by-step guide.
    @@ -58,7 +62,7 @@ Your Microsoft Store for Education account is now linked to Intune for Education --> > [!div class="step-by-step"] -[<< Enable Microsoft Teams for your school](enable-microsoft-teams.md) +[<< Use School Data Sync to import student data](use-school-data-sync.md) [Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md) diff --git a/education/get-started/finish-setup-and-other-tasks.md b/education/get-started/finish-setup-and-other-tasks.md index df2fc44837..f7f99ded79 100644 --- a/education/get-started/finish-setup-and-other-tasks.md +++ b/education/get-started/finish-setup-and-other-tasks.md @@ -14,6 +14,10 @@ ms.date: 07/10/2017 --- # Finish Windows 10 device setup and other tasks + +> [!div class="step-by-step"] +[<< Set up Windows 10 education devices](set-up-windows-10-education-devices.md) + Once you've set up your Windows 10 education device, it's worth checking to verify the following: > [!div class="checklist"] @@ -70,6 +74,7 @@ You can follow the rest of the walkthrough to finish setup and complete other ta > * Update group settings in Intune for Education > * Configure Azure settings > * Complete Office 365 for Education setup +> * Enable Microsoft teams for your school > * Add more users > * Connect other devices, like BYOD devices, to your cloud infrastructure @@ -136,6 +141,38 @@ Follow the steps in this section to ensure that settings for the each user follo ## Complete Office 365 for Education setup Now that your basic cloud infrastructure is up and running, it's time to complete the rest of the Office 365 for Education setup. You can find detailed information about completing Office 365 setup, services and applications, troubleshooting, and more by reading the Office 365 admin documentation. +## Enable Microsoft Teams for your school +Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. Because it's built on Office 365, schools benefit from integration with their familiar Office apps and services. Your institution can use Microsoft Teams to create collaborative classrooms, connect in professional learning communities, and communicate with school staff all from a single experience in Office 365 for Education. + +To get started, IT administrators need to use the Office 365 Admin Center to enable Microsoft Teams for your school. + +**To enable Microsoft Teams for your school** + +1. Sign in to Office 365 with your work or school account. +2. Click **Admin** to go to the Office 365 admin center. +3. Go to **Settings > Services & add-ins**. +4. On the **Services & add-ins** page, select **Microsoft Teams**. + + **Figure 1** - Select Microsoft Teams from the list of services & add-ins + + ![Enable Microsoft Teams for your school](images/o365_settings_services_msteams.png) + +5. On the Microsoft Teams settings screen, select the license that you want to configure, **Student** or **Faculty and Staff**. Select **Faculty and Staff**. + + **Figure 2** - Select the license that you want to configure + + ![Select the Microsoft Teams license that you want to configure](images/o365_msteams_settings.png) + +6. After you select the license type, set the toggle to turn on Microsoft Teams for your organization. + + **Figure 3** - Turn on Microsoft Teams for your organization + + ![Turn on Microsoft Teams for your organization](images/o365_msteams_turnon.png) + +7. Click **Save**. + +You can find more info about how to control which users in your school can use Microsoft Teams, turn off group creation, configure tenant-level settings, and more by reading the *Guide for IT admins* getting started guide in the Meet Microsoft Teams page. + ## Add more users After your cloud infrastructure is set up and you have a device management strategy in place, you may need to add more users and you want the same policies to apply to these users. You can add new users to your tenant simply by adding them to the Office 365 groups. Adding new users to Office 365 groups automatically adds them to the corresponding groups in Intune for Education. @@ -173,6 +210,10 @@ Adding a new device to your cloud-based tenant is easy. For new devices, you can It may take several minutes before the new device shows up so check again later. + +> [!div class="step-by-step"] +[<< Set up Windows 10 education devices](set-up-windows-10-education-devices.md) + ## Related topic [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) diff --git a/education/get-started/get-started-with-microsoft-education.md b/education/get-started/get-started-with-microsoft-education.md index 9d9e9b9a5a..51de907eef 100644 --- a/education/get-started/get-started-with-microsoft-education.md +++ b/education/get-started/get-started-with-microsoft-education.md @@ -10,7 +10,7 @@ ms.localizationpriority: high ms.pagetype: edu author: CelesteDG ms.author: celested -ms.date: 07/10/2017 +ms.date: 08/29/2017 --- # Get started: Deploy and manage a full cloud IT solution with Microsoft Education @@ -43,21 +43,20 @@ With Microsoft Education, schools can: Go to the Microsoft Education site to learn more. See How to buy to learn about pricing and purchasing options for schools, students, and teachers as well as academic pricing and offers for qualified K-12 and higher education institutions. ## What we're doing -In this walkthrough, we'll show you the basics on how to: -> [!div class="checklist"] -> * Acquire an Office 365 for Education tenant, if you don't already have one -> * Import school, student, teacher, and class data using School Data Sync (SDS) -> * Deploy Microsoft Teams to enable groups and teams in your school to communicate and collaborate -> * Manage apps and settings deployment with Intune for Education -> * Acquire additional apps in Microsoft Store for Education -> * Use the Set up School PCs app to quickly set up and provision your Windows 10 education devices -> * Log in and use the devices +The end-to-end process for deploying and managing a full cloud IT solution with Microsoft Education is outlined here. Depending on your [setup scenario](#setup-options), you may not need to implement all these steps. -This diagram shows a high-level view of what we cover in this walkthrough. The numbers correspond to the sections in the walkthrough and roughly correspond to the flow of the overall process; but, note that not all sections in this walkthrough are shown in the diagram. +Click the link to watch the video or follow the step-by-step guidance for each. + +1. [Set up an Office 365 education tenant](set-up-office365-edu-tenant.md) +2. [Use School Data Sync to import student data](use-school-data-sync.md) +3. [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) +4. [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) +5. [Set up Windows 10 education devices](set-up-windows-10-education-devices.md) +6. [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) **Figure 1** - Microsoft Education IT administrator workflow -![Deploy and manage a full cloud IT solution using Microsoft Education](images/microsoft_education_it_getstarted_workflow.png) +![Deploy and manage a full cloud IT solution using Microsoft Education](images/MSES_Get_Started_IT_082917.png) ## Prerequisites Complete these tasks before you start the walkthrough: @@ -130,19 +129,6 @@ Already have an Office 365 for Education verified tenant? Just sign in with your 3. Enter your Office 365 global admin credentials to apply the Intune for Education trial to your tenant. 4. If you don't already have Microsoft Teams deployed to your tenant, you can start with [Enable Microsoft Teams for your school](enable-microsoft-teams.md) and then follow the rest of the instructions in this walkthrough. -## End-to-end process -The end-to-end process for deploying and managing a full cloud IT solution with Microsoft Education is outlined here. Depending on scenario, you may not need to implement all these steps. - -Click the link to watch the video or follow the step-by-step guidance for each. - -1. [Set up an Office 365 education tenant](set-up-office365-edu-tenant.md) -2. [Use School Data Sync to import student data](use-school-data-sync.md) -3. [Enable Microsoft Teams for your school](enable-microsoft-teams.md) -4. [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) -5. [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) -6. [Set up Windows 10 education devices](set-up-windows-10-education-devices.md) -7. [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) - ## Get more info ### Microsoft Education documentation and resources hub diff --git a/education/get-started/images/MSES_Get_Started_IT_082917.png b/education/get-started/images/MSES_Get_Started_IT_082917.png new file mode 100644 index 0000000000..5153524b43 Binary files /dev/null and b/education/get-started/images/MSES_Get_Started_IT_082917.png differ diff --git a/education/get-started/set-up-office365-edu-tenant.md b/education/get-started/set-up-office365-edu-tenant.md index 57a0a0a4ff..623b0c5e4e 100644 --- a/education/get-started/set-up-office365-edu-tenant.md +++ b/education/get-started/set-up-office365-edu-tenant.md @@ -15,6 +15,10 @@ ms.date: 07/10/2017 # Set up an Office 365 Education tenant +> [!div class="step-by-step"] +[<< Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) +[Use School Data Sync to import student data >>](use-school-data-sync.md) + Schools can use Office 365 to save time and be more productive. Built with powerful tools and accessible from any device, setting it up is the first step in getting your school to the cloud. Don't have an Office 365 for Education verified tenant or just starting out? Follow these steps to set up an Office 365 for Education tenant. [Learn more about Office 365 for Education plans and pricing](https://products.office.com/en-us/academic/compare-office-365-education-plans).
    diff --git a/education/get-started/set-up-windows-10-education-devices.md b/education/get-started/set-up-windows-10-education-devices.md index d3f2f989b5..a77a9e2f89 100644 --- a/education/get-started/set-up-windows-10-education-devices.md +++ b/education/get-started/set-up-windows-10-education-devices.md @@ -15,6 +15,10 @@ ms.date: 07/10/2017 # Set up Windows 10 education devices +> [!div class="step-by-step"] +[<< Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) +[Finish setup and other tasks >>](finish-setup-and-other-tasks.md) + We recommend using the latest build of Windows 10, version 1703 on your education devices. To set up new Windows 10 devices and enroll them to your education tenant, choose from one of these options and follow the link to watch the video or follow the step-by-step guide: diff --git a/education/get-started/use-intune-for-education.md b/education/get-started/use-intune-for-education.md index b2a9e67e9d..491a309866 100644 --- a/education/get-started/use-intune-for-education.md +++ b/education/get-started/use-intune-for-education.md @@ -15,6 +15,10 @@ ms.date: 07/10/2017 # Use Intune for Education to manage groups, apps, and settings +> [!div class="step-by-step"] +[<< Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) +[Set up Windows 10 education devices >>](set-up-windows-10-education-devices.md) + Intune for Education is a streamlined device management solution for educational institutions that can be used to quickly set up and manage Windows 10 devices for your school. It provides a new streamlined UI with the enterprise readiness and resiliency of the Intune service. You can learn more about Intune for Education by reading the Intune for Education documentation. ## Example - Set up Intune for Education, buy apps from the Store, and install the apps diff --git a/education/get-started/use-school-data-sync.md b/education/get-started/use-school-data-sync.md index 6c9b89cb9d..6065f9dfd0 100644 --- a/education/get-started/use-school-data-sync.md +++ b/education/get-started/use-school-data-sync.md @@ -15,6 +15,10 @@ ms.date: 07/10/2017 # Use School Data Sync to import student data +> [!div class="step-by-step"] +[<< Set up an Office 365 education tenant](set-up-office365-edu-tenant.md) +[Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md) + School Data Sync (SDS) helps you import Student Information System (SIS) data into Office 365. It helps automate the process for importing and integrating SIS data that you can use with Office 365 and apps like OneNote Class Notebooks. Follow all the steps in this section to use SDS and sample CSV files in a trial environment. To use SDS in a production environment, see step 2 in [Try out Microsoft Education in a production environment](https://docs.microsoft.com/en-us/education/get-started/get-started-with-microsoft-education#setup-options) instead. @@ -177,7 +181,7 @@ That's it for importing sample school data using SDS. > [!div class="step-by-step"] [<< Set up an Office 365 education tenant](set-up-office365-edu-tenant.md) -[Enable Microsoft Teams for your school >>](enable-microsoft-teams.md) +[Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md) ## Related topic [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) \ No newline at end of file diff --git a/education/images/M365-education.svg b/education/images/M365-education.svg new file mode 100644 index 0000000000..7f83629296 --- /dev/null +++ b/education/images/M365-education.svg @@ -0,0 +1,171 @@ + + + + + M365-education + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/education/index.md b/education/index.md index bb44bf632a..848905d3bb 100644 --- a/education/index.md +++ b/education/index.md @@ -1,7 +1,7 @@ --- layout: HubPage hide_bc: true -title: Microsoft Education documentation and resources | Microsoft Docs +title: Microsoft 365 Education documentation and resources | Microsoft Docs description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers. author: CelesteDG ms.author: celested @@ -10,7 +10,7 @@ ms.author: celested
    • - +
      @@ -28,7 +28,7 @@ ms.author: celested
    • - +
      @@ -46,7 +46,7 @@ ms.author: celested
    • - +
      @@ -75,7 +75,26 @@ ms.author: celested
      • - + +
        +
        +
        +
        +
        + Learn about Microsoft 365 Education +
        +
        +
        +

        Microsoft 365 Education

        +

        Find out how to empower educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education.

        +
        +
        +
        +
        +         +
        • +
      • +
        @@ -94,7 +113,7 @@ ms.author: celested
      • - +
        @@ -113,7 +132,7 @@ ms.author: celested
      • - +
        @@ -132,7 +151,7 @@ ms.author: celested
      • - +
        @@ -151,7 +170,7 @@ ms.author: celested
      • - +
        @@ -170,7 +189,7 @@ ms.author: celested
      • - +
        @@ -189,7 +208,7 @@ ms.author: celested
      • - +
        @@ -208,7 +227,7 @@ ms.author: celested
      • - +
        @@ -227,7 +246,7 @@ ms.author: celested
      • - +
        @@ -246,7 +265,7 @@ ms.author: celested
      • - +
        @@ -275,7 +294,7 @@ ms.author: celested
        • - +
          @@ -294,7 +313,7 @@ ms.author: celested
        • - +
          @@ -313,7 +332,7 @@ ms.author: celested
        • - +
          @@ -332,7 +351,7 @@ ms.author: celested
        • - +
          @@ -351,7 +370,7 @@ ms.author: celested
        • - +
          @@ -370,7 +389,7 @@ ms.author: celested
        • - +
          @@ -389,7 +408,7 @@ ms.author: celested
        • - +
          @@ -408,7 +427,7 @@ ms.author: celested
        • - +
          @@ -437,7 +456,7 @@ ms.author: celested
          • - +
            @@ -456,7 +475,7 @@ ms.author: celested
          • - +
            @@ -475,7 +494,7 @@ ms.author: celested
          • - +
            @@ -494,7 +513,7 @@ ms.author: celested
          • - +
            @@ -523,7 +542,7 @@ ms.author: celested +[Bitlocker CSP](bitlocker-csp.md) +

            Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.

            + + +[ADMX-backed policies in Policy CSP](policy-configuration-service-provider.md#admx-backed-policies) +

            Added new policies.

            + + +Microsoft Store for Business +

            Windows Store for Business name changed to Microsoft Store for Business.

            + + [Policy CSP](policy-configuration-service-provider.md)

            Added the following new policies for Windows 10, version 1709:

              +
            • Authentication/AllowAadPasswordReset
            • Browser/LockdownFavorites
            • Browser/ProvisionFavorites
            • CredentialProviders/DisableAutomaticReDeploymentCredentials
              • @@ -991,6 +1015,8 @@ For details about Microsoft mobile device management protocols for Windows 10 s
            • DeviceGuard/RequirePlatformSecurityFeatures
            • DeviceGuard/LsaCfgFlags
            • ExploitGuard/ExploitProtectionSettings
              • +
            • Games/AllowAdvancedGamingServices
              • +
            • Handwriting/PanelDefaultModeDocked
            • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
            • LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
            • LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
              • @@ -1034,7 +1060,11 @@ For details about Microsoft mobile device management protocols for Windows 10 s
            • Education/DefaultPrinterName
            • Education/PreventAddingNewPrinters
            • Education/PrinterNames
              • +
            • Search/AllowCloudSearch
            • Security/ClearTPMIfNotReady
              • +
            • System/LimitEnhancedDiagnosticDataWindowsAnalytics
              • +
            • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
              • +
            • Update/DisableDualScan
            • Update/ScheduledInstallEveryWeek
            • Update/ScheduledInstallFirstWeek
            • Update/ScheduledInstallFourthWeek
              • @@ -1324,6 +1354,59 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware ## Change history in MDM documentation +### September 2017 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + +
              New or updated topicDescription
              [Policy CSP](policy-configuration-service-provider.md)

              Added the following new policies for Windows 10, version 1709:

              +
                +
              • Authentication/AllowAadPasswordReset
                • +
              • Handwriting/PanelDefaultModeDocked
                • +
              • Search/AllowCloudSearch
                • +
              • System/LimitEnhancedDiagnosticDataWindowsAnalytics
                • +
              +

              Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.

              +
              [AssignedAccess CSP](assignedaccess-csp.md)

              Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.

              +
              Microsoft Store for Business

              Windows Store for Business name changed to Microsoft Store for Business.

              +
              The [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/en-us/library/mt221945.aspx)

              The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:

              +
                +
              • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
                • +
              • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
                • +
              • DomainName - fully qualified domain name if the device is domain-joined.
                • +
              +

              For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.

              +
              [EntepriseAPN CSP](enterpriseapn-csp.md)

              Added a SyncML example.

              +
              [VPNv2 CSP](vpnv2-csp.md)

              Added RegisterDNS setting in Windows 10, version 1709.

              +
              + ### August 2017 @@ -1384,7 +1467,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware - @@ -1412,6 +1495,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
            • Browser/ProvisionFavorites
            • Browser/LockdownFavorites
            • ExploitGuard/ExploitProtectionSettings
              • +
            • Games/AllowAdvancedGamingServices
            • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
            • LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
            • LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
              • @@ -1438,6 +1522,8 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
            • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
            • Privacy/EnableActivityFeed
            • Privacy/PublishUserActivities
              • +
            • Update/DisableDualScan
              • +
            • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork

              • Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutoPilotResetCredentials.

              Changed the names of the following policies:

              @@ -1539,6 +1625,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
              • Added Configuration node
              +

              Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro.

              diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index cf20c306d2..121d77fdb7 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -307,6 +307,9 @@ The following diagram shows the Policy configuration service provider in tree fo ### Authentication policies
              +
              + Authentication/AllowAadPasswordReset +
              Authentication/AllowEAPCertSSO
              @@ -1024,6 +1027,14 @@ The following diagram shows the Policy configuration service provider in tree fo
              +### Handwriting policies + +
              +
              + Handwriting/PanelDefaultModeDocked +
              +
              + ### InternetExplorer policies
              @@ -2383,6 +2394,9 @@ The following diagram shows the Policy configuration service provider in tree fo ### Search policies
              +
              + Search/AllowCloudSearch +
              Search/AllowIndexingEncryptedStoresOrItems
              @@ -2646,6 +2660,9 @@ The following diagram shows the Policy configuration service provider in tree fo
              System/DisableSystemRestore
              +
              + System/LimitEnhancedDiagnosticDataWindowsAnalytics +
              System/TelemetryProxy
              @@ -2718,6 +2735,9 @@ The following diagram shows the Policy configuration service provider in tree fo
              Update/AllowAutoUpdate
              +
              + Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork +
              Update/AllowMUUpdateService
              @@ -2754,6 +2774,9 @@ The following diagram shows the Policy configuration service provider in tree fo
              Update/DetectionFrequency
              +
              + Update/DisableDualScan +
              Update/EngagedRestartDeadline
              diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index eb8cd4abc7..2268695665 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - AboveLock diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 53ea6582a5..f2e678427b 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Accounts diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index e67542f66b..755aeb5a2e 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - ActiveXControls @@ -64,7 +64,7 @@ Note: Wild card characters cannot be used when specifying the host URLs. ADMX Info: -- GP english name: *Approved Installation Sites for ActiveX Controls* +- GP English name: *Approved Installation Sites for ActiveX Controls* - GP name: *ApprovedActiveXInstallSites* - GP path: *Windows Components/ActiveX Installer Service* - GP ADMX file name: *ActiveXInstallService.admx* diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 11297a57df..838ad9fbc8 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - ApplicationDefaults diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 5d72ba16b5..db13ecc123 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - ApplicationManagement diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 01bd1dd68e..e44fda0b34 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - AppVirtualization @@ -58,9 +58,9 @@ This policy setting allows you to enable or disable Microsoft Application Virtua ADMX Info: -- GP english name: *Enable App-V Client* +- GP English name: *Enable App-V Client* - GP name: *EnableAppV* -- GP path: *Administrative Templates/System/App-V* +- GP path: *System/App-V* - GP ADMX file name: *appv.admx* @@ -104,9 +104,9 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj ADMX Info: -- GP english name: *Enable Dynamic Virtualization* +- GP English name: *Enable Dynamic Virtualization* - GP name: *Virtualization_JITVEnable* -- GP path: *Administrative Templates/System/App-V/Virtualization* +- GP path: *System/App-V/Virtualization* - GP ADMX file name: *appv.admx* @@ -150,9 +150,9 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv ADMX Info: -- GP english name: *Enable automatic cleanup of unused appv packages* +- GP English name: *Enable automatic cleanup of unused appv packages* - GP name: *PackageManagement_AutoCleanupEnable* -- GP path: *Administrative Templates/System/App-V/PackageManagement* +- GP path: *System/App-V/PackageManagement* - GP ADMX file name: *appv.admx* @@ -196,9 +196,9 @@ Enables scripts defined in the package manifest of configuration files that shou ADMX Info: -- GP english name: *Enable Package Scripts* +- GP English name: *Enable Package Scripts* - GP name: *Scripting_Enable_Package_Scripts* -- GP path: *Administrative Templates/System/App-V/Scripting* +- GP path: *System/App-V/Scripting* - GP ADMX file name: *appv.admx* @@ -242,9 +242,9 @@ Enables a UX to display to the user when a publishing refresh is performed on th ADMX Info: -- GP english name: *Enable Publishing Refresh UX* +- GP English name: *Enable Publishing Refresh UX* - GP name: *Enable_Publishing_Refresh_UX* -- GP path: *Administrative Templates/System/App-V/Publishing* +- GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -298,9 +298,9 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t ADMX Info: -- GP english name: *Reporting Server* +- GP English name: *Reporting Server* - GP name: *Reporting_Server_Policy* -- GP path: *Administrative Templates/System/App-V/Reporting* +- GP path: *System/App-V/Reporting* - GP ADMX file name: *appv.admx* @@ -344,9 +344,9 @@ Specifies the file paths relative to %userprofile% that do not roam with a user' ADMX Info: -- GP english name: *Roaming File Exclusions* +- GP English name: *Roaming File Exclusions* - GP name: *Integration_Roaming_File_Exclusions* -- GP path: *Administrative Templates/System/App-V/Integration* +- GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* @@ -390,9 +390,9 @@ Specifies the registry paths that do not roam with a user profile. Example usage ADMX Info: -- GP english name: *Roaming Registry Exclusions* +- GP English name: *Roaming Registry Exclusions* - GP name: *Integration_Roaming_Registry_Exclusions* -- GP path: *Administrative Templates/System/App-V/Integration* +- GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* @@ -436,9 +436,9 @@ Specifies how new packages should be loaded automatically by App-V on a specific ADMX Info: -- GP english name: *Specify what to load in background (aka AutoLoad)* +- GP English name: *Specify what to load in background (aka AutoLoad)* - GP name: *Steaming_Autoload* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -482,9 +482,9 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package ADMX Info: -- GP english name: *Enable Migration Mode* +- GP English name: *Enable Migration Mode* - GP name: *Client_Coexistence_Enable_Migration_mode* -- GP path: *Administrative Templates/System/App-V/Client Coexistence* +- GP path: *System/App-V/Client Coexistence* - GP ADMX file name: *appv.admx* @@ -528,9 +528,9 @@ Specifies the location where symbolic links are created to the current version o ADMX Info: -- GP english name: *Integration Root User* +- GP English name: *Integration Root User* - GP name: *Integration_Root_User* -- GP path: *Administrative Templates/System/App-V/Integration* +- GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* @@ -574,9 +574,9 @@ Specifies the location where symbolic links are created to the current version o ADMX Info: -- GP english name: *Integration Root Global* +- GP English name: *Integration Root Global* - GP name: *Integration_Root_Global* -- GP path: *Administrative Templates/System/App-V/Integration* +- GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* @@ -638,9 +638,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP english name: *Publishing Server 1 Settings* +- GP English name: *Publishing Server 1 Settings* - GP name: *Publishing_Server1_Policy* -- GP path: *Administrative Templates/System/App-V/Publishing* +- GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -704,7 +704,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: - GP English name: *Publishing Server 2 Settings* - GP name: *Publishing_Server2_Policy* -- GP path: *Administrative Templates/System/App-V/Publishing* +- GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -766,9 +766,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP english name: *Publishing Server 3 Settings* +- GP English name: *Publishing Server 3 Settings* - GP name: *Publishing_Server3_Policy* -- GP path: *Administrative Templates/System/App-V/Publishing* +- GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -830,9 +830,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP english name: *Publishing Server 4 Settings* +- GP English name: *Publishing Server 4 Settings* - GP name: *Publishing_Server4_Policy* -- GP path: *Administrative Templates/System/App-V/Publishing* +- GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -894,9 +894,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP english name: *Publishing Server 5 Settings* +- GP English name: *Publishing Server 5 Settings* - GP name: *Publishing_Server5_Policy* -- GP path: *Administrative Templates/System/App-V/Publishing* +- GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -940,9 +940,9 @@ Specifies the path to a valid certificate in the certificate store. ADMX Info: -- GP english name: *Certificate Filter For Client SSL* +- GP English name: *Certificate Filter For Client SSL* - GP name: *Streaming_Certificate_Filter_For_Client_SSL* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -986,9 +986,9 @@ This setting controls whether virtualized applications are launched on Windows 8 ADMX Info: -- GP english name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection* +- GP English name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection* - GP name: *Streaming_Allow_High_Cost_Launch* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1032,9 +1032,9 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP ADMX Info: -- GP english name: *Location Provider* +- GP English name: *Location Provider* - GP name: *Streaming_Location_Provider* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1078,9 +1078,9 @@ Specifies directory where all new applications and updates will be installed. ADMX Info: -- GP english name: *Package Installation Root* +- GP English name: *Package Installation Root* - GP name: *Streaming_Package_Installation_Root* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1124,9 +1124,9 @@ Overrides source location for downloading package content. ADMX Info: -- GP english name: *Package Source Root* +- GP English name: *Package Source Root* - GP name: *Streaming_Package_Source_Root* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1170,9 +1170,9 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio ADMX Info: -- GP english name: *Reestablishment Interval* +- GP English name: *Reestablishment Interval* - GP name: *Streaming_Reestablishment_Interval* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1216,9 +1216,9 @@ Specifies the number of times to retry a dropped session. ADMX Info: -- GP english name: *Reestablishment Retries* +- GP English name: *Reestablishment Retries* - GP name: *Streaming_Reestablishment_Retries* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1262,9 +1262,9 @@ Specifies that streamed package contents will be not be saved to the local hard ADMX Info: -- GP english name: *Shared Content Store (SCS) mode* +- GP English name: *Shared Content Store (SCS) mode* - GP name: *Streaming_Shared_Content_Store_Mode* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1308,9 +1308,9 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming ADMX Info: -- GP english name: *Enable Support for BranchCache* +- GP English name: *Enable Support for BranchCache* - GP name: *Streaming_Support_Branch_Cache* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1354,9 +1354,9 @@ Verifies Server certificate revocation status before streaming using HTTPS. ADMX Info: -- GP english name: *Verify certificate revocation list* +- GP English name: *Verify certificate revocation list* - GP name: *Streaming_Verify_Certificate_Revocation_List* -- GP path: *Administrative Templates/System/App-V/Streaming* +- GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1400,9 +1400,9 @@ Specifies a list of process paths (may contain wildcards) which are candidates f ADMX Info: -- GP english name: *Virtual Component Process Allow List* +- GP English name: *Virtual Component Process Allow List* - GP name: *Virtualization_JITVAllowList* -- GP path: *Administrative Templates/System/App-V/Virtualization* +- GP path: *System/App-V/Virtualization* - GP ADMX file name: *appv.admx* diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 0d4c2f7055..202f7f324a 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - AttachmentManager @@ -64,7 +64,7 @@ If you do not configure this policy setting, Windows marks file attachments with ADMX Info: -- GP english name: *Do not preserve zone information in file attachments* +- GP English name: *Do not preserve zone information in file attachments* - GP name: *AM_MarkZoneOnSavedAtttachments* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* @@ -116,7 +116,7 @@ If you do not configure this policy setting, Windows hides the check box and Unb ADMX Info: -- GP english name: *Hide mechanisms to remove zone information* +- GP English name: *Hide mechanisms to remove zone information* - GP name: *AM_RemoveZoneInfo* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* @@ -168,7 +168,7 @@ If you do not configure this policy setting, Windows does not call the registere ADMX Info: -- GP english name: *Notify antivirus programs when opening attachments* +- GP English name: *Notify antivirus programs when opening attachments* - GP name: *AM_CallIOfficeAntiVirus* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 2b74810ed1..3c483fb097 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 09/06/2017 --- # Policy CSP - Authentication @@ -19,6 +19,42 @@ ms.date: 08/09/2017 ## Authentication policies + +**Authentication/AllowAadPasswordReset** + + +
              [BitLocker CSP](bitlocker-csp.md)Added information to the ADMX-backed policies. +Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
              [Firewall CSP](firewall-csp.md)
              [SurfaceHub CSP](surfacehub-csp.md)
              + + + + + + + + + + + + + + + + + + +
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3cross markcross mark
              + + + +

              Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen.  + +

              The following list shows the supported values: + +- 0 (default) – Not allowed. +- 1 – Allowed. + + + **Authentication/AllowEAPCertSSO** @@ -46,10 +82,6 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. - -

              Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources. > [!IMPORTANT] diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 8198ac815b..daac26b55d 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Autoplay @@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, AutoPlay is enabled for ADMX Info: -- GP english name: *Disallow Autoplay for non-volume devices* +- GP English name: *Disallow Autoplay for non-volume devices* - GP name: *NoAutoplayfornonVolume* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* @@ -121,7 +121,7 @@ If you disable or not configure this policy setting, Windows Vista or later will ADMX Info: -- GP english name: *Set the default behavior for AutoRun* +- GP English name: *Set the default behavior for AutoRun* - GP name: *NoAutorun* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* @@ -181,7 +181,7 @@ Note: This policy setting appears in both the Computer Configuration and User Co ADMX Info: -- GP english name: *Turn off Autoplay* +- GP English name: *Turn off Autoplay* - GP name: *Autorun* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index ea9430a79c..1220f63607 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Bitlocker @@ -85,6 +85,7 @@ ms.date: 08/09/2017 BitLocker/SystemDrivesRequireStartupAuthentication +

              @@ -95,4 +96,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - \ No newline at end of file + + diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 69445abb1a..7bd2ea4992 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Bluetooth diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 263cff9d57..82c992e8eb 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/25/2017 +ms.date: 08/30/2017 --- # Policy CSP - Browser @@ -684,29 +684,6 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis **Browser/AlwaysEnableBooksLibrary** - - - - - - - - - - - - - - - - - - - - -
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              - -

              @@ -1041,7 +1018,7 @@ Employees cannot remove these search engines, but they can set any one as the de

              If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list. -

              Data type is integer. Supported operations are Add, Get, Replace, and Delete. +

              Data type is integer. @@ -1311,7 +1288,7 @@ Employees cannot remove these search engines, but they can set any one as the de

              If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. -

              Data type is string. Supported operations are Add, Get, Replace, and Delete. +

              Data type is string. diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 5235998a62..ca7b98ecc5 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Camera diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 0afb973431..b1c206e118 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Cellular @@ -56,7 +56,7 @@ ms.date: 08/09/2017 ADMX Info: -- GP english name: *Set Per-App Cellular Access UI Visibility* +- GP English name: *Set Per-App Cellular Access UI Visibility* - GP name: *ShowAppCellularAccessUI* - GP path: *Network/WWAN Service/WWAN UI Settings* - GP ADMX file name: *wwansvc.admx* diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index d766ef3c9d..5ffa503ab6 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Connectivity @@ -386,8 +386,9 @@ ms.date: 08/09/2017 ADMX Info: -- GP english name: *Turn off printing over HTTP* +- GP English name: *Turn off printing over HTTP* - GP name: *DisableHTTPPrinting_2* +- GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* @@ -429,8 +430,9 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off downloading of print drivers over HTTP* +- GP English name: *Turn off downloading of print drivers over HTTP* - GP name: *DisableWebPnPDownload_2* +- GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* @@ -472,8 +474,9 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off Internet download for Web publishing and online ordering wizards* +- GP English name: *Turn off Internet download for Web publishing and online ordering wizards* - GP name: *ShellPreventWPWDownload_2* +- GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* @@ -519,7 +522,7 @@ If you enable this policy, Windows only allows access to the specified UNC paths ADMX Info: -- GP english name: *Hardened UNC Paths* +- GP English name: *Hardened UNC Paths* - GP name: *Pol_HardenedPaths* - GP path: *Network/Network Provider* - GP ADMX file name: *networkprovider.admx* @@ -563,7 +566,7 @@ ADMX Info: ADMX Info: -- GP english name: *Prohibit installation and configuration of Network Bridge on your DNS domain network* +- GP English name: *Prohibit installation and configuration of Network Bridge on your DNS domain network* - GP name: *NC_AllowNetBridge_NLA* - GP path: *Network/Network Connections* - GP ADMX file name: *NetworkConnections.admx* diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index afa69b9477..e253febdf8 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - CredentialProviders @@ -66,8 +66,9 @@ To configure Windows Hello for Business, use the Administrative Template policie ADMX Info: -- GP english name: *Turn on convenience PIN sign-in* +- GP English name: *Turn on convenience PIN sign-in* - GP name: *AllowDomainPINLogon* +- GP path: *System/Logon* - GP ADMX file name: *credentialproviders.admx* @@ -117,8 +118,9 @@ Note that the user's domain password will be cached in the system vault when usi ADMX Info: -- GP english name: *Turn off picture password sign-in* +- GP English name: *Turn off picture password sign-in* - GP name: *BlockDomainPicturePassword* +- GP path: *System/Logon* - GP ADMX file name: *credentialproviders.admx* diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 728275e01e..15d68cf69e 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - CredentialsUI @@ -66,7 +66,7 @@ The policy applies to all Windows components and applications that use the Windo ADMX Info: -- GP english name: *Do not display the password reveal button* +- GP English name: *Do not display the password reveal button* - GP name: *DisablePasswordReveal* - GP path: *Windows Components/Credential User Interface* - GP ADMX file name: *credui.admx* @@ -116,7 +116,7 @@ If you disable this policy setting, users will always be required to type a user ADMX Info: -- GP english name: *Enumerate administrator accounts on elevation* +- GP English name: *Enumerate administrator accounts on elevation* - GP name: *EnumerateAdministrators* - GP path: *Windows Components/Credential User Interface* - GP ADMX file name: *credui.admx* diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 5365025f58..eef7cdeba4 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Cryptography diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index ebe61e6295..edba750722 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - DataProtection diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index 7398cdb094..a8724cc2f6 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - DataUsage @@ -68,7 +68,7 @@ If this policy setting is disabled or is not configured, the cost of 3G connecti ADMX Info: -- GP english name: *Set 3G Cost* +- GP English name: *Set 3G Cost* - GP name: *SetCost3G* - GP path: *Network/WWAN Service/WWAN Media Cost* - GP ADMX file name: *wwansvc.admx* @@ -124,7 +124,7 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti ADMX Info: -- GP english name: *Set 4G Cost* +- GP English name: *Set 4G Cost* - GP name: *SetCost4G* - GP path: *Network/WWAN Service/WWAN Media Cost* - GP ADMX file name: *wwansvc.admx* diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 2ab2afa893..3f35e2d4eb 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Defender @@ -572,7 +572,7 @@ ms.date: 08/09/2017

              Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe".. -Value type is string. +

              Value type is string. @@ -609,7 +609,9 @@ Value type is string.

              Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule. -Value type is string. +

              For more information about ASR rule ID and status ID, see [Enable Attack Surface Reduction](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction). + +

              Value type is string. @@ -740,6 +742,74 @@ Value type is string. > [!Note] > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required". + + + +**Defender/ControlledFolderAccessAllowedApplications** + + + + + + + + + + + + + + + + + + + + + +
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3cross markcross mark
              + + + +> [!NOTE] +> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications. + +

              Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the Unicode  as the substring separator. + + + + +**Defender/ControlledFolderAccessProtectedFolders** + + + + + + + + + + + + + + + + + + + + + +
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3cross markcross mark
              + + + +> [!NOTE] +> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders. + +

              Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the Unicode  as the substring separator. + @@ -974,74 +1044,6 @@ Value type is string.  

              Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". - - - -**Defender/ControlledFolderAccessAllowedApplications** - - - - - - - - - - - - - - - - - - - - - -
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3cross markcross mark
              - - - -> [!NOTE] -> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications. - -

              Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the Unicode  as the substring separator. - - - - -**Defender/ControlledFolderAccessProtectedFolders** - - - - - - - - - - - - - - - - - - - - - -
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3cross markcross mark
              - - - -> [!NOTE] -> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders. - -

              Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the Unicode  as the substring separator. - diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index a80a113695..e352718a5d 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - DeliveryOptimization diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 2f095c7e16..8a3b89d0f5 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Desktop @@ -62,8 +62,9 @@ If you enable this setting, users are unable to type a new location in the Targe ADMX Info: -- GP english name: *Prohibit User from manually redirecting Profile Folders* +- GP English name: *Prohibit User from manually redirecting Profile Folders* - GP name: *DisablePersonalDirChange* +- GP path: *Desktop* - GP ADMX file name: *desktop.admx* diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index a613939a89..df77a218e7 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - DeviceGuard diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index b9e3b22182..4b04c4567d 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - DeviceInstallation @@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, devices can be installed ADMX Info: -- GP english name: *Prevent installation of devices that match any of these device IDs* +- GP English name: *Prevent installation of devices that match any of these device IDs* - GP name: *DeviceInstall_IDs_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* @@ -112,7 +112,7 @@ If you disable or do not configure this policy setting, Windows can install and ADMX Info: -- GP english name: *Prevent installation of devices using drivers that match these device setup classes* +- GP English name: *Prevent installation of devices using drivers that match these device setup classes* - GP name: *DeviceInstall_Classes_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 3e3e9a0a12..dcfc34f488 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - DeviceLock @@ -767,7 +767,7 @@ If you enable this setting, users will no longer be able to modify slide show se ADMX Info: -- GP english name: *Prevent enabling lock screen slide show* +- GP English name: *Prevent enabling lock screen slide show* - GP name: *CPL_Personalization_NoLockScreenSlideshow* - GP path: *Control Panel/Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 173a2e7f02..7af8189ba0 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Display diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 8c563ece39..6be666c341 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Education diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index aac0cea10c..c11c6d066d 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - EnterpriseCloudPrint diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 88177e71c6..98c03c6579 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - ErrorReporting @@ -72,8 +72,9 @@ If you disable or do not configure this policy setting, then the default consent ADMX Info: -- GP english name: *Customize consent settings* +- GP English name: *Customize consent settings* - GP name: *WerConsentCustomize_2* +- GP path: *Windows Components/Windows Error Reporting/Consent* - GP ADMX file name: *ErrorReporting.admx* @@ -121,7 +122,7 @@ If you disable or do not configure this policy setting, the Turn off Windows Err ADMX Info: -- GP english name: *Disable Windows Error Reporting* +- GP English name: *Disable Windows Error Reporting* - GP name: *WerDisable_2* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -175,7 +176,7 @@ See also the Configure Error Reporting policy setting. ADMX Info: -- GP english name: *Display Error Notification* +- GP English name: *Display Error Notification* - GP name: *PCH_ShowUI* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -225,7 +226,7 @@ If you disable or do not configure this policy setting, then consent policy sett ADMX Info: -- GP english name: *Do not send additional data* +- GP English name: *Do not send additional data* - GP name: *WerNoSecondLevelData_2* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -275,7 +276,7 @@ If you disable or do not configure this policy setting, Windows Error Reporting ADMX Info: -- GP english name: *Prevent display of the user interface for critical errors* +- GP English name: *Prevent display of the user interface for critical errors* - GP name: *WerDoNotShowUI* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index 8ded981267..a73f5c2b18 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - EventLogService @@ -64,7 +64,7 @@ Note: Old events may or may not be retained according to the "Backup log automat ADMX Info: -- GP english name: *Control Event Log behavior when the log file reaches its maximum size* +- GP English name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_1* - GP path: *Windows Components/Event Log Service/Application* - GP ADMX file name: *eventlog.admx* @@ -114,7 +114,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: -- GP english name: *Specify the maximum log file size (KB)* +- GP English name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_1* - GP path: *Windows Components/Event Log Service/Application* - GP ADMX file name: *eventlog.admx* @@ -164,7 +164,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: -- GP english name: *Specify the maximum log file size (KB)* +- GP English name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_2* - GP path: *Windows Components/Event Log Service/Security* - GP ADMX file name: *eventlog.admx* @@ -214,7 +214,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: -- GP english name: *Specify the maximum log file size (KB)* +- GP English name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_4* - GP path: *Windows Components/Event Log Service/System* - GP ADMX file name: *eventlog.admx* diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 82e380c156..b5e7a8bfe2 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Experience diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index cf06c60c3e..292dfa31bc 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/11/2017 +ms.date: 08/30/2017 --- # Policy CSP - ExploitGuard @@ -14,6 +14,11 @@ ms.date: 08/11/2017 > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +

              + +## ExploitGuard policies + **ExploitGuard/ExploitProtectionSettings** @@ -41,10 +46,35 @@ ms.date: 08/11/2017 -

              Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. +

              Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits with Windows Defender Exploit Guard](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml).

              The system settings require a reboot; the application settings do not require a reboot. +

              Here is an example: + +``` syntax + + + + + $CmdId$ + + + chr + text/plain + + + ./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings + + ]]> + + + + + + +``` +

              @@ -55,4 +85,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - \ No newline at end of file + + diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 9e5de02b1b..f6fc32cc9f 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/31/2017 --- # Policy CSP - Games @@ -22,9 +22,36 @@ ms.date: 08/09/2017 **Games/AllowAdvancedGamingServices** - -

              Placeholder only. Currently not supported. + + + + + + + + + + + + + + + + + + + + +
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3cross markcross mark
              + + +

              Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer. + +- 0 - Not Allowed +- 1 (default) - Allowed + +

              This policy can only be turned off in Windows 10 Education and Enterprise editions.

              diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md new file mode 100644 index 0000000000..b2cdcd1ae0 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -0,0 +1,72 @@ +--- +title: Policy CSP - Handwriting +description: Policy CSP - Handwriting +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nickbrower +ms.date: 09/07/2017 +--- + +# Policy CSP - Handwriting + +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + + +
              + +## Handwriting policies + + +**Handwriting/PanelDefaultModeDocked** + + + + + + + + + + + + + + + + + + + + + +
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3cross markcross mark
              + + + +

              Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel. + +

              The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen. + +

              In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and does not require any user interaction. + +

              The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way. + +

                +
              • 0 - Disabled (default)
                • +
              • 1 - Enabled
                • +
              + + + +
              + +Footnote: + +- 1 - Added in Windows 10, version 1607. +- 2 - Added in Windows 10, version 1703. +- 3 - Added in Windows 10, version 1709. + + \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index cd051e0e91..7be92bcfc1 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - InternetExplorer @@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, the user can configure t ADMX Info: -- GP english name: *Add a specific list of search providers to the user's list of search providers* +- GP English name: *Add a specific list of search providers to the user's list of search providers* - GP name: *AddSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -112,7 +112,7 @@ If you disable or do not configure this policy setting, ActiveX Filtering is not ADMX Info: -- GP english name: *Turn on ActiveX Filtering* +- GP English name: *Turn on ActiveX Filtering* - GP name: *TurnOnActiveXFiltering* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -168,7 +168,7 @@ If you disable this policy setting, the list is deleted. The 'Deny all add-ons u ADMX Info: -- GP english name: *Add-on List* +- GP English name: *Add-on List* - GP name: *AddonManagement_AddOnList* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -212,7 +212,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on the auto-complete feature for user names and passwords on forms* +- GP English name: *Turn on the auto-complete feature for user names and passwords on forms* - GP name: *RestrictFormSuggestPW* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -256,7 +256,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on certificate address mismatch warning* +- GP English name: *Turn on certificate address mismatch warning* - GP name: *IZ_PolicyWarnCertMismatch* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -300,7 +300,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow deleting browsing history on exit* +- GP English name: *Allow deleting browsing history on exit* - GP name: *DBHDisableDeleteOnExit* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* @@ -352,7 +352,7 @@ If you do not configure this policy, users will be able to turn on or turn off E ADMX Info: -- GP english name: *Turn on Enhanced Protected Mode* +- GP English name: *Turn on Enhanced Protected Mode* - GP name: *Advanced_EnableEnhancedProtectedMode* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -402,7 +402,7 @@ If you disable or don't configure this policy setting, the menu option won't app ADMX Info: -- GP english name: *Let users turn on and use Enterprise Mode from the Tools menu* +- GP English name: *Let users turn on and use Enterprise Mode from the Tools menu* - GP name: *EnterpriseModeEnable* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -452,7 +452,7 @@ If you disable or don't configure this policy setting, Internet Explorer opens a ADMX Info: -- GP english name: *Use the Enterprise Mode IE website list* +- GP English name: *Use the Enterprise Mode IE website list* - GP name: *EnterpriseModeSiteList* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -496,7 +496,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow fallback to SSL 3.0 (Internet Explorer)* +- GP English name: *Allow fallback to SSL 3.0 (Internet Explorer)* - GP name: *Advanced_EnableSSL3Fallback* - GP path: *Windows Components/Internet Explorer/Security Features* - GP ADMX file name: *inetres.admx* @@ -546,7 +546,7 @@ If you disable or do not configure this policy setting, the user can add and rem ADMX Info: -- GP english name: *Use Policy List of Internet Explorer 7 sites* +- GP English name: *Use Policy List of Internet Explorer 7 sites* - GP name: *CompatView_UsePolicyList* - GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* @@ -598,7 +598,7 @@ If you do not configure this policy setting, Internet Explorer uses an Internet ADMX Info: -- GP english name: *Turn on Internet Explorer Standards Mode for local intranet* +- GP English name: *Turn on Internet Explorer Standards Mode for local intranet* - GP name: *CompatView_IntranetSites* - GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* @@ -654,7 +654,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Internet Zone Template* +- GP English name: *Internet Zone Template* - GP name: *IZ_PolicyInternetZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -710,7 +710,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Intranet Zone Template* +- GP English name: *Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -766,7 +766,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Local Machine Zone Template* +- GP English name: *Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -822,7 +822,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Locked-Down Internet Zone Template* +- GP English name: *Locked-Down Internet Zone Template* - GP name: *IZ_PolicyInternetZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -878,7 +878,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Locked-Down Intranet Zone Template* +- GP English name: *Locked-Down Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -934,7 +934,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Locked-Down Local Machine Zone Template* +- GP English name: *Locked-Down Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -990,7 +990,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Locked-Down Restricted Sites Zone Template* +- GP English name: *Locked-Down Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1040,7 +1040,7 @@ If you disable or do not configure this policy setting, Internet Explorer does n ADMX Info: -- GP english name: *Go to an intranet site for a one-word entry in the Address bar* +- GP English name: *Go to an intranet site for a one-word entry in the Address bar* - GP name: *UseIntranetSiteForOneWordEntry* - GP path: *Windows Components/Internet Explorer/Internet Settings/Advanced settings/Browsing* - GP ADMX file name: *inetres.admx* @@ -1096,7 +1096,7 @@ If you disable or do not configure this policy, users may choose their own site- ADMX Info: -- GP english name: *Site to Zone Assignment List* +- GP English name: *Site to Zone Assignment List* - GP name: *IZ_Zonemaps* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1140,7 +1140,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow software to run or install even if the signature is invalid* +- GP English name: *Allow software to run or install even if the signature is invalid* - GP name: *Advanced_InvalidSignatureBlock* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -1192,7 +1192,7 @@ If you do not configure this policy setting, the user can turn on and turn off t ADMX Info: -- GP english name: *Turn on Suggested Sites* +- GP English name: *Turn on Suggested Sites* - GP name: *EnableSuggestedSites* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1248,7 +1248,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Trusted Sites Zone Template* +- GP English name: *Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1304,7 +1304,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Locked-Down Trusted Sites Zone Template* +- GP English name: *Locked-Down Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1360,7 +1360,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP english name: *Restricted Sites Zone Template* +- GP English name: *Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1404,7 +1404,7 @@ ADMX Info: ADMX Info: -- GP english name: *Check for server certificate revocation* +- GP English name: *Check for server certificate revocation* - GP name: *Advanced_CertificateRevocation* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -1448,7 +1448,7 @@ ADMX Info: ADMX Info: -- GP english name: *Check for signatures on downloaded programs* +- GP English name: *Check for signatures on downloaded programs* - GP name: *Advanced_DownloadSignatures* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -1492,7 +1492,7 @@ ADMX Info: ADMX Info: -- GP english name: *Internet Explorer Processes* +- GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_2* - GP path: *Windows Components/Internet Explorer/Security Features/Binary Behavior Security Restriction* - GP ADMX file name: *inetres.admx* @@ -1544,7 +1544,7 @@ Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny ADMX Info: -- GP english name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects* +- GP English name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects* - GP name: *DisableFlashInIE* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -1588,7 +1588,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* +- GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* - GP name: *VerMgmtDisable* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -1638,7 +1638,7 @@ If you disable or do not configure this policy setting, the user can bypass Smar ADMX Info: -- GP english name: *Prevent bypassing SmartScreen Filter warnings* +- GP English name: *Prevent bypassing SmartScreen Filter warnings* - GP name: *DisableSafetyFilterOverride* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1688,7 +1688,7 @@ If you disable or do not configure this policy setting, the user can bypass Smar ADMX Info: -- GP english name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet* +- GP English name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet* - GP name: *DisableSafetyFilterOverrideForAppRepUnknown* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1732,7 +1732,7 @@ ADMX Info: ADMX Info: -- GP english name: *Disable "Configuring History"* +- GP English name: *Disable "Configuring History"* - GP name: *RestrictHistory* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* @@ -1776,7 +1776,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off Crash Detection* +- GP English name: *Turn off Crash Detection* - GP name: *AddonManagement_RestrictCrashDetection* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1828,7 +1828,7 @@ If you do not configure this policy setting, the user can choose to participate ADMX Info: -- GP english name: *Prevent participation in the Customer Experience Improvement Program* +- GP English name: *Prevent participation in the Customer Experience Improvement Program* - GP name: *SQM_DisableCEIP* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1872,7 +1872,7 @@ ADMX Info: ADMX Info: -- GP english name: *Prevent deleting websites that the user has visited* +- GP English name: *Prevent deleting websites that the user has visited* - GP name: *DBHDisableDeleteHistory* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* @@ -1922,7 +1922,7 @@ If you disable or do not configure this policy setting, the user can set the Fee ADMX Info: -- GP english name: *Prevent downloading of enclosures* +- GP English name: *Prevent downloading of enclosures* - GP name: *Disable_Downloading_of_Enclosures* - GP path: *Windows Components/RSS Feeds* - GP ADMX file name: *inetres.admx* @@ -1974,7 +1974,7 @@ Note: SSL 2.0 is off by default and is no longer supported starting with Windows ADMX Info: -- GP english name: *Turn off encryption support* +- GP English name: *Turn off encryption support* - GP name: *Advanced_SetWinInetProtocols* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -2028,7 +2028,7 @@ If you disable or do not configure this policy setting, Internet Explorer may ru ADMX Info: -- GP english name: *Prevent running First Run wizard* +- GP English name: *Prevent running First Run wizard* - GP name: *NoFirstRunCustomise* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2082,7 +2082,7 @@ If you don't configure this setting, users can turn this behavior on or off, usi ADMX Info: -- GP english name: *Turn off the flip ahead with page prediction feature* +- GP English name: *Turn off the flip ahead with page prediction feature* - GP name: *Advanced_DisableFlipAhead* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -2132,7 +2132,7 @@ If you disable or do not configure this policy setting, the Home page box is ena ADMX Info: -- GP english name: *Disable changing home page settings* +- GP English name: *Disable changing home page settings* - GP name: *RestrictHomePage* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2176,7 +2176,7 @@ ADMX Info: ADMX Info: -- GP english name: *Prevent ignoring certificate errors* +- GP English name: *Prevent ignoring certificate errors* - GP name: *NoCertError* - GP path: *Windows Components/Internet Explorer/Internet Control Panel* - GP ADMX file name: *inetres.admx* @@ -2220,7 +2220,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off InPrivate Browsing* +- GP English name: *Turn off InPrivate Browsing* - GP name: *DisableInPrivateBrowsing* - GP path: *Windows Components/Internet Explorer/Privacy* - GP ADMX file name: *inetres.admx* @@ -2264,7 +2264,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows* +- GP English name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows* - GP name: *Advanced_EnableEnhancedProtectedMode64Bit* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -2314,7 +2314,7 @@ If you disable or do not configure this policy setting, the user can configure p ADMX Info: -- GP english name: *Prevent changing proxy settings* +- GP English name: *Prevent changing proxy settings* - GP name: *RestrictProxy* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2364,7 +2364,7 @@ If you disable or do not configure this policy setting, the user can change the ADMX Info: -- GP english name: *Prevent changing the default search provider* +- GP English name: *Prevent changing the default search provider* - GP name: *NoSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2416,7 +2416,7 @@ Note: If the Disable Changing Home Page Settings policy is enabled, the user can ADMX Info: -- GP english name: *Disable changing secondary home page settings* +- GP English name: *Disable changing secondary home page settings* - GP name: *SecondaryHomePages* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2460,7 +2460,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off the Security Settings Check feature* +- GP English name: *Turn off the Security Settings Check feature* - GP name: *Disable_Security_Settings_Check* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2512,7 +2512,7 @@ This policy is intended to help the administrator maintain version control for I ADMX Info: -- GP english name: *Disable Periodic Check for Internet Explorer software updates* +- GP English name: *Disable Periodic Check for Internet Explorer software updates* - GP name: *NoUpdateCheck* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2556,7 +2556,7 @@ ADMX Info: ADMX Info: -- GP english name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled* +- GP English name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled* - GP name: *Advanced_DisableEPMCompat* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -2612,7 +2612,7 @@ Also, see the "Security zones: Use only machine settings" policy. ADMX Info: -- GP english name: *Security Zones: Do not allow users to add/delete sites* +- GP English name: *Security Zones: Do not allow users to add/delete sites* - GP name: *Security_zones_map_edit* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2668,7 +2668,7 @@ Also, see the "Security zones: Use only machine settings" policy. ADMX Info: -- GP english name: *Security Zones: Do not allow users to change policies* +- GP English name: *Security Zones: Do not allow users to change policies* - GP name: *Security_options_edit* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2720,7 +2720,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T ADMX Info: -- GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* +- GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* - GP name: *VerMgmtDisable* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -2776,7 +2776,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T ADMX Info: -- GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains* +- GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains* - GP name: *VerMgmtDomainAllowlist* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -2828,7 +2828,7 @@ If you do not configure this policy setting, users choose whether to force local ADMX Info: -- GP english name: *Intranet Sites: Include all local (intranet) sites not listed in other zones* +- GP English name: *Intranet Sites: Include all local (intranet) sites not listed in other zones* - GP name: *IZ_IncludeUnspecifiedLocalSites* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2880,7 +2880,7 @@ If you do not configure this policy setting, users choose whether network paths ADMX Info: -- GP english name: *Intranet Sites: Include all network paths (UNCs)* +- GP English name: *Intranet Sites: Include all network paths (UNCs)* - GP name: *IZ_UNCAsIntranet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2932,7 +2932,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -2984,7 +2984,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3034,7 +3034,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3078,7 +3078,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow cut, copy or paste operations from the clipboard via script* +- GP English name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3122,7 +3122,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow drag and drop or copy and paste files* +- GP English name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3174,7 +3174,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3226,7 +3226,7 @@ If you do not configure this policy setting, Web sites from less privileged zone ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3270,7 +3270,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow loading of XAML files* +- GP English name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3322,7 +3322,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3366,7 +3366,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow only approved domains to use ActiveX controls without prompt* +- GP English name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3410,7 +3410,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow only approved domains to use the TDC ActiveX control* +- GP English name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3454,7 +3454,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow script-initiated windows without size or position constraints* +- GP English name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3498,7 +3498,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow scripting of Internet Explorer WebBrowser controls* +- GP English name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3550,7 +3550,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3604,7 +3604,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3648,7 +3648,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow updates to status bar via script* +- GP English name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3700,7 +3700,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3744,7 +3744,7 @@ ADMX Info: ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3788,7 +3788,7 @@ ADMX Info: ADMX Info: -- GP english name: *Download signed ActiveX controls* +- GP English name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3832,7 +3832,7 @@ ADMX Info: ADMX Info: -- GP english name: *Download unsigned ActiveX controls* +- GP English name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3876,7 +3876,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on Cross-Site Scripting Filter* +- GP English name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3920,7 +3920,7 @@ ADMX Info: ADMX Info: -- GP english name: *Enable dragging of content from different domains across windows* +- GP English name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3964,7 +3964,7 @@ ADMX Info: ADMX Info: -- GP english name: *Enable dragging of content from different domains within a window* +- GP English name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4008,7 +4008,7 @@ ADMX Info: ADMX Info: -- GP english name: *Enable MIME Sniffing* +- GP English name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4052,7 +4052,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on Protected Mode* +- GP English name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4096,7 +4096,7 @@ ADMX Info: ADMX Info: -- GP english name: *Include local path when user is uploading files to a server* +- GP English name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4150,7 +4150,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4223,7 +4223,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4267,7 +4267,7 @@ ADMX Info: ADMX Info: -- GP english name: *Launching applications and files in an IFRAME* +- GP English name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4311,7 +4311,7 @@ ADMX Info: ADMX Info: -- GP english name: *Logon options* +- GP English name: *Logon options* - GP name: *IZ_PolicyLogon_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4363,7 +4363,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4407,7 +4407,7 @@ ADMX Info: ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4451,7 +4451,7 @@ ADMX Info: ADMX Info: -- GP english name: *Run .NET Framework-reliant components signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4495,7 +4495,7 @@ ADMX Info: ADMX Info: -- GP english name: *Show security warning for potentially unsafe files* +- GP English name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4539,7 +4539,7 @@ ADMX Info: ADMX Info: -- GP english name: *Use Pop-up Blocker* +- GP English name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4583,7 +4583,7 @@ ADMX Info: ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4635,7 +4635,7 @@ If you do not configure this policy setting, users are queried to choose whether ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4687,7 +4687,7 @@ If you do not configure this policy setting, users will receive a prompt when a ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4737,7 +4737,7 @@ If you disable or do not configure this setting, users will receive a file downl ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4789,7 +4789,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4841,7 +4841,7 @@ If you do not configure this policy setting, Web sites from less privileged zone ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4893,7 +4893,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4945,7 +4945,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4999,7 +4999,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5051,7 +5051,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5095,7 +5095,7 @@ ADMX Info: ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5149,7 +5149,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5193,7 +5193,7 @@ ADMX Info: ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5237,7 +5237,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5289,7 +5289,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5341,7 +5341,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5393,7 +5393,7 @@ If you do not configure this policy setting, users will receive a prompt when a ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5443,7 +5443,7 @@ If you disable or do not configure this setting, users will receive a file downl ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5495,7 +5495,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5547,7 +5547,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5599,7 +5599,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5651,7 +5651,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5705,7 +5705,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5757,7 +5757,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5801,7 +5801,7 @@ ADMX Info: ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5855,7 +5855,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5899,7 +5899,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5951,7 +5951,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -6003,7 +6003,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6055,7 +6055,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6105,7 +6105,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6157,7 +6157,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6209,7 +6209,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6261,7 +6261,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6313,7 +6313,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6367,7 +6367,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6419,7 +6419,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6473,7 +6473,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6517,7 +6517,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6569,7 +6569,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6621,7 +6621,7 @@ If you do not configure this policy setting, users are queried to choose whether ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6673,7 +6673,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6723,7 +6723,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6775,7 +6775,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6827,7 +6827,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6879,7 +6879,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6931,7 +6931,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6985,7 +6985,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -7037,7 +7037,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -7091,7 +7091,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -7143,7 +7143,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -7195,7 +7195,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7247,7 +7247,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7297,7 +7297,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7349,7 +7349,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7401,7 +7401,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7453,7 +7453,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7505,7 +7505,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7559,7 +7559,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7611,7 +7611,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7665,7 +7665,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7709,7 +7709,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7761,7 +7761,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7813,7 +7813,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -7865,7 +7865,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -7915,7 +7915,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -7967,7 +7967,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8019,7 +8019,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8071,7 +8071,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8123,7 +8123,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8177,7 +8177,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8229,7 +8229,7 @@ If you do not configure this policy setting, users cannot preserve information i ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8283,7 +8283,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8327,7 +8327,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8379,7 +8379,7 @@ If you do not configure this policy setting, users cannot open other windows and ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8431,7 +8431,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8483,7 +8483,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8533,7 +8533,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8585,7 +8585,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8637,7 +8637,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8689,7 +8689,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8741,7 +8741,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8795,7 +8795,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8847,7 +8847,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8901,7 +8901,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8945,7 +8945,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8997,7 +8997,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9041,7 +9041,7 @@ ADMX Info: ADMX Info: -- GP english name: *Internet Explorer Processes* +- GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_3* - GP path: *Windows Components/Internet Explorer/Security Features/MK Protocol Security Restriction* - GP ADMX file name: *inetres.admx* @@ -9085,7 +9085,7 @@ ADMX Info: ADMX Info: -- GP english name: *Internet Explorer Processes* +- GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_6* - GP path: *Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature* - GP ADMX file name: *inetres.admx* @@ -9129,7 +9129,7 @@ ADMX Info: ADMX Info: -- GP english name: *Internet Explorer Processes* +- GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_10* - GP path: *Windows Components/Internet Explorer/Security Features/Notification bar* - GP ADMX file name: *inetres.admx* @@ -9173,7 +9173,7 @@ ADMX Info: ADMX Info: -- GP english name: *Prevent managing SmartScreen Filter* +- GP English name: *Prevent managing SmartScreen Filter* - GP name: *Disable_Managing_Safety_Filter_IE9* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -9217,7 +9217,7 @@ ADMX Info: ADMX Info: -- GP english name: *Prevent per-user installation of ActiveX controls* +- GP English name: *Prevent per-user installation of ActiveX controls* - GP name: *DisablePerUserActiveXInstall* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -9261,7 +9261,7 @@ ADMX Info: ADMX Info: -- GP english name: *All Processes* +- GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_9* - GP path: *Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation* - GP ADMX file name: *inetres.admx* @@ -9305,7 +9305,7 @@ ADMX Info: ADMX Info: -- GP english name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer * +- GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer * - GP name: *VerMgmtDisableRunThisTime* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -9349,7 +9349,7 @@ ADMX Info: ADMX Info: -- GP english name: *All Processes* +- GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_11* - GP path: *Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install* - GP ADMX file name: *inetres.admx* @@ -9393,7 +9393,7 @@ ADMX Info: ADMX Info: -- GP english name: *All Processes* +- GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_12* - GP path: *Windows Components/Internet Explorer/Security Features/Restrict File Download* - GP ADMX file name: *inetres.admx* @@ -9445,7 +9445,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9489,7 +9489,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow active scripting* +- GP English name: *Allow active scripting* - GP name: *IZ_PolicyActiveScripting_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9541,7 +9541,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9591,7 +9591,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9635,7 +9635,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow binary and script behaviors* +- GP English name: *Allow binary and script behaviors* - GP name: *IZ_PolicyBinaryBehaviors_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9679,7 +9679,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow cut, copy or paste operations from the clipboard via script* +- GP English name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9723,7 +9723,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow drag and drop or copy and paste files* +- GP English name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9767,7 +9767,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow file downloads* +- GP English name: *Allow file downloads* - GP name: *IZ_PolicyFileDownload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9819,7 +9819,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9871,7 +9871,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9915,7 +9915,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow loading of XAML files* +- GP English name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9959,7 +9959,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow META REFRESH* +- GP English name: *Allow META REFRESH* - GP name: *IZ_PolicyAllowMETAREFRESH_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10011,7 +10011,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10055,7 +10055,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow only approved domains to use ActiveX controls without prompt* +- GP English name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10099,7 +10099,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow only approved domains to use the TDC ActiveX control* +- GP English name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10143,7 +10143,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow script-initiated windows without size or position constraints* +- GP English name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10187,7 +10187,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow scripting of Internet Explorer WebBrowser controls* +- GP English name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10239,7 +10239,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10293,7 +10293,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10337,7 +10337,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow updates to status bar via script* +- GP English name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10389,7 +10389,7 @@ If you do not configure this policy setting, users cannot preserve information i ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10433,7 +10433,7 @@ ADMX Info: ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10477,7 +10477,7 @@ ADMX Info: ADMX Info: -- GP english name: *Download signed ActiveX controls* +- GP English name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10521,7 +10521,7 @@ ADMX Info: ADMX Info: -- GP english name: *Download unsigned ActiveX controls* +- GP English name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10565,7 +10565,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on Cross-Site Scripting Filter* +- GP English name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10609,7 +10609,7 @@ ADMX Info: ADMX Info: -- GP english name: *Enable dragging of content from different domains across windows* +- GP English name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10653,7 +10653,7 @@ ADMX Info: ADMX Info: -- GP english name: *Enable dragging of content from different domains within a window* +- GP English name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10697,7 +10697,7 @@ ADMX Info: ADMX Info: -- GP english name: *Enable MIME Sniffing* +- GP English name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10741,7 +10741,7 @@ ADMX Info: ADMX Info: -- GP english name: *Include local path when user is uploading files to a server* +- GP English name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10795,7 +10795,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10839,7 +10839,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10883,7 +10883,7 @@ ADMX Info: ADMX Info: -- GP english name: *Launching applications and files in an IFRAME* +- GP English name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10927,7 +10927,7 @@ ADMX Info: ADMX Info: -- GP english name: *Logon options* +- GP English name: *Logon options* - GP name: *IZ_PolicyLogon_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10979,7 +10979,7 @@ If you do not configure this policy setting, users cannot open other windows and ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11023,7 +11023,7 @@ ADMX Info: ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11067,7 +11067,7 @@ ADMX Info: ADMX Info: -- GP english name: *Run ActiveX controls and plugins* +- GP English name: *Run ActiveX controls and plugins* - GP name: *IZ_PolicyRunActiveXControls_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11111,7 +11111,7 @@ ADMX Info: ADMX Info: -- GP english name: *Run .NET Framework-reliant components signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11155,7 +11155,7 @@ ADMX Info: ADMX Info: -- GP english name: *Script ActiveX controls marked safe for scripting* +- GP English name: *Script ActiveX controls marked safe for scripting* - GP name: *IZ_PolicyScriptActiveXMarkedSafe_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11199,7 +11199,7 @@ ADMX Info: ADMX Info: -- GP english name: *Scripting of Java applets* +- GP English name: *Scripting of Java applets* - GP name: *IZ_PolicyScriptingOfJavaApplets_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11243,7 +11243,7 @@ ADMX Info: ADMX Info: -- GP english name: *Show security warning for potentially unsafe files* +- GP English name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11287,7 +11287,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on Cross-Site Scripting Filter* +- GP English name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11331,7 +11331,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn on Protected Mode* +- GP English name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11375,7 +11375,7 @@ ADMX Info: ADMX Info: -- GP english name: *Use Pop-up Blocker* +- GP English name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11419,7 +11419,7 @@ ADMX Info: ADMX Info: -- GP english name: *All Processes* +- GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_8* - GP path: *Windows Components/Internet Explorer/Security Features/Scripted Window Security Restrictions* - GP ADMX file name: *inetres.admx* @@ -11469,7 +11469,7 @@ If you disable or do not configure this policy setting, the user can configure h ADMX Info: -- GP english name: *Restrict search providers to a specific list* +- GP English name: *Restrict search providers to a specific list* - GP name: *SpecificSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -11513,7 +11513,7 @@ ADMX Info: ADMX Info: -- GP english name: *Security Zones: Use only machine settings * +- GP English name: *Security Zones: Use only machine settings * - GP name: *Security_HKLM_only* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -11557,7 +11557,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify use of ActiveX Installer Service for installation of ActiveX controls* +- GP English name: *Specify use of ActiveX Installer Service for installation of ActiveX controls* - GP name: *OnlyUseAXISForActiveXInstall* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -11609,7 +11609,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: -- GP english name: *Access data sources across domains* +- GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11661,7 +11661,7 @@ If you do not configure this policy setting, users will receive a prompt when a ADMX Info: -- GP english name: *Automatic prompting for ActiveX controls* +- GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11711,7 +11711,7 @@ If you disable or do not configure this setting, users will receive a file downl ADMX Info: -- GP english name: *Automatic prompting for file downloads* +- GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11763,7 +11763,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP english name: *Allow font downloads* +- GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11815,7 +11815,7 @@ If you do not configure this policy setting, a warning is issued to the user tha ADMX Info: -- GP english name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11867,7 +11867,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi ADMX Info: -- GP english name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11919,7 +11919,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP english name: *Allow scriptlets* +- GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11973,7 +11973,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP english name: *Turn on SmartScreen Filter scan* +- GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12025,7 +12025,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP english name: *Userdata persistence* +- GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12069,7 +12069,7 @@ ADMX Info: ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12113,7 +12113,7 @@ ADMX Info: ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12167,7 +12167,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12211,7 +12211,7 @@ ADMX Info: ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12255,7 +12255,7 @@ ADMX Info: ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12299,7 +12299,7 @@ ADMX Info: ADMX Info: -- GP english name: *Java permissions* +- GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12351,7 +12351,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP english name: *Navigate windows and frames across different domains* +- GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index f415128684..d4683f4ded 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Kerberos @@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, the Kerberos client does ADMX Info: -- GP english name: *Use forest search order* +- GP English name: *Use forest search order* - GP name: *ForestSearch* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -111,7 +111,7 @@ If you disable or do not configure this policy setting, the client devices will ADMX Info: -- GP english name: *Kerberos client support for claims, compound authentication and Kerberos armoring* +- GP English name: *Kerberos client support for claims, compound authentication and Kerberos armoring* - GP name: *EnableCbacAndArmor* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -165,7 +165,7 @@ If you disable or do not configure this policy setting, the client computers in ADMX Info: -- GP english name: *Fail authentication requests when Kerberos armoring is not available* +- GP English name: *Fail authentication requests when Kerberos armoring is not available* - GP name: *ClientRequireFast* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -215,7 +215,7 @@ If you disable or do not configure this policy setting, the Kerberos client requ ADMX Info: -- GP english name: *Require strict KDC validation* +- GP English name: *Require strict KDC validation* - GP name: *ValidateKDC* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -269,7 +269,7 @@ Note: This policy setting configures the existing MaxTokenSize registry value in ADMX Info: -- GP english name: *Set maximum Kerberos SSPI context token buffer size* +- GP English name: *Set maximum Kerberos SSPI context token buffer size* - GP name: *MaxTokenSize* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index e0cc238f3e..a8f855bc5e 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Licensing diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 627363f336..5eb02ceae2 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - LocalPoliciesSecurityOptions @@ -672,46 +672,6 @@ Valid values: - 0 - disabled - 1 - enabled (allow system to be shut down without having to log on) -Value type is integer. Supported operations are Add, Get, Replace, and Delete. - - - - -**LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode** - - - - - - - - - - - - - - - - - - - - - -
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3cross markcross mark
              - - - -User Account Control: Turn on Admin Approval Mode - -This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. - -The options are: -- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced. -- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. - - Value type is integer. Supported operations are Add, Get, Replace, and Delete. @@ -931,6 +891,46 @@ The options are: - 0 - Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system. - 1 - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. + + + + +**LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode** + + + + + + + + + + + + + + + + + + + + + +
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3cross markcross mark
              + + + +User Account Control: Turn on Admin Approval Mode + +This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. + +The options are: +- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced. +- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. + + Value type is integer. Supported operations are Add, Get, Replace, and Delete. diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index 2b3d3a2b35..130111a793 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Location diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index c207e57f39..ff2b494dee 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - LockDown diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 9e719e5b3b..40abac41bc 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Maps diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 1734984fd4..edaff6765e 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Messaging diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index fba5342cac..3196840a3b 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - NetworkIsolation diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index a1c092d0df..2a291f8ba6 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Notifications diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 24bb80fa7e..17298b3cdf 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Power @@ -62,7 +62,7 @@ If you disable this policy setting, standby states (S1-S3) are not allowed. ADMX Info: -- GP english name: *Allow standby states (S1-S3) when sleeping (plugged in)* +- GP English name: *Allow standby states (S1-S3) when sleeping (plugged in)* - GP name: *AllowStandbyStatesAC_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -114,7 +114,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off the display (on battery)* +- GP English name: *Turn off the display (on battery)* - GP name: *VideoPowerDownTimeOutDC_2* - GP path: *System/Power Management/Video and Display Settings* - GP ADMX file name: *power.admx* @@ -166,7 +166,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn off the display (plugged in)* +- GP English name: *Turn off the display (plugged in)* - GP name: *VideoPowerDownTimeOutAC_2* - GP path: *System/Power Management/Video and Display Settings* - GP ADMX file name: *power.admx* @@ -219,7 +219,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify the system hibernate timeout (on battery)* +- GP English name: *Specify the system hibernate timeout (on battery)* - GP name: *DCHibernateTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -271,7 +271,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify the system hibernate timeout (plugged in)* +- GP English name: *Specify the system hibernate timeout (plugged in)* - GP name: *ACHibernateTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -321,7 +321,7 @@ If you disable this policy setting, the user is not prompted for a password when ADMX Info: -- GP english name: *Require a password when a computer wakes (on battery)* +- GP English name: *Require a password when a computer wakes (on battery)* - GP name: *DCPromptForPasswordOnResume_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -371,7 +371,7 @@ If you disable this policy setting, the user is not prompted for a password when ADMX Info: -- GP english name: *Require a password when a computer wakes (plugged in)* +- GP English name: *Require a password when a computer wakes (plugged in)* - GP name: *ACPromptForPasswordOnResume_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -423,7 +423,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify the system sleep timeout (on battery)* +- GP English name: *Specify the system sleep timeout (on battery)* - GP name: *DCStandbyTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -475,7 +475,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify the system sleep timeout (plugged in)* +- GP English name: *Specify the system sleep timeout (plugged in)* - GP name: *ACStandbyTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 7d17fff50b..ffd1d93c3c 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Printers @@ -75,8 +75,9 @@ If you disable this policy setting: ADMX Info: -- GP english name: *Point and Print Restrictions* +- GP English name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions_Win7* +- GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -137,7 +138,7 @@ If you disable this policy setting: ADMX Info: -- GP english name: *Point and Print Restrictions* +- GP English name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions* - GP path: *Control Panel/Printers* - GP ADMX file name: *Printing.admx* @@ -189,8 +190,9 @@ Note: This settings takes priority over the setting "Automatically publish new p ADMX Info: -- GP english name: *Allow printers to be published* +- GP English name: *Allow printers to be published* - GP name: *PublishPrinters* +- GP path: *Printers* - GP ADMX file name: *Printing2.admx* diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 8f5423f922..fae39d1341 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/21/2017 +ms.date: 08/30/2017 --- # Policy CSP - Privacy @@ -2593,7 +2593,7 @@ Footnote: ## Privacy policies supported by Windows Holographic for Business -- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) - [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo) - [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps) - [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps) @@ -2630,6 +2630,5 @@ Footnote: - [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps) - [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps) - [Privacy/PublishUserActivities](#privacy-publishuseractivities) - diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index b8964b01a1..61751bca3b 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - RemoteAssistance @@ -68,7 +68,7 @@ If you do not configure this policy setting, the user sees the default warning m ADMX Info: -- GP english name: *Customize warning messages* +- GP English name: *Customize warning messages* - GP name: *RA_Options* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* @@ -120,7 +120,7 @@ If you do not configure this setting, application-based settings are used. ADMX Info: -- GP english name: *Turn on session logging* +- GP English name: *Turn on session logging* - GP name: *RA_Logging* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* @@ -180,7 +180,7 @@ If you enable this policy setting you should also enable appropriate firewall ex ADMX Info: -- GP english name: *Configure Solicited Remote Assistance* +- GP English name: *Configure Solicited Remote Assistance* - GP name: *RA_Solicit* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* @@ -263,7 +263,7 @@ Allow Remote Desktop Exception ADMX Info: -- GP english name: *Configure Offer Remote Assistance* +- GP English name: *Configure Offer Remote Assistance* - GP name: *RA_Unsolicit* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index fc802cbca7..411214069f 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - RemoteDesktopServices @@ -68,7 +68,7 @@ You can limit the number of users who can connect simultaneously by configuring ADMX Info: -- GP english name: *Allow users to connect remotely by using Remote Desktop Services* +- GP English name: *Allow users to connect remotely by using Remote Desktop Services* - GP name: *TS_DISABLE_CONNECTIONS* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections* - GP ADMX file name: *terminalserver.admx* @@ -128,7 +128,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp ADMX Info: -- GP english name: *Set client connection encryption level* +- GP English name: *Set client connection encryption level* - GP name: *TS_ENCRYPTION_POLICY* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* @@ -182,7 +182,7 @@ If you do not configure this policy setting, client drive redirection and Clipbo ADMX Info: -- GP english name: *Do not allow drive redirection* +- GP English name: *Do not allow drive redirection* - GP name: *TS_CLIENT_DRIVE_M* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection* - GP ADMX file name: *terminalserver.admx* @@ -232,7 +232,7 @@ If you disable this setting or leave it not configured, the user will be able to ADMX Info: -- GP english name: *Do not allow passwords to be saved* +- GP English name: *Do not allow passwords to be saved* - GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client* - GP ADMX file name: *terminalserver.admx* @@ -288,7 +288,7 @@ If you do not configure this policy setting, automatic logon is not specified at ADMX Info: -- GP english name: *Always prompt for password upon connection* +- GP English name: *Always prompt for password upon connection* - GP name: *TS_PASSWORD* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* @@ -344,7 +344,7 @@ Note: The RPC interface is used for administering and configuring Remote Desktop ADMX Info: -- GP english name: *Require secure RPC communication* +- GP English name: *Require secure RPC communication* - GP name: *TS_RPC_ENCRYPTION* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index b1cd0e9207..d084b5d609 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - RemoteManagement @@ -56,7 +56,7 @@ ms.date: 08/09/2017 ADMX Info: -- GP english name: *Allow Basic authentication* +- GP English name: *Allow Basic authentication* - GP name: *AllowBasic_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -100,7 +100,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow Basic authentication* +- GP English name: *Allow Basic authentication* - GP name: *AllowBasic_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -144,7 +144,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow CredSSP authentication* +- GP English name: *Allow CredSSP authentication* - GP name: *AllowCredSSP_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -188,7 +188,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow CredSSP authentication* +- GP English name: *Allow CredSSP authentication* - GP name: *AllowCredSSP_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -232,7 +232,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow remote server management through WinRM* +- GP English name: *Allow remote server management through WinRM* - GP name: *AllowAutoConfig* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -276,7 +276,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow unencrypted traffic* +- GP English name: *Allow unencrypted traffic* - GP name: *AllowUnencrypted_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -320,7 +320,7 @@ ADMX Info: ADMX Info: -- GP english name: *Allow unencrypted traffic* +- GP English name: *Allow unencrypted traffic* - GP name: *AllowUnencrypted_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -364,7 +364,7 @@ ADMX Info: ADMX Info: -- GP english name: *Disallow Digest authentication* +- GP English name: *Disallow Digest authentication* - GP name: *DisallowDigest* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -408,7 +408,7 @@ ADMX Info: ADMX Info: -- GP english name: *Disallow Negotiate authentication* +- GP English name: *Disallow Negotiate authentication* - GP name: *DisallowNegotiate_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -452,7 +452,7 @@ ADMX Info: ADMX Info: -- GP english name: *Disallow Negotiate authentication* +- GP English name: *Disallow Negotiate authentication* - GP name: *DisallowNegotiate_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -496,7 +496,7 @@ ADMX Info: ADMX Info: -- GP english name: *Disallow WinRM from storing RunAs credentials* +- GP English name: *Disallow WinRM from storing RunAs credentials* - GP name: *DisableRunAs* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -540,7 +540,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify channel binding token hardening level* +- GP English name: *Specify channel binding token hardening level* - GP name: *CBTHardeningLevel_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -584,7 +584,7 @@ ADMX Info: ADMX Info: -- GP english name: *Trusted Hosts* +- GP English name: *Trusted Hosts* - GP name: *TrustedHosts* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -628,7 +628,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn On Compatibility HTTP Listener* +- GP English name: *Turn On Compatibility HTTP Listener* - GP name: *HttpCompatibilityListener* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -672,7 +672,7 @@ ADMX Info: ADMX Info: -- GP english name: *Turn On Compatibility HTTPS Listener* +- GP English name: *Turn On Compatibility HTTPS Listener* - GP name: *HttpsCompatibilityListener* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 00dd1a5001..dc1dab2c86 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - RemoteProcedureCall @@ -66,7 +66,7 @@ Note: This policy will not be applied until the system is rebooted. ADMX Info: -- GP english name: *Enable RPC Endpoint Mapper Client Authentication* +- GP English name: *Enable RPC Endpoint Mapper Client Authentication* - GP name: *RpcEnableAuthEpResolution* - GP path: *System/Remote Procedure Call* - GP ADMX file name: *rpc.admx* @@ -128,7 +128,7 @@ Note: This policy setting will not be applied until the system is rebooted. ADMX Info: -- GP english name: *Restrict Unauthenticated RPC clients* +- GP English name: *Restrict Unauthenticated RPC clients* - GP name: *RpcRestrictRemoteClients* - GP path: *System/Remote Procedure Call* - GP ADMX file name: *rpc.admx* diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index ddc13e6c8e..32309bdf9d 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - RemoteShell @@ -56,7 +56,7 @@ ms.date: 08/09/2017 ADMX Info: -- GP english name: *Allow Remote Shell Access* +- GP English name: *Allow Remote Shell Access* - GP name: *AllowRemoteShellAccess* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -100,7 +100,7 @@ ADMX Info: ADMX Info: -- GP english name: *MaxConcurrentUsers* +- GP English name: *MaxConcurrentUsers* - GP name: *MaxConcurrentUsers* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -144,7 +144,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify idle Timeout* +- GP English name: *Specify idle Timeout* - GP name: *IdleTimeout* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -188,7 +188,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify maximum amount of memory in MB per Shell* +- GP English name: *Specify maximum amount of memory in MB per Shell* - GP name: *MaxMemoryPerShellMB* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -232,7 +232,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify maximum number of processes per Shell* +- GP English name: *Specify maximum number of processes per Shell* - GP name: *MaxProcessesPerShell* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -276,7 +276,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify maximum number of remote shells per user* +- GP English name: *Specify maximum number of remote shells per user* - GP name: *MaxShellsPerUser* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -320,7 +320,7 @@ ADMX Info: ADMX Info: -- GP english name: *Specify Shell Timeout* +- GP English name: *Specify Shell Timeout* - GP name: *ShellTimeOut* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index d5f5c4ad2d..783aac1e8d 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Search @@ -19,6 +19,42 @@ ms.date: 08/09/2017 ## Search policies + +**Search/AllowCloudSearch** + + + + + + + + + + + + + + + + + + + + + +
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3check mark3check mark3
              + + + +

              Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources. + +

              The following list shows the supported values: + +- 0 – Not allowed. +- 1 (default) – Allowed. + + + **Search/AllowIndexingEncryptedStoresOrItems** diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 0472962b49..229903014f 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Security diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 66b1036ad7..50a3295347 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Settings diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index f9c43718a4..adc515f986 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - SmartScreen diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index a8f70bedb6..833057f11a 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Speech diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index c33b8625ee..75e90f86a0 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Start diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index b0dcf3a30b..e73be79d8b 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Storage @@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, Windows will activate un ADMX Info: -- GP english name: *Do not allow Windows to activate Enhanced Storage devices* +- GP English name: *Do not allow Windows to activate Enhanced Storage devices* - GP name: *TCGSecurityActivationDisabled* - GP path: *System/Enhanced Storage Access* - GP ADMX file name: *enhancedstorage.admx* diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index bd2ca894b5..a6ffde5756 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 09/20/2017 --- # Policy CSP - System @@ -303,7 +303,13 @@ ms.date: 08/09/2017

              The following tables describe the supported values: - +Windows 8.1 Values: + +- 0 - Not allowed. +- 1 – Allowed, except for Secondary Data Requests. +- 2 (default) – Allowed. + + +Windows 10 Values: -
              +- 0 – Security. Information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender. + Note: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1. +- 1 – Basic. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level. +- 2 – Enhanced. Additional insights, including: how Windows, Windows Server, System Center, and apps are used, how they perform, advanced reliability data, and data from both the Basic and the Security levels. +- 3 – Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels. + + > [!IMPORTANT] @@ -546,7 +559,7 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu ADMX Info: -- GP english name: *Turn off System Restore* +- GP English name: *Turn off System Restore* - GP name: *SR_DisableSR* - GP path: *System/System Restore* - GP ADMX file name: *systemrestore.admx* @@ -554,6 +567,51 @@ ADMX Info: +**System/LimitEnhancedDiagnosticDataWindowsAnalytics** + + +
              + + + + + + + + + + + + + + + + + + +
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3check mark3check mark3
              + + + +

              This policy setting, in combination with the System/AllowTelemetry + policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. + +

              To enable this behavior you must complete two steps: +

                +
              • Enable this policy setting
                • +
              • Set Allow Telemetry to level 2 (Enhanced)
                • +
              + +

              When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594). + +

              Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. + +

              If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. + + + + + **System/TelemetryProxy** diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 8f0523789d..08041394b9 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - TextInput diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 2ccd9541ad..5eba1aac1c 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - TimeLanguageSettings diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index f057cd47c6..acd676eecb 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 09/20/2017 --- # Policy CSP - Update @@ -46,10 +46,6 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. > [!NOTE] @@ -88,10 +84,6 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.

              Supported values are 8-18. @@ -127,10 +119,6 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. > [!NOTE] @@ -169,10 +157,6 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Enables the IT admin to manage automatic update behavior to scan, download, and install updates.

              Supported operations are Get and Replace. @@ -192,6 +176,43 @@ ms.date: 08/09/2017

              If the policy is not configured, end-users get the default behavior (Auto install and restart). + + + +**Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork** + + + + + + + + + + + + + + + + + + + + + +
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3cross markcross mark
              + + + +

              Added in Windows 10, version 1709. Option to download updates automatically over metered connections (off by default). Value type is integer. + +- 0 (default) - Not allowed +- 1 - Allowed + +A significant number of devices primarily use cellular data and do not have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates. + +This policy is accessible through the Update setting in the user interface or Group Policy. @@ -221,10 +242,6 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education - -

              Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.

              The following list shows the supported values: @@ -261,10 +278,6 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution.

              Supported operations are Get and Replace. @@ -305,10 +318,6 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Windows Store.

              Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Windows Store @@ -387,10 +396,6 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.

              Supported values are 15, 30, 60, 120, and 240 (minutes). @@ -426,10 +431,6 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed.

              The following list shows the supported values: @@ -466,16 +467,16 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.

              The following list shows the supported values: -- 16 (default) – User gets all applicable upgrades from Current Branch (CB). -- 32 – User gets upgrades from Current Branch for Business (CBB). +- 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709) +- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709) +- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709) +- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted). +- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. + @@ -506,8 +507,6 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.

              Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.

              Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days. @@ -546,10 +545,6 @@ ms.date: 08/09/2017 -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.

              Supported values are 0-30. @@ -584,8 +579,6 @@ ms.date: 08/09/2017 > [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise -> > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices. @@ -602,7 +595,34 @@ ms.date: 08/09/2017

              If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. - +OS upgrade: +- Maximum deferral: 8 months +- Deferral increment: 1 month +- Update type/notes: + - Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5 + +Update: +- Maximum deferral: 1 month +- Deferral increment: 1 week +- Update type/notes: + If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic. + - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441 + - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4 + - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F + - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828 + - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB + - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F + - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83 + - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0 + +Other/cannot defer: +- Maximum deferral: No deferral +- Deferral increment: No deferral +- Update type/notes: + Any update category not specifically enumerated above falls into this category. + - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B + + @@ -683,8 +703,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego > [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education. -> > Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. > > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices. @@ -729,6 +747,46 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

              Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours. + + + +**Update/DisableDualScan** + + +

              + + + + + + + + + + + + + + + + + + +
              HomeProBusinessEnterpriseEducationMobileMobile Enterprise
              cross markcheck mark3check mark3check mark3check mark3cross markcross mark
              + + + +

              Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like. + +

              For more information about dual scan, see [Demystifying "Dual Scan"](https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan/) and [Improving Dual Scan on 1607](https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/). + +- 0 - allow scan against Windows Update +- 1 - do not allow update deferral policies to cause scans against Windows Update + +

              This is the same as the Group Policy in Windows Components > Window Update "Do not allow update deferral policies to cause scans against Windows Update." + +

              Value type is integer. Supported operations are Add, Get, Replace, and Delete. + @@ -758,10 +816,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling).

              Supported values are 2-30 days. @@ -797,10 +851,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications.

              Supported values are 1-3 days. @@ -836,10 +886,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.

              Supported values are 2-30 days. @@ -876,7 +922,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego > [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education. > Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.

              Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates. @@ -1051,8 +1096,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego > [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise -> > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices. @@ -1096,8 +1139,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.

              Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. @@ -1170,9 +1211,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise -

              Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates.

              The following list shows the supported values: @@ -1243,17 +1281,15 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego > [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise -> > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. -

              Allows the IT admin to set a device to CBB train. +

              Allows the IT admin to set a device to Semi-Annual Channel train.

              The following list shows the supported values: -- 0 (default) – User gets upgrades from Current Branch. -- 1 – User gets upgrades from Current Branch for Business. +- 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted). +- 1 – User gets upgrades from Semi-Annual Channel. @@ -1284,11 +1320,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -
              - > [!NOTE] > If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. @@ -1331,10 +1362,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.

              Supported values are 15, 30, or 60 (minutes). @@ -1409,10 +1436,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Enables the IT admin to schedule the day of the update installation.

              The data type is a integer. @@ -1677,10 +1700,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - -

              Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations.

              The following list shows the supported values: @@ -1753,9 +1772,6 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -> [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise - > [!Important] > Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile. @@ -1815,8 +1831,6 @@ Example -> **Note**  This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. -

              Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.

              This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 20616a5dfd..7d019f9c35 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - Wifi diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index b7a99ac6a7..ba85960f84 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - WindowsDefenderSecurityCenter diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index d196f035a8..32d34d88ec 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - WindowsInkWorkspace diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index cab3989529..22b96181e5 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - WindowsLogon @@ -62,7 +62,7 @@ If you disable or do not configure this policy setting, users can choose which a ADMX Info: -- GP english name: *Turn off app notifications on the lock screen* +- GP English name: *Turn off app notifications on the lock screen* - GP name: *DisableLockScreenAppNotifications* - GP path: *System/Logon* - GP ADMX file name: *logon.admx* @@ -112,7 +112,7 @@ If you disable or don't configure this policy setting, any user can disconnect t ADMX Info: -- GP english name: *Do not display network selection UI* +- GP English name: *Do not display network selection UI* - GP name: *DontDisplayNetworkSelectionUI* - GP path: *System/Logon* - GP ADMX file name: *logon.admx* diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 3086c439d8..ea09c4b3c7 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/09/2017 +ms.date: 08/30/2017 --- # Policy CSP - WirelessDisplay diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md index ee30992445..1319338ddc 100644 --- a/windows/client-management/mdm/reclaim-seat-from-user.md +++ b/windows/client-management/mdm/reclaim-seat-from-user.md @@ -1,6 +1,6 @@ --- title: Reclaim seat from user -description: The Reclaim seat from user operation returns reclaimed seats for a user in the Windows Store for Business. +description: The Reclaim seat from user operation returns reclaimed seats for a user in the Micosoft Store for Business. ms.assetid: E2C3C899-D0AD-469A-A319-31A420472A4C ms.author: maricia ms.topic: article @@ -12,7 +12,7 @@ ms.date: 06/19/2017 # Reclaim seat from user -The **Reclaim seat from user** operation returns reclaimed seats for a user in the Windows Store for Business. +The **Reclaim seat from user** operation returns reclaimed seats for a user in the Micosoft Store for Business. ## Request diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md index 5016c86ac9..d64e4e1b4d 100644 --- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md +++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md @@ -1,6 +1,6 @@ --- -title: REST API reference for Windows Store for Business -description: REST API reference for Windows Store for Business +title: REST API reference for Micosoft Store for Business +description: REST API reference for Micosoft Store for Business MS-HAID: - 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference' - 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business' @@ -13,7 +13,7 @@ author: nickbrower ms.date: 06/19/2017 --- -# REST API reference for Windows Store for Business +# REST API reference for Micosoft Store for Business Here's the list of available operations: diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 05e8da9fa3..aa98ff54c0 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/07/2017 +ms.date: 09/18/2017 --- # VPNv2 CSP @@ -35,7 +35,7 @@ The XSDs for all EAP methods are shipped in the box and can be found at the foll The following diagram shows the VPNv2 configuration service provider in tree format. -![vpnv2 csp diagram](images/provisioning-csp-vpnv2-rs1.png) +![vpnv2 csp diagram](images/provisioning-csp-vpnv2.png) **Device or User profile** For user profile, use **./User/Vendor/MSFT** path and for device profile, use **./Device/Vendor/MSFT** path. @@ -303,6 +303,14 @@ A device tunnel profile must be deleted before another device tunnel profile can Value type is bool. Supported operations include Get, Add, Replace, and Delete. +**VPNv2/***ProfileName***/RegisterDNS** +Allows registration of the connection's address in DNS. + +Valid values: + +- False = Do not register the connection's address in DNS (default). +- True = Register the connection's addresses in DNS. + **VPNv2/***ProfileName***/DnsSuffix** Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md index 1312ba1a63..3208f1111a 100644 --- a/windows/client-management/mdm/vpnv2-ddf-file.md +++ b/windows/client-management/mdm/vpnv2-ddf-file.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/07/2017 +ms.date: 09/18/2017 --- # VPNv2 DDF file @@ -992,6 +992,33 @@ The XML below is for Windows 10, version 1709. + + RegisterDNS + + + + + + + + + False = Do not register the connection's address in DNS (default). + True = Register the connection's addresses in DNS. + + + + + + + + + + + + text/plain + + + DnsSuffix diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index 0b67cbdc42..36cef1617a 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -202,7 +202,7 @@ No new [Exchange ActiveSync policies](https://go.microsoft.com/fwlink/p/?LinkId= [Windows 10 Mobile and MDM](windows-10-mobile-and-mdm.md) -  +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897).     diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md new file mode 100644 index 0000000000..03b15f9859 --- /dev/null +++ b/windows/client-management/windows-10-support-solutions.md @@ -0,0 +1,62 @@ +--- +title: Top support solutions for Windows 10 +description: Get links to solutions for Windows 10 issues +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.author: elizapo +author: kaushika-msft +ms.localizationpriority: high +--- +# Top support solutions for Windows 10 + +Microsoft regularly releases both updates and solutions for Windows 10. To ensure your computers can receive future updates, including security updates, it's important to keep them updated. Check out the following links for a complete list of released updates: + +- [Windows 10 Version 1703 update history](https://support.microsoft.com/help/4018124/) +- [Windows 10 Version 1607 update history](https://support.microsoft.com/help/4000825/) +- [Windows 10 Version 1511 update history](https://support.microsoft.com/help/4000824/) + + +These are the top Microsoft Support solutions for the most common issues experienced when using Windows 10 in an enterprise or IT pro environment. The links below include links to KB articles, updates, and library articles. + +## Solutions related to installing Windows updates or hotfixes +- [Understanding the Windowsupdate.log file for advanced users](https://support.microsoft.com/help/4035760/understanding-the-windowsupdate-log-file-for-advanced-users) +- [You can't install updates on a Windows-based computer](https://support.microsoft.com/help/2509997/you-can-t-install-updates-on-a-windows-based-computer) +- [Get-WindowsUpdateLog](https://technet.microsoft.com/itpro/powershell/windows/windowsupdate/get-windowsupdatelog) +- [How to read the Windowsupdate.log file](https://support.microsoft.com/help/902093/how-to-read-the-windowsupdate-log-file) +- [Can't download updates from Windows Update from behind a firewall or proxy server](https://support.microsoft.com/help/3084568/can-t-download-updates-from-windows-update-from-behind-a-firewall-or-p) +- [Computer staged from a SysPrepped image doesn't receive WSUS updates](https://support.microsoft.com/help/4010909/computer-staged-from-a-sysprepped-image-doesn-t-receive-wsus-updates) +- [Servicing stack update for Windows 10 Version 1703: June 13, 2017](https://support.microsoft.com/help/4022405/servicingstackupdateforwindows10version1703june13-2017) +- [Servicing stack update for Windows 10 Version 1607 and Windows Server 2016: March 14, 2017](https://support.microsoft.com/help/4013418/servicing-stack-update-for-windows-10-version-1607-and-windows-server) + +## Solutions related to Bugchecks or Stop Errors +- [Troubleshooting Stop error problems for IT Pros](https://support.microsoft.com/help/3106831/troubleshooting-stop-error-problems-for-it-pros) +- [How to use Windows Recovery Environment (WinRE) to troubleshoot common startup issues](https://support.microsoft.com/help/4026030/how-to-use-windows-recovery-environment-winre-to-troubleshoot-common-s) +- [How to troubleshoot Windows-based computer freeze issues](https://support.microsoft.com/help/3118553/how-to-troubleshoot-windows-based-computer-freeze-issues) +- [Understanding Bugchecks](https://blogs.technet.microsoft.com/askperf/2007/12/18/understanding-bugchecks/) +- [Understanding Crash Dump Files](https://blogs.technet.microsoft.com/askperf/2008/01/08/understanding-crash-dump-files/) + +## Solutions related to installing or upgrading Windows +- [Resolve Windows 10 upgrade errors : Technical information for IT Pros](/windows/deployment/upgrade/resolve-windows-10-upgrade-errors) +- [Windows OOBE fails when you start a new Windows-based computer for the first time](https://support.microsoft.com/help/4020048/windows-oobe-fails-when-you-start-a-new-windows-based-computer-for-the) +- ["0xc1800118" error when you push Windows 10 Version 1607 by using WSUS](https://support.microsoft.com/help/3194588/-0xc1800118-error-when-you-push-windows-10-version-1607-by-using-wsus) +- [0xC1900101 error when Windows 10 upgrade fails after the second system restart'(https://support.microsoft.com/help/3208485/0xc1900101-error-when-windows-10-upgrade-fails-after-the-second-system) +- [Updates fix in-place upgrade to Windows 10 version 1607 problem](https://support.microsoft.com/help/4020149/updates-fix-in-place-upgrade-to-windows-10-version-1607-problem) +- [OOBE update for Windows 10 Version 1703: May 9, 2017](https://support.microsoft.com/help/4020008) +- [OOBE update for Windows 10 Version 1607: May 30, 2017](https://support.microsoft.com/help/4022632) +- [OOBE update for Windows 10 Version 1511: May 30, 2017](https://support.microsoft.com/help/4022633) + +## Solutions related to configuring or managing the Start menu +- [Manage Windows 10 Start and taskbar layout](/windows/configuration/windows-10-start-layout-options-and-policies) +- [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout) +- [Changes to Group Policy settings for Windows 10 Start](/windows/configuration/changes-to-start-policies-in-windows-10) +- [Preinstalled system applications and Start menu may not work when you upgrade to Windows 10, Version 1511](https://support.microsoft.com/help/3152599) +- [Start menu shortcuts aren't immediately accessible in Windows Server 2016](https://support.microsoft.com/help/3198613) +- [Troubleshoot problems opening the Start menu or Cortana](https://support.microsoft.com/help/12385/windows-10-troubleshoot-problems-opening-start-menu-cortana) +- [Modern apps are blocked by security software when you start the applications on Windows 10 Version 1607](https://support.microsoft.com/help/4016973/modern-apps-are-blocked-by-security-software-when-you-start-the-applic) + +## Solutions related to wireless networking and 802.1X authentication + +- [Windows 10 devices can't connect to an 802.1X environment](http://support.microsoft.com/kb/3121002) +- [Windows 10 wireless connection displays "Limited" status](http://support.microsoft.com/kb/3114149) +- [Computer that has VPN software installed can't detect wireless network after upgrading to Windows 10](http://support.microsoft.com/kb/3084164) diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md index 8ccede5240..14b763459a 100644 --- a/windows/configuration/TOC.md +++ b/windows/configuration/TOC.md @@ -2,6 +2,7 @@ ## [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) ## [Basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) ## [Windows 10, version 1703 diagnostic data](windows-diagnostic-data.md) +## [Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md) ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) ## [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) ## [Configure kiosk and shared devices running Windows 10 desktop editions](kiosk-shared-pc.md) diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 76c39cc45d..a3cedc09a0 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -8,26 +8,34 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: high author: jdeckerms +ms.date: 09/25/2017 --- # Change history for Configure Windows 10 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile. +## September 2017 +|New or changed topic | Description| +|--- | ---| +|[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)|New conceptual info about Windows 10 and the upcoming GDPR-compliance requirements.| +|[Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added that Windows Spotlight can be managed by the Experience/AllowWindowsSpotlight MDM policy. | + ## August 2017 -New or changed topic | Description ---- | --- - [Windows Configuration Designer provisioning settings (reference)](wcd/wcd.md) | New section; reference content from [Windows Provisioning settings reference](https://msdn.microsoft.com/library/windows/hardware/dn965990.aspx) is being relocated here from MSDN. +|New or changed topic | Description| +|--- | ---| +|[Windows Configuration Designer provisioning settings (reference)](wcd/wcd.md) | New section; reference content from [Windows Provisioning settings reference](https://msdn.microsoft.com/library/windows/hardware/dn965990.aspx) is being relocated here from MSDN. | ## July 2017 | New or changed topic | Description | | --- | --- | -| [Add image for secondary tiles](start-secondary-tiles.md) | Added XML example for Edge secondary tiles and **ImportEdgeAssets** | -| [Customize and export Start layout](customize-and-export-start-layout.md) | Added explanation for tile behavior when the app is not installed | -| [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md) | Added that Microsoft Edge is not supported for assigned access | +|[Windows 10, version 1703 Diagnostic Data](windows-diagnostic-data.md)|Updated categories and included diagnostic data.| +|[Add image for secondary tiles](start-secondary-tiles.md) | Added XML example for Edge secondary tiles and **ImportEdgeAssets** | +|[Customize and export Start layout](customize-and-export-start-layout.md) | Added explanation for tile behavior when the app is not installed | +|[Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md) | Added that Microsoft Edge is not supported for assigned access | |[Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)|Updated several Appraiser events and added Census.Speech. | -| [Manage connections from Windows operating system components to Microsoft-services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Updated Date & Time and Windows spotlight sections. | +|[Manage connections from Windows operating system components to Microsoft-services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Updated Date & Time and Windows spotlight sections. | ## June 2017 diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/configure-windows-10-taskbar.md index 3e9fff0d5c..0d49be3b9d 100644 --- a/windows/configuration/configure-windows-10-taskbar.md +++ b/windows/configuration/configure-windows-10-taskbar.md @@ -300,4 +300,4 @@ The resulting taskbar for computers in any other country region: - [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md) - +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). diff --git a/windows/configuration/configure-windows-telemetry-in-your-organization.md b/windows/configuration/configure-windows-telemetry-in-your-organization.md index 1aec75a995..cca1fc3f33 100644 --- a/windows/configuration/configure-windows-telemetry-in-your-organization.md +++ b/windows/configuration/configure-windows-telemetry-in-your-organization.md @@ -35,6 +35,8 @@ Use this article to make informed decisions about how you might configure teleme We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). + ## Overview In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM. @@ -409,3 +411,5 @@ TechNet Web Pages - [Privacy at Microsoft](http://privacy.microsoft.com) + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md index bad5148d3a..2d87c06e2e 100644 --- a/windows/configuration/customize-and-export-start-layout.md +++ b/windows/configuration/customize-and-export-start-layout.md @@ -170,7 +170,7 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed - [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md) -  +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md index 1313186ea4..d910aee65f 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md @@ -128,7 +128,7 @@ After you use Group Policy to apply a customized Start and taskbar layout on a c - [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)   - +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897).   diff --git a/windows/configuration/gdpr-win10-whitepaper.md b/windows/configuration/gdpr-win10-whitepaper.md new file mode 100644 index 0000000000..434bb0239b --- /dev/null +++ b/windows/configuration/gdpr-win10-whitepaper.md @@ -0,0 +1,335 @@ +--- +title: Beginning your General Data Protection Regulation (GDPR) journey for Windows 10 (Windows 10) +description: Use this article to understand what GDPR is and about the products Microsoft provides to help you get started towards compliance. +keywords: privacy, GDPR +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: high +author: pwiglemsft +ms.author: pwigle +ms.date: 09/25/2017 +--- + +# Beginning your General Data Protection Regulation (GDPR) journey for Windows 10 + +This article provides info about the GDPR, including what it is, and the products Microsoft provides to help you to become compliant. + +## Introduction +On May 25, 2018, a European privacy law is due to take effect that sets a new global bar for privacy rights, security, and compliance. + +The General Data Protection Regulation, or GDPR, is fundamentally about protecting and enabling the privacy rights of individuals. The GDPR establishes strict global privacy requirements governing how you manage and protect personal data while respecting individual choice — no matter where data is sent, processed, or stored. + +Microsoft and our customers are now on a journey to achieve the privacy goals of the GDPR. At Microsoft, we believe privacy is a fundamental right, and we believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. But we also recognize that the GDPR will require significant changes by organizations all over the world. + +We have outlined our commitment to the GDPR and how we are supporting our customers within the [Get GDPR compliant with the Microsoft Cloud](https://blogs.microsoft.com/on-the-issues/2017/02/15/get-gdpr-compliant-with-the-microsoft-cloud/#hv52B68OZTwhUj2c.99) blog post by our Chief Privacy Officer [Brendon Lynch](https://blogs.microsoft.com/on-the-issues/author/brendonlynch/) and the [Earning your trust with contractual commitments to the General Data Protection Regulation](https://blogs.microsoft.com/on-the-issues/2017/04/17/earning-trust-contractual-commitments-general-data-protection-regulation/#6QbqoGWXCLavGM63.99)” blog post by [Rich Sauer](https://blogs.microsoft.com/on-the-issues/author/rsauer/) - Microsoft Corporate Vice President & Deputy General Counsel. + +Although your journey to GDPR-compliance may seem challenging, we're here to help you. For specific information about the GDPR, our commitments and how to begin your journey, please visit the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/privacy/gdpr). + +## GDPR and its implications +The GDPR is a complex regulation that may require significant changes in how you gather, use and manage personal data. Microsoft has a long history of helping our customers comply with complex regulations, and when it comes to preparing for the GDPR, we are your partner on this journey. + +The GDPR imposes rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where those businesses are located. Among the key elements of the GDPR are the following: + +- **Enhanced personal privacy rights.** Strengthened data protection for residents of EU by ensuring they have the right to access to their personal data, to correct inaccuracies in that data, to erase that data, to object to processing of their personal data, and to move it. + +- **Increased duty for protecting personal data.** Reinforced accountability of organizations that process personal data, providing increased clarity of responsibility in ensuring compliance. + +- **Mandatory personal data breach reporting.** Organizations that control personal data are required to report personal data breaches that pose a risk to the rights and freedoms of individuals to their supervisory authorities without undue delay, and, where feasible, no later than 72 hours once they become aware of the breach. + +As you might anticipate, the GDPR can have a significant impact on your business, potentially requiring you to update privacy policies, implement and strengthen data protection controls and breach notification procedures, deploy highly transparent policies, and further invest in IT and training. Microsoft Windows 10 can help you effectively and efficiently address some of these requirements. + +## Personal and sensitive data +As part of your effort to comply with the GDPR, you will need to understand how the regulation defines personal and sensitive data and how those definitions relate to data held by your organization. + +The GDPR considers personal data to be any information related to an identified or identifiable natural person. That can include both direct identification (such as, your legal name) and indirect identification (such as, specific information that makes it clear it is you the data references). The GDPR also makes clear that the concept of personal data includes online identifiers (such as, IP addresses, mobile device IDs) and location data. + +The GDPR introduces specific definitions for genetic data (such as, an individual’s gene sequence) and biometric data. Genetic data and biometric data along with other sub categories of personal data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership: data concerning health; or data concerning a person’s sex life or sexual orientation) are treated as sensitive personal data under the GDPR. Sensitive personal data is afforded enhanced protections and generally requires an individual’s explicit consent where these data are to be processed. + +### Examples of info relating to an identified or identifiable natural person (data subject) +This list provides examples of several types of info that will be regulated through GDPR. This is not an exhaustive list. + +- Name + +- Identification number (such as, SSN) + +- Location data (such as, home address) + +- Online identifier (such as, e-mail address, screen names, IP address, device IDs) + +- Pseudonymous data (such as, using a key to identify individuals) + +- Genetic data (such as, biological samples from an individual) + +- Biometric data (such as, fingerprints, facial recognition) + +## Getting started on the journey towards GDPR compliance +Given how much is involved to become GDPR-compliant, we strongly recommend that you don't wait to prepare until enforcement begins. You should review your privacy and data management practices now. We recommend that you begin your journey to GDPR compliance by focusing on four key steps: + +- **Discover.** Identify what personal data you have and where it resides. + +- **Manage.** Govern how personal data is used and accessed. + +- **Protect.** Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches. + +- **Report.** Act on data requests, report data breaches, and keep required documentation. + + ![Diagram about how the 4 key GDPR steps work together](images/gdpr-steps-diagram.png) + +For each of the steps, we've outlined example tools, resources, and features in various Microsoft solutions, which can be used to help you address the requirements of that step. While this article isn't a comprehensive “how to,” we've included links for you to find out more details, and more information is available in the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/privacy/gdpr). + +## Windows 10 security and privacy +As you work to comply with the GDPR, understanding the role of your desktop and laptop client machines in creating, accessing, processing, storing and managing data that may qualify as personal and potentially sensitive data under the GDPR is important. Windows 10 provides capabilities that will help you comply with the GDPR requirements to implement appropriate technical and organizational security measures to protect personal data. + +With Windows 10, your ability to protect, detect and defend against the types of attacks that can lead to data breaches is greatly improved. Given the stringent requirements around breach notification within the GDPR, ensuring that your desktop and laptop systems are well defended will lower the risks you face that could result in costly breach analysis and notification. + +In this section, we'll talk about how Windows 10 provides capabilities that fit squarely in the **Protect** stage of your journey, including these 4 scenarios: + +- **Threat protection: Pre-breach threat resistance.** Disrupt the malware and hacking industry by moving the playing field to one where they lose the attack vectors that they depend on. + +- **Threat protection: Post-breach detection and response.** Detect, investigate, and respond to advanced threats and data breaches on your networks. + +- **Identity protection.** Next generation technology to help protect your user’s identities from abuse. + +- **Information protection.** Comprehensive data protection while meeting compliance requirements and maintaining user productivity. + +These capabilities, discussed in more detail below with references to specific GDPR requirements, are built on top of advanced device protection that maintains the integrity and security of the operating system and data. + +A key provision within the GDPR is data protection by design and by default, and helping with your ability to meet this provision are features within Windows 10 such as the Trusted Platform Module (TPM) technology designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. + +The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can: + +- Generate, store, and limit the use of cryptographic keys. + +- Use TPM technology for platform device authentication by using the TPM’s unique RSA key, which is burned into itself. + +- Help to ensure platform integrity by taking and storing security measurements. + +Additional advanced device protection relevant to your operating without data breaches include Windows Trusted Boot to help maintain the integrity of the system by ensuring malware is unable to start before system defenses. + +### Threat protection: Pre-breach threat resistance +The GDPR requires you to implement appropriate technical and organizational security measures to protect personal data. + +Your ability to meet this requirement to implement appropriate technical security measures should reflect the threats you face in today’s increasingly hostile IT environment. Today’s security threat landscape is one of aggressive and tenacious threats. In previous years, malicious attackers mostly focused on gaining community recognition through their attacks or the thrill of temporarily taking a system offline. Since then, attacker’s motives have shifted toward making money, including holding devices and data hostage until the owner pays the demanded ransom. + +Modern attacks increasingly focus on large-scale intellectual property theft; targeted system degradation that can result in financial loss; and now even cyberterrorism that threatens the security of individuals, businesses, and national interests all over the world. These attackers are typically highly trained individuals and security experts, some of whom are in the employ of nation states that have large budgets and seemingly unlimited human resources. Threats like these require an approach that can meet this challenge. + +Not only are these threats a risk to your ability to maintain control of any personal or sensitive data you may have, but they are a material risk to your overall business as well. Consider recent data from Ponemon Institute, Verizon, and Microsoft: + +- The average cost of the type of data breach the GDPR will expect you to report is $3.5M. (Ponemon Institute). + +- 63% of these breaches involve weak or stolen passwords that the GDPR expects you to address. (2016 Data Breach Investigations Report, Verizon Enterprise). + +- Over 300,000 new malware samples are created and spread every day making your task to address data protection even more challenging. (Microsoft Malware Protection Center, Microsoft). + +As seen with recent ransomware attacks, once called the "black plague" of the Internet, attackers are going after bigger targets that can afford to pay more, with potentially catastrophic consequences. Desktops and laptops, that contain personal and sensitive data, are commonly targeted where control over data might be lost. + +In response to these threats and as a part of your mechanisms to resist these types of breaches so that you remain in compliance with the GDPR, Windows 10 provides built in technology, detailed below including the following: + +- Windows Defender Antivirus to respond to emerging threats on data. + +- Microsoft Edge to systemically disrupt phishing, malware, and hacking attacks. + +- Windows Defender Device Guard to block all unwanted applications on client machines. + +#### Responding to emerging data threats +Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers. In Windows 10, it uses a multi-pronged approach to improve antimalware: + +- **Cloud-delivered protection.** Helps to detect and block new malware within seconds, even if the malware has never been seen before. + +- **Rich local context.** Improves how malware is identified. Windows 10 informs Windows Defender Antivirus not only about content like files and processes, but also where the content came from, where it's been stored, and more. + +- **Extensive global sensors.** Help to keep Windows Defender Antivirus current and aware of even the newest malware. This is accomplished in two ways: by collecting the rich local context data from end points and by centrally analyzing that data. + +- **Tamper proofing.** Helps to guard Windows Defender Antivirus itself against malware attacks. For example, Windows Defender Antivirus uses Protected Processes, which prevents untrusted processes from attempting to tamper with Windows Defender Antivirus components, its registry keys, and so on. + +- **Enterprise-level features.** Give IT pros the tools and configuration options necessary to make Windows Defender Antivirus an enterprise-class antimalware solution. + +#### Systemically disrupting phishing, malware, and hacking attacks +In today’s threat landscape, your ability to provide those mechanisms should be tied to the specific data-focused attacks you face through phishing, malware and hacking due to the browser-related attacks. + +As part of Windows 10, Microsoft has brought you Microsoft Edge, our safest and most secure browser to-date. Over the past two years, we have been continuously innovating, and we’re proud of the progress we’ve made. This quality of engineering is reflected by the reduction of Common Vulnerabilities and Exposures (CVE) when comparing Microsoft Edge with Internet Explorer over the past year. Browser-related attacks on personal and sensitive data that you will need to protect under the GDPR means this innovation in Windows 10 is important. + +While no modern browser — or any complex application — is free of vulnerabilities, many of the vulnerabilities for Microsoft Edge have been responsibly reported by professional security researchers who work with the Microsoft Security Response Center (MSRC) and the Microsoft Edge team to ensure customers are protected well before any attacker might use these vulnerabilities in the wild. Even better, there is no evidence that any vulnerabilities have been exploited in the wild as zero-day attacks. + +![Graph of the Common Vulnerabilities and Exposures (CVE) in the National Vulnerability Database](images/gdpr-cve-graph.png) + +However, many businesses worldwide have come under increasing threat of targeted attacks, where attackers are crafting specialized attacks against a specific business, attempting to take control of corporate networks and data. + +#### Blocking all unwanted apps +Application Control is your best defense in a world where there are more than 300,000 new malware samples each day. As part of Windows 10, Windows Defender Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies. If the app isn’t trusted it can’t run, period. + +With hardware that meets basic requirements, it also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code. With appropriate hardware, Windows Defender Device Guard can use the new virtualization-based security in Windows 10 to isolate the Code Integrity service from the Microsoft Windows kernel itself. In this case, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container. + +Windows Defender Device Guard protects threats that can expose personal or sensitive data to attack, including: + +- Exposure to new malware, for which the "signature" is not yet known + +- Exposure to unsigned code (most malware is unsigned) + +- Malware that gains access to the kernel and then, from within the kernel, captures sensitive information or damages the system + +- DMA-based attacks, for example, attacks launched from a malicious device that read secrets from memory, making the enterprise more vulnerable to attack; and + +- Exposure to boot kits or to a physically present attacker at boot time. + +### Threat protection: Post-breach detection and response +The GDPR includes explicit requirements for breach notification where a personal data breach means, “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.” + +As noted in the Windows Security Center white paper, [Post Breach: Dealing with Advanced Threats](http://wincom.blob.core.windows.net/documents/Post_Breach_Dealing_with_Advanced_Threats_Whitepaper.pdf), “_Unlike pre-breach, post-breach assumes a breach has already occurred – acting as a flight recorder and Crime Scene Investigator (CSI). Post-breach provides security teams the information and toolset needed to identify, investigate, and respond to attacks that otherwise will stay undetected and below the radar._” + +#### Insightful security telemetry +For nearly two decades, Microsoft has been turning threats into useful intelligence that can help fortify our platform and protect customers. Today, with the immense computing advantages afforded by the cloud, we are finding new ways to use our rich analytics engines driven by threat intelligence to protect our customers. + +By applying a combination of automated and manual processes, machine learning and human experts, we can create an Intelligent Security Graph that learns from itself and evolves in real-time, reducing our collective time to detect and respond to new incidents across our products. + +![Diagram of Microsoft's Intelligent Security Graph](images/gdpr-intelligent-security-graph.png) + +The scope of Microsoft’s threat intelligence spans, literally, billions of data points: 35 billion messages scanned monthly, 1 billion customers across enterprise and consumer segments accessing 200+ cloud services, and 14 billion authentications performed daily. All this data is pulled together on your behalf by Microsoft to create the Intelligent Security Graph that can help you protect your front door dynamically to stay secure, remain productive, and meet the requirements of the GDPR. + +#### Detecting attacks and forensic investigation +Even the best endpoint defenses may be breached eventually, as cyberattacks become more sophisticated and targeted. + +Windows Defender Advanced Threat Protection (ATP) helps you detect, investigate, and respond to advanced attacks and data breaches on your networks. GDPR expects you to protect against attacks and breaches through technical security measures to ensure the ongoing confidentiality, integrity, and availability of personal data. + +Among the key benefits of ATP are the following: + +- Detecting the undetectable - sensors built deep into the operating system kernel, Windows security experts, and unique optics from over 1 billion machines and signals across all Microsoft services. + +- Built in, not bolted on - agentless with high performance and low impact, cloud-powered; easy management with no deployment. + +- Single pane of glass for Windows security - explore 6 months of rich machine timeline that unifies security events from Windows Defender ATP, Windows Defender Antivirus. + +- Power of the Microsoft graph - leverages the Microsoft Intelligence Security Graph to integrate detection and exploration with Office 365 ATP subscription, to track back and respond to attacks. + +Read more at [What’s new in the Windows Defender ATP Creators Update preview](https://blogs.microsoft.com/microsoftsecure/2017/03/13/whats-new-in-the-windows-defender-atp-creators-update-preview/). + +To provide Detection capabilities, Windows 10 improves our OS memory and kernel sensors to enable detection of attackers who are employing in-memory and kernel-level attacks – shining a light into previously dark spaces where attackers hid from conventional detection tools. We’ve already successfully leveraged this new technology against zero-days attacks on Windows. + +![Windows Defender Security Center](images/gdpr-security-center.png) + +We continue to upgrade our detections of ransomware and other advanced attacks, applying our behavioral and machine-learning detection library to counter changing attacks trends. Our historical detection capability ensures new detection rules apply to up to six months of stored data to detect attacks that previously went unnoticed. Customers can also add customized detection rules or IOCs to augment the detection dictionary. + +Customers asked us for a single pane of glass across the entire Windows security stack. Windows Defender Antivirus detections and Windows Defender Device Guard blocks are the first to surface in the Windows Defender ATP portal interleaved with Windows Defender ATP detections. The new user entity adds identity as a pivot, providing insight into actions, relationships, and alerts that span machines and allow us to track attackers moving laterally across the network. + +Our alert page now includes a new process tree visualization that aggregates multiple detections and related events into a single view that helps security teams reduce the time to resolve cases by providing the information required to understand and resolve incidents without leaving the alert page. + +Security Operations (SecOps) can hunt for evidence of attacks, such as file names or hashes, IP addresses or URLs, behaviors, machines, or users. They can do this immediately by searching the organization’s cloud inventory, across all machines – and going back up to 6 months in time – even if machines are offline, have been reimaged, or no longer exist. + +![Windows Defender Security Center - User screen](images/gdpr-security-center2.png) + +When detecting an attack, security teams can now take immediate action: isolate machines, ban files from the network, kill or quarantine running processes or files, or retrieve an investigation package from a machine to provide forensic evidence – with a click of a button. Because while detecting advanced attacks is important – shutting them down is even more so. + +![Windows Defender Security Center - Machine screen](images/gdpr-security-center3.png) + +### Identity Protection +Identify and access management is another area where the GDPR has placed special emphasis by calling for mechanisms to grant and restrict access to data subject personal data (for example, role-based access, segregation of duties). + +#### Multi-factor protection +Biometric authentication – using your face, iris, or fingerprint to unlock your devices – is much safer than traditional passwords. You– uniquely you– plus your device are the keys to your apps, data, and even websites and services – not a random assortment of letters and numbers that are easily forgotten, hacked, or written down and pinned to a bulletin board. + +Your ability to protect personal and sensitive data, that may be stored or accessed through desktop or laptops will be further enhanced by adopting advanced authentication capabilities such as Windows Hello for Business and Windows Hello companion devices. Windows Hello for Business, part of Windows 10, gives users a personal, secured experience where the device is authenticated based on their presence. Users can log in with a look or a touch, with no need for a password. + +In conjunction with Windows Hello for Business, biometric authentication uses fingerprints or facial recognition and is more secure, more personal, and more convenient. If an application supports Hello, Windows 10 enables you to authenticate applications, enterprise content, and even certain online experiences without a password being stored on your device or in a network server at all. +Windows Hello for Business works with the Companion Device Framework to enhance the user authentication experience. Using the Windows Hello Companion Device Framework, a companion device can provide a rich experience for Windows Hello even when biometrics are not available (for example, if the Windows 10 desktop lacks a camera for face authentication or fingerprint reader device). + +There are numerous ways one can use the Windows Hello Companion Device Framework to build a great Windows unlock experience with a companion device. For example, users can: + +- Work offline (for example, while traveling on a plane) + +- Attach their companion device to PC via USB, touch the button on the companion device, and automatically unlock their PC. + +- Carry a phone in their pocket that is already paired with their PC over Bluetooth. Upon hitting the spacebar on their PC, their phone receives a notification. Approve it and the PC simply unlocks. + +- Tap their companion device to an NFC reader to quickly unlock their PC. + +- Wear a fitness band that has already authenticated the wearer. Upon approaching PC, and by performing a special gesture (like clapping), the PC unlocks. + +#### Protection against attacks by isolating user credentials +As noted in the [Windows 10 Credential Theft Mitigation Guide](https://www.microsoft.com/en-us/download/confirmation.aspx?id=54095), “_the tools and techniques criminals use to carry out credential theft and reuse attacks improve, malicious attackers are finding it easier to achieve their goals. Credential theft often relies on operational practices or user credential exposure, so effective mitigations require a holistic approach that addresses people, processes, and technology. In addition, these attacks rely on the attacker stealing credentials after compromising a system to expand or persist access, so organizations must contain breaches rapidly by implementing strategies that prevent attackers from moving freely and undetected in a compromised network._” + +An important design consideration for Windows 10 was mitigating credential theft — in particular, derived credentials. Windows Defender Credential Guard provides significantly improved security against derived credential theft and reuse by implementing a significant architectural change in Windows designed to help eliminate hardware-based isolation attacks rather than simply trying to defend against them. + +When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges can't extract secrets that are protected by virtualization-based security. While Windows Defender Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate Windows Defender Device Guard, as described above, and other security strategies and architectures. + +### Information Protection +The GDPR is focused on information protection regarding data that is considered as personal or sensitive in relation to a natural person, or data subject. Device protection, protection against threats, and identity protection are all important elements of a Defense in Depth strategy surrounding a layer of information protection in your laptop and desktop systems. + +As to the protection of data, the GDPR recognizes that in assessing data security risk, consideration should be given to the risks that are presented such as accidental loss, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. It also recommends that measures taken to maintain an appropriate level of security should consider the state-of-the-art and the costs of implementation in relation to the risks among other factors. + +Windows 10 provides built in risk mitigation capabilities for today’s threat landscape. In this section, we will look at the types of technologies that will help your journey toward GDPR compliance and at the same time provide you with solid overall data protection as part of a comprehensive information protection strategy. + +![Diagram of Microsoft's comprehensive information protection strategy](images/gdpr-comp-info-protection.png) + +#### Encryption for lost or stolen devices +The GDPR calls for mechanisms that implement appropriate technical security measures to confirm the ongoing confidentiality, integrity, and availability of both personal data and processing systems. BitLocker Encryption, first introduced as part of Microsoft's Next-Generation Secure Computing Base architecture in 2004 and made available with Windows Vista, is a built-in data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. + +BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to protect user data and to ensure that a computer has not been tampered with while the system was offline. + +Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled. + +Related to BitLocker are Encrypted Hard Drives, a new class of hard drives that are self-encrypting at a hardware level and allow for full disk hardware encryption. Encrypted Hard Drives use the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. + +By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. + +Some of the benefits of Encrypted Hard Drives include: + +- **Better performance.** Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation. + +- **Strong security based in hardware.** Encryption is always "on" and the keys for encryption never leave the hard drive. User authentication is performed by the drive before it will unlock, independently of the operating system + +- **Ease of use.** Encryption is transparent to the user because it is on by default. There is no user interaction needed to enable encryption. Encrypted Hard Drives are easily erased using on-board encryption key; there is no need to re-encrypt data on the drive. + +- **Lower cost of ownership.** There is no need for new infrastructure to manage encryption keys, since BitLocker leverages your Active Directory Domain Services infrastructure to store recovery information. Your device operates more efficiently because processor cycles don't need to be used for the encryption process. + +#### Preventing accidental data leaks to unauthorized users +Part of the reality of your operating in a mobile-first, cloud-first world is the notion that some laptops will have multiple purposes – both business and personal. Yet that data that is considered as personal and sensitive regarding EU residents considered as “data subjects” must be protected in line with the requirements of the GDPR. + +Windows Information Protection helps people separate their work and personal data and keeps data encrypted wherever it’s stored. Your employees can safely use both work and personal data on the same device without switching applications. Windows Information Protection helps end users avoid inadvertent data leaks by sending a warning when copy/pasting information in non-corporate applications – end users can still proceed but the action will be logged centrally. + +For example, employees can’t send protected work files from a personal email account instead of their work account. They also can’t accidently post personal or sensitive data from a corporate site into a tweet. Windows Information Protection also helps ensure that they aren’t saving personal or sensitive data in a public cloud storage location. + +#### Capabilities to classify, assign permissions and share data +Windows Information Protection is designed to coexist with advanced data loss prevention (DLP) capabilities found in Office 365 ProPlus, Azure Information Protection, and Azure Rights Management. Advanced DLP prevents printing, for example, or protects work data that is emailed outside your company. + +To continously protect your data, regardless of where it is stored, with whom it is shared, or if the device is running iOS, Android or Windows, the classification and protection needs to be built into the file itself, so this protection can travel with the data wherever it goes. Microsoft Azure Information Protection (AIP) is designed to provide this persistent data protection both on-premises and in the cloud. + +Data classification is an important part of any data governance plan. Adopting a classification scheme that applies throughout your business can be particularly helpful in responding to what the GDPR calls data subject (for example, your EU employee or customer) requests, because it enables enterprises to identify more readily and process personal data requests. + +Azure Information Protection can be used to help you classify and label your data at the time of creation or modification. Protection in the form of encryption, which the GDPR recognizes may be appropriate at times, or visual markings can then be applied to data needing protection. + +With Azure Information Protection, you can either query for data marked with a sensitivity label or intelligently identify sensitive data when a file or email is created or modified. Once identified, you can automatically classify and label the data – all based on the company’s desired policy. + +Azure Information Protection also helps your users share sensitive data in a secure manner. In the example below, information about a sensitive acquisition was encrypted and restricted to a group of people who were granted only a limited set of permissions on the information – they could modify the content but could not copy or print it. + +![Azure Information Protection screen with limitations](images/gdpr-azure-info-protection.png) + +## Related content for associated Windows 10 solutions + +- **Windows Hello for Business:** https://www.youtube.com/watch?v=WOvoXQdj-9E and https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-identity-verification + +- **Windows Defender Antivirus:** https://www.youtube.com/watch?v=P1aNEy09NaI and https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10 + +- **Windows Defender Advanced Threat Protection:** https://www.youtube.com/watch?v=qxeGa3pxIwg and https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection + +- **Windows Defender Device Guard:** https://www.youtube.com/watch?v=F-pTkesjkhI and https://docs.microsoft.com/en-us/windows/device-security/device-guard/device-guard-deployment-guide + +- **Windows Defender Credential Guard:** https://www.youtube.com/watch?v=F-pTkesjkhI and https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard + +- **Windows Information Protection:** https://www.youtube.com/watch?v=wLkQOmK7-Jg and https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip + +- Windows 10 Security Guide: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-10-security-guide + +## Disclaimer +This article is a commentary on the GDPR, as Microsoft interprets it, as of the date of publication. We’ve spent a lot of time with GDPR and like to think we’ve been thoughtful about its intent and meaning. But the application of GDPR is highly fact-specific, and not all aspects and interpretations of GDPR are well-settled. + +As a result, this article is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your organization. We encourage you to work with a legally-qualified professional to discuss GDPR, how it applies specifically to your organization, and how best to ensure compliance. + +MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS ARTICLE. This article is provided “as-is.” Information and views expressed in this article, including URL and other Internet website references, may change without notice. + +This article does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this article for your internal, reference purposes only. + +Published September 2017
              +Version 1.0
              +© 2017 Microsoft. All rights reserved. \ No newline at end of file diff --git a/windows/configuration/images/gdpr-azure-info-protection.png b/windows/configuration/images/gdpr-azure-info-protection.png new file mode 100644 index 0000000000..ff4581286d Binary files /dev/null and b/windows/configuration/images/gdpr-azure-info-protection.png differ diff --git a/windows/configuration/images/gdpr-comp-info-protection.png b/windows/configuration/images/gdpr-comp-info-protection.png new file mode 100644 index 0000000000..a332b3476f Binary files /dev/null and b/windows/configuration/images/gdpr-comp-info-protection.png differ diff --git a/windows/configuration/images/gdpr-cve-graph.png b/windows/configuration/images/gdpr-cve-graph.png new file mode 100644 index 0000000000..ebc3e7e36b Binary files /dev/null and b/windows/configuration/images/gdpr-cve-graph.png differ diff --git a/windows/configuration/images/gdpr-intelligent-security-graph.png b/windows/configuration/images/gdpr-intelligent-security-graph.png new file mode 100644 index 0000000000..9448465c08 Binary files /dev/null and b/windows/configuration/images/gdpr-intelligent-security-graph.png differ diff --git a/windows/configuration/images/gdpr-security-center.png b/windows/configuration/images/gdpr-security-center.png new file mode 100644 index 0000000000..26936520a9 Binary files /dev/null and b/windows/configuration/images/gdpr-security-center.png differ diff --git a/windows/configuration/images/gdpr-security-center2.png b/windows/configuration/images/gdpr-security-center2.png new file mode 100644 index 0000000000..971a9918a5 Binary files /dev/null and b/windows/configuration/images/gdpr-security-center2.png differ diff --git a/windows/configuration/images/gdpr-security-center3.png b/windows/configuration/images/gdpr-security-center3.png new file mode 100644 index 0000000000..2c5e279211 Binary files /dev/null and b/windows/configuration/images/gdpr-security-center3.png differ diff --git a/windows/configuration/images/gdpr-steps-diagram.png b/windows/configuration/images/gdpr-steps-diagram.png new file mode 100644 index 0000000000..8fce18bccd Binary files /dev/null and b/windows/configuration/images/gdpr-steps-diagram.png differ diff --git a/windows/configuration/images/package.png b/windows/configuration/images/package.png index f5e975e3e9..e10cf84f51 100644 Binary files a/windows/configuration/images/package.png and b/windows/configuration/images/package.png differ diff --git a/windows/configuration/index.md b/windows/configuration/index.md index df0e8e3a76..93aa72ed2a 100644 --- a/windows/configuration/index.md +++ b/windows/configuration/index.md @@ -21,6 +21,7 @@ Enterprises often need to apply custom configurations to devices for their users | [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) | Use this article to make informed decisions about how you can configure Windows telemetry in your organization. | | [Basic level Windows diagnostic data](basic-level-windows-diagnostic-events-and-fields.md) | Learn about diagnostic data that is collected at the basic level in Windows 10, version 1703. | | [Windows 10, version 1703 diagnostic data](windows-diagnostic-data.md) | Learn about the types of data that is collected at the full level in Windows 10, version 1703. | +|[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)|Learn about Windows 10 and the upcoming GDPR-compliance requirements.| | [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro. | | [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places. It can connect you to open Wi-Fi hotspots it knows about through crowdsourcing, or to Wi-Fi networks your contacts have shared with you by using Wi-Fi Sense. The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10. | | [Configure kiosk and shared devices running Windows 10 desktop editions](kiosk-shared-pc.md) | These topics help you configure Windows 10 devices to be shared by multiple users or to run as a kiosk device that runs a single app. | diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index e5ebed0c80..85a69536cf 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -31,6 +31,8 @@ To help make it easier to deploy settings to restrict connections from Windows 1 We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). + ## What's new in Windows 10, version 1703 Here's a list of changes that were made to this article for Windows 10, version 1703: @@ -71,7 +73,7 @@ See the following table for a summary of the management settings for Windows 10 | Setting | UI | Group Policy | MDM policy | Registry | Command line | | - | :-: | :-: | :-: | :-: | :-: | -| [1. Certificate trust lists](#certificate-trust-lists) | | ![Check mark](images/checkmark.png) | | | | +| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | | | | | [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | | [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | @@ -113,7 +115,7 @@ See the following table for a summary of the management settings for Windows 10 | [21. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | | [22. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [23. Windows Media Player](#bkmk-wmp) | ![Check mark](images/checkmark.png) | | | | ![Check mark](images/checkmark.png) | -| [24. Windows spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | +| [24. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [25. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | | [26. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [27. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | @@ -124,7 +126,7 @@ See the following table for a summary of the management settings for Windows Ser | Setting | UI | Group Policy | Registry | Command line | | - | :-: | :-: | :-: | :-: | -| [1. Certificate trust lists](#certificate-trust-lists) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | @@ -150,7 +152,7 @@ See the following table for a summary of the management settings for Windows Ser | Setting | Group Policy | Registry | Command line | | - | :-: | :-: | :-: | :-: | :-: | -| [1. Certificate trust lists](#certificate-trust-lists) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [6. Font streaming](#font-streaming) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [13. Network Connection Status Indicator](#bkmk-ncsi) | ![Check mark](images/checkmark.png) | | | @@ -165,7 +167,7 @@ See the following table for a summary of the management settings for Windows Ser | Setting | Registry | Command line | | - | :-: | :-: | :-: | :-: | :-: | -| [1. Certificate trust lists](#certificate-trust-lists) | ![Check mark](images/checkmark.png) | | +| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | | | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | | | [20. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | | [27. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | | @@ -174,16 +176,15 @@ See the following table for a summary of the management settings for Windows Ser Use the following sections for more information about how to configure each setting. -### 1. Certificate trust lists +### 1. Automatic Root Certificates Update -A certificate trust list is a predefined list of items, such as a list of certificate hashes or a list of file name, that are signed by a trusted entity. Windows automatically downloads an updated certificate trust list when it is available. - -To turn off the automatic download of an updated certificate trust list, you can turn off automatic root updates, which also includes the disallowed certificate list and the pin rules list. +The Automatic Root Certificates Update component is designed to automatically check the list of trusted authorities on Windows Update to see if an update is available. +For more information, see [Automatic Root Certificates Update Configuration](https://technet.microsoft.com/library/cc733922.aspx). +Although not recommended, you can turn off Automatic Root Certificates Update, which also prevents updates to the disallowed certificate list and the pin rules list. > [!CAUTION] > By not automatically downloading the root certificates, the device might have not be able to connect to some websites. - For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server 2016 Server Core: - Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off Automatic Root Certificates Update** @@ -558,7 +559,7 @@ The following Microsoft Edge MDM policies are available in the [Policy CSP](http | Browser/FirstRunURL | Choose the home page for Microsoft Edge on Windows Mobile 10.
              Default: blank | -For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](http://technet.microsoft.com/library/mt270204.aspx). +For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies). ### 13. Network Connection Status Indicator @@ -1636,7 +1637,7 @@ You can stop sending file samples back to Microsoft. -or- -- For Windows 10 only, apply the Defender/SubmitSamplesConsent MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where: +- For Windows 10 only, apply the Defender/SubmitSamplesConsent MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender), where: - **0**. Always prompt. @@ -1682,9 +1683,9 @@ To remove Windows Media Player on Windows Server 2016: - Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer** -### 24. Windows spotlight +### 24. Windows Spotlight -Windows spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface or through Group Policy. +Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface, MDM policy, or through Group Policy. If you're running Windows 10, version 1607 or later, you only need to enable the following Group Policy: @@ -1695,6 +1696,10 @@ If you're running Windows 10, version 1607 or later, you only need to enable the -or- +- For Windows 10 only, apply the Experience/AllowWindowsSpotlight MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience), with a value of 0 (zero). + + -or- + - Create a new REG\_DWORD registry setting in **HKEY\_CURRENT\_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsSpotlightFeatures**, with a value of 1 (one). If you're not running Windows 10, version 1607 or later, you can use the other options in this section. @@ -1733,7 +1738,7 @@ If you're not running Windows 10, version 1607 or later, you can use the other o -or- - - Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsConsumerFeatures**, with a value of 1 (one). + - Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsConsumerFeatures**, with a value of 1 (one). For more info, see [Windows Spotlight on the lock screen](windows-spotlight.md). @@ -1847,7 +1852,7 @@ You can turn off automatic updates by doing one of the following. This is not re -or- -- For Windows 10 only, apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where: +- For Windows 10 only, apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update), where: - **0**. Notify the user before downloading the update. diff --git a/windows/configuration/manage-tips-and-suggestions.md b/windows/configuration/manage-tips-and-suggestions.md index 4485b5e7e7..39f2e28ac0 100644 --- a/windows/configuration/manage-tips-and-suggestions.md +++ b/windows/configuration/manage-tips-and-suggestions.md @@ -44,7 +44,7 @@ Windows 10, version 1607 (also known as the Anniversary Update), provides organi | Windows 10 Pro Education | Yes (default) | Yes | No (setting cannot be changed) | | Windows 10 Education | Yes (default) | Yes | No (setting cannot be changed) | - +[Learn more about policy settings for Windows Spotlight.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight) ## Related topics diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md index e4bec41c89..713a2b4b8d 100644 --- a/windows/configuration/provisioning-packages/provisioning-install-icd.md +++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md @@ -103,7 +103,7 @@ On devices running Windows 10, you can install [the Windows Configuration Design - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md) - [Create a provisioning package with multivariant settings](provisioning-multivariant.md) - +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897).   diff --git a/windows/configuration/set-up-a-device-for-anyone-to-use.md b/windows/configuration/set-up-a-device-for-anyone-to-use.md deleted file mode 100644 index af7765d2f8..0000000000 --- a/windows/configuration/set-up-a-device-for-anyone-to-use.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: Set up a device for anyone to use in kiosk mode (Windows 10) -description: You can configure Windows 10 as a kiosk device, so that users can only interact with a single app. -ms.assetid: F1F4FF19-188C-4CDC-AABA-977639C53CA8 -keywords: ["kiosk", "lockdown", "assigned access"] -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: jdeckerms -ms.localizationpriority: high ---- - -# Set up a device for anyone to use (kiosk mode) - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -**Looking for Windows Embedded 8.1 Industry information?** - -- [Assigned Access]( https://go.microsoft.com/fwlink/p/?LinkId=613653) - -You can configure a device running Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile, or Windows 10 Mobile Enterprise as a kiosk device, so that users can only interact with a single application that you select. - -Do you need a computer that can only do one thing? For example: - -- A device in the lobby that customers can use to view your product catalog. - -- A portable device that drivers can use to check a route on a map. - -- A device that a temporary worker uses to enter data. - -The following table identifies the type of application that can be used on each Windows 10 edition to create a kiosk device. - -> [!NOTE]   -> A Universal Windows app is built on the Universal Windows Platform (UWP), which was first introduced in Windows 8 as the Windows Runtime. A Classic Windows application uses the Classic Windows Platform (CWP) (e.g., COM, Win32, WPF, WinForms, etc.) and is typically launched using an .EXE or .DLL file. - -  - -| Windows 10 edition | Universal Windows app | Classic Windows application | -|--------------------|------------------------------------|--------------------------------------| -| Mobile | ![supported](images/checkmark.png) | ![unsupported](images/crossmark.png) | -| Mobile Enterprise | ![supported](images/checkmark.png) | ![unsupported](images/crossmark.png) | -| Pro | ![supported](images/checkmark.png) | ![unsupported](images/crossmark.png) | -| Enterprise | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) | -| Education | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) | - -  - -## In this section - - - ---- - - - - - - - - - - - - - - - - -
              TopicDescription

              [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md)

              A single-use device is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education). For a kiosk device to run a Universal Windows app, use the assigned access feature. For a kiosk device (Windows 10 Enterprise or Education) to run a Classic Windows application, use Shell Launcher to set a custom user interface as the shell.

              [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md)

              A device in kiosk mode runs a specified app with no access to other device functions, menus, or settings. You configure a device running Windows 10 Mobile or Windows 10 Mobile Enterprise for kiosk mode by using the Apps Corner feature. You can also use the Enterprise Assigned Access configuration service provider (CSP) to configure a kiosk experience.

              - - ## Learn more - -[Customizing Your Device Experience with Assigned Access](https://channel9.msdn.com/Events/Build/2016/P508) - -  - -  - - - - - diff --git a/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md index 7a5fa6db77..99ceb249ab 100644 --- a/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md +++ b/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md @@ -432,6 +432,6 @@ For a more secure kiosk experience, we recommend that you make the following con - [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md) - +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md index e203016bfa..6454a3fe7c 100644 --- a/windows/configuration/start-layout-xml-desktop.md +++ b/windows/configuration/start-layout-xml-desktop.md @@ -32,8 +32,7 @@ On Windows 10 for desktop editions, the customized Start works by: >[!NOTE] >Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/en-US/library/jj649079.aspx). ->[!NOTE] ->Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/library/jj649079.aspx). + ## LayoutModification XML diff --git a/windows/configuration/stop-employees-from-using-the-windows-store.md b/windows/configuration/stop-employees-from-using-the-windows-store.md index f8b7650447..71e3551c63 100644 --- a/windows/configuration/stop-employees-from-using-the-windows-store.md +++ b/windows/configuration/stop-employees-from-using-the-windows-store.md @@ -114,7 +114,7 @@ If you're using Microsoft Store for Business and you want employees to only see [Manage access to private store](/microsoft-store/manage-access-to-private-store) -  +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897).     diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md index d3dd731cdf..7e89dfdb30 100644 --- a/windows/configuration/wcd/wcd-accounts.md +++ b/windows/configuration/wcd/wcd-accounts.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md index daa6ca5eb8..52223258ad 100644 --- a/windows/configuration/wcd/wcd-admxingestion.md +++ b/windows/configuration/wcd/wcd-admxingestion.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-applicationmanagement.md b/windows/configuration/wcd/wcd-applicationmanagement.md index f032ce168c..af27cea5f0 100644 --- a/windows/configuration/wcd/wcd-applicationmanagement.md +++ b/windows/configuration/wcd/wcd-applicationmanagement.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md index ad5d7551fb..201fc633e1 100644 --- a/windows/configuration/wcd/wcd-assignedaccess.md +++ b/windows/configuration/wcd/wcd-assignedaccess.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-automatictime.md b/windows/configuration/wcd/wcd-automatictime.md index abb8bbd179..52d9845460 100644 --- a/windows/configuration/wcd/wcd-automatictime.md +++ b/windows/configuration/wcd/wcd-automatictime.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md index 787b6fa65b..a8af54b4f9 100644 --- a/windows/configuration/wcd/wcd-browser.md +++ b/windows/configuration/wcd/wcd-browser.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-callandmessagingenhancement.md b/windows/configuration/wcd/wcd-callandmessagingenhancement.md index bb07ccc02c..f3905fe8bc 100644 --- a/windows/configuration/wcd/wcd-callandmessagingenhancement.md +++ b/windows/configuration/wcd/wcd-callandmessagingenhancement.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md index 64258bbe02..7ea42d279d 100644 --- a/windows/configuration/wcd/wcd-cellular.md +++ b/windows/configuration/wcd/wcd-cellular.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md index 6347a4795d..4e414b4677 100644 --- a/windows/configuration/wcd/wcd-certificates.md +++ b/windows/configuration/wcd/wcd-certificates.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md index ec1f5eaadc..fa14dead06 100644 --- a/windows/configuration/wcd/wcd-cleanpc.md +++ b/windows/configuration/wcd/wcd-cleanpc.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md index 1ce0db8e5b..98fdd61592 100644 --- a/windows/configuration/wcd/wcd-connections.md +++ b/windows/configuration/wcd/wcd-connections.md @@ -5,14 +5,14 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- # Connections (Windows Configuration Designer reference) -Use to configure settings related to variou types of phone connections. +Use to configure settings related to various types of phone connections. ## Applies to diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md index bb7d3366c0..2a71e900c4 100644 --- a/windows/configuration/wcd/wcd-connectivityprofiles.md +++ b/windows/configuration/wcd/wcd-connectivityprofiles.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md index aea53e22de..84e1e611f1 100644 --- a/windows/configuration/wcd/wcd-countryandregion.md +++ b/windows/configuration/wcd/wcd-countryandregion.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md index 1cf770db9b..6f954aec14 100644 --- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md +++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md index e7c4378477..76c7f07631 100644 --- a/windows/configuration/wcd/wcd-developersetup.md +++ b/windows/configuration/wcd/wcd-developersetup.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md index dc1e5cd524..c9d4434a24 100644 --- a/windows/configuration/wcd/wcd-deviceformfactor.md +++ b/windows/configuration/wcd/wcd-deviceformfactor.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md index 9297174468..297225f5a1 100644 --- a/windows/configuration/wcd/wcd-devicemanagement.md +++ b/windows/configuration/wcd/wcd-devicemanagement.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md index 4efec80320..27a6b9dd36 100644 --- a/windows/configuration/wcd/wcd-dmclient.md +++ b/windows/configuration/wcd/wcd-dmclient.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md index cb2fd133b6..76e05d28ae 100644 --- a/windows/configuration/wcd/wcd-editionupgrade.md +++ b/windows/configuration/wcd/wcd-editionupgrade.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md b/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md index 833b66a43a..2203a1cb2b 100644 --- a/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md +++ b/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md index 5e394b2f6b..df61861e90 100644 --- a/windows/configuration/wcd/wcd-firewallconfiguration.md +++ b/windows/configuration/wcd/wcd-firewallconfiguration.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md index b3a53776ff..cf0f7c1983 100644 --- a/windows/configuration/wcd/wcd-firstexperience.md +++ b/windows/configuration/wcd/wcd-firstexperience.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md index bbad0c9cb9..08eff6065d 100644 --- a/windows/configuration/wcd/wcd-folders.md +++ b/windows/configuration/wcd/wcd-folders.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-initialsetup.md b/windows/configuration/wcd/wcd-initialsetup.md index db5b9cee8b..a579fca408 100644 --- a/windows/configuration/wcd/wcd-initialsetup.md +++ b/windows/configuration/wcd/wcd-initialsetup.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-internetexplorer.md b/windows/configuration/wcd/wcd-internetexplorer.md index d1a2e56c56..e3290e6905 100644 --- a/windows/configuration/wcd/wcd-internetexplorer.md +++ b/windows/configuration/wcd/wcd-internetexplorer.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md index 5b3ebb4f41..7ae7661ea8 100644 --- a/windows/configuration/wcd/wcd-licensing.md +++ b/windows/configuration/wcd/wcd-licensing.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md index 4a1bfc4a7a..afe5f92c1c 100644 --- a/windows/configuration/wcd/wcd-maps.md +++ b/windows/configuration/wcd/wcd-maps.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-messaging.md b/windows/configuration/wcd/wcd-messaging.md index a00378d147..871e87042c 100644 --- a/windows/configuration/wcd/wcd-messaging.md +++ b/windows/configuration/wcd/wcd-messaging.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-modemconfigurations.md b/windows/configuration/wcd/wcd-modemconfigurations.md index dc45dff1ef..98bae12f8b 100644 --- a/windows/configuration/wcd/wcd-modemconfigurations.md +++ b/windows/configuration/wcd/wcd-modemconfigurations.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-multivariant.md b/windows/configuration/wcd/wcd-multivariant.md index 37a5519dfd..fa8c0d735f 100644 --- a/windows/configuration/wcd/wcd-multivariant.md +++ b/windows/configuration/wcd/wcd-multivariant.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md index 7eb31bc61c..3689226767 100644 --- a/windows/configuration/wcd/wcd-networkproxy.md +++ b/windows/configuration/wcd/wcd-networkproxy.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md index 5906d70cdd..be9d9f4d69 100644 --- a/windows/configuration/wcd/wcd-networkqospolicy.md +++ b/windows/configuration/wcd/wcd-networkqospolicy.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-nfc.md b/windows/configuration/wcd/wcd-nfc.md index c03217c87e..1b56de1940 100644 --- a/windows/configuration/wcd/wcd-nfc.md +++ b/windows/configuration/wcd/wcd-nfc.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md index 7a72de6bb0..e609255e3d 100644 --- a/windows/configuration/wcd/wcd-oobe.md +++ b/windows/configuration/wcd/wcd-oobe.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-otherassets.md b/windows/configuration/wcd/wcd-otherassets.md index f5f33e19a2..ff79d72f5f 100644 --- a/windows/configuration/wcd/wcd-otherassets.md +++ b/windows/configuration/wcd/wcd-otherassets.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md index 27f82ea825..a5aaee541d 100644 --- a/windows/configuration/wcd/wcd-personalization.md +++ b/windows/configuration/wcd/wcd-personalization.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index 72357237a0..f672b70b05 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md index 5ed43d8d18..7ab3bd2e35 100644 --- a/windows/configuration/wcd/wcd-provisioningcommands.md +++ b/windows/configuration/wcd/wcd-provisioningcommands.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md index d771bbee7b..a22b949f8b 100644 --- a/windows/configuration/wcd/wcd-sharedpc.md +++ b/windows/configuration/wcd/wcd-sharedpc.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- @@ -58,4 +58,6 @@ Use these settings to configure policies for shared PC mode. ## Related topics -- [Set up shared or guest PC](../set-up-shared-or-guest-pc.md) \ No newline at end of file +- [Set up shared or guest PC](../set-up-shared-or-guest-pc.md) + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/configuration/wcd/wcd-shell.md b/windows/configuration/wcd/wcd-shell.md index 8d7ad0b7ff..a0b581cb04 100644 --- a/windows/configuration/wcd/wcd-shell.md +++ b/windows/configuration/wcd/wcd-shell.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md index ce6de17758..df459903c7 100644 --- a/windows/configuration/wcd/wcd-smisettings.md +++ b/windows/configuration/wcd/wcd-smisettings.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md index 25fcc57075..3256dea604 100644 --- a/windows/configuration/wcd/wcd-start.md +++ b/windows/configuration/wcd/wcd-start.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md index 06c5b20b7a..3e9d1ca9b2 100644 --- a/windows/configuration/wcd/wcd-startupapp.md +++ b/windows/configuration/wcd/wcd-startupapp.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md index 6b0840c310..2e5c3fa161 100644 --- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md +++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md index f2da4a2dd6..4a6dbb3dd3 100644 --- a/windows/configuration/wcd/wcd-surfacehubmanagement.md +++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md index a8d2ea900a..5f454d89bb 100644 --- a/windows/configuration/wcd/wcd-tabletmode.md +++ b/windows/configuration/wcd/wcd-tabletmode.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md index 75613f3b2e..c498ffd865 100644 --- a/windows/configuration/wcd/wcd-takeatest.md +++ b/windows/configuration/wcd/wcd-takeatest.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-theme.md b/windows/configuration/wcd/wcd-theme.md index 2d3e643f85..bc5710c264 100644 --- a/windows/configuration/wcd/wcd-theme.md +++ b/windows/configuration/wcd/wcd-theme.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md index fe65f8413f..5ba21b01a3 100644 --- a/windows/configuration/wcd/wcd-unifiedwritefilter.md +++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md index 6ba1b3993a..50f88c2fdc 100644 --- a/windows/configuration/wcd/wcd-universalappinstall.md +++ b/windows/configuration/wcd/wcd-universalappinstall.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md index 17bbc8f15b..70cd723052 100644 --- a/windows/configuration/wcd/wcd-universalappuninstall.md +++ b/windows/configuration/wcd/wcd-universalappuninstall.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md index 7175b5e14b..47596e69d3 100644 --- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md +++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- @@ -13,7 +13,7 @@ ms.date: 08/21/2017 # UsbErrorsOEMOverride (reference) -Use UsbErrorsOEMOverride settings to . +Allows an OEM to hide the USB option UI in Settings and all USB device errors. ## Applies to @@ -24,4 +24,4 @@ Use UsbErrorsOEMOverride settings to . ## HideUsbErrorNotifyOptionUI - +Configure to **Show** or **Hide** the USB error notification. diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md index f1316bc77a..92f8844d81 100644 --- a/windows/configuration/wcd/wcd-weakcharger.md +++ b/windows/configuration/wcd/wcd-weakcharger.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md index b9ee438e22..26c23a84ce 100644 --- a/windows/configuration/wcd/wcd-windowsteamsettings.md +++ b/windows/configuration/wcd/wcd-windowsteamsettings.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md index 6b641db70f..80bbb26cf5 100644 --- a/windows/configuration/wcd/wcd-wlan.md +++ b/windows/configuration/wcd/wcd-wlan.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md index 901e30a048..8db1aa11a4 100644 --- a/windows/configuration/wcd/wcd-workplace.md +++ b/windows/configuration/wcd/wcd-workplace.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md index 38f6061d9f..080f9e469f 100644 --- a/windows/configuration/wcd/wcd.md +++ b/windows/configuration/wcd/wcd.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: jdeckerMS -localizationpriority: medium +ms.localizationpriority: medium ms.author: jdecker ms.date: 08/21/2017 --- diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md index 10de96a306..35ab57c372 100644 --- a/windows/configuration/windows-10-start-layout-options-and-policies.md +++ b/windows/configuration/windows-10-start-layout-options-and-policies.md @@ -111,7 +111,7 @@ The new taskbar layout for upgrades to Windows 10, version 1607 or later, will a - [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md) -  +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897).  diff --git a/windows/configuration/windows-diagnostic-data.md b/windows/configuration/windows-diagnostic-data.md index 611432abea..9f56ccf841 100644 --- a/windows/configuration/windows-diagnostic-data.md +++ b/windows/configuration/windows-diagnostic-data.md @@ -6,12 +6,14 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high -author: brianlic-msft +author: eross-msft +ms.author: lizross +ms.date: 09/14/2017 --- # Windows 10, version 1703 Diagnostic Data -Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide relevant tips and recommendations to tailor Microsoft products to the user’s needs. This article describes all types diagnostic data collected by Windows at the Full telemetry level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1703 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md). +Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide more relevant tips and recommendations to tailor Microsoft products to the user’s needs. This article describes all types diagnostic data collected by Windows at the Full telemetry level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1703 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md). The data covered in this article is grouped into the following categories: @@ -21,10 +23,8 @@ The data covered in this article is grouped into the following categories: - Product and Service Usage data - Product and Service Performance data - Software Setup and Inventory data -- Content Consumption data -- Browsing, Search and Query data +- Browsing History data - Inking, Typing, and Speech Utterance data -- Licensing and Purchase data > [!NOTE] > The majority of diagnostic data falls into the first four categories. @@ -66,8 +66,15 @@ This type of data includes details about the health of the device, operating sys | Category Name | Description and Examples | | - | - | -| Device health and crash data | Information about the device and software health such as:

              • Error codes and error messages, name and ID of the app, and process reporting the error
              • DLL library predicted to be the source of the error -- xyz.dll
              • System generated files -- app or product logs and trace files to help diagnose a crash or hang
              • System settings such as registry keys
              • User generated files – .doc, .ppt, .csv files where they are indicated as a potential cause for a crash or hang
              • Details and counts of abnormal shutdowns, hangs, and crashes
              • Crash failure data – OS, OS component, driver, device, 1st and 3rd party app data
              • Crash and Hang dumps
                • The recorded state of the working memory at the point of the crash.
                • Memory in use by the kernel at the point of the crash.
                • Memory in use by the application at the point of the crash.
                • All the physical memory used by Windows at the point of the crash.
                • Class and function name within the module that failed.
                | -| Device performance and reliability data | Information about the device and software performance such as:
                • User Interface interaction durations -- Start Menu display times, browser tab switch times, app launch and switch times, and Cortana and search performance and reliability.
                • Device on/off performance -- Device boot, shutdown, power on/off, lock/unlock times, and user authentication times (fingerprint and face recognition durations).
                • In-app responsiveness -- time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction.
                • User input responsiveness – onscreen keyboard invocation times for different languages, time to show auto-complete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score.
                • UI and media performance and glitches/smoothness -- video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance
                • Disk footprint -- Free disk space, out of memory conditions, and disk score.
                • Excessive resource utilization – components impacting performance or battery life through high CPU usage during different screen and power states
                • Background task performance -- download times, Windows Update scan duration, Windows Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results
                • Peripheral and devices -- USB device connection times, time to connect to a wireless display, printing times, network availability and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP etc.), smart card authentication times, automatic brightness environmental response times
                • Device setup -- first setup experience times (time to install updates, install apps, connect to network etc.), time to recognize connected devices (printer and monitor), and time to setup Microsoft Account.
                • Power and Battery life – power draw by component (Process/CPU/GPU/Display), hours of screen off time, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use during screen off, auto-brightness details, time device is plugged into AC vs. battery, battery state transitions
                • Service responsiveness - Service URI, operation, latency, service success/error codes, and protocol.
                • Diagnostic heartbeat – regular signal to validate the health of the diagnostics system
                +|Device health and crash data | Information about the device and software health such as:
                • Error codes and error messages, name and ID of the app, and process reporting the error
                • DLL library predicted to be the source of the error -- xyz.dll
                • System generated files -- app or product logs and trace files to help diagnose a crash or hang
                • System settings such as registry keys
                • User generated files – .doc, .ppt, .csv files where they are indicated as a potential cause for a crash or hang
                • Details and counts of abnormal shutdowns, hangs, and crashes
                • Crash failure data – OS, OS component, driver, device, 1st and 3rd party app data
                • Crash and Hang dumps
                  • The recorded state of the working memory at the point of the crash.
                  • Memory in use by the kernel at the point of the crash.
                  • Memory in use by the application at the point of the crash.
                  • All the physical memory used by Windows at the point of the crash.
                  • Class and function name within the module that failed.
                  | +|Device performance and reliability data | Information about the device and software performance such as:
                  • User Interface interaction durations -- Start Menu display times, browser tab switch times, app launch and switch times, and Cortana and search performance and reliability.
                  • Device on/off performance -- Device boot, shutdown, power on/off, lock/unlock times, and user authentication times (fingerprint and face recognition durations).
                  • In-app responsiveness -- time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction.
                  • User input responsiveness – onscreen keyboard invocation times for different languages, time to show auto-complete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score.
                  • UI and media performance and glitches/smoothness -- video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance
                  • Disk footprint -- Free disk space, out of memory conditions, and disk score.
                  • Excessive resource utilization – components impacting performance or battery life through high CPU usage during different screen and power states
                  • Background task performance -- download times, Windows Update scan duration, Windows Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results
                  • Peripheral and devices -- USB device connection times, time to connect to a wireless display, printing times, network availability and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP etc.), smart card authentication times, automatic brightness environmental response times
                  • Device setup -- first setup experience times (time to install updates, install apps, connect to network etc.), time to recognize connected devices (printer and monitor), and time to setup Microsoft Account.
                  • Power and Battery life – power draw by component (Process/CPU/GPU/Display), hours of screen off time, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use during screen off, auto-brightness details, time device is plugged into AC vs. battery, battery state transitions
                  • Service responsiveness - Service URI, operation, latency, service success/error codes, and protocol.
                  • Diagnostic heartbeat – regular signal to validate the health of the diagnostics system
                  | +|Movies|Information about movie consumption functionality on the device. This isn't intended to capture user viewing, listening or habits.
                  • Video Width, height, color pallet, encoding (compression) type, and encryption type
                  • Instructions for how to stream content for the user -- the smooth streaming manifest of chunks of content files that must be pieced together to stream the content based on screen resolution and bandwidth
                  • URL for a specific two second chunk of content if there is an error
                  • Full screen viewing mode details| +|Music & TV|Information about music and TV consumption on the device. This isn't intended to capture user viewing, listening or habits.
                    • Service URL for song being downloaded from the music service – collected when an error occurs to facilitate restoration of service
                    • Content type (video, audio, surround audio)
                    • Local media library collection statistics -- number of purchased tracks, number of playlists
                    • Region mismatch -- User OS Region, and Xbox Live region
                    | +|Reading|Information about reading consumption functionality on the device. This isn't intended to capture user viewing, listening or habits.
                    • App accessing content and status and options used to open a Microsoft Store book
                    • Language of the book
                    • Time spent reading content
                    • Content type and size details
                    | +|Photos App|Information about photos usage on the device. This isn't intended to capture user viewing, listening or habits.
                    • File source data -- local, SD card, network device, and OneDrive
                    • Image & video resolution, video length, file sizes types and encoding
                    • Collection view or full screen viewer use and duration of view
                  | +|On-device file query | Information about local search activity on the device such as:
                  • Kind of query issued and index type (ConstraintIndex, SystemIndex)
                  • Number of items requested and retrieved
                  • File extension of search result user interacted with
                  • Launched item kind, file extension, index of origin, and the App ID of the opening app.
                  • Name of process calling the indexer and time to service the query.
                  • A hash of the search scope (file, Outlook, OneNote, IE history)
                  • The state of the indices (fully optimized, partially optimized, being built)
                  | +|Purchasing| Information about purchases made on the device such as:
                  • Product ID, edition ID and product URI
                  • Offer details -- price
                  • Order requested date/time
                  • Store client type -- web or native client
                  • Purchase quantity and price
                  • Payment type -- credit card type and PayPal
                  | +|Entitlements | Information about entitlements on the device such as:
                  • Service subscription status and errors
                  • DRM and license rights details -- Groove subscription or OS volume license
                  • Entitlement ID, lease ID, and package ID of the install package
                  • Entitlement revocation
                  • License type (trial, offline vs online) and duration
                  • License usage session
                  | ## Software Setup and Inventory data @@ -78,25 +85,13 @@ This type of data includes software installation and update information on the d | Installed Applications and Install History | Information about apps, drivers, update packages, or OS components installed on the device such as:
                  • App, driver, update package, or component’s Name, ID, or Package Family Name
                  • Product, SKU, availability, catalog, content, and Bundle IDs
                  • OS component, app or driver publisher, language, version and type (Win32 or UWP)
                  • Install date, method, and install directory, count of install attempts
                  • MSI package code and product code
                  • Original OS version at install time
                  • User or administrator or mandatory installation/update
                  • Installation type – clean install, repair, restore, OEM, retail, upgrade, and update
                  | | Device update information | Information about Windows Update such as:
                  • Update Readiness analysis of device hardware, OS components, apps, and drivers (progress, status, and results)
                  • Number of applicable updates, importance, type
                  • Update download size and source -- CDN or LAN peers
                  • Delay upgrade status and configuration
                  • OS uninstall and rollback status and count
                  • Windows Update server and service URL
                  • Windows Update machine ID
                  • Windows Insider build details
                  -## Content Consumption data +## Browsing History data -This type of data includes diagnostic details about Microsoft applications that provide media consumption functionality (such as Groove Music), and is not intended to capture user viewing, listening or reading habits. - -| Category Name | Examples | -| - | - | -| Movies | Information about movie consumption functionality on the device such as:
                  • Video Width, height, color pallet, encoding (compression) type, and encryption type
                  • Instructions for how to stream content for the user -- the smooth streaming manifest of chunks of content files that must be pieced together to stream the content based on screen resolution and bandwidth
                  • URL for a specific two second chunk of content if there is an error
                  • Full screen viewing mode details
                  | -| Music & TV | Information about music and TV consumption on the device such as:
                  • Service URL for song being downloaded from the music service – collected when an error occurs to facilitate restoration of service
                  • Content type (video, audio, surround audio)
                  • Local media library collection statistics -- number of purchased tracks, number of playlists
                  • Region mismatch -- User OS Region, and Xbox Live region
                  | -| Reading | Information about reading consumption functionality on the device such as:
                  • App accessing content and status and options used to open a Microsoft Store book
                  • Language of the book
                  • Time spent reading content
                  • Content type and size details
                  | -| Photos App | Information about photos usage on the device such as:
                  • File source data -- local, SD card, network device, and OneDrive
                  • Image & video resolution, video length, file sizes types and encoding
                  • Collection view or full screen viewer use and duration of view
                  - -## Browsing, Search and Query data - -This type of data includes details about web browsing, search and query activity in the Microsoft browsers and Cortana, and local file searches on the device. +This type of data includes details about web browsing in the Microsoft browsers. | Category Name | Description and Examples | | - | - | | Microsoft browser data | Information about Address bar and search box performance on the device such as:
                  • Text typed in address bar and search box
                  • Text selected for Ask Cortana search
                  • Service response time
                  • Auto-completed text if there was an auto-complete
                  • Navigation suggestions provided based on local history and favorites
                  • Browser ID
                  • URLs (which may include search terms)
                  • Page title
                  | -| On-device file query | Information about local search activity on the device such as:
                  • Kind of query issued and index type (ConstraintIndex, SystemIndex)
                  • Number of items requested and retrieved
                  • File extension of search result user interacted with
                  • Launched item kind, file extension, index of origin, and the App ID of the opening app.
                  • Name of process calling the indexer and time to service the query.
                  • A hash of the search scope (file, Outlook, OneNote, IE history)
                  • The state of the indices (fully optimized, partially optimized, being built)
                  | ## Inking Typing and Speech Utterance data @@ -105,13 +100,4 @@ This type of data gathers details about the voice, inking, and typing input feat | Category Name | Description and Examples | | - | - | -| Voice, inking, and typing | Information about voice, inking and typing features such as:
                  • Type of pen used (highlighter, ball point, pencil), pen color, stroke height and width, and how long it is used
                  • Pen gestures (click, double click, pan, zoom, rotate)
                  • Palm Touch x,y coordinates
                  • Input latency, missed pen signals, number of frames, strokes, first frame commit time, sample rate
                  • Ink strokes written, text before and after the ink insertion point, recognized text entered, Input language - processed to remove identifiers, sequencing information, and other data (such as names, email addresses, and numeric values) which could be used to reconstruct the original content or associate the input to the user.
                  • Text of speech recognition results -- result codes and recognized text
                  • Language and model of the recognizer, System Speech language
                  • App ID using speech features
                  • Whether user is known to be a child
                  • Confidence and Success/Failure of speech recognition
                  | - -## ​​​​​​​Licensing and Purchase data - -This type of data includes diagnostic details about the purchase and entitlement activity on the device. - -| Category Name | Data Examples | -| - | - | -| Purchase history | Information about purchases made on the device such as:
                  • Product ID, edition ID and product URI
                  • Offer details -- price
                  • Order requested date/time
                  • Store client type -- web or native client
                  • Purchase quantity and price
                  • Payment type -- credit card type and PayPal
                  | -| Entitlements | Information about entitlements on the device such as:
                  • Service subscription status and errors
                  • DRM and license rights details -- Groove subscription or OS volume license
                  • Entitlement ID, lease ID, and package ID of the install package
                  • Entitlement revocation
                  • License type (trial, offline vs online) and duration
                  • License usage session
                  | \ No newline at end of file +| Voice, inking, and typing | Information about voice, inking and typing features such as:
                  • Type of pen used (highlighter, ball point, pencil), pen color, stroke height and width, and how long it is used
                  • Pen gestures (click, double click, pan, zoom, rotate)
                  • Palm Touch x,y coordinates
                  • Input latency, missed pen signals, number of frames, strokes, first frame commit time, sample rate
                  • Ink strokes written, text before and after the ink insertion point, recognized text entered, Input language - processed to remove identifiers, sequencing information, and other data (such as email addresses and numeric values) which could be used to reconstruct the original content or associate the input to the user.
                  • Text input from Windows Mobile on-screen keyboards except from password fields and private sessions - processed to remove identifiers, sequencing information, and other data (such as email addresses, and numeric values) which could be used to reconstruct the original content or associate the input to the user.
                  • Text of speech recognition results -- result codes and recognized text
                  • Language and model of the recognizer, System Speech language
                  • App ID using speech features
                  • Whether user is known to be a child
                  • Confidence and Success/Failure of speech recognition
                  | \ No newline at end of file diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/windows-spotlight.md index f786f2f6ad..2f86c87a24 100644 --- a/windows/configuration/windows-spotlight.md +++ b/windows/configuration/windows-spotlight.md @@ -79,7 +79,7 @@ Pay attention to the checkbox in **Options**. In addition to providing the path [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md) -  +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897).    diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md index 4c6db249d6..5055de6869 100644 --- a/windows/deployment/TOC.md +++ b/windows/deployment/TOC.md @@ -221,6 +221,7 @@ ### [Windows Insider Program for Business](update/waas-windows-insider-for-business.md) #### [Windows Insider Program for Business using Azure Active Directory](update/waas-windows-insider-for-business-aad.md) #### [Windows Insider Program for Business Frequently Asked Questions](update/waas-windows-insider-for-business-faq.md) +#### [Olympia Corp enrollment](update/olympia/olympia-enrollment-guidelines.md) ### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md) ## Windows Analytics @@ -243,4 +244,6 @@ #### [Get started with Device Health](update/device-health-get-started.md) #### [Using Device Health](update/device-health-using.md) -## [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md) \ No newline at end of file +## [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md) + +## [Architectural planning posters for Windows 10](windows-10-architecture-posters.md) \ No newline at end of file diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index a05a03bbe9..a3c44c5ab1 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -15,8 +15,18 @@ author: greg-lindsay This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with [Windows 10 Enterprise Subscription Activation](windows-10-enterprise-subscription-activation.md) or [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD). ->Note: Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later. ->Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later. +>Note: Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later.
                  +>Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
                  + +## Enabling Subscription Activation with an existing EA + +If you are an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant: + +1. Work with your reseller to place an order for $0 SKU. There are two SKUs available, depending on their current Windows Enterprise SA license:
                  + a. **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3
                  + b. **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5
                  +2. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant. +3. The admin can now assign subscription licenses to users. Also in this article: - [Explore the upgrade experience](#explore-the-upgrade-experience): How to upgrade devices using the deployed licenses. @@ -195,5 +205,4 @@ Devices must be running Windows 10 Pro, version 1703, and be Azure Active Direct A popup window will display the Windows 10 version number and detailed OS build information. - If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal. - + If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal. \ No newline at end of file diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index e11c92867c..95255b68f9 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -79,7 +79,7 @@ For more information, see [MBR2GPT.EXE](mbr-to-gpt.md). ### Microsoft Deployment Toolkit (MDT) -MDT build 884 is available, including support for: +MDT build 8443 is available, including support for: - Deployment and upgrade of Windows 10, version 1607 (including Enterprise LTSB and Education editions) and Windows Server 2016. - The Windows ADK for Windows 10, version 1607. - Integration with Configuration Manager version 1606. diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md index e5e8d59bf7..4662c2d40d 100644 --- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md +++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md @@ -642,3 +642,5 @@ After some time, you will have a Windows 10 Enterprise x64 image that is fully [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md) [Configure MDT settings](configure-mdt-settings.md) + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index f98e4c4744..f7c08f33ec 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -652,3 +652,5 @@ Figure 14. The partitions when deploying an UEFI-based machine. [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md) [Configure MDT settings](configure-mdt-settings.md) + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md index ea7feeecfa..2f9a7b58e0 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md +++ b/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md @@ -91,3 +91,6 @@ The information in this guide is designed to help you deploy Windows 10. In ord [Sideload apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10) [Volume Activation for Windows 10](../volume-activation/volume-activation-windows-10.md) + + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md index aa4243f2cf..d493765134 100644 --- a/windows/deployment/deploy.md +++ b/windows/deployment/deploy.md @@ -6,6 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: high +ms.date: 09/05/2017 author: greg-lindsay --- diff --git a/windows/deployment/images/ua-step2-blades.png b/windows/deployment/images/ua-step2-blades.png new file mode 100644 index 0000000000..c86f7a4338 Binary files /dev/null and b/windows/deployment/images/ua-step2-blades.png differ diff --git a/windows/deployment/images/ua-step2-low-risk.png b/windows/deployment/images/ua-step2-low-risk.png new file mode 100644 index 0000000000..6e9daf0233 Binary files /dev/null and b/windows/deployment/images/ua-step2-low-risk.png differ diff --git a/windows/deployment/index.md b/windows/deployment/index.md index 7d139ec69e..6841274b4c 100644 --- a/windows/deployment/index.md +++ b/windows/deployment/index.md @@ -6,6 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: high +ms.date: 09/05/2017 author: greg-lindsay --- diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index c87802238e..d898782a7c 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy author: greg-lindsay +ms.date: 09/05/2017 ms.localizationpriority: high --- @@ -17,28 +18,41 @@ ms.localizationpriority: high ## Summary -**MBR2GPT.EXE** converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS). +**MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option. -MBR2GPT.EXE is located in the **Windows\\System32** directory on a Windows 10 computer running Windows 10 version 1703 or later. +See the following video for a detailed description and demonstration of MBR2GPT. -You can use MBR2GPT to perform the following: + -- \[Within the Windows PE environment\]: Convert any attached MBR-formatted system disk to the GPT partition format. -- \[From within the currently running OS\]: Convert any attached MBR-formatted system disk to the GPT partition format. - ->MBR2GPT is available in Windows 10 version 1703, also known as Windows 10 Creator's Update, and later versions. +>MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later. >The tool is available in both the full OS environment and Windows PE. -You can use MBR2GPT to convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them. +You can use MBR2GPT to: -The MBR2GPT tool can convert operating system disks that have earlier versions of Windows 10 installed, such as versions 1507, 1511, and 1607. However, you must run the tool while booted into Windows 10 version 1703 or later, and perform an offline conversion. +- Convert any attached MBR-formatted system disk to the GPT partition format. You cannot use the tool to convert non-system disks from MBR to GPT. +- Convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them. +- Convert operating system disks that have earlier versions of Windows 10 installed, such as versions 1507, 1511, and 1607. However, you must run the tool while booted into Windows 10 version 1703 or later, and perform an offline conversion. Offline conversion of system disks with earlier versions of Windows installed, such as Windows 7, 8, or 8.1 are not officially supported. The recommended method to convert these disks is to upgrade the operating system to Windows 10 first, then perform the MBR to GPT conversion. >[!IMPORTANT] >After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode.
                  Make sure that your device supports UEFI before attempting to convert the disk. - +## Prerequisites + +Before any change to the disk is made, MBR2GPT validates the layout and geometry of the selected disk to ensure that: +- The disk is currently using MBR +- There is enough space not occupied by partitions to store the primary and secondary GPTs: + - 16KB + 2 sectors at the front of the disk + - 16KB + 1 sector at the end of the disk +- There are at most 3 primary partitions in the MBR partition table +- One of the partitions is set as active and is the system partition +- The disk does not have any extended/logical partition +- The BCD store on the system partition contains a default OS entry pointing to an OS partition +- The volume IDs can be retrieved for each volume which has a drive letter assigned +- All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option + +If any of these checks fails, the conversion will not proceed and an error will be returned. ## Syntax @@ -217,22 +231,6 @@ The following steps illustrate high-level phases of the MBR-to-GPT conversion pr 5. The boot configuration data (BCD) store is updated. 6. Drive letter assignments are restored. -### Disk validation - -Before any change to the disk is made, MBR2GPT validates the layout and geometry of the selected disk to ensure that: -- The disk is currently using MBR -- There is enough space not occupied by partitions to store the primary and secondary GPTs: - - 16KB + 2 sectors at the front of the disk - - 16KB + 1 sector at the end of the disk -- There are at most 3 primary partitions in the MBR partition table -- One of the partitions is set as active and is the system partition -- The disk does not have any extended/logical partition -- The BCD store on the system partition contains a default OS entry pointing to an OS partition -- The volume IDs can be retrieved for each volume which has a drive letter assigned -- All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option - -If any of these checks fails, the conversion will not proceed and an error will be returned. - ### Creating an EFI system partition For Windows to remain bootable after the conversion, an EFI system partition (ESP) must be in place. MBR2GPT creates the ESP using the following rules: @@ -402,3 +400,5 @@ In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is [Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
                  [Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
                  [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/deployment/update/device-health-get-started.md b/windows/deployment/update/device-health-get-started.md index eaf38c75d5..9df4b51c9b 100644 --- a/windows/deployment/update/device-health-get-started.md +++ b/windows/deployment/update/device-health-get-started.md @@ -39,37 +39,37 @@ Online Crash Analysis | oca.telemetry.microsoft.com Device Health is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). -**If you are already using OMS**, you’ll find Device Health in the Solutions Gallery. Select the **Device Health** tile in the gallery and then click **Add** on the solution's details page. Device Health is now visible in your workspace. +**If you are already using OMS**, you’ll find Device Health in the Solutions Gallery. Select the **Device Health** tile in the gallery and then click **Add** on the solution's details page. Device Health is now visible in your workspace. While you're in the Solutions Gallery, you should consider installing the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) and [Update Compliance](update-compliance-monitor.md) solutions as well, if you haven't already. **If you are not yet using OMS**, use the following steps to subscribe to OMS Device Health: 1. Go to [Operations Management Suite](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**. - [![](images/uc-02a.png)](images/uc-02.png) + [![Operations Management Suite bar with sign-in button](images/uc-02a.png)](images/uc-02.png) 2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. - [![](images/uc-03a.png)](images/uc-03.png) + [![OMS Sign-in dialog box for account name and password](images/uc-03a.png)](images/uc-03.png) 3. Create a new OMS workspace. - [![](images/uc-04a.png)](images/uc-04.png) + [![OMS dialog with buttons to create a new OMS workspace or cancel](images/uc-04a.png)](images/uc-04.png) 4. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Click **Create**. - [![](images/uc-05a.png)](images/uc-05.png) + [![OMS Create New Workspace dialog](images/uc-05a.png)](images/uc-05.png) 5. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. If you do not yet have an Azure subscription, follow [this guide](https://blogs.technet.microsoft.com/upgradeanalytics/2016/11/08/linking-operations-management-suite-workspaces-to-microsoft-azure/) to create and link an Azure subscription to an OMS workspace. - [![](images/uc-06a.png)](images/uc-06.png) + [![OMS dialog to link existing Azure subscription or create a new one](images/uc-06a.png)](images/uc-06.png) -6. To add Device Health to your workspace, go to the Solution Gallery, Select the **Device Health** tile and then select **Add** on the solution's detail page. +6. To add Device Health to your workspace, go to the Solution Gallery, Select the **Device Health** tile and then select **Add** on the solution's detail page. While you have this dialog open, you should also consider adding the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) and [Update Compliance](update-compliance-monitor.md) solutions as well, if you haven't already. To do so, just select the check boxes for those solutions. - [![](images/uc-08a.png)](images/uc-08.png) + [![Windows Analytics details page in Solutions Gallery](images/solution-bundle.png)](images/solution-bundle.png) -7. Click the **Device Health** tile to configure the solution. The **Settings Dashboard** opens. +7. Click the **Device Health** tile to configure the solution. The **Settings Dashboard** opens. In this example, both Upgrade Readiness and Device Health solutions have been added. - [![](images/uc-09a.png)](images/uc-09.png) + [![OMS Settings Dashboard showing Device Health and Upgrade Readiness tiles](images/OMS-after-adding-solution.jpg)](images/OMS-after-adding-solution.jpg) @@ -89,7 +89,7 @@ In order for your devices to show up in Windows Analytics: Device Health, they m 3. In the **Options** box, under **Commercial Id**, type the Commercial ID GUID, and then click **OK**.

                  - Using Microsoft Mobile Device Management (MDM)

                  -Microsoft’s Mobile Device Management can be used to deploy your Commercial ID to your organization’s devices. The Commercial ID is listed under **Provider/ProviderID/CommercialID**. More information on deployment using MDM can be found [here](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/dmclient-csp).   +Microsoft’s Mobile Device Management can be used to deploy your Commercial ID to your organization’s devices. The Commercial ID is listed under **Provider/ProviderID/CommercialID**. You can find more information on deployment using MDM at the [DMClient Configuration Service Provider topic](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/dmclient-csp).   ## Perform checks to ensure and verify successful deployment diff --git a/windows/deployment/update/images/OMS-after-adding-solution.jpg b/windows/deployment/update/images/OMS-after-adding-solution.jpg new file mode 100644 index 0000000000..d06a896f6e Binary files /dev/null and b/windows/deployment/update/images/OMS-after-adding-solution.jpg differ diff --git a/windows/deployment/update/images/solution-bundle.png b/windows/deployment/update/images/solution-bundle.png new file mode 100644 index 0000000000..70cec8d8f4 Binary files /dev/null and b/windows/deployment/update/images/solution-bundle.png differ diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md index 01404a9781..6ba9b74048 100644 --- a/windows/deployment/update/index.md +++ b/windows/deployment/update/index.md @@ -48,3 +48,5 @@ Windows as a service provides a new way to think about building, deploying, and >[!TIP] >Windows servicing is changing, but for disaster recovery scenarios and bare-metal deployments of Windows 10, you still can use traditional imaging software such as System Center Configuration Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows 10 images is similar to deploying previous versions of Windows. >With each release of a new feature update for CB, Microsoft makes available new .iso files for use in updating your custom images. Each Windows 10 build has a finite servicing lifetime, so it’s important that images stay up to date with the latest build. For detailed information about how to deploy Windows 10 to bare-metal machines or to upgrade to Windows 10 from previous builds of Windows, see [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](../deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md). + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/deployment/update/olympia/images/1-1.png b/windows/deployment/update/olympia/images/1-1.png new file mode 100644 index 0000000000..ee06527529 Binary files /dev/null and b/windows/deployment/update/olympia/images/1-1.png differ diff --git a/windows/deployment/update/olympia/images/1-3.png b/windows/deployment/update/olympia/images/1-3.png new file mode 100644 index 0000000000..807e895aa5 Binary files /dev/null and b/windows/deployment/update/olympia/images/1-3.png differ diff --git a/windows/deployment/update/olympia/images/1-4.png b/windows/deployment/update/olympia/images/1-4.png new file mode 100644 index 0000000000..3e63d1c078 Binary files /dev/null and b/windows/deployment/update/olympia/images/1-4.png differ diff --git a/windows/deployment/update/olympia/images/2-3.png b/windows/deployment/update/olympia/images/2-3.png new file mode 100644 index 0000000000..7006da4179 Binary files /dev/null and b/windows/deployment/update/olympia/images/2-3.png differ diff --git a/windows/deployment/update/olympia/images/2-4.png b/windows/deployment/update/olympia/images/2-4.png new file mode 100644 index 0000000000..677679a000 Binary files /dev/null and b/windows/deployment/update/olympia/images/2-4.png differ diff --git a/windows/deployment/update/olympia/images/2-5.png b/windows/deployment/update/olympia/images/2-5.png new file mode 100644 index 0000000000..cfec6f7ce0 Binary files /dev/null and b/windows/deployment/update/olympia/images/2-5.png differ diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md new file mode 100644 index 0000000000..fddd959017 --- /dev/null +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -0,0 +1,103 @@ +--- +title: Olympia Corp enrollment guidelines +description: Olympia Corp enrollment guidelines +ms.author: nibr +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nickbrower +ms.date: 09/14/2017 +--- + +# Olympia Corp enrollment guidelines + +Welcome to Olympia Corp. Here are the steps to add your account to your PC. + +As part of Windows Insider Lab for Enterprise, you can upgrade to Windows 10 Enterprise from Windows 10 Pro. This upgrade is optional. Since certain features such as Windows Defender Application Guard are only available on Windows 10 Enterprise, we recommend you to upgrade. + +Choose one of the following two enrollment options: + +1. [Keep your current Windows 10 edition](#enrollment-keep-current-edition) + +2. [Upgrade your Windows 10 edition from Pro to Enterprise](#enrollment-upgrade-to-enterprise) + + + +## Keep your current Windows 10 edition + +1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)). + + ![Settings -> Accounts](images/1-1.png) + +2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**. + +3. Click **Connect** and enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**. + + ![Set up a work or school account](images/1-3.png) + +4. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password. + + > [!NOTE] + > Passwords should contain 8-16 characters, including at least one special character or number. + + ![Update your password](images/1-4.png) + +5. Read the **Terms and Conditions**. Click **Accept** to participate in the program. + +6. If this is the first time you are logging in, please fill in the additional information to help you retrieve your account details. + +7. Create a PIN for signing into your Olympia corporate account. + +8. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**. + + > [!NOTE] + > To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness). + +9. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**. + + + +## Upgrade your Windows 10 edition from Pro to Enterprise + +1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)). + + ![Settings -> Accounts](images/1-1.png) + +2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**. + +3. Click **Connect**, then click **Join this device to Azure Active Directory**. + + ![Update your password](images/2-3.png) + +4. Enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**. + + ![Set up a work or school account](images/2-4.png) + +5. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password. + + > [!NOTE] + > Passwords should contain 8-16 characters, including at least one special character or number. + + ![Update your password](images/2-5.png) + +6. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**. + +7. If this is the first time you are signing in, please fill in the additional information to help you retrieve your account details. + +8. Create a PIN for signing into your Olympia corporate account. + +9. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**. + +10. Restart your PC. + +11. In the sign-in screen, choose **Other User** and sign in with your **Olympia corporate account**. Your PC will upgrade to Windows 10 Enterprise*. + +12. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**. + + > [!NOTE] + > To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness). + +13. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**. + +\* Please note that your Windows 10 Enterprise license will not be renewed if your PC is not connected to Olympia. + diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 822dbf7bd1..8e3da008da 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay +author: jaimeo --- # Get started with Update Compliance @@ -25,75 +25,79 @@ Update Compliance has the following requirements: 2. The solution requires that Windows 10 telemetry is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) enabled. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization). 3. The telemetry of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint: -Service | Endpoint ---- | --- -Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
                  settings-win.data.microsoft.com -Windows Error Reporting | watson.telemetry.microsoft.com -Online Crash Analysis | oca.telemetry.microsoft.com + Service | Endpoint + --- | --- + Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
                  settings-win.data.microsoft.com + Windows Error Reporting | watson.telemetry.microsoft.com + Online Crash Analysis | oca.telemetry.microsoft.com - 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV. + 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Troublehsoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md) topic for help on ensuring the configuration is correct. + + For endpoints running Windows 10, version 1607 or earlier, [Windows telemetry must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level). + + See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV. ## Add Update Compliance to Microsoft Operations Management Suite Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). -If you are already using OMS, you’ll find Update Compliance in the Solutions Gallery. Select the **Update Compliance** tile in the gallery and then click **Add** on the solution's details page. Update Compliance is now visible in your workspace. +If you are already using OMS, you’ll find Update Compliance in the Solutions Gallery. Select the **Update Compliance** tile in the gallery and then click **Add** on the solution's details page. Update Compliance is now visible in your workspace. While you're in the Solutions Gallery, you should consider installing the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) and [Device Health](device-health-monitor.md) solutions as well, if you haven't already. If you are not yet using OMS, use the following steps to subscribe to OMS Update Compliance: 1. Go to [Operations Management Suite](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**. - [![](images/uc-02a.png)](images/uc-02.png) + [![Operations Management Suite bar with sign-in button](images/uc-02a.png)](images/uc-02.png) 2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. - [![](images/uc-03a.png)](images/uc-03.png) + [![OMS Sign-in dialog box for account name and password](images/uc-03a.png)](images/uc-03.png) 3. Create a new OMS workspace. - [![](images/uc-04a.png)](images/uc-04.png) + [![OMS dialog with buttons to create a new OMS workspace or cancel](images/uc-04a.png)](images/uc-04.png) 4. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Click **Create**. - [![](images/uc-05a.png)](images/uc-05.png) + [![OMS Create New Workspace dialog](images/uc-05a.png)](images/uc-05.png) 5. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. If you do not yet have an Azure subscription, follow [this guide](https://blogs.technet.microsoft.com/upgradeanalytics/2016/11/08/linking-operations-management-suite-workspaces-to-microsoft-azure/) to create and link an Azure subscription to an OMS workspace. - [![](images/uc-06a.png)](images/uc-06.png) + [![OMS dialog to link existing Azure subscription or create a new one](images/uc-06a.png)](images/uc-06.png) -6. To add the Update Compliance solution to your workspace, go to the Solutions Gallery. +6. To add the Update Compliance solution to your workspace, go to the Solutions Gallery. While you have this dialog open, you should also consider adding the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) and [Device Health](device-health-monitor.md) solutions as well, if you haven't already. To do so, just select the check boxes for those solutions. - [![](images/uc-07a.png)](images/uc-07.png) + [![OMS workspace with Solutions Gallery tile highlighted](images/uc-07a.png)](images/uc-07.png) 7. Select the **Update Compliance** tile in the gallery and then select **Add** on the solution’s details page. You might need to scroll to find **Update Compliance**. The solution is now visible in your workspace. - [![](images/uc-08a.png)](images/uc-08.png) + [![Workspace showing Solutions Gallery](images/uc-08a.png)](images/uc-08.png) 8. Click the **Update Compliance** tile to configure the solution. The **Settings Dashboard** opens. - [![](images/uc-09a.png)](images/uc-09.png) + [![OMS workspace with new Update Compliance tile on the right side highlighted](images/uc-09a.png)](images/uc-09.png) 9. Click **Subscribe** to subscribe to OMS Update Compliance. You will then need to distribute your Commercial ID across all your organization’s devices. More information on the Commercial ID is provided below. - [![](images/uc-10a.png)](images/uc-10.png) + [![Series of blades showing Connected Sources, Windows Telemetry, and Upgrade Analytics solution with Subscribe button](images/uc-10a.png)](images/uc-10.png) After you are subscribed to OMS Update Compliance and your devices have a Commercial ID, you will begin receiving data. It will typically take 24 hours for the first data to begin appearing. The following section explains how to deploy your Commercial ID to your Windows 10 devices. diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index 9daa1a5103..a49a7adb06 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -147,7 +147,10 @@ Devices are evaluated by OS Version (e.g., 1607) and the count of how many are C You'll notice some new tiles in the Overview blade which provide a summary of Windows Defender AV-related issues, highlighted in the following screenshot. -![verview blade showing a summary of key Windows Defender Antivirus issues](images/update-compliance-wdav-overview.png) +![Overview blade showing a summary of key Windows Defender Antivirus issues](images/update-compliance-wdav-overview.png) + +>[!IMPORTANT] +>If your devices are not showing up in the Windows Defender AV assessment section, check the [Troublshoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting) topic for help. The **AV Signature** chart shows the number of devices that either have up-to-date [protection updates (also known as signatures or definitions)](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus), while the **Windows Defender AV Status** tile indicates the percentage of all assessed devices that are not updated and do not have real-time protection enabled. The Windows Defender Antivirus Assessment section provides more information that lets you investigate potential issues. diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 2b77126ecf..be0f75a719 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -21,7 +21,7 @@ ms.date: 07/27/2017 Delivery Optimization is a self-organizing distributed cache solution for businesses looking to reduce bandwidth consumption for operating system updates, operating system upgrades, and applications by allowing clients to download those elements from alternate sources (such as other peers on the network) in addition to the traditional Internet-based Windows Update servers. You can use Delivery Optimization in conjunction with stand-alone Windows Update, Windows Server Update Services (WSUS), and Windows Update for Business. This functionality is similar to BranchCache in other systems, such as System Center Configuration Manager. -Delivery Optimization is a cloud managed solution. Having access to the Delivery Optimization cloud services, is a requirement for it to be enabled. This mean that in order to utilize the peer-to-peer functionality of Delivery Optimization, machines need to have access to the internet. +Delivery Optimization is a cloud managed solution. Having access to the Delivery Optimization cloud services, is a requirement for it to be enabled. This means that in order to utilize the peer-to-peer functionality of Delivery Optimization, machines need to have access to the internet. For more details, see [Download mode](#download-mode). diff --git a/windows/deployment/update/waas-manage-updates-configuration-manager.md b/windows/deployment/update/waas-manage-updates-configuration-manager.md index 0fdb3289c7..4cccf0d888 100644 --- a/windows/deployment/update/waas-manage-updates-configuration-manager.md +++ b/windows/deployment/update/waas-manage-updates-configuration-manager.md @@ -328,3 +328,5 @@ With the task sequence created, you’re ready to deploy it. If you’re using t - [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md) - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md) - [Manage device restarts after updates](waas-restart.md) + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index 765051754a..a342d1a579 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -353,4 +353,6 @@ Now that you have the All Windows 10 Upgrades view, complete the following steps - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) - [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md) - [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) -- [Manage device restarts after updates](waas-restart.md) \ No newline at end of file +- [Manage device restarts after updates](waas-restart.md) + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index fac84472ae..54085bccf6 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -198,4 +198,6 @@ With all these options, which an organization chooses depends on the resources, - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) - [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md) -- [Manage device restarts after updates](waas-restart.md) \ No newline at end of file +- [Manage device restarts after updates](waas-restart.md) + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md index 81aed1c722..71202e04e6 100644 --- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md @@ -966,3 +966,5 @@ Alternatively, re-create installation media the [Media Creation Tool](https://ww
                  [Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
                  [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
                  [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index 8681080388..90fabf7307 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -author: greg-lindsay +author: jaimeo --- # Get started with Upgrade Readiness @@ -43,7 +43,7 @@ Upgrade Readiness is offered as a solution in the Microsoft Operations Managemen >[!IMPORTANT] >Upgrade Readiness is a free solution. When configured correctly, all data associated with the Upgrade Readiness solution are exempt from billing in both OMS and Azure. Upgrade Readiness data **do not** count toward OMS daily upload limits. -If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace. +If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace. While you have this dialog open, you should also consider adding the [Device Health](../update/device-health-monitor.md) and [Update Compliance](../update/update-compliance-monitor.md) solutions as well, if you haven't already. To do so, just select the check boxes for those solutions. If you are not using OMS: @@ -54,9 +54,9 @@ If you are not using OMS: > If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens. -1. To add the Upgrade Readiness solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Readiness** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Readiness. +5. To add the Upgrade Readiness solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Readiness** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Readiness. -2. Click the **Upgrade Readiness** tile to configure the solution. The **Settings Dashboard** opens. +6. Click the **Upgrade Readiness** tile to configure the solution. The **Settings Dashboard** opens. ### Generate your commercial ID key @@ -64,7 +64,7 @@ Microsoft uses a unique commercial ID to map information from user computers to 1. On the Settings Dashboard, navigate to the **Windows telemetry** panel. - ![upgrade-readiness-telemetry](../images/upgrade-analytics-telemetry.png) + ![Windows Telemetry dialog showing button for "how to enable telemetry," the current commercial ID key, and a Subsribe button](../images/upgrade-analytics-telemetry.png) 2. On the Windows telemetry panel, copy and save your commercial ID key. You’ll need to insert this key into the Upgrade Readiness deployment script later so it can be deployed to user computers. @@ -84,9 +84,9 @@ To enable data sharing, whitelist the following endpoints. Note that you may nee | **Endpoint** | **Function** | |---------------------------------------------------------|-----------| -| `https://v10.vortex-win.data.microsoft.com/collect/v1`
                  `https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. | -| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. | -| `https://go.microsoft.com/fwlink/?LinkID=544713`
                  `https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. | +| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for Windows 10 computers. User computers send data to Microsoft through this endpoint. +| `https://Vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for operating systems older than Windows 10 +| `https://settings.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. | Note: The compatibility update KB runs under the computer’s system account. diff --git a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md index 9ca055c5f5..731feea00e 100644 --- a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md +++ b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md @@ -2,7 +2,7 @@ title: Upgrade Readiness - Resolve application and driver issues (Windows 10) description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Readiness. ms.prod: w10 -author: greg-lindsay +author: jaimeo --- # Upgrade Readiness - Step 2: Resolve app and driver issues @@ -14,8 +14,8 @@ This section of the Upgrade Readiness workflow reports application and driver in The blades in the **Step 2: Resolve issues** section are: - [Review applications with known issues](#review-applications-with-known-issues) -- [Review applications with no known issues](#review-applications-with-no-known-issues) - [Review known driver issues](#review-known-driver-issues) +- [Review low-risk apps and drivers](#review-low-risk-apps-and-drivers) - [Prioritize app and driver testing](#prioritize-app-and-driver-testing) >You can change an application’s upgrade decision and a driver’s upgrade decision from the blades in this section. To change an application’s or a driver’s importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list. @@ -48,7 +48,7 @@ To change an application's upgrade decision: 4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list. 5. Click **Save** when finished. -IMORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information. +IMPORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information. For applications assessed as **Attention needed**, review the table below for details about known issues and for guidance about how to resolve them, when possible. @@ -107,26 +107,6 @@ The following table lists possible values for **ReadyForWindows** and what they |Adoption status available | NamePublisher | A Ready for Windows adoption status is available for one or more versions of this application. Please check Ready for Windows to learn more. |Check [Ready for Windows](https://www.readyforwindows.com/) for adoption information for this application.| | Unknown | Any | There is no Ready for Windows information available for this version of this application. Information may be available for other versions of the application at [Ready for Windows](https://www.readyforwindows.com/). | N/A | -## Review applications with no known issues - -Applications with no issues known to Microsoft are listed, grouped by upgrade decision. - -![Review applications with no known issues](../images/upgrade-analytics-apps-no-known-issues.png) - -Applications with no known issues that are installed on 2% or less of your total computer inventory \[number of computers application is installed on/total number of computers in your inventory\] are automatically marked **Ready to upgrade** and included in the applications reviewed count. Applications with no known issues that are installed on more than 2% of your total computer inventory are automatically marked **Not reviewed**. - -Be sure to review low install count applications for any business critical or important applications that may not yet be upgrade-ready, despite their low installation rates. - -To change an application's upgrade decision: - -1. Select **Decide upgrade readiness** to view applications with issues. Select **Table** to view the list in a table. - -2. Select **User changes** to change the upgrade decision for each application. - -3. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list. - -4. Click **Save** when finished. - ## Review drivers with known issues Drivers that won’t migrate to the new operating system are listed, grouped by availability. @@ -152,9 +132,30 @@ To change a driver’s upgrade decision: 4. Click **Save** when finished. +## Review low-risk apps and drivers + +Applications and drivers that are meet certain criteria to be considered low risk are displayed on this blade. + +![Blade showing low-risk apps](../images/ua-step2-low-risk.png) + +The first row reports the number of your apps that have an official statement of support on Windows 10 from the software vendor, so you can be confident that they will work on your target operating system. + +The second row (**Apps that are "Highly adopted"**) shows apps that have a ReadyForWindows status of "Highly adopted". This means that they have been installed on at least 100,000 commercial Windows 10 devices, and that Microsoft has not detected significant issues with the app in telemetry. Since these apps are prevalent in the ecosystem at large, you can be confident that they will work in your environment as well. + +Each row of the blade uses a different criterion to filter your apps or drivers. You can view a list of applications that meet the criterion by clicking into a row of the blade. For example, if you click the row that says "Apps that are 'Highly adopted'", the result is a list of apps that have a ReadyForWindows status of "Highly adopted". From here, you can bulk-select the results, select **Ready to upgrade**, and then click **Save**.  This will mark all apps meeting the "Highly adopted" criterion as "Ready to upgrade"--no further validation is required. Any applications that you have marked as *Mission critical* or *Business critical* are filtered out, as well as any app that has an issue known to Microsoft. This allows you to work with apps in bulk without having to worry about missing a critical app. + +You can customize the criteria further by using the Log Search query language. For example, if a ReadyForWindows status of "Adopted" is not sufficient by itself for you to be confident in an app's compatibility, you can add additional filters. To do this, click the row labeled **Apps that are 'Adopted'**.  Then, modify the resulting query to fit your company's risk tolerance. If, for example, you prefer that an app must be "Adopted" and have fewer than 1,000 installations, then add *TotalInstalls < 1000* to the end of the Log Search query. Similarly, you can append additional criteria by using other attributes such as monthly active users or app importance. + +>[!NOTE] +>Apps that you have designated as *Mission critical* or *Business critical* are automatically **excluded** from the counts on this blade. If an app is critical, you should always validate it manually it prior to upgrading. + + At the bottom of the blade, the **OTHER APPS AND DRIVERS IN NEED OF REVIEW** section allows you to quickly access apps you have designated as **Mission critical** or **Business critical**, your remaining apps that still need to be reviewed, and your remaining drivers that need to be reviewed. + + + ## Prioritize app and driver testing -Planning and executing an OS upgrade project can be overwhelming. When you are tasked with evaluating thousands of applications and drivers to ensure a successful upgrade, it can be difficult to decide where to start. The Upgrade Readiness solution provides valuable assistance for you, helping to determine the most important apps and drivers to unblock and enabling you yo create a proposed action plan. +Planning and executing an OS upgrade project can be overwhelming. When you are tasked with evaluating thousands of applications and drivers to ensure a successful upgrade, it can be difficult to decide where to start. The Upgrade Readiness solution provides valuable assistance for you, helping to determine the most important apps and drivers to unblock and enabling you yo create a proposed action plan. ### Proposed action plan diff --git a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md index 807cd59c14..e074aad404 100644 --- a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md +++ b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md @@ -2,7 +2,7 @@ title: Use Upgrade Readiness to manage Windows upgrades (Windows 10) description: Describes how to use Upgrade Readiness to manage Windows upgrades. ms.prod: w10 -author: greg-lindsay +author: jaimeo --- # Use Upgrade Readiness to manage Windows upgrades @@ -14,7 +14,7 @@ You can use Upgrade Readiness to prioritize and work through application and dri When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks. -![Workflow](../images/ua-cg-15.png) +![Series of blades showing Upgrade Overview, Step 1: Identify Important Apps, Prioritize Applications, Step 2: Resolve issues, and Review applications with known issues](../images/ua-cg-15.png) Each step in the workflow is enumerated using blue tiles. Helpful data is provided on white tiles to help you get started, to monitor your progress, and to complete each step. @@ -35,7 +35,7 @@ Also see the following topic for information about additional items that can be The target version setting is used to evaluate the number of computers that are already running the default version of Windows 10, or a later version. The target version of Windows 10 is displayed on the upgrade overview tile. See the following example: -![Target version](../images/ur-target-version.png) +![Upgrade overview showing target version](../images/ur-target-version.png) As mentioned previously, the default target version in Upgrade Readiness is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target version setting is used to evaluate the number of computers that are already running this version of Windows, or a later version. @@ -45,10 +45,10 @@ You now have the ability to change the Windows 10 version you wish to target. Th To change the target version setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Readiness solution: -![Target version](../images/ua-cg-08.png) +![Upgrade Readiness dialog showing gear labeled Solution Settings](../images/ua-cg-08.png) >You must be signed in to Upgrade Readiness as an administrator to view settings. On the **Upgrade Readiness Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target version setting are reflected in evaluations when a new snapshot is uploaded to your workspace. -![Target version](../images/ur-settings.png) +![Upgrade Readiness Settings dialog showing gear labeled Save and arrow labeled Cancel](../images/ur-settings.png) diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md index 7b48b01727..8dd86431f4 100644 --- a/windows/deployment/upgrade/windows-10-upgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md @@ -337,7 +337,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar [Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
                  [Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)   - +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897).   diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 118d52b056..7213b01b6c 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -5,6 +5,7 @@ ms.assetid: 5a37e390-8617-4768-9eee-50397fbbb2e1 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library +ms.date: 09/07/2017 author: greg-lindsay --- @@ -28,6 +29,8 @@ The following sections discuss common issues that you might see when you run the [Hard Link Migration Problems](#bkmk-hardlink) +[USMT does not migrate the Start layout](#usmt-does-not-migrate-the-start-layout) + ## General Guidelines for Identifying Migration Problems @@ -222,6 +225,28 @@ There are three typical causes for this issue. **Resolution:** To migrate PST files that are not linked to Outlook profiles, you must create a separate migration rule to capture these files. +### USMT does not migrate the Start layout + +**Description:** You are using USMT to migrate profiles from one installation of Windows 10 to another installation of Windows 10 on different hardware. After migration, the user signs in on the new device and does not have the Start menu layout they had previously configured. + +**Cause:** A code change in the Start Menu with Windows 10 version 1607 and later is incompatible with this USMT function. + +**Resolution:** The following workaround is available: + +1. With the user signed in, back up the Start layout using the following Windows PowerShell command. You can specify a different path if desired: + + ``` + Export-StartLayout -Path "C:\Layout\user1.xml" + ``` +2. Migrate the user's profile with USMT. +3. Before the user signs in on the new device, import the Start layout using the following Windows PowerShell command: + + ``` + Import-StartLayout –LayoutPath "C:\Layout\user1.xml" –MountPath %systemdrive% + ``` + +This workaround changes the Default user's Start layout. The workaround does not scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will sign on to the device you should delete layoutmodification.xml from the Default user profile. Otherwise, all users who sign on to that device will use the imported Start layout. + ## Offline Migration Problems @@ -286,6 +311,10 @@ USMTutils /rd You should also reboot the machine. + + + + ## Related topics diff --git a/windows/deployment/usmt/usmt-overview.md b/windows/deployment/usmt/usmt-overview.md index 9dca476f1c..63c0c66725 100644 --- a/windows/deployment/usmt/usmt-overview.md +++ b/windows/deployment/usmt/usmt-overview.md @@ -46,6 +46,8 @@ There are some scenarios in which the use of USMT is not recommended. These incl ## Related topics - [User State Migration Tool (USMT) Technical Reference](usmt-technical-reference.md) +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). +     diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md index 6ff122772a..02e64c33e8 100644 --- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md +++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md @@ -1,6 +1,6 @@ --- -title: What Does USMT Migrate (Windows 10) -description: What Does USMT Migrate +title: What does USMT migrate (Windows 10) +description: What does USMT migrate ms.assetid: f613987d-0f17-43fe-9717-6465865ceda7 ms.prod: w10 ms.mktglfcycl: deploy @@ -8,23 +8,23 @@ ms.sitesec: library author: greg-lindsay --- -# What Does USMT Migrate? +# What does USMT migrate? -## In This Topic +## In this topic -- [Default Migration Scripts](#bkmk-defaultmigscripts) +- [Default migration scripts](#bkmk-defaultmigscripts) - [User Data](#bkmk-3) -- [Operating-System Components](#bkmk-4) +- [Operating-system components](#bkmk-4) -- [Supported Applications](#bkmk-2) +- [Supported applications](#bkmk-2) -- [What USMT Does Not Migrate](#no) +- [What USMT does not migrate](#no) -## Default Migration Scripts +## Default migration scripts The User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language. USMT provides the following sample scripts: @@ -43,7 +43,7 @@ The User State Migration Tool (USMT) 10.0 is designed so that an IT engineer ca - Access control lists (ACLs) for folders outside the user profile. -## User Data +## User data This section describes the user data that USMT migrates by default, using the MigUser.xml file. It also defines how to migrate ACLs. @@ -52,6 +52,9 @@ This section describes the user data that USMT migrates by default, using the Mi My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites. + >[!IMPORTANT] + >Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](https://docs.microsoft.com/windows/deployment/usmt/usmt-common-issues#usmt-does-not-migrate-the-start-layout). + - **Folders from the All Users and Public profiles.** When you specify the MigUser.xml file, USMT also migrates the following from the **All Users** profile in Windows® XP, or the **Public** profile in Windows Vista, Windows 7, or Windows 8: - Shared Documents @@ -84,7 +87,7 @@ To migrate ACLs, you must specify the directory to migrate in the MigUser.xml fi   -## Operating-System Components +## Operating-system components USMT migrates operating-system components to a destination computer from computers running Windows 7 and Windows 8 @@ -151,7 +154,7 @@ Some settings, such as fonts, are not applied by the LoadState tool until after   -## Supported Applications +## Supported applications Although it is not required for all applications, it is good practice to install all applications on the destination computer before restoring the user state. Installing applications before migrating settings helps to ensure that the migrated settings are not overwritten by the application installers. @@ -361,12 +364,12 @@ When you specify the MigApp.xml file, USMT migrates the settings for the followi   -## What USMT Does Not Migrate +## What USMT does not migrate The following is a list of the settings that USMT does not migrate. If you are having a problem that is not listed here, see [Common Issues](usmt-common-issues.md). -### Application Settings +### Application settings USMT does not migrate the following application settings: @@ -382,7 +385,7 @@ USMT does not migrate the following application settings: - You attempt to migrate from a 32-bit computer to a 64-bit computer. This is because the ICQ Pro default installation directory is different on the two types of computers. When you install ICQ Pro on a 32-bit computer, the default location is "C:\\Program Files\\...". The ICQ Pro default installation directory on an x64-based computer, however, is “C:\\Program Files (x86)\\...”. -### Operating-System Settings +### Operating-System settings USMT does not migrate the following operating-system settings. @@ -402,10 +405,14 @@ You should also note the following: - You can use the /**localonly** option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify /**localonly**, see [ScanState Syntax](usmt-scanstate-syntax.md). +### Start menu layout + +Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](https://docs.microsoft.com/windows/deployment/usmt/usmt-common-issues#usmt-does-not-migrate-the-start-layout). + ## Related topics -[Plan Your Migration](usmt-plan-your-migration.md) +[Plan your migration](usmt-plan-your-migration.md)   diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md index a6f560cc33..fc38a3df22 100644 --- a/windows/deployment/vda-subscription-activation.md +++ b/windows/deployment/vda-subscription-activation.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy localizationpriority: high ms.sitesec: library ms.pagetype: mdt -ms.date: 08/23/2017 +ms.date: 09/05/2017 author: greg-lindsay --- @@ -15,6 +15,11 @@ author: greg-lindsay This document describes how to configure virtual machines (VMs) to enable [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops. +Deployment instructions are provided for the following scenarios: +1. [Active Directory-joined VMs](#active-directory-joined-vms) +2. [Azure Active Directory-joined VMs](#azure-active-directory-joined-vms) +3. [Azure Gallery VMs](#azure-gallery-vms) + ## Requirements - VMs must be running Windows 10 Pro, version 1703 (also known as the Creator's Update) or later. @@ -64,7 +69,35 @@ For Azure AD-joined VMs, follow the same instructions (above) as for [Active Dir - In step 9, during setup with Windows Configuration Designer, under **Name**, type a name for the project that indicates it is not for Active Directory joined VMs, such as **Desktop Bulk Enrollment Token Pro GVLK**. - In step 12, during setup with Windows Configuration Designer, on the Account Management page, instead of enrolling in Active Directory, choose **Enroll in Azure AD**, click **Get Bulk Token**, sign in and add the bulk token using your organization's credentials. - In step 17, when entering the PackagePath, use the project name you entered in step 9 (ex: **Desktop Bulk Enrollment Token Pro GVLK.ppkg**) -- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described below. +- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described below in [Create custom RDP settings for Azure](#create-custom-rpd-settings-for-azure). + +## Azure Gallery VMs + +1. (Optional) To disable network level authentication, type the following at an elevated command prompt: + + ``` + REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f + ``` + +2. At an elevated command prompt, type **sysdm.cpl** and press ENTER. +3. On the Remote tab, choose **Allow remote connections to this computer** and then click **Select Users**. +4. Click **Add**, type **Authenticated users**, and then click **OK** three times. +(https://docs.microsoft.com/azure/virtual-machines/windows/prepare-for-upload-vhd-image#steps-to-generalize-a-vhd). +5. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd). +6. Open Windows Configuration Designer and click **Provison desktop services**. +7. Under **Name**, type **Desktop Bulk Enrollment Token Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name. + - Note: You can use a different project name, but this name is also used with dism.exe in a subsequent step. +8. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**. +9. On the Set up network page, choose **Off**. +10. On the Account Management page, choose **Enroll in Azure AD**, click **Get Bulk Token**, sign in, and add the bulk token using your organizations credentials. +11. On the Add applications page, add applications if desired. This step is optional. +12. On the Add certificates page, add certificates if desired. This step is optional. +13. On the Finish page, click **Create**. +14. Copy the .ppkg file to the remote Virtual machine. Double click to initiate the provisioning package install. This will reboot the system. + +- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described [below](#create-custom-rpd-settings-for-azure). + +## Create custom RDP settings for Azure To create custom RDP settings for Azure: diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md index 57fdf3e0a6..3960b898bb 100644 --- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md +++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md @@ -138,4 +138,4 @@ For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KM ## See also - [Volume Activation for Windows 10](volume-activation-windows-10.md)   -  +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897).   diff --git a/windows/deployment/windows-10-architecture-posters.md b/windows/deployment/windows-10-architecture-posters.md new file mode 100644 index 0000000000..93173ce925 --- /dev/null +++ b/windows/deployment/windows-10-architecture-posters.md @@ -0,0 +1,25 @@ +--- +title: Deploy Windows 10 - architectural posters +description: Provides architural planning posters for Windows 10 in the enterprise +ms.prod: w10 +ms.author: elizapo +author: lizap +ms.date: 09/28/2017 +ms.tgt_pltfrm: na +ms.topic: article +ms.localizationpriority: low +--- +# Architectural planning posters for Windows 10 + +You can download the following posters for architectural information about deploying Windows 10 in the enterprise. + +- [Deploy Windows 10 - Clean installation](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf) + Learn about the options and steps for a new installation of Windows 10. +- [Deploy Windows 10 - In-place upgrade](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf) + Learn about the steps to upgrade from a previous version of Windows. +- [Deploy Windows 10 - Windows AutoPilot](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf) + Learn how you can set up and pre-configure Windows 10 devices. +- [Deploy Windows 10 - Windows servicing](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/WindowsServicing.pdf) + Learn how to keep Windows up to date. +- [Deploy Windows 10 - Protection solutions](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/ProtectionSolutions.pdf) + Learn about the two tiers of protection available for Windows 10 devices. diff --git a/windows/deployment/windows-10-auto-pilot.md b/windows/deployment/windows-10-auto-pilot.md index 4bcaef04a8..1549e2d687 100644 --- a/windows/deployment/windows-10-auto-pilot.md +++ b/windows/deployment/windows-10-auto-pilot.md @@ -18,7 +18,7 @@ ms.date: 06/30/2017 - Windows 10 -Windows AutoPilot is a collection of technologies used to setup and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.
                  +Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.
                  This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple. ## Benefits of Windows AutoPilot @@ -100,3 +100,5 @@ In order for your devices to be auto-enrolled into MDM management, MDM auto-enro >[!NOTE] >MDM auto-enrollment requires an Azure AD Premium P1 or P2 subscription. + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md index 242f5aa4e7..16998068fa 100644 --- a/windows/deployment/windows-10-deployment-scenarios.md +++ b/windows/deployment/windows-10-deployment-scenarios.md @@ -131,4 +131,6 @@ The deployment process for the replace scenario is as follows: - [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) - [Windows setup technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619357) - [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=619358) -- [UEFI firmware](https://go.microsoft.com/fwlink/p/?LinkId=619359) \ No newline at end of file +- [UEFI firmware](https://go.microsoft.com/fwlink/p/?LinkId=619359) + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md index d6f852cae5..a801374cb3 100644 --- a/windows/deployment/windows-10-deployment-tools.md +++ b/windows/deployment/windows-10-deployment-tools.md @@ -21,3 +21,5 @@ Learn about the tools available to deploy Windows 10. |[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. | |[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. | |[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals | + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-enterprise-subscription-activation.md index c767d18075..9f6b5c02a8 100644 --- a/windows/deployment/windows-10-enterprise-subscription-activation.md +++ b/windows/deployment/windows-10-enterprise-subscription-activation.md @@ -102,7 +102,7 @@ changepk.exe /ProductKey %ProductKey% ### Obtaining an Azure AD licence Enterprise Agreement/Software Assurance (EA/SA): -- Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Azure AD (ideally to groups using the new Azure AD Premium feature for group assignment). +- Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Azure AD (ideally to groups using the new Azure AD Premium feature for group assignment). For more information, see [Enabling Subscription Activation with an existing EA](https://docs.microsoft.com/en-us/windows/deployment/deploy-enterprise-licenses#enabling-subscription-activation-with-an-existing-ea). - The license administrator can assign seats to Azure AD users with the same process that is used for O365. - New EA/SA Windows Enterprise customers can acquire both an SA subscription and an associated $0 cloud subscription. diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index eb042d424b..dc842b3f38 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -239,8 +239,8 @@ This section contains several procedures to support Zero Touch installation with 1. Type the following commands at a Windows PowerShell prompt on SRV1: ``` - New-Item -ItemType Directory -Path "C:Sources\OSD\Boot" - New-Item -ItemType Directory -Path "C:Sources\OSD\OS" + New-Item -ItemType Directory -Path "C:\Sources\OSD\Boot" + New-Item -ItemType Directory -Path "C:\Sources\OSD\OS" New-Item -ItemType Directory -Path "C:\Sources\OSD\Settings" New-Item -ItemType Directory -Path "C:\Sources\OSD\Branding" New-Item -ItemType Directory -Path "C:\Sources\OSD\MDT" @@ -560,7 +560,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 1. Type the following commands at an elevated Windows PowerShell prompt on SRV1: ``` - New-Item -ItemType Directory -Path "C:Sources\OSD\OS\Windows 10 Enterprise x64" + New-Item -ItemType Directory -Path "C:\Sources\OSD\OS\Windows 10 Enterprise x64" cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64" ``` diff --git a/windows/device-security/TOC.md b/windows/device-security/TOC.md index 6895c3208e..0ac76da289 100644 --- a/windows/device-security/TOC.md +++ b/windows/device-security/TOC.md @@ -89,7 +89,7 @@ #### [AppLocker Settings](applocker\applocker-settings.md) ## [BitLocker](bitlocker\bitlocker-overview.md) -### [Overview of BitLocker and device encryption in Windows 10](bitlocker\bitlocker-device-encryption-overview-windows-10.md) +### [Overview of BitLocker Device Encryption in Windows 10](bitlocker\bitlocker-device-encryption-overview-windows-10.md) ### [BitLocker frequently asked questions (FAQ)](bitlocker\bitlocker-frequently-asked-questions.md) ### [Prepare your organization for BitLocker: Planning and policies](bitlocker\prepare-your-organization-for-bitlocker-planning-and-policies.md) ### [BitLocker basic deployment](bitlocker\bitlocker-basic-deployment.md) diff --git a/windows/device-security/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/device-security/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md index d99dda899b..9898cd57e6 100644 --- a/windows/device-security/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md +++ b/windows/device-security/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md @@ -12,7 +12,8 @@ author: brianlic-msft # Add rules for packaged apps to existing AppLocker rule-set **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT). diff --git a/windows/device-security/applocker/administer-applocker.md b/windows/device-security/applocker/administer-applocker.md index 0940acac92..327c091fee 100644 --- a/windows/device-security/applocker/administer-applocker.md +++ b/windows/device-security/applocker/administer-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Administer AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies. diff --git a/windows/device-security/applocker/applocker-architecture-and-components.md b/windows/device-security/applocker/applocker-architecture-and-components.md index 98760516ec..1d788081eb 100644 --- a/windows/device-security/applocker/applocker-architecture-and-components.md +++ b/windows/device-security/applocker/applocker-architecture-and-components.md @@ -12,7 +12,8 @@ author: brianlic-msft # AppLocker architecture and components **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professional describes AppLocker’s basic architecture and its major components. diff --git a/windows/device-security/applocker/applocker-functions.md b/windows/device-security/applocker/applocker-functions.md index cd1534c55b..1f4bac9193 100644 --- a/windows/device-security/applocker/applocker-functions.md +++ b/windows/device-security/applocker/applocker-functions.md @@ -12,7 +12,8 @@ author: brianlic-msft # AppLocker functions **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features. diff --git a/windows/device-security/applocker/applocker-overview.md b/windows/device-security/applocker/applocker-overview.md index 1d4fe3bc2f..c79f90e6e1 100644 --- a/windows/device-security/applocker/applocker-overview.md +++ b/windows/device-security/applocker/applocker-overview.md @@ -13,7 +13,8 @@ author: brianlic-msft # AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. @@ -133,3 +134,5 @@ For reference in your security planning, the following table identifies the base | [AppLocker design guide](applocker-policies-design-guide.md) | This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker. | | [AppLocker deployment guide](applocker-policies-deployment-guide.md) | This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies. | | [AppLocker technical reference](applocker-technical-reference.md) | This overview topic for IT professionals provides links to the topics in the technical reference. | + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/device-security/applocker/applocker-policies-deployment-guide.md b/windows/device-security/applocker/applocker-policies-deployment-guide.md index 2adc3ff79b..c229df7483 100644 --- a/windows/device-security/applocker/applocker-policies-deployment-guide.md +++ b/windows/device-security/applocker/applocker-policies-deployment-guide.md @@ -13,7 +13,8 @@ author: brianlic-msft # AppLocker deployment guide **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies. diff --git a/windows/device-security/applocker/applocker-policies-design-guide.md b/windows/device-security/applocker/applocker-policies-design-guide.md index 2e331c4fb8..afac5cb15b 100644 --- a/windows/device-security/applocker/applocker-policies-design-guide.md +++ b/windows/device-security/applocker/applocker-policies-design-guide.md @@ -12,7 +12,8 @@ author: brianlic-msft # AppLocker design guide **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker. diff --git a/windows/device-security/applocker/applocker-policy-use-scenarios.md b/windows/device-security/applocker/applocker-policy-use-scenarios.md index 64a8fd4db0..6c6e1335bb 100644 --- a/windows/device-security/applocker/applocker-policy-use-scenarios.md +++ b/windows/device-security/applocker/applocker-policy-use-scenarios.md @@ -12,7 +12,8 @@ author: brianlic-msft # AppLocker policy use scenarios **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented. diff --git a/windows/device-security/applocker/applocker-processes-and-interactions.md b/windows/device-security/applocker/applocker-processes-and-interactions.md index 5f07c7d07f..d19b4571b0 100644 --- a/windows/device-security/applocker/applocker-processes-and-interactions.md +++ b/windows/device-security/applocker/applocker-processes-and-interactions.md @@ -12,7 +12,8 @@ author: brianlic-msft # AppLocker processes and interactions **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules. diff --git a/windows/device-security/applocker/applocker-settings.md b/windows/device-security/applocker/applocker-settings.md index 7af2350b9d..09db2282ac 100644 --- a/windows/device-security/applocker/applocker-settings.md +++ b/windows/device-security/applocker/applocker-settings.md @@ -12,7 +12,8 @@ author: brianlic-msft # AppLocker settings **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional lists the settings used by AppLocker. diff --git a/windows/device-security/applocker/applocker-technical-reference.md b/windows/device-security/applocker/applocker-technical-reference.md index 1c797a1679..b5b962a6d7 100644 --- a/windows/device-security/applocker/applocker-technical-reference.md +++ b/windows/device-security/applocker/applocker-technical-reference.md @@ -12,7 +12,8 @@ author: brianlic-msft # AppLocker technical reference **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This overview topic for IT professionals provides links to the topics in the technical reference. AppLocker advances the application control features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny apps from running based on unique identities of files and to specify which users or groups can run those apps. diff --git a/windows/device-security/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/device-security/applocker/configure-an-applocker-policy-for-audit-only.md index 206c0415fe..03221fef8b 100644 --- a/windows/device-security/applocker/configure-an-applocker-policy-for-audit-only.md +++ b/windows/device-security/applocker/configure-an-applocker-policy-for-audit-only.md @@ -12,7 +12,8 @@ author: brianlic-msft # Configure an AppLocker policy for audit only **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker. diff --git a/windows/device-security/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/device-security/applocker/configure-an-applocker-policy-for-enforce-rules.md index 55e87ba39a..b0c0d7c0ee 100644 --- a/windows/device-security/applocker/configure-an-applocker-policy-for-enforce-rules.md +++ b/windows/device-security/applocker/configure-an-applocker-policy-for-enforce-rules.md @@ -12,7 +12,8 @@ author: brianlic-msft # Configure an AppLocker policy for enforce rules **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting. diff --git a/windows/device-security/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/device-security/applocker/configure-exceptions-for-an-applocker-rule.md index be96e323ed..f71b399f0b 100644 --- a/windows/device-security/applocker/configure-exceptions-for-an-applocker-rule.md +++ b/windows/device-security/applocker/configure-exceptions-for-an-applocker-rule.md @@ -12,7 +12,8 @@ author: brianlic-msft # Add exceptions for an AppLocker rule **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule. diff --git a/windows/device-security/applocker/configure-the-appLocker-reference-device.md b/windows/device-security/applocker/configure-the-appLocker-reference-device.md index 97d6fd1361..61dbae6818 100644 --- a/windows/device-security/applocker/configure-the-appLocker-reference-device.md +++ b/windows/device-security/applocker/configure-the-appLocker-reference-device.md @@ -12,7 +12,8 @@ author: brianlic-msft # Configure the AppLocker reference device **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer. diff --git a/windows/device-security/applocker/configure-the-application-identity-service.md b/windows/device-security/applocker/configure-the-application-identity-service.md index 84a1d64b98..92fb37f9dd 100644 --- a/windows/device-security/applocker/configure-the-application-identity-service.md +++ b/windows/device-security/applocker/configure-the-application-identity-service.md @@ -12,7 +12,8 @@ author: brianlic-msft # Configure the Application Identity service **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually. diff --git a/windows/device-security/applocker/create-a-rule-for-packaged-apps.md b/windows/device-security/applocker/create-a-rule-for-packaged-apps.md index f0ed699e79..e2dfbd96a7 100644 --- a/windows/device-security/applocker/create-a-rule-for-packaged-apps.md +++ b/windows/device-security/applocker/create-a-rule-for-packaged-apps.md @@ -12,7 +12,8 @@ author: brianlic-msft # Create a rule for packaged apps **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition. diff --git a/windows/device-security/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/device-security/applocker/create-a-rule-that-uses-a-file-hash-condition.md index 4a1038f165..a7249454f8 100644 --- a/windows/device-security/applocker/create-a-rule-that-uses-a-file-hash-condition.md +++ b/windows/device-security/applocker/create-a-rule-that-uses-a-file-hash-condition.md @@ -12,7 +12,8 @@ author: brianlic-msft # Create a rule that uses a file hash condition **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals shows how to create an AppLocker rule with a file hash condition. diff --git a/windows/device-security/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/device-security/applocker/create-a-rule-that-uses-a-path-condition.md index 89a34500cd..1c60d5de26 100644 --- a/windows/device-security/applocker/create-a-rule-that-uses-a-path-condition.md +++ b/windows/device-security/applocker/create-a-rule-that-uses-a-path-condition.md @@ -12,7 +12,8 @@ author: brianlic-msft # Create a rule that uses a path condition **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals shows how to create an AppLocker rule with a path condition. diff --git a/windows/device-security/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/device-security/applocker/create-a-rule-that-uses-a-publisher-condition.md index 214dca0f70..a36f9277e4 100644 --- a/windows/device-security/applocker/create-a-rule-that-uses-a-publisher-condition.md +++ b/windows/device-security/applocker/create-a-rule-that-uses-a-publisher-condition.md @@ -12,7 +12,8 @@ author: brianlic-msft # Create a rule that uses a publisher condition **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals shows how to create an AppLocker rule with a publisher condition. diff --git a/windows/device-security/applocker/create-applocker-default-rules.md b/windows/device-security/applocker/create-applocker-default-rules.md index 6f5b802707..c4a5905eee 100644 --- a/windows/device-security/applocker/create-applocker-default-rules.md +++ b/windows/device-security/applocker/create-applocker-default-rules.md @@ -12,7 +12,8 @@ author: brianlic-msft # Create AppLocker default rules **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run. diff --git a/windows/device-security/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/device-security/applocker/create-list-of-applications-deployed-to-each-business-group.md index ef423697d1..215c091908 100644 --- a/windows/device-security/applocker/create-list-of-applications-deployed-to-each-business-group.md +++ b/windows/device-security/applocker/create-list-of-applications-deployed-to-each-business-group.md @@ -12,7 +12,8 @@ author: brianlic-msft # Create a list of apps deployed to each business group **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker. diff --git a/windows/device-security/applocker/create-your-applocker-planning-document.md b/windows/device-security/applocker/create-your-applocker-planning-document.md index f2b23f5937..43d92ab3a8 100644 --- a/windows/device-security/applocker/create-your-applocker-planning-document.md +++ b/windows/device-security/applocker/create-your-applocker-planning-document.md @@ -12,8 +12,8 @@ author: brianlic-msft # Create your AppLocker planning document **Applies to** - -- Windows 10 + - Windows 10 + - Windows Server This planning topic for the IT professional summarizes the information you need to research and include in your AppLocker planning document. diff --git a/windows/device-security/applocker/create-your-applocker-policies.md b/windows/device-security/applocker/create-your-applocker-policies.md index e4ecc44cee..bea50a3693 100644 --- a/windows/device-security/applocker/create-your-applocker-policies.md +++ b/windows/device-security/applocker/create-your-applocker-policies.md @@ -12,7 +12,8 @@ author: brianlic-msft # Create Your AppLocker policies **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment. diff --git a/windows/device-security/applocker/create-your-applocker-rules.md b/windows/device-security/applocker/create-your-applocker-rules.md index 8bcb7daf24..d7a36fa59b 100644 --- a/windows/device-security/applocker/create-your-applocker-rules.md +++ b/windows/device-security/applocker/create-your-applocker-rules.md @@ -12,7 +12,8 @@ author: brianlic-msft # Create Your AppLocker rules **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules. diff --git a/windows/device-security/applocker/delete-an-applocker-rule.md b/windows/device-security/applocker/delete-an-applocker-rule.md index 4f50ad433f..e818e08680 100644 --- a/windows/device-security/applocker/delete-an-applocker-rule.md +++ b/windows/device-security/applocker/delete-an-applocker-rule.md @@ -12,7 +12,8 @@ author: brianlic-msft # Delete an AppLocker rule **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to delete an AppLocker rule. diff --git a/windows/device-security/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/device-security/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md index 0e2faeb18c..365a343e7a 100644 --- a/windows/device-security/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md +++ b/windows/device-security/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md @@ -9,11 +9,11 @@ ms.pagetype: security author: brianlic-msft --- - # Deploy AppLocker policies by using the enforce rules setting **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method. diff --git a/windows/device-security/applocker/deploy-the-applocker-policy-into-production.md b/windows/device-security/applocker/deploy-the-applocker-policy-into-production.md index e56061213f..576d4c610d 100644 --- a/windows/device-security/applocker/deploy-the-applocker-policy-into-production.md +++ b/windows/device-security/applocker/deploy-the-applocker-policy-into-production.md @@ -12,7 +12,8 @@ author: brianlic-msft # Deploy the AppLocker policy into production **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. diff --git a/windows/device-security/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/device-security/applocker/determine-group-policy-structure-and-rule-enforcement.md index 1544475c03..9d33fcc296 100644 --- a/windows/device-security/applocker/determine-group-policy-structure-and-rule-enforcement.md +++ b/windows/device-security/applocker/determine-group-policy-structure-and-rule-enforcement.md @@ -12,7 +12,8 @@ author: brianlic-msft # Determine the Group Policy structure and rule enforcement **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This overview topic describes the process to follow when you are planning to deploy AppLocker rules. diff --git a/windows/device-security/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/device-security/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md index ccf2483c4d..a1b50fe0f8 100644 --- a/windows/device-security/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md +++ b/windows/device-security/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md @@ -12,7 +12,8 @@ author: brianlic-msft # Determine which apps are digitally signed on a reference device **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed. diff --git a/windows/device-security/applocker/determine-your-application-control-objectives.md b/windows/device-security/applocker/determine-your-application-control-objectives.md index a74a000710..90a1979777 100644 --- a/windows/device-security/applocker/determine-your-application-control-objectives.md +++ b/windows/device-security/applocker/determine-your-application-control-objectives.md @@ -12,7 +12,8 @@ author: brianlic-msft # Determine your application control objectives **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic helps you with the decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker. diff --git a/windows/device-security/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/device-security/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md index 85c56528b1..3f2d01bceb 100644 --- a/windows/device-security/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md +++ b/windows/device-security/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md @@ -12,7 +12,8 @@ author: brianlic-msft # Display a custom URL message when users try to run a blocked app **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app. diff --git a/windows/device-security/applocker/dll-rules-in-applocker.md b/windows/device-security/applocker/dll-rules-in-applocker.md index b6e4cd9e93..913e1d22ee 100644 --- a/windows/device-security/applocker/dll-rules-in-applocker.md +++ b/windows/device-security/applocker/dll-rules-in-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # DLL rules in AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic describes the file formats and available default rules for the DLL rule collection. diff --git a/windows/device-security/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/device-security/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md index 72c1c10193..3837b7f34e 100644 --- a/windows/device-security/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md +++ b/windows/device-security/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md @@ -12,7 +12,8 @@ ms.pagetype: security # Document the Group Policy structure and AppLocker rule enforcement **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker. diff --git a/windows/device-security/applocker/document-your-application-control-management-processes.md b/windows/device-security/applocker/document-your-application-control-management-processes.md index 6e2a75390d..30b683d9ff 100644 --- a/windows/device-security/applocker/document-your-application-control-management-processes.md +++ b/windows/device-security/applocker/document-your-application-control-management-processes.md @@ -12,7 +12,8 @@ author: brianlic-msft # Document your application control management processes **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This planning topic describes the AppLocker policy maintenance information to record for your design document. diff --git a/windows/device-security/applocker/document-your-application-list.md b/windows/device-security/applocker/document-your-application-list.md index 735dc55515..aef9a1f741 100644 --- a/windows/device-security/applocker/document-your-application-list.md +++ b/windows/device-security/applocker/document-your-application-list.md @@ -12,7 +12,8 @@ author: brianlic-msft # Document your app list **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies. diff --git a/windows/device-security/applocker/document-your-applocker-rules.md b/windows/device-security/applocker/document-your-applocker-rules.md index 68d32d07d7..2d3cc52b44 100644 --- a/windows/device-security/applocker/document-your-applocker-rules.md +++ b/windows/device-security/applocker/document-your-applocker-rules.md @@ -12,7 +12,8 @@ author: brianlic-msft # Document your AppLocker rules **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded. diff --git a/windows/device-security/applocker/edit-an-applocker-policy.md b/windows/device-security/applocker/edit-an-applocker-policy.md index 8bd9ebfcea..2854dbeb1c 100644 --- a/windows/device-security/applocker/edit-an-applocker-policy.md +++ b/windows/device-security/applocker/edit-an-applocker-policy.md @@ -12,7 +12,8 @@ author: brianlic-msft # Edit an AppLocker policy **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps required to modify an AppLocker policy. diff --git a/windows/device-security/applocker/edit-applocker-rules.md b/windows/device-security/applocker/edit-applocker-rules.md index 3fcada9c5e..a121fc5b1f 100644 --- a/windows/device-security/applocker/edit-applocker-rules.md +++ b/windows/device-security/applocker/edit-applocker-rules.md @@ -12,7 +12,8 @@ author: brianlic-msft # Edit AppLocker rules **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker. diff --git a/windows/device-security/applocker/enable-the-dll-rule-collection.md b/windows/device-security/applocker/enable-the-dll-rule-collection.md index 3a23c140a8..e322711136 100644 --- a/windows/device-security/applocker/enable-the-dll-rule-collection.md +++ b/windows/device-security/applocker/enable-the-dll-rule-collection.md @@ -12,7 +12,8 @@ author: brianlic-msft # Enable the DLL rule collection **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker. diff --git a/windows/device-security/applocker/enforce-applocker-rules.md b/windows/device-security/applocker/enforce-applocker-rules.md index 31ab2aa2b8..e79128491d 100644 --- a/windows/device-security/applocker/enforce-applocker-rules.md +++ b/windows/device-security/applocker/enforce-applocker-rules.md @@ -12,7 +12,8 @@ author: brianlic-msft # Enforce AppLocker rules **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes how to enforce application control rules by using AppLocker. diff --git a/windows/device-security/applocker/executable-rules-in-applocker.md b/windows/device-security/applocker/executable-rules-in-applocker.md index ebad0e1645..566d3c7e76 100644 --- a/windows/device-security/applocker/executable-rules-in-applocker.md +++ b/windows/device-security/applocker/executable-rules-in-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Executable rules in AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic describes the file formats and available default rules for the executable rule collection. diff --git a/windows/device-security/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/device-security/applocker/export-an-applocker-policy-from-a-gpo.md index 8f914cd9f0..a3ed1a08c2 100644 --- a/windows/device-security/applocker/export-an-applocker-policy-from-a-gpo.md +++ b/windows/device-security/applocker/export-an-applocker-policy-from-a-gpo.md @@ -12,7 +12,8 @@ author: brianlic-msft # Export an AppLocker policy from a GPO **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified. diff --git a/windows/device-security/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/device-security/applocker/export-an-applocker-policy-to-an-xml-file.md index f3f9d22190..13b496fe45 100644 --- a/windows/device-security/applocker/export-an-applocker-policy-to-an-xml-file.md +++ b/windows/device-security/applocker/export-an-applocker-policy-to-an-xml-file.md @@ -12,7 +12,8 @@ author: brianlic-msft # Export an AppLocker policy to an XML file **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing. Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure. diff --git a/windows/device-security/applocker/how-applocker-works-techref.md b/windows/device-security/applocker/how-applocker-works-techref.md index f9bf8450f5..3de55c8243 100644 --- a/windows/device-security/applocker/how-applocker-works-techref.md +++ b/windows/device-security/applocker/how-applocker-works-techref.md @@ -12,7 +12,8 @@ author: brianlic-msft # How AppLocker works **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies. diff --git a/windows/device-security/applocker/import-an-applocker-policy-from-another-computer.md b/windows/device-security/applocker/import-an-applocker-policy-from-another-computer.md index 0f0e11976b..2d1b3617ef 100644 --- a/windows/device-security/applocker/import-an-applocker-policy-from-another-computer.md +++ b/windows/device-security/applocker/import-an-applocker-policy-from-another-computer.md @@ -12,7 +12,8 @@ author: brianlic-msft # Import an AppLocker policy from another computer **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes how to import an AppLocker policy. diff --git a/windows/device-security/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/device-security/applocker/import-an-applocker-policy-into-a-gpo.md index c03e2d5282..f3d0a7dc0c 100644 --- a/windows/device-security/applocker/import-an-applocker-policy-into-a-gpo.md +++ b/windows/device-security/applocker/import-an-applocker-policy-into-a-gpo.md @@ -12,7 +12,8 @@ author: brianlic-msft # Import an AppLocker policy into a GPO **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO). AppLocker policies can be created as local security policies and modified like any other local security policy, or they can be created as part of a GPO and managed by using Group Policy. You can create AppLocker policies on any supported computer. For info about which Windows editions are supported, see [Requirements to Use AppLocker](requirements-to-use-applocker.md). diff --git a/windows/device-security/applocker/maintain-applocker-policies.md b/windows/device-security/applocker/maintain-applocker-policies.md index 69cf6d1483..f35b3a4551 100644 --- a/windows/device-security/applocker/maintain-applocker-policies.md +++ b/windows/device-security/applocker/maintain-applocker-policies.md @@ -12,7 +12,8 @@ author: brianlic-msft # Maintain AppLocker policies **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic describes how to maintain rules within AppLocker policies. diff --git a/windows/device-security/applocker/manage-packaged-apps-with-applocker.md b/windows/device-security/applocker/manage-packaged-apps-with-applocker.md index e1a7639af3..b56ac2b7d7 100644 --- a/windows/device-security/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/device-security/applocker/manage-packaged-apps-with-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Manage packaged apps with AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy. diff --git a/windows/device-security/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/device-security/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index 2e095a1533..9fb22206f3 100644 --- a/windows/device-security/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/device-security/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -12,7 +12,8 @@ author: brianlic-msft # Merge AppLocker policies by using Set-ApplockerPolicy **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell. diff --git a/windows/device-security/applocker/merge-applocker-policies-manually.md b/windows/device-security/applocker/merge-applocker-policies-manually.md index 2747de84e0..da3bd37a55 100644 --- a/windows/device-security/applocker/merge-applocker-policies-manually.md +++ b/windows/device-security/applocker/merge-applocker-policies-manually.md @@ -12,7 +12,8 @@ author: brianlic-msft # Merge AppLocker policies manually **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO). diff --git a/windows/device-security/applocker/monitor-application-usage-with-applocker.md b/windows/device-security/applocker/monitor-application-usage-with-applocker.md index 87ead686b6..3460b00c1d 100644 --- a/windows/device-security/applocker/monitor-application-usage-with-applocker.md +++ b/windows/device-security/applocker/monitor-application-usage-with-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Monitor app usage with AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied. diff --git a/windows/device-security/applocker/optimize-applocker-performance.md b/windows/device-security/applocker/optimize-applocker-performance.md index 5282b92618..efb9e9f766 100644 --- a/windows/device-security/applocker/optimize-applocker-performance.md +++ b/windows/device-security/applocker/optimize-applocker-performance.md @@ -12,7 +12,8 @@ author: brianlic-msft # Optimize AppLocker performance **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes how to optimize AppLocker policy enforcement. diff --git a/windows/device-security/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/device-security/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md index b17006c05a..52784431c3 100644 --- a/windows/device-security/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md +++ b/windows/device-security/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Packaged apps and packaged app installer rules in AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic explains the AppLocker rule collection for packaged app installers and packaged apps. diff --git a/windows/device-security/applocker/plan-for-applocker-policy-management.md b/windows/device-security/applocker/plan-for-applocker-policy-management.md index ba66c70d42..c1a3752333 100644 --- a/windows/device-security/applocker/plan-for-applocker-policy-management.md +++ b/windows/device-security/applocker/plan-for-applocker-policy-management.md @@ -12,7 +12,8 @@ author: brianlic-msft # Plan for AppLocker policy management **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies. diff --git a/windows/device-security/applocker/refresh-an-applocker-policy.md b/windows/device-security/applocker/refresh-an-applocker-policy.md index 719bfb599b..e654e73a1b 100644 --- a/windows/device-security/applocker/refresh-an-applocker-policy.md +++ b/windows/device-security/applocker/refresh-an-applocker-policy.md @@ -12,7 +12,8 @@ author: brianlic-msft # Refresh an AppLocker policy **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to force an update for an AppLocker policy. diff --git a/windows/device-security/applocker/requirements-for-deploying-applocker-policies.md b/windows/device-security/applocker/requirements-for-deploying-applocker-policies.md index 874036e3b6..e8e021aab1 100644 --- a/windows/device-security/applocker/requirements-for-deploying-applocker-policies.md +++ b/windows/device-security/applocker/requirements-for-deploying-applocker-policies.md @@ -12,7 +12,8 @@ author: brianlic-msft # Requirements for deploying AppLocker policies **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies. diff --git a/windows/device-security/applocker/requirements-to-use-applocker.md b/windows/device-security/applocker/requirements-to-use-applocker.md index caa0c16d67..a4114f89bb 100644 --- a/windows/device-security/applocker/requirements-to-use-applocker.md +++ b/windows/device-security/applocker/requirements-to-use-applocker.md @@ -13,7 +13,8 @@ author: brianlic-msft # Requirements to use AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems. diff --git a/windows/device-security/applocker/run-the-automatically-generate-rules-wizard.md b/windows/device-security/applocker/run-the-automatically-generate-rules-wizard.md index 565f6331da..e75cea6f95 100644 --- a/windows/device-security/applocker/run-the-automatically-generate-rules-wizard.md +++ b/windows/device-security/applocker/run-the-automatically-generate-rules-wizard.md @@ -12,7 +12,8 @@ author: brianlic-msft # Run the Automatically Generate Rules wizard **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device. diff --git a/windows/device-security/applocker/script-rules-in-applocker.md b/windows/device-security/applocker/script-rules-in-applocker.md index 6fd0ec9196..f3f8717563 100644 --- a/windows/device-security/applocker/script-rules-in-applocker.md +++ b/windows/device-security/applocker/script-rules-in-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Script rules in AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic describes the file formats and available default rules for the script rule collection. diff --git a/windows/device-security/applocker/security-considerations-for-applocker.md b/windows/device-security/applocker/security-considerations-for-applocker.md index c959f1bfd0..e8648d0354 100644 --- a/windows/device-security/applocker/security-considerations-for-applocker.md +++ b/windows/device-security/applocker/security-considerations-for-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Security considerations for AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional describes the security considerations you need to address when implementing AppLocker. diff --git a/windows/device-security/applocker/select-types-of-rules-to-create.md b/windows/device-security/applocker/select-types-of-rules-to-create.md index 35f8ffd6b2..01004b57ab 100644 --- a/windows/device-security/applocker/select-types-of-rules-to-create.md +++ b/windows/device-security/applocker/select-types-of-rules-to-create.md @@ -12,7 +12,8 @@ author: brianlic-msft # Select the types of rules to create **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic lists resources you can use when selecting your application control policy rules by using AppLocker. diff --git a/windows/device-security/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/device-security/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md index fcc3bf2eac..207597f3b2 100644 --- a/windows/device-security/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md +++ b/windows/device-security/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md @@ -12,7 +12,8 @@ author: brianlic-msft # Test an AppLocker policy by using Test-AppLockerPolicy **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer. diff --git a/windows/device-security/applocker/test-and-update-an-applocker-policy.md b/windows/device-security/applocker/test-and-update-an-applocker-policy.md index 99e46e3022..4c0cfb3d2f 100644 --- a/windows/device-security/applocker/test-and-update-an-applocker-policy.md +++ b/windows/device-security/applocker/test-and-update-an-applocker-policy.md @@ -12,7 +12,8 @@ author: brianlic-msft # Test and update an AppLocker policy **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic discusses the steps required to test an AppLocker policy prior to deployment. diff --git a/windows/device-security/applocker/tools-to-use-with-applocker.md b/windows/device-security/applocker/tools-to-use-with-applocker.md index 7708198815..41f6908931 100644 --- a/windows/device-security/applocker/tools-to-use-with-applocker.md +++ b/windows/device-security/applocker/tools-to-use-with-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Tools to use with AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional describes the tools available to create and administer AppLocker policies. diff --git a/windows/device-security/applocker/understand-applocker-enforcement-settings.md b/windows/device-security/applocker/understand-applocker-enforcement-settings.md index a27cfdc9cb..c5552f0544 100644 --- a/windows/device-security/applocker/understand-applocker-enforcement-settings.md +++ b/windows/device-security/applocker/understand-applocker-enforcement-settings.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understand AppLocker enforcement settings **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic describes the AppLocker enforcement settings for rule collections. diff --git a/windows/device-security/applocker/understand-applocker-policy-design-decisions.md b/windows/device-security/applocker/understand-applocker-policy-design-decisions.md index 4c7731bcfc..b7b3d4f4c2 100644 --- a/windows/device-security/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/device-security/applocker/understand-applocker-policy-design-decisions.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understand AppLocker policy design decisions **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment. diff --git a/windows/device-security/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/device-security/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md index fd1d01d9fb..76be28c269 100644 --- a/windows/device-security/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md +++ b/windows/device-security/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understand AppLocker rules and enforcement setting inheritance in Group Policy **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy. diff --git a/windows/device-security/applocker/understand-the-applocker-policy-deployment-process.md b/windows/device-security/applocker/understand-the-applocker-policy-deployment-process.md index a2ec48ffe5..ba135fa083 100644 --- a/windows/device-security/applocker/understand-the-applocker-policy-deployment-process.md +++ b/windows/device-security/applocker/understand-the-applocker-policy-deployment-process.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understand the AppLocker policy deployment process **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies. diff --git a/windows/device-security/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/device-security/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md index b383087281..cab8554448 100644 --- a/windows/device-security/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md +++ b/windows/device-security/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understanding AppLocker allow and deny actions on rules **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic explains the differences between allow and deny actions on AppLocker rules. diff --git a/windows/device-security/applocker/understanding-applocker-default-rules.md b/windows/device-security/applocker/understanding-applocker-default-rules.md index f0b744d7ad..506b5b73f2 100644 --- a/windows/device-security/applocker/understanding-applocker-default-rules.md +++ b/windows/device-security/applocker/understanding-applocker-default-rules.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understanding AppLocker default rules **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied. diff --git a/windows/device-security/applocker/understanding-applocker-rule-behavior.md b/windows/device-security/applocker/understanding-applocker-rule-behavior.md index ac18934b5f..c2b0777b71 100644 --- a/windows/device-security/applocker/understanding-applocker-rule-behavior.md +++ b/windows/device-security/applocker/understanding-applocker-rule-behavior.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understanding AppLocker rule behavior **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker. diff --git a/windows/device-security/applocker/understanding-applocker-rule-collections.md b/windows/device-security/applocker/understanding-applocker-rule-collections.md index bfe5fd07ce..04b78ce9ba 100644 --- a/windows/device-security/applocker/understanding-applocker-rule-collections.md +++ b/windows/device-security/applocker/understanding-applocker-rule-collections.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understanding AppLocker rule collections **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic explains the five different types of AppLocker rules used to enforce AppLocker policies. diff --git a/windows/device-security/applocker/understanding-applocker-rule-condition-types.md b/windows/device-security/applocker/understanding-applocker-rule-condition-types.md index f00afa16e1..e96ad95beb 100644 --- a/windows/device-security/applocker/understanding-applocker-rule-condition-types.md +++ b/windows/device-security/applocker/understanding-applocker-rule-condition-types.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understanding AppLocker rule condition types **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional describes the three types of AppLocker rule conditions. diff --git a/windows/device-security/applocker/understanding-applocker-rule-exceptions.md b/windows/device-security/applocker/understanding-applocker-rule-exceptions.md index 4cedcfd784..0020f81022 100644 --- a/windows/device-security/applocker/understanding-applocker-rule-exceptions.md +++ b/windows/device-security/applocker/understanding-applocker-rule-exceptions.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understanding AppLocker rule exceptions **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic describes the result of applying AppLocker rule exceptions to rule collections. diff --git a/windows/device-security/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/device-security/applocker/understanding-the-file-hash-rule-condition-in-applocker.md index 89a2b1a770..2eacfe3d74 100644 --- a/windows/device-security/applocker/understanding-the-file-hash-rule-condition-in-applocker.md +++ b/windows/device-security/applocker/understanding-the-file-hash-rule-condition-in-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understanding the file hash rule condition in AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it is applied. diff --git a/windows/device-security/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/device-security/applocker/understanding-the-path-rule-condition-in-applocker.md index 4d4e950a6c..a8e2676908 100644 --- a/windows/device-security/applocker/understanding-the-path-rule-condition-in-applocker.md +++ b/windows/device-security/applocker/understanding-the-path-rule-condition-in-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understanding the path rule condition in AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it is applied. diff --git a/windows/device-security/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/device-security/applocker/understanding-the-publisher-rule-condition-in-applocker.md index 5e0bca2ee0..8cbf42f94e 100644 --- a/windows/device-security/applocker/understanding-the-publisher-rule-condition-in-applocker.md +++ b/windows/device-security/applocker/understanding-the-publisher-rule-condition-in-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Understanding the publisher rule condition in AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic explains the AppLocker publisher rule condition, what controls are available, and how it is applied. diff --git a/windows/device-security/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/device-security/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md index 90336b381a..38f498aaaa 100644 --- a/windows/device-security/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md +++ b/windows/device-security/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md @@ -1,3 +1,4 @@ + --- title: Use a reference device to create and maintain AppLocker policies (Windows 10) description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer. @@ -12,7 +13,8 @@ author: brianlic-msft # Use a reference device to create and maintain AppLocker policies **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer. diff --git a/windows/device-security/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/device-security/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md index 0fa2a8f258..aae35f5e9c 100644 --- a/windows/device-security/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md +++ b/windows/device-security/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md @@ -12,7 +12,8 @@ author: brianlic-msft # Use AppLocker and Software Restriction Policies in the same domain **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker. diff --git a/windows/device-security/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/device-security/applocker/use-the-applocker-windows-powershell-cmdlets.md index d7cd5120c4..4bdbfc5015 100644 --- a/windows/device-security/applocker/use-the-applocker-windows-powershell-cmdlets.md +++ b/windows/device-security/applocker/use-the-applocker-windows-powershell-cmdlets.md @@ -12,7 +12,8 @@ author: brianlic-msft # Use the AppLocker Windows PowerShell cmdlets **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies. diff --git a/windows/device-security/applocker/using-event-viewer-with-applocker.md b/windows/device-security/applocker/using-event-viewer-with-applocker.md index 7a3b0f4f8d..cfd2f5dd66 100644 --- a/windows/device-security/applocker/using-event-viewer-with-applocker.md +++ b/windows/device-security/applocker/using-event-viewer-with-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Using Event Viewer with AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic lists AppLocker events and describes how to use Event Viewer with AppLocker. diff --git a/windows/device-security/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/device-security/applocker/using-software-restriction-policies-and-applocker-policies.md index 8a427064fb..c080b99c1f 100644 --- a/windows/device-security/applocker/using-software-restriction-policies-and-applocker-policies.md +++ b/windows/device-security/applocker/using-software-restriction-policies-and-applocker-policies.md @@ -12,7 +12,8 @@ author: brianlic-msft # Use Software Restriction Policies and AppLocker policies **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment. diff --git a/windows/device-security/applocker/what-is-applocker.md b/windows/device-security/applocker/what-is-applocker.md index c3b47e88d5..6fe751c8cb 100644 --- a/windows/device-security/applocker/what-is-applocker.md +++ b/windows/device-security/applocker/what-is-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # What Is AppLocker? **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies. diff --git a/windows/device-security/applocker/windows-installer-rules-in-applocker.md b/windows/device-security/applocker/windows-installer-rules-in-applocker.md index 65a86eddfc..550fac37bc 100644 --- a/windows/device-security/applocker/windows-installer-rules-in-applocker.md +++ b/windows/device-security/applocker/windows-installer-rules-in-applocker.md @@ -12,7 +12,8 @@ author: brianlic-msft # Windows Installer rules in AppLocker **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic describes the file formats and available default rules for the Windows Installer rule collection. diff --git a/windows/device-security/applocker/working-with-applocker-policies.md b/windows/device-security/applocker/working-with-applocker-policies.md index 219638880c..9932ebcb85 100644 --- a/windows/device-security/applocker/working-with-applocker-policies.md +++ b/windows/device-security/applocker/working-with-applocker-policies.md @@ -12,7 +12,8 @@ author: brianlic-msft # Working with AppLocker policies **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies. diff --git a/windows/device-security/applocker/working-with-applocker-rules.md b/windows/device-security/applocker/working-with-applocker-rules.md index c6fd38667f..38fb27d6e8 100644 --- a/windows/device-security/applocker/working-with-applocker-rules.md +++ b/windows/device-security/applocker/working-with-applocker-rules.md @@ -12,7 +12,8 @@ author: brianlic-msft # Working with AppLocker rules **Applies to** -- Windows 10 + - Windows 10 + - Windows Server This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies. diff --git a/windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 97e9d04fb9..2fc47e4258 100644 --- a/windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -26,7 +26,7 @@ Table 2 lists specific data-protection concerns and how they are addressed in Wi | Windows 7 | Windows 10 | |---|---| | When BitLocker is used with a PIN to protect startup, PCs such as kiosks cannot be restarted remotely. | Modern Windows devices are increasingly protected with BitLocker Device Encryption out of the box and support SSO to seamlessly protect the BitLocker encryption keys from cold boot attacks.

                  Network Unlock allows PCs to start automatically when connected to the internal network. | -| Users must contact the IT department to change their BitLocker PIN or password. | Modern Windows devices no longer require a PIN in the pre-boot environment to protect BitLocker encryption keys from cold boot attacks.

                  Users who have standard privileges can change their BitLocker PIN or password on legacy devices that require a PIN. | + | Users must contact the IT department to change their BitLocker PIN or password. | Modern Windows devices no longer require a PIN in the pre-boot environment to protect BitLocker encryption keys from cold boot attacks.

                  Users who have standard privileges can change their BitLocker PIN or password on legacy devices that require a PIN. | | When BitLocker is enabled, the provisioning process can take several hours. | BitLocker pre-provisioning, encrypting hard drives, and Used Space Only encryption allow administrators to enable BitLocker quickly on new computers. | | There is no support for using BitLocker with self-encrypting drives (SEDs). | BitLocker supports offloading encryption to encrypted hard drives. | | Administrators have to use separate tools to manage encrypted hard drives. | BitLocker supports encrypted hard drives with onboard encryption hardware built in, which allows administrators to use the familiar BitLocker administrative tools to manage them. | @@ -66,7 +66,7 @@ Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryp Unlike a standard BitLocker implementation, BitLocker Device Encryption is enabled automatically so that the device is always protected. The following list outlines how this happens: -* When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker Device Encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state). +* When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker Device Encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state). In this state, the drive is shown with a warning icon in Windows Explorer. The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up, as explained in the following bullet points. * If the device is not domain joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using his or her Microsoft account credentials. * If the user uses a domain account to sign in, the clear key is not removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** Group Policy setting, and select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed. * Similar to signing in with a domain account, the clear key is removed when the user logs on to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed. diff --git a/windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md b/windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md index af3bab22cc..98bc91bd6e 100644 --- a/windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md +++ b/windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md @@ -29,6 +29,8 @@ BitLocker is a data protection feature that encrypts the hard drives on your com - [BitLocker Network Unlock](#bkmk-bnusect) - [Other questions](#bkmk-other) +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). + ## Overview and requirements ### How does BitLocker work? @@ -151,7 +153,15 @@ The following types of system changes can cause an integrity check failure and p ### What causes BitLocker to start into recovery mode when attempting to start the operating system drive? -Because BitLocker is designed to protect your computer from numerous attacks, there are numerous reasons why BitLocker could start in recovery mode. In BitLocker, recovery consists of decrypting a copy of the volume master key using either a recovery key stored on a USB flash drive or a cryptographic key derived from a recovery password. The TPM is not involved in any recovery scenarios, so recovery is still possible if the TPM fails boot component validation, malfunctions, or is removed. +Because BitLocker is designed to protect your computer from numerous attacks, there are numerous reasons why BitLocker could start in recovery mode. +For example: + +- Changing the BIOS boot order to boot another drive in advance of the hard drive. +- Adding or removing hardware, such as inserting a new card in the computer, including some PCMIA wireless cards. +- Removing, inserting, or completely depleting the charge on a smart battery on a portable computer. + +In BitLocker, recovery consists of decrypting a copy of the volume master key using either a recovery key stored on a USB flash drive or a cryptographic key derived from a recovery password. +The TPM is not involved in any recovery scenarios, so recovery is still possible if the TPM fails boot component validation, malfunctions, or is removed. ### Can I swap hard disks on the same computer if BitLocker is enabled on the operating system drive? diff --git a/windows/device-security/bitlocker/bitlocker-overview.md b/windows/device-security/bitlocker/bitlocker-overview.md index 6a94dab8c8..0e88e352bd 100644 --- a/windows/device-security/bitlocker/bitlocker-overview.md +++ b/windows/device-security/bitlocker/bitlocker-overview.md @@ -80,5 +80,6 @@ When installing the BitLocker optional component on a server you will also need | [BitLocker Recovery Guide](bitlocker-recovery-guide-plan.md)| This topic for IT professionals describes how to recover BitLocker keys from AD DS. | | [Protect BitLocker from pre-boot attacks](protect-bitlocker-from-pre-boot-attacks.md)| This detailed guide will help you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device’s configuration. | | [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic for IT pros describes how to protect CSVs and SANs with BitLocker.| +| [Enabling Secure Boot and BitLocker Device Encryption on Windows 10 IoT Core](https://developer.microsoft.com/windows/iot/docs/securebootandbitlocker) | This topic covers how to use BitLocker with Windows 10 IoT Core | -If you're looking for info on how to use it with Windows 10 IoT Core, see [Enabling Secure Boot and BitLocker Device Encryption on Windows 10 IoT Core](https://developer.microsoft.com/windows/iot/docs/securebootandbitlocker). \ No newline at end of file +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). diff --git a/windows/device-security/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/device-security/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index 8d48b8aff4..16e23be904 100644 --- a/windows/device-security/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/device-security/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -41,7 +41,9 @@ A good practice when using manage-bde is to determine the volume status on the t ``` syntax manage-bde -status ``` -This command returns the volumes on the target, current encryption status and volume type (operating system or data) for each volume. +This command returns the volumes on the target, current encryption status, encryption method, and volume type (operating system or data) for each volume: + +![Using manage-bde to check encryption status](images/manage-bde-status.png) The following example illustrates enabling BitLocker on a computer without a TPM chip. Before beginning the encryption process you must create the startup key needed for BitLocker and save it to the USB drive. When BitLocker is enabled for the operating system volume, the BitLocker will need to access the USB flash drive to obtain the encryption key (in this example, the drive letter E represents the USB drive). You will be prompted to reboot to complete the encryption process. diff --git a/windows/device-security/bitlocker/images/feedback-app-icon.png b/windows/device-security/bitlocker/images/feedback-app-icon.png new file mode 100644 index 0000000000..c600883c0e Binary files /dev/null and b/windows/device-security/bitlocker/images/feedback-app-icon.png differ diff --git a/windows/device-security/bitlocker/images/manage-bde-status.png b/windows/device-security/bitlocker/images/manage-bde-status.png new file mode 100644 index 0000000000..321b1fa052 Binary files /dev/null and b/windows/device-security/bitlocker/images/manage-bde-status.png differ diff --git a/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md b/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md index 9f7bef9162..8b11311fb6 100644 --- a/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md +++ b/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md @@ -36,6 +36,8 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you - bginfo.exe[1] - cdb.exe - csi.exe +- dbghost.exe +- dbgsvc.exe - dnx.exe - fsi.exe - fsiAnyCpu.exe @@ -106,11 +108,14 @@ Microsoft recommends that you block the following Microsoft-signed applications + - + + + @@ -163,7 +168,7 @@ Microsoft recommends that you block the following Microsoft-signed applications - + @@ -177,6 +182,8 @@ Microsoft recommends that you block the following Microsoft-signed applications + + diff --git a/windows/device-security/security-policy-settings/images/uac-admin-approval-mode-for-the-built-in-administrator-account.png b/windows/device-security/security-policy-settings/images/uac-admin-approval-mode-for-the-built-in-administrator-account.png new file mode 100644 index 0000000000..52acafba66 Binary files /dev/null and b/windows/device-security/security-policy-settings/images/uac-admin-approval-mode-for-the-built-in-administrator-account.png differ diff --git a/windows/device-security/security-policy-settings/images/uac-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.png b/windows/device-security/security-policy-settings/images/uac-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.png new file mode 100644 index 0000000000..858be4e70e Binary files /dev/null and b/windows/device-security/security-policy-settings/images/uac-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.png differ diff --git a/windows/device-security/security-policy-settings/images/uac-notify-me-only-when-apps-try-to-make-changes-to-my-pc.png b/windows/device-security/security-policy-settings/images/uac-notify-me-only-when-apps-try-to-make-changes-to-my-pc.png new file mode 100644 index 0000000000..2efa6877c8 Binary files /dev/null and b/windows/device-security/security-policy-settings/images/uac-notify-me-only-when-apps-try-to-make-changes-to-my-pc.png differ diff --git a/windows/device-security/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/device-security/security-policy-settings/password-must-meet-complexity-requirements.md index d51142a117..29f724e680 100644 --- a/windows/device-security/security-policy-settings/password-must-meet-complexity-requirements.md +++ b/windows/device-security/security-policy-settings/password-must-meet-complexity-requirements.md @@ -30,7 +30,9 @@ The **Passwords must meet complexity requirements** policy setting determines wh - Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters) - Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters) - Base 10 digits (0 through 9) - - Non-alphanumeric characters (special characters) (for example, !, $, \#, %) + - Non-alphanumeric characters (special characters): + (~!@#$%^&*_-+=`|\\(){}\[\]:;"'<>,.?/) + Currency symbols such as the Euro or British Pound are not counted as special characters for this policy setting. - Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages. Complexity requirements are enforced when passwords are changed or created. diff --git a/windows/device-security/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/device-security/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md index 2d68063ec7..18de1ae022 100644 --- a/windows/device-security/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md +++ b/windows/device-security/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: brianlic-msft +ms.date: 08/29/2017 --- # System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing @@ -32,7 +33,7 @@ For the EFS service, this policy setting supports the 3DES and Advanced Encrypti **Remote Desktop Services (RDS)** -For encrypting Remote Desktop Services network communication, this policy setting supports only the Triple DES encryption algorithm. +If you're using Remote Desktop Services, this policy setting should only be enabled if the 3DES encryption algorithm is supported. **BitLocker** diff --git a/windows/device-security/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/device-security/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md index e0e41611ad..b452b3c093 100644 --- a/windows/device-security/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md +++ b/windows/device-security/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md @@ -18,9 +18,10 @@ Describes the best practices, location, values, policy management and security c ## Reference This policy setting determines the behavior of Admin Approval Mode for the built-in administrator account. -When the Admin Approval Mode is enabled, the local administrator account functions like a standard user account, but it has the ability to elevate privileges without logging on by using a different account. In this mode, any operation that requires elevation of privilege displays a prompt that allows the administrator to permit or deny the elevation of privilege. If Admin Approval Mode is not enabled, the built-in Administrator account logs on in Windows XP Mode, and it runs all applications by default with full administrative privileges. By default, this setting is set to **Disabled**. +When the Admin Approval Mode is enabled, the local administrator account functions like a standard user account, but it has the ability to elevate privileges without logging on by using a different account. In this mode, any operation that requires elevation of privilege displays a prompt that allows the administrator to permit or deny the elevation of privilege. If Admin Approval Mode is not enabled, the built-in Administrator account runs all applications by default with full administrative privileges. By default, Admin Approval Mode is set to **Disabled**. ->**Note:**  If a computer is upgraded from a previous version of the Windows operating system, and the administrator account is the only account on the computer, the built-in administrator account remains enabled, and this setting is also enabled. +> [!NOTE] +> If a computer is upgraded from a previous version of the Windows operating system, and the administrator account is the only account on the computer, the built-in administrator account remains enabled, and this setting is also enabled.   ### Possible values @@ -30,11 +31,16 @@ When the Admin Approval Mode is enabled, the local administrator account functio - Disabled - The built-in administrator account logs on in Windows XP Mode, and it runs all applications by default with full administrative privileges. + If Admin Approval Mode is not enabled, the built-in Administrator account runs all applications by default with full administrative privileges ### Best practices -- Do not enable the built-in administrator account on the client computer, but use the standard user account and User Account Control (UAC). +- It is recommended not to enable the built-in Administrator account on the client computer, but to use the standard user account and User Account Control (UAC) instead. If you want to enable the built-in Administrator account to carry out administrative tasks, for security reasons you should also enable Admin Approval Mode. See [UAC-Admin-Approval-Mode-for-the-Built-in-Administrator-account](https://docs.microsoft.com/en-us/windows/device-security/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account) + + To enable Admin Approval Mode, you must also configure the local security policy setting: [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](https://docs.microsoft.com/en-us/windows/device-security/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode) to **Prompt for consent on the secure desktop** and then click OK. + +> [!NOTE] +> After enabling Admin Approval Mode, to activate the setting, you must first log in and out. Alternatively, You may perform **gpupdate /force** from an elevated command prompt. ### Location @@ -67,10 +73,7 @@ This section describes how an attacker might exploit a feature or its configurat ### Vulnerability -One of the risks of the User Account Control (UAC) feature is that it is intended to mitigate malicious software running under elevated credentials without the user or administrator being aware of its activity. An attack vector for malicious programs is to discover the password of the administrator account because that user account was created for all installations of the Windows. To address this risk, the built-in administrator account is disabled in computers running at least Windows Vista. In computers running at least Windows Server 2008, the administrator account is enabled, and the password must be changed the first time the Administrator logs on. In a default installation of a computer running at least Windows Vista, accounts with administrative control over the computer are initially set up in one of two ways: - -- If the computer is not joined to a domain, the first user account you create has the equivalent permissions as a local administrator. -- If the computer is joined to a domain, no local administrator accounts are created. The enterprise or domain administrator must log on to the computer and create a local administrator account if one is warranted. +One of the risks that the UAC feature tries to mitigate is that of malicious software running under elevated credentials without the user or administrator being aware of its activity. An attack vector for malicious programs is to discover the password of the Administrator account because that user account was created for all installations of Windows. To address this risk, the built-in Administrator account is disabled in computers running at least Windows Vista. In computers running at least Windows Server 2008, the Administrator account is enabled, and the password must be changed the first time the administrator logs on. In a default installation of a computer running at least Windows Vista, if the computer is not joined to a domain, the first user account you create has the equivalent permissions of a local administrator. ### Countermeasure diff --git a/windows/device-security/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md b/windows/device-security/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md index cbc598ba9f..bd001552c4 100644 --- a/windows/device-security/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md +++ b/windows/device-security/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md @@ -25,7 +25,8 @@ This policy setting determines the behavior of the elevation prompt for accounts - **Elevate without prompting** Assumes that the administrator will permit an operation that requires elevation, and additional consent or credentials are not required. - >**Note:**  Selecting **Elevate without prompting** minimizes the protection that is provided by UAC. We do not recommend selecting this value unless administrator accounts are tightly controlled and the operating environment is highly secure. + + **Note**  Selecting **Elevate without prompting** minimizes the protection that is provided by UAC. We do not recommend selecting this value unless administrator accounts are tightly controlled and the operating environment is highly secure.   - **Prompt for credentials on the secure desktop** @@ -33,7 +34,7 @@ This policy setting determines the behavior of the elevation prompt for accounts - **Prompt for consent on the secure desktop** - When an operation requires elevation of privilege, the user is prompted on the secure desktop to select **Permit** or **Deny**. If the user selects **Permit**, the operation continues with the user's highest available privilege. + When an operation requires elevation of privilege, the user is prompted on the secure desktop to select **Permit** or **Deny**. If the user selects **Permit**, the operation continues with the user's highest available privilege.* - **Prompt for credential**s @@ -47,10 +48,17 @@ This policy setting determines the behavior of the elevation prompt for accounts This is the default. When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select **Permit** or **Deny**. If the user selects **Permit**, the operation continues with the user's highest available privilege. +\*If you have enabled the built-in Administrator account and have configured Admin Approval Mode, you must also configure the option **Prompt for consent on the secure desktop**. You can also configure this option from User Account Control, by typing **UAC** in the search box. From the User Account Control Settings dialog box, set the slider control to **Notify me only when apps try to make changes to my computer (default)**. + +> [!NOTE] +> After enabling Admin Approval Mode, to activate the setting, you must first log in and out. Alternatively, You may perform **gpupdate /force** from an elevated command prompt. + ### Best practices - Selecting the option **Elevate without prompting** minimizes the protection that is provided by UAC. We do not recommend selecting this value unless administrator accounts are tightly controlled and the operating environment is highly secure. +- It is recommended not to enable the built-in Administrator account on the client computer, but to use the standard user account and User Account Control (UAC) instead. If you want to enable the built-in Administrator account to carry out administrative tasks, for security reasons you should also enable Admin Approval Mode. For further information, see [UAC-Admin-Approval-Mode-for-the-Built-in-Administrator-account](https://docs.microsoft.com/en-us/windows/device-security/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account) + ### Location Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options @@ -58,7 +66,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec ### Default values -| Server type or GPO Default value | +| Server type or GPO | Default value | | - | - | | Default Domain Policy | Not defined| | Default Domain Controller Policy | Not defined | diff --git a/windows/device-security/tpm/tpm-recommendations.md b/windows/device-security/tpm/tpm-recommendations.md index 7c44d3803e..f30df74373 100644 --- a/windows/device-security/tpm/tpm-recommendations.md +++ b/windows/device-security/tpm/tpm-recommendations.md @@ -12,8 +12,6 @@ author: brianlic-msft # TPM recommendations -**Applies to** - **Applies to** - Windows 10 - Windows Server 2016 @@ -98,21 +96,19 @@ For end consumers, TPM is behind the scenes but is still very relevant. TPM is u The following table defines which Windows features require TPM support. -| Windows Features | Windows 10 TPM 1.2 | Windows 10 TPM 2.0 | Details | -|-------------------------|----------------------|----------------------|----------| -| Measured Boot | Required | Required | Measured boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. | -| Bitlocker | Required | Required | TPM 1.2 or later required or a removable USB memory device such as a flash drive. Please note that TPM 2.0 requires UEFI Secure Boot in order for BitLocker to work properly. | -| Passport: Domain AADJ Join | Required | Required | Supports both versions of TPM, but requires TPM with HMAC and EK certificate for key attestation support. | -| Passport: MSA or Local Account | Required | Required | TPM 2.0 is required with HMAC and EK certificate for key attestation support. | -| Device Encryption | Not Applicable | Required | TPM 2.0 is required for all InstantGo devices. | -| Device Guard / Configurable Code Integrity | Not Applicable | Required | Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers. | -| Credential Guard | Required | Required | For Windows 10, version 1511, TPM 1.2 or 2.0 is highly recommended. If you don't have a TPM installed, Credential Guard will still be enabled, but the keys used to encrypt Credential Guard will not be protected by the TPM. | -| Device Health Attestation | Required | Required | | -| Windows Hello / Windows Hello for Business | Not Required | Recommended | Whenever possible, Microsoft recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. [How keys are protected](https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-how-it-works#how-keys-are-protected) | -| UEFI Secure Boot | Not Required | Recommended | | -| Platform Key Storage provider | Required | Required | | -| Virtual Smart Card | Required | Required | | -| Certificate storage (TPM bound) | Required | Required | | +| Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details | +|-------------------------|--------------|--------------------|--------------------|----------| +| Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot | +| BitLocker | Yes | Yes | Yes | TPM 1.2 or 2.0 is required | +| Device Encryption | Yes | N/A | Yes | Device Encryption requires InstantGo/Connected Standby certification, which requires TPM 2.0. | +| Device Guard | No | Yes | Yes | | +| Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported. | +| Device Health Attestation| Yes | Yes | Yes | | +| Windows Hello/Windows Hello for Business| No | Yes | Yes | Azure AD join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support. | +| UEFI Secure Boot | No | Yes | Yes | | +| TPM Platform Crypto Provider Key Storage Provider| Yes | Yes| Yes | | +| Virtual Smart Card | Yes | Yes | Yes | | +| Certificate storage | No | Yes | Yes | TPM is only required when the certificate is stored in the TPM. | ## OEM Status on TPM 2.0 system availability and certified parts diff --git a/windows/hub/TOC.md b/windows/hub/TOC.md index 8ed1a52f71..56c4ddc65a 100644 --- a/windows/hub/TOC.md +++ b/windows/hub/TOC.md @@ -6,4 +6,5 @@ ## [Application management](/windows/application-management) ## [Access protection](/windows/access-protection) ## [Device security](/windows/device-security) -## [Threat protection](/windows/threat-protection) \ No newline at end of file +## [Threat protection](/windows/threat-protection) +## [Troubleshooting](/windows/client-management/windows-10-support-solutions) \ No newline at end of file diff --git a/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf b/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf new file mode 100644 index 0000000000..557f45193a Binary files /dev/null and b/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf differ diff --git a/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf b/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf new file mode 100644 index 0000000000..d01542ed2b Binary files /dev/null and b/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf differ diff --git a/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf b/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf new file mode 100644 index 0000000000..87110d6b3e Binary files /dev/null and b/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf differ diff --git a/windows/media/ModernSecureDeployment/ProtectionSolutions.pdf b/windows/media/ModernSecureDeployment/ProtectionSolutions.pdf new file mode 100644 index 0000000000..8d04e66910 Binary files /dev/null and b/windows/media/ModernSecureDeployment/ProtectionSolutions.pdf differ diff --git a/windows/media/ModernSecureDeployment/Series-ModernAndSecureWindowsDeployment.pdf b/windows/media/ModernSecureDeployment/Series-ModernAndSecureWindowsDeployment.pdf new file mode 100644 index 0000000000..86529c1665 Binary files /dev/null and b/windows/media/ModernSecureDeployment/Series-ModernAndSecureWindowsDeployment.pdf differ diff --git a/windows/media/ModernSecureDeployment/WindowsServicing.pdf b/windows/media/ModernSecureDeployment/WindowsServicing.pdf new file mode 100644 index 0000000000..19a419e3a9 Binary files /dev/null and b/windows/media/ModernSecureDeployment/WindowsServicing.pdf differ diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md index 341a813627..112e360223 100644 --- a/windows/threat-protection/TOC.md +++ b/windows/threat-protection/TOC.md @@ -6,17 +6,20 @@ ### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md) ### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md) ### [Onboard endpoints and set up access](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md) -#### [Configure endpoints](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md) +#### [Configure client endpoints](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md) ##### [Configure endpoints using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md) ##### [Configure endpoints using System Security Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) ##### [Configure endpoints using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) ###### [Configure endpoints using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-microsoft-intune) ##### [Configure endpoints using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md) -#### [Configure proxy and Internet settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md) +##### [Configure non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) +#### [Configure server endpoints](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md) +#### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md) #### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) ### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md) ### [Use the Windows Defender ATP portal](windows-defender-atp\use-windows-defender-advanced-threat-protection.md) -#### [View the Dashboard](windows-defender-atp\dashboard-windows-defender-advanced-threat-protection.md) +#### [View the Security operations dashboard](windows-defender-atp\dashboard-windows-defender-advanced-threat-protection.md) +#### [View the Security analytics dashboard](windows-defender-atp\security-analytics-dashboard-windows-defender-advanced-threat-protection.md) #### [View and organize the Alerts queue](windows-defender-atp\alerts-queue-windows-defender-advanced-threat-protection.md) #### [Investigate alerts](windows-defender-atp\investigate-alerts-windows-defender-advanced-threat-protection.md) ##### [Alert process tree](windows-defender-atp\investigate-alerts-windows-defender-advanced-threat-protection.md#alert-process-tree) @@ -27,17 +30,23 @@ #### [Investigate a domain](windows-defender-atp\investigate-domain-windows-defender-advanced-threat-protection.md) #### [View and organize the Machines list](windows-defender-atp\machines-view-overview-windows-defender-advanced-threat-protection.md) #### [Investigate machines](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md) -##### [Search for specific alerts](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-alerts) -##### [Filter events from a specific date](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date) -##### [Export machine timeline events](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events) -##### [Navigate between pages](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages) +##### [Manage machine group and tags](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags) +##### [Alerts related to this machine](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine) +##### [Machine timeline](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline) +###### [Search for specific events](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events) +###### [Filter events from a specific date](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date) +###### [Export machine timeline events](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events) +###### [Navigate between pages](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages) #### [Investigate a user account](windows-defender-atp\investigate-user-windows-defender-advanced-threat-protection.md) #### [Manage alerts](windows-defender-atp\manage-alerts-windows-defender-advanced-threat-protection.md) #### [Take response actions](windows-defender-atp\response-actions-windows-defender-advanced-threat-protection.md) ##### [Take response actions on a machine](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md) -###### [Isolate machines from the network](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) -###### [Undo machine isolation](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation) ###### [Collect investigation package](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package) +###### [Run antivirus scan](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines) +###### [Restrict app execution](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#restict-app-execution) +###### [Remove app restriction](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction) +###### [Isolate machines from the network](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) +###### [Release machine from the isolation](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation) ###### [Check activity details in Action center](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) ##### [Take response actions on a file](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md) ###### [Stop and quarantine files in your network](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) @@ -63,6 +72,46 @@ #### [Python code examples](windows-defender-atp\python-example-code-windows-defender-advanced-threat-protection.md) #### [Experiment with custom threat intelligence alerts](windows-defender-atp\experiment-custom-ti-windows-defender-advanced-threat-protection.md) #### [Troubleshoot custom threat intelligence issues](windows-defender-atp\troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +### [Use the Windows Defender ATP exposed APIs](windows-defender-atp\exposed-apis-windows-defender-advanced-threat-protection.md) +#### [Supported Windows Defender ATP APIs](windows-defender-atp\supported-apis-windows-defender-advanced-threat-protection.md) +##### Actor +###### [Get actor information](windows-defender-atp\get-actor-information-windows-defender-advanced-threat-protection.md) +###### [Get actor related alerts](windows-defender-atp\get-actor-related-alerts-windows-defender-advanced-threat-protection.md) +##### Alerts +###### [Get alerts](windows-defender-atp\get-alerts-windows-defender-advanced-threat-protection.md) +###### [Get alert information by ID](windows-defender-atp\get-alert-info-by-id-windows-defender-advanced-threat-protection.md) +###### [Get alert related actor information](windows-defender-atp\get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) +###### [Get alert related domain information](windows-defender-atp\get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) +###### [Get alert related file information](windows-defender-atp\get-alert-related-files-info-windows-defender-advanced-threat-protection.md) +###### [Get alert related IP information](windows-defender-atp\get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) +###### [Get alert related machine information](windows-defender-atp\get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) +##### Domain +###### [Get domain related alerts](windows-defender-atp\get-domain-related-alerts-windows-defender-advanced-threat-protection.md) +###### [Get domain related machines](windows-defender-atp\get-domain-related-machines-windows-defender-advanced-threat-protection.md) +###### [Get domain statistics](windows-defender-atp\get-domain-statistics-windows-defender-advanced-threat-protection.md) +###### [Is domain seen in organization](windows-defender-atp\is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) +##### File +###### [Get file information](windows-defender-atp\get-file-information-windows-defender-advanced-threat-protection.md) +###### [Get file related alerts](windows-defender-atp\get-file-related-alerts-windows-defender-advanced-threat-protection.md) +###### [Get file related machines](windows-defender-atp\get-file-related-machines-windows-defender-advanced-threat-protection.md) +###### [Get file statistics](windows-defender-atp\get-file-statistics-windows-defender-advanced-threat-protection.md) +##### IP +###### [Get IP related alerts](windows-defender-atp\get-ip-related-alerts-windows-defender-advanced-threat-protection.md) +###### [Get IP related machines](windows-defender-atp\get-ip-related-machines-windows-defender-advanced-threat-protection.md) +###### [Get IP statistics](windows-defender-atp\get-ip-statistics-windows-defender-advanced-threat-protection.md) +###### [Is IP seen in organization](windows-defender-atp\is-ip-seen-org-windows-defender-advanced-threat-protection.md) +##### Machines +###### [Find machine information by IP](windows-defender-atp\find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) +###### [Get machines](windows-defender-atp\get-machines-windows-defender-advanced-threat-protection.md) +###### [Get machine by ID](windows-defender-atp\get-machine-by-id-windows-defender-advanced-threat-protection.md) +###### [Get machine log on users](windows-defender-atp\get-machine-log-on-users-windows-defender-advanced-threat-protection.md) +###### [Get machine related alerts](windows-defender-atp\get-machine-related-alerts-windows-defender-advanced-threat-protection.md) +##### User +###### [Get alert related user information](windows-defender-atp\get-alert-related-user-info-windows-defender-advanced-threat-protection.md) +###### [Get user information](windows-defender-atp\get-user-information-windows-defender-advanced-threat-protection.md) +###### [Get user related alerts](windows-defender-atp\get-user-related-alerts-windows-defender-advanced-threat-protection.md) +###### [Get user related machines](windows-defender-atp\get-user-related-machines-windows-defender-advanced-threat-protection.md) +### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md) ### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md) #### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) ##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines) @@ -74,12 +123,12 @@ #### [Configure email notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md) #### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md) #### [Enable Threat intel API](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md) +#### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md) ### [Windows Defender ATP settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md) ### [Windows Defender ATP service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md) ### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md) ### [Review events and errors on endpoints with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md) ### [Windows Defender Antivirus compatibility](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md) - ## [Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md) ### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md) @@ -95,6 +144,7 @@ #### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md) ##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md) #### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md) +##### [Troublehsoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md) #### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md) ##### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md) ##### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md) diff --git a/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection.md b/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection.md index 846f249f82..486f7992dd 100644 --- a/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection.md +++ b/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection.md @@ -649,3 +649,5 @@ You can get more info with the following links: - [Event Queries and Event XML](http://msdn.microsoft.com/library/bb399427.aspx) - [Event Query Schema](http://msdn.microsoft.com/library/aa385760.aspx) - [Windows Event Collector](http://msdn.microsoft.com/library/windows/desktop/bb427443.aspx) + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). \ No newline at end of file diff --git a/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md new file mode 100644 index 0000000000..bc96824baa --- /dev/null +++ b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md @@ -0,0 +1,77 @@ +--- +title: Collect diagnostic data for Update Compliance and Windows Defender AV +description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Windows Defender AV Assessment add in +keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av +search.product: eADQiWindows 10XVcnh +ms.pagetype: security +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: iaanw +ms.author: iawilt +ms.date: 09/06/2017 +--- + +# Collect Update Compliance diagnostic data for Windows Defender AV Assessment + +**Applies to:** + +- Windows 10 + +**Audience** + +- IT administrators + +This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in. + +Before attempting this process, ensure you have read the [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) topic, met all require pre-requisites, and taken any other suggested troubleshooting steps. + + +1. On at least two endpoints that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by following this process: + + 1. Open an administrator-level version of the command prompt: + + 1. Open the **Start** menu. + + 2. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**. + + 3. Enter administrator credentials or approve the prompt. + + 2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example: + + ```Dos + cd c:\program files\windows\defender + ``` + + 3. Enter the following command and press **Enter** + + ```Dos + mpcmdrun -getfiles + ``` + + 4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. + +2. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us. + +3. Send an email using the Update Compliance support email template, and fill out the template with the following information: + + + ``` + I am encountering the following issue when using Windows Defender AV in Update Compliance: + + I have provided at least 2 support .cab files at the following location: + + My OMS workspace ID is: + + Please contact me at: + ``` + + + + +## Related topics + +- [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) + diff --git a/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md index 01bec5d98d..5b30a1d8e3 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md @@ -45,12 +45,11 @@ You can also [specify how long the file should be prevented from running](config ## How it works -When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. The following video describes how this feature works. +When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. -The Block at first sight feature only uses the cloud protection backend for executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the EXE file is checked via the cloud backend to determine if this is a previously undetected file. +The Block at First Sight feature only uses the cloud protection backend for executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file. - + If the cloud backend is unable to make a determination, the file will be locked by Windows Defender AV while a copy is uploaded to the cloud. The cloud will perform additional analysis to reach a determination before it allows the file to run or blocks it in all future encounters, depending on whether the file is determined to be malicious or safe. diff --git a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md index cc04c936e3..f144ebfc04 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md @@ -147,7 +147,7 @@ After whitelisting the URLs listed above, you can test if you are connected to t Use the following argument with the Windows Defender AV command line utility (*mpcmdrun.exe*) to verify that your network can communicate with the Windows Defender AV cloud: ```DOS -MpCmdRun - ValidateMapsConnection +MpCmdRun -ValidateMapsConnection ``` > [!NOTE] > You need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. This command will only work on Windows 10, version 1703. diff --git a/windows/threat-protection/windows-defender-antivirus/images/server-add-gui.png b/windows/threat-protection/windows-defender-antivirus/images/server-add-gui.png new file mode 100644 index 0000000000..f9ef1da5f7 Binary files /dev/null and b/windows/threat-protection/windows-defender-antivirus/images/server-add-gui.png differ diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md new file mode 100644 index 0000000000..a723a79704 --- /dev/null +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md @@ -0,0 +1,70 @@ +--- +title: Troubleshoot problems with reporting tools for Windows Defender AV +description: Identify and solve common problems when attempting to report in Windows Defender AV protection status in Update Compliance +keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av +search.product: eADQiWindows 10XVcnh +ms.pagetype: security +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: iaanw +ms.author: iawilt +ms.date: 09/06/2017 +--- + +# Troubleshoot Windows Defender Antivirus reporting in Update Compliance + +**Applies to:** + +- Windows 10 + +**Audience** + +- IT administrators + +When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues. + +Typically, the most common indicators of a problem are: +- You only see a small number or subset of all the devices you were expecting to see +- You do not see any devices at all +- The reports and information you do see is outdated (older than a few days) + +For common error codes and event IDs related to the Windows Defender AV service that are not related to Update Compliance, see the [Windows Defender Antivirus events](troubleshoot-windows-defender-antivirus.md) topic. + +There are three steps to troubleshooting these problems: + +1. Confirm that you have met all pre-requisites +2. Check your connectivity to the Windows Defender cloud-based service +3. Submit support logs + +>[!IMPORTANT] +>It typically takes 3 days for devices to start appearing in Update Compliance + + +## Confirm pre-requisites + +In order for devices to properly show up in Update Compliance, you have to meet certain pre-requisites for both the Update Compliance service and for Windows Defender AV protection: + +>[!div class="checklist"] +>- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](windows-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance. +> - [Cloud-delivered protection is enabled](enable-cloud-protection-windows-defender-antivirus.md). +> - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud) +> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 telemetry must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level). +> - It has been 3 days since all requirements have been met + +If the above pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us. + +> [!div class="nextstepaction"] +> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance.md) + + + + + + +## Related topics + +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) diff --git a/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md index b8b5733748..6a6267b89a 100644 --- a/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md @@ -33,6 +33,11 @@ Cloud-delivered protection for Windows Defender Antivirus, also referred to as M Enabling cloud-delivered protection helps detect and block new malware - even if the malware has never been seen before - without needing to wait for a traditionally delivered definition update to block it. Definition updates can take hours to prepare and deliver, while our cloud service can deliver updated protection in seconds. +The following video describes how it works: + + + Cloud-delivered protection is enabled by default, however you may need to re-enable it if it has been disabled as part of previous organizational policies. The following table describes the differences in cloud-delivered protection between recent versions of Windows and System Center Configuration Manager. diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index 84504a1aae..1d49a1e634 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -1,6 +1,6 @@ --- -title: Windows Defender Antivirus and Windows Defender ATP -description: Windows Defender AV and Windows Defender ATP work together to provide threat detection, remediation, and investigation. +title: Windows Defender Antivirus compatibility with other security products +description: Windows Defender AV operates in different ways depending on what other security products you have installed, and the operating system you are using. keywords: windows defender, atp, advanced threat protection, compatibility, passive mode search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -11,35 +11,75 @@ ms.pagetype: security ms.localizationpriority: medium author: iaanw ms.author: iawilt -ms.date: 06/13/2017 +ms.date: 09/07/2017 --- -# Windows Defender Antivirus and Advanced Threat Protection: Better together +# Windows Defender Antivirus and third party protection products **Applies to:** - Windows 10 +- Windows Server 2016 **Audience** - Enterprise security administrators +Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. -Windows Defender Advanced Threat Protection (ATP) is an additional service beyond Windows Defender Antivirus that helps enterprises detect, investigate, and respond to advanced persistent threats on their network. -See the [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) topics for more information about the service. +However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender AV will automatically disable itself. -If you are enrolled in Windows Defender ATP, and you are not using Windows Defender AV as your real-time protection service on your endpoints, Windows Defender will automatically enter into a passive mode. On Windows Server 2016 SKUs, Windows Defender AV will not enter into the passive mode and will run alongside your other antivirus product. +If you are also using Windows Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode. -In passive mode, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware. +On Windows Server 2016, Windows Defender AV will not enter passive or disabled mode if you have also installed a third-party antivirus product. See [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) topic for key differences and management options for Windows Server installations. -You can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. +The following matrix illustrates how Windows Defender AV operates when third-party antivirus products or Windows Defender ATP are also used. -If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode. +Windows version | Antimalware protection offered by | Organization enrolled in Windows Defender ATP | Windows Defender AV state +-|-|-|- +Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode +Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode +Windows 10 | Windows Defender AV | Yes | Active mode +Windows 10 | Windows Defender AV | No | Active mode +Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode +Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Active mode +Windows Server 2016 | Windows Defender AV | Yes | Active mode +Windows Server 2016 | Windows Defender AV | No | Active mode +>[!IMPORTANT] +>Windows Defender AV is only available on endpoints running Windows 10 or Windows Server 2016. +> +>In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/en-us/library/hh508760.aspx), which is managed through System Center Configuration Manager. +> +>Windows Defender is also offered for [consumer devices on Windows 8.1 and Windows Server 2012](https://technet.microsoft.com/en-us/library/dn344918#BKMK_WindowsDefender), although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations). + + + + +In the passive and automatic disabled modes, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware. + +The reasons for this are twofold: + +1. If you are enrolled in Windows Defender ATP, [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. +2. If the protection offered by a third-party antivirus product goes out of date, is not updated, or stops providing real-time protection from viruses, malware, and other threats, then Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. + + Therefore, the Windows Defender AV service needs to update itself to ensure it has up-to-date protection coverage in case it needs to automatically enable itself. + + You can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. + + If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode. + +>[!WARNING] +>You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender AV, Windows Defender ATP, or the Windows Defender Security Center app. +> +>This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. + + ## Related topics -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) +- [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) \ No newline at end of file diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md index 91520bc734..77b79508b8 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: iaanw ms.author: iawilt -ms.date: 08/25/2017 +ms.date: 09/07/2017 --- @@ -56,21 +56,56 @@ This topic includes the following instructions for setting up and running Window - [Configure automatic exclusions](#BKMK_DefExclusions) -## Enable the interface -By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs. +## Enable or disable the interface on Windows Server 2016 +By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required. -You can enable or disable the interface by using the **Add Roles and Features Wizard** or PowerShellCmdlets, as described in the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic. +If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option. -The following PowerShell cmdlet will enable the interface: +![](images/server-add-gui.png) + +See the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic for information on using the wizard. + +The following PowerShell cmdlet will also enable the interface: ```PowerShell Install-WindowsFeature -Name Windows-Defender-GUI ``` -The following cmdlet will disable the interface: +To hide the interface, use the **Remove Roles and Features Wizard** and deselect the **GUI for Windows Defender** option at the **Features** step, or use the following PowerShell cmdlet: + + +```PowerShell +Uninstall-WindowsFeature -Name Windows-Defender-GUI +``` + + +>[!IMPORTANT] +> Windows Defender AV will still run normally without the user interface, but the user interface cannot be enabled if you disable the core **Windows Defender** feature. + +## Install or uninstall Windows Defender AV on Windows Server 2016 + + +You can also uninstall Windows Defender AV completely with the **Remove Roles and Features Wizard** by deselecting the **Windows Defender Features** option at the **Features** step in the wizard. + +>[!NOTE] +>Deselecting **Windows Defender** on its own under the **Windows Defender Features** section will automatically prompt you to remove the interface option **GUI for Windows Defender**. + + + + +The following PowerShell cmdlet will also uninstall Windows Defender AV on Windows Server 2016: + ```PS -Uninstall-WindowsFeature -Name Windows-Server-Antimalware +Uninstall-WindowsFeature -Name Windows-Defender +``` + +To install Windows Defender AV again, use the **Add Roles and Features Wizard** and ensure the **Windows Defender** feature is selected. You can also enable the interface by selecting the **GUID for Windows Defender** option. + +You can also use the following PowerShell cmdlet to install Windows Defender AV: + +```PS +Install-WindowsFeature -Name Windows-Defender ``` > [!TIP] diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index dc8b0b0597..495cc05eec 100644 --- a/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -38,11 +38,11 @@ In Windows 10, version 1703 (also known as the Creators Update), the Windows Def Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703. > [!IMPORTANT] -> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date. +> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a third-party antivirus or firewall product is installed and kept up to date. > [!WARNING] > If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. ->It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed. +>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. >This will significantly lower the protection of your device and could lead to malware infection. diff --git a/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index 73bb0a5fb0..0018059252 100644 --- a/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -8,7 +8,6 @@ ms.pagetype: security author: eross-msft ms.author: lizross ms.date: 08/11/2017 -localizationpriority: high --- # Configure Windows Defender Application Guard policy settings @@ -40,7 +39,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Win |-----------|------------------|-----------|-------| |Configure Windows Defender Application Guard clipboard settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:

                  • Disable the clipboard functionality completely when Virtualization Security is enabled.
                  • Enable copying of certain content from Application Guard into Microsoft Edge.
                  • Enable copying of certain content from Microsoft Edge into Application Guard.

                    **Important**
                    Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
                  **Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.| |Configure Windows Defender Application Guard print settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:
                  • Enable Application Guard to print into the XPS format.
                  • Enable Application Guard to print into the PDF format.
                  • Enable Application Guard to print to locally attached printers.
                  • Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.
                  **Disabled or not configured.** Completely turns Off the print functionality for Application Guard.| -|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.

                  **Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard.| +|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.**Note** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.

                  **Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. | |Allow Persistence|At least Windows 10 Enterprise|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.

                  **Disabled or not configured.** All user data within Application Guard is reset between sessions.

                  **Note**
                  If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
                  **To reset the container:**
                  1. Open a command-line program and navigate to Windows/System32.
                  2. Type `wdagtool.exe cleanup`.
                    The container environment is reset, retaining only the employee-generated data.
                  3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`.
                    The container environment is reset, including discarding all employee-generated data.
                  | |Turn On/Off Windows Defender Application Guard (WDAG)|At least Windows 10 Enterprise|Determines whether to turn on Application Guard for Microsoft Edge.|**Enabled.** Turns on Application Guard for Microsoft Edge, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device.

                  **Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge.| diff --git a/windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md index 78a7228f40..d5206df9fb 100644 --- a/windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md @@ -8,7 +8,6 @@ ms.pagetype: security author: eross-msft ms.author: lizross ms.date: 08/11/2017 -localizationpriority: high --- # Frequently asked questions - Windows Defender Application Guard diff --git a/windows/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/threat-protection/windows-defender-application-guard/install-wd-app-guard.md index a93a6519fc..0504f9f546 100644 --- a/windows/threat-protection/windows-defender-application-guard/install-wd-app-guard.md +++ b/windows/threat-protection/windows-defender-application-guard/install-wd-app-guard.md @@ -8,7 +8,6 @@ ms.pagetype: security author: eross-msft ms.author: lizross ms.date: 08/11/2017 -localizationpriority: high --- # Prepare and install Windows Defender Application Guard diff --git a/windows/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md index c9f657f6f9..15b33475fa 100644 --- a/windows/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md +++ b/windows/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md @@ -8,7 +8,6 @@ ms.pagetype: security author: eross-msft ms.author: lizross ms.date: 08/11/2017 -localizationpriority: high --- # System requirements for Windows Defender Application Guard diff --git a/windows/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md index 152f404382..b7cb312c08 100644 --- a/windows/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md +++ b/windows/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md @@ -8,7 +8,6 @@ ms.pagetype: security author: eross-msft ms.author: lizross ms.date: 08/11/2017 -localizationpriority: high --- # Testing scenarios using Windows Defender Application Guard in your business or organization diff --git a/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md index ac7c37e883..465c993f93 100644 --- a/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md @@ -8,7 +8,6 @@ ms.pagetype: security author: eross-msft ms.author: lizross ms.date: 08/11/2017 -localizationpriority: high --- # Windows Defender Application Guard overview @@ -20,7 +19,6 @@ The threat landscape is continually evolving. While hackers are busy developing Windows Defender Application Guard (Application Guard) is designed to help prevent old, and newly emerging attacks, to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by rendering current attack methods obsolete. - ## What is Application Guard and how does it work? Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted. @@ -40,8 +38,8 @@ Application Guard has been created to target 3 types of enterprise systems: ## In this section |Topic |Description | |------|------------| -|[System requirements for Windows Defender Application Guard](reqs-wd-app-guard.md) |Specifies the pre-requisites necessary to install and use Application Guard. | -|[Prepare and install Windows Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization. | +|[System requirements for Windows Defender Application Guard](reqs-wd-app-guard.md) |Specifies the pre-requisites necessary to install and use Application Guard.| +|[Prepare and install Windows Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.| |[Configure the Group Policy settings for Windows Defender Application Guard](configure-wd-app-guard.md) |Provides info about the available Group Policy and MDM settings.| |[Testing scenarios using Windows Defender Application Guard in your business or organization](test-scenarios-wd-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Windows Defender Application Guard (Application Guard) in your organization.| |[Frequently Asked Questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Common questions and answers around the features and functionality of Application Guard.| \ No newline at end of file diff --git a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md index 3e2f82bcdc..45139f43a5 100644 --- a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md @@ -10,7 +10,9 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- + # Turn on advanced features in Windows Defender ATP **Applies to:** @@ -21,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink) + Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Windows Defender ATP with. Turn on the following advanced features to get better protected from potentially malicious files and gain better insight during security investigations: @@ -32,7 +38,7 @@ If your organization satisfies these conditions, the feature is enabled by defau ## Show user details When you enable this feature, you'll be able to see user details stored in Azure Active Directory including a user's picture, name, title, and department information when investigating user account entities. You can find user account information in the following views: -- Dashboard +- Security operations dashboard - Alert queue - Machine details page @@ -57,3 +63,4 @@ When you enable this feature, you'll be able to incorporate data from Office 365 - [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md) - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md) \ No newline at end of file diff --git a/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md index c56729bba8..42299706d8 100644 --- a/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # View and organize the Windows Defender Advanced Threat Protection Alerts queue @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-alertsq-abovefoldlink) + The **Alerts queue** shows a list of alerts that were flagged from endpoints in your network. Alerts are displayed in queues according to their current status. In each queue, you'll see details such as the severity of alerts and the number of machines the alerts were raised on. Alerts are organized in queues by their workflow status or assignment: @@ -30,6 +35,7 @@ Alerts are organized in queues by their workflow status or assignment: - **In progress** - **Resolved** - **Assigned to me** +- **Suppression rules** To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane. @@ -112,13 +118,14 @@ Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together ![Alerts queue bulk edit](images/alerts-q-bulk.png) ## Related topics -- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- [View the Windows Defender Advanced Threat Protection Security analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md) -- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md) -- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) +- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md) - [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md) - [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md index bec8ac80d7..764fe72b5d 100644 --- a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Windows Defender ATP alert API fields @@ -22,6 +23,11 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink) + Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal. @@ -33,249 +39,48 @@ The ArcSight field column contains the default mapping between the Windows Defen Field numbers match the numbers in the images below. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                  Portal labelSIEM field nameArcSight fieldExample valueDescription
                  1AlertTitlenameA dll was unexpectedly loaded into a high integrity process without a UAC promptValue available for every alert.
                  2SeveritydeviceSeverityMediumValue available for every alert.
                  3CategorydeviceEventCategoryPrivilege EscalationValue available for every alert.
                  4SourcesourceServiceNameWindowsDefenderATPWindows Defender Antivirus or Windows Defender ATP. Value available for every alert.
                  5MachineNamesourceHostNameliz-beanValue available for every alert.
                  6FileNamefileNameRobocopy.exeAvailable for alerts associated with a file or process.
                  7FilePathfilePathC:\Windows\System32\Robocopy.exeAvailable for alerts associated with a file or process. \
                  8UserDomainsourceNtDomaincontosoThe domain of the user context running the activity, available for Windows Defender ATP behavioral based alerts.
                  9UserNamesourceUserNameliz-beanThe user context running the activity, available for Windows Defender ATP behavioral based alerts.
                  10Sha1fileHash5b4b3985339529be3151d331395f667e1d5b7f35Available for alerts associated with a file or process.
                  11Md5deviceCustomString555394b85cb5edddff551f6f3faa9d8ebAvailable for Windows Defender AV alerts.
                  12Sha256deviceCustomString69987474deb9f457ece2a9533a08ec173a0986fa3aa6ac355eeba5b622e4a43f5Available for Windows Defender AV alerts.
                  13ThreatNameeviceCustomString1Trojan:Win32/Skeeyah.A!bitAvailable for Windows Defender AV alerts.
                  14IpAddresssourceAddress218.90.204.141Available for alerts associated to network events. For example, 'Communication to a malicious network destination'.
                  15UrlrequestUrldown.esales360.cnAvailabe for alerts associated to network events. For example, 'Communication to a malicious network destination'.
                  16RemediationIsSuccessdeviceCustomNumber2TRUEAvailable for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE.
                  17WasExecutingWhileDetecteddeviceCustomNumber1FALSEAvailable for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE.
                  18AlertIdexternalId636210704265059241_673569822Value available for every alert.
                  19LinkToWDATPflexString1`https://securitycenter.windows.com/alert/636210704265059241_673569822`Value available for every alert.
                  20AlertTimedeviceReceiptTime2017-05-07T01:56:59.3191352ZThe time the activity relevant to the alert occurred. Value available for every alert.
                  21MachineDomainsourceDnsDomaincontoso.comDomain name not relevant for AAD joined machines. Value available for every alert.
                  22ActordeviceCustomString4Available for alerts related to a known actor group.
                  21+5ComputerDnsNameNo mappingliz-bean.contoso.comThe machine fully qualified domain name. Value available for every alert.
                  LogOnUserssourceUserIdcontoso\liz-bean; contoso\jay-hardeeThe domain and user of the interactive logon user/s at the time of the event. Note: For machines on Windows 10 version 1607, the domain information will not be available.
                  Internal fieldLastProcessedTimeUtcNo mapping2017-05-07T01:56:58.9936648ZTime when event arrived at the backend. This field can be used when setting the request parameter for the range of time that alerts are retrieved.
                  Not part of the schemadeviceVendorStatic value in the ArcSight mapping - 'Microsoft'.
                  Not part of the schemadeviceProductStatic value in the ArcSight mapping - 'Windows Defender ATP'.
                  Not part of the schemadeviceVersionStatic value in the ArcSight mapping - '2.0', used to identify the mapping versions.
                  +> [!div class="mx-tableFixed"] +| Portal label | SIEM field name | ArcSight field | Example value | Description | +|------------------|---------------------------|---------------------|------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 1 | AlertTitle | name | A dll was unexpectedly loaded into a high integrity process without a UAC prompt | Value available for every alert. | +| 2 | Severity | deviceSeverity | Medium | Value available for every alert. | +| 3 | Category | deviceEventCategory | Privilege Escalation | Value available for every alert. | +| 4 | Source | sourceServiceName | WindowsDefenderATP | Windows Defender Antivirus or Windows Defender ATP. Value available for every alert. | +| 5 | MachineName | sourceHostName | liz-bean | Value available for every alert. | +| 6 | FileName | fileName | Robocopy.exe | Available for alerts associated with a file or process. | +| 7 | FilePath | filePath | C:\Windows\System32\Robocopy.exe | Available for alerts associated with a file or process. | +| 8 | UserDomain | sourceNtDomain | contoso | The domain of the user context running the activity, available for Windows Defender ATP behavioral based alerts. | +| 9 | UserName | sourceUserName | liz-bean | The user context running the activity, available for Windows Defender ATP behavioral based alerts. | +| 10 | Sha1 | fileHash | 5b4b3985339529be3151d331395f667e1d5b7f35 | Available for alerts associated with a file or process. | +| 11 | Md5 | deviceCustomString5 | 55394b85cb5edddff551f6f3faa9d8eb | Available for Windows Defender AV alerts. | +| 12 | Sha256 | deviceCustomString6 | 9987474deb9f457ece2a9533a08ec173a0986fa3aa6ac355eeba5b622e4a43f5 | Available for Windows Defender AV alerts. | +| 13 | ThreatName | eviceCustomString1 | Trojan:Win32/Skeeyah.A!bit | Available for Windows Defender AV alerts. | +| 14 | IpAddress | sourceAddress | 218.90.204.141 | Available for alerts associated to network events. For example, 'Communication to a malicious network destination'. | +| 15 | Url | requestUrl | down.esales360.cn | Available for alerts associated to network events. For example, 'Communication to a malicious network destination'. | +| 16 | RemediationIsSuccess | deviceCustomNumber2 | TRUE | Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE. | +| 17 | WasExecutingWhileDetected | deviceCustomNumber1 | FALSE | Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE. | +| 18 | AlertId | externalId | 636210704265059241_673569822 | Value available for every alert. | +| 19 | LinkToWDATP | flexString1 | `https://securitycenter.windows.com/alert/636210704265059241_673569822` | Value available for every alert. | +| 20 | AlertTime | deviceReceiptTime | 2017-05-07T01:56:59.3191352Z | The time the activity relevant to the alert occurred. Value available for every alert. | +| 21 | MachineDomain | sourceDnsDomain | contoso.com | Domain name not relevant for AAD joined machines. Value available for every alert. | +| 22 | Actor | deviceCustomString4 | | Available for alerts related to a known actor group. | +| 21+5 | ComputerDnsName | No mapping | liz-bean.contoso.com | The machine fully qualified domain name. Value available for every alert. | +| | LogOnUsers | sourceUserId | contoso\liz-bean; contoso\jay-hardee | The domain and user of the interactive logon user/s at the time of the event. Note: For machines on Windows 10 version 1607, the domain information will not be available. | +| | InternalIPv4List | No mapping | 192.168.1.7, 10.1.14.1 | List of IPV4 internal IPs for active network interfaces. | +| | InternalIPv6List | No mapping | fd30:0000:0000:0001:ff4e:003e:0009:000e, FE80:CD00:0000:0CDE:1257:0000:211E:729C | List of IPV6 internal IPs for active network interfaces. | +| Internal field | LastProcessedTimeUtc | No mapping | 2017-05-07T01:56:58.9936648Z | Time when event arrived at the backend. This field can be used when setting the request parameter for the range of time that alerts are retrieved. | +| | Not part of the schema | deviceVendor | | Static value in the ArcSight mapping - 'Microsoft'. | +| | Not part of the schema | deviceProduct | | Static value in the ArcSight mapping - 'Windows Defender ATP'. | +| | Not part of the schema | deviceVersion | | Static value in the ArcSight mapping - '2.0', used to identify the mapping versions. ![Image of alert with numbers](images/atp-alert-page.png) ![Image of alert details pane with numbers](images/atp-siem-mapping13.png) -![Image of alert timeline with numbers](images/atp-siem-mapping3.png) +![Image of artifact timeline with numbers](images/atp-siem-mapping3.png) -![Image of alert timeline with numbers](images/atp-siem-mapping4.png) +![Image of artifact timeline with numbers](images/atp-siem-mapping4.png) ![Image machine view](images/atp-mapping6.png) diff --git a/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md index 8084be4e84..49f712d937 100644 --- a/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Assign user access to the Windows Defender ATP portal @@ -23,6 +24,8 @@ ms.localizationpriority: high - Office 365 - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + Windows Defender ATP users and access permissions are managed in Azure Active Directory (AAD). Use the following methods to assign security roles. ## Assign user access using Azure PowerShell @@ -79,3 +82,6 @@ For more information see, [Manage Azure AD group and role membership](https://te 7. Under **Directory role**, select **Limited administrator**, then **Security Reader** or **Security Administrator**. ![Image of Microsoft Azure portal](images/atp-azure-ui-user-access.png) + + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portalaccess-belowfoldlink) diff --git a/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md index ff45bb42eb..b4cac17a7c 100644 --- a/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Check the health state of the sensor in Windows Defender ATP description: Check the sensor health on machines to identify which ones are misconfigured, inactive, or are not reporting sensor data. -keywords: sensor, sensor health, misconfigured, inactive, no sensor data, sensor data, impaired communication, communication +keywords: sensor, sensor health, misconfigured, inactive, no sensor data, sensor data, impaired communications, communication search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Check sensor health state in Windows Defender ATP @@ -22,6 +23,9 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-checksensor-abovefoldlink) The sensor health tile provides information on the individual endpoint’s ability to provide sensor data and communicate with the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues. @@ -49,7 +53,7 @@ You can filter the health state list by the following status: - **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service. - **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service but have configuration errors that need to be corrected. Misconfigured machines can have either one or a combination of the following issues: - **No sensor data** - Machines has stopped sending sensor data. Limited alerts can be triggered from the machine. - - **Impaired communication** - Ability to communicate with machine is impaired. Sending files for deep analysis, blocking files, isolating machine from network and other actions that require communication with the machine may not work. + - **Impaired communications** - Ability to communicate with machine is impaired. Sending files for deep analysis, blocking files, isolating machine from network and other actions that require communication with the machine may not work. You can view the machine details when you click on a misconfigured or inactive machine. You’ll see more specific machine information when you click the information icon. diff --git a/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md index df4b70e28a..c4c965309f 100644 --- a/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Configure HP ArcSight to pull Windows Defender ATP alerts @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) + You'll need to install and configure some files and tools to use HP ArcSight so that it can pull Windows Defender ATP alerts. ## Before you begin diff --git a/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index 97bfb2b0af..1c7f1bf825 100644 --- a/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Configure email notifications in Windows Defender ATP @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink) + You can configure Windows Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity. > [!NOTE] @@ -74,3 +79,4 @@ This section lists various issues that you may encounter when using email notifi - [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md) - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md) \ No newline at end of file diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md index dd813aefb9..c0c4500c23 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Configure endpoints using Group Policy @@ -23,13 +24,19 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink) + + > [!NOTE] > To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later. ## Onboard endpoints 1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint management** on the **Navigation pane**. + a. Click **Endpoint management** > **Clients** on the **Navigation pane**. b. Select **Group Policy**, click **Download package** and save the .zip file. @@ -49,6 +56,7 @@ ms.localizationpriority: high 9. Click **OK** and close any open GPMC windows. + ## Additional Windows Defender ATP configuration settings For each endpoint, you can state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis. @@ -150,4 +158,5 @@ With Group Policy there isn’t an option to monitor deployment of policies on t - [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) - [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) - [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) +- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index 2c8aed6960..690593d58b 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Configure endpoints using Mobile Device Management tools @@ -22,10 +23,19 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink) + You can use mobile device management (MDM) solutions to configure endpoints. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage endpoints. For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx). +## Before you begin +If you're using Microsoft Intune, you must have the device MDM Enrolled. Otherwise, settings will not be applied successfully. + +For more information on enabling MDM with Microsoft Intune, see [Setup Windows Device Management](https://docs.microsoft.com/intune-classic/deploy-use/set-up-windows-device-management-with-microsoft-intune). + ## Configure endpoints using Microsoft Intune For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx). @@ -106,7 +116,7 @@ Configuration for onboarded machines: telemetry reporting frequency | ./Device/V 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Select **Endpoint management** > **Client management** on the **Navigation pane**. + a. Select **Endpoint management** > **Clients** on the **Navigation pane**. b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file. @@ -203,4 +213,5 @@ Health Status for offboarded machines: Onboarding State | ./Device/Vendor/MSFT/W - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) - [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) - [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) +- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md index 59794d532f..dccdfe3ee5 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Configure endpoints using System Center Configuration Manager @@ -23,6 +24,10 @@ ms.localizationpriority: high - Windows Defender Advanced Threat Protection (Windows Defender ATP) - System Center 2012 Configuration Manager or later versions +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink) + ## Configure endpoints using System Center Configuration Manager (current branch) version 1606 System Center Configuration Manager (SCCM) (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682). @@ -169,4 +174,5 @@ For more information about System Center Configuration Manager Compliance see [C - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) - [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) - [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) +- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md index 0f47beb693..c2d209b804 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Configure endpoints using a local script @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink) + You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network. > [!NOTE] @@ -121,4 +126,5 @@ Monitoring can also be done directly on the portal, or by using the different de - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) - [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) - [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) +- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..433ebdcd72 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md @@ -0,0 +1,87 @@ +--- +title: Configure non-persistent virtual desktop infrastructure (VDI) machines +description: Deploy the configuration package on virtual desktop infrastructure (VDI) machine so that they are onboarded to Windows Defender ATP the service. +keywords: configure virtual desktop infrastructure (VDI) machine, vdi, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Configure non-persistent virtual desktop infrastructure (VDI) machines + +**Applies to:** +- Virtual desktop infrastructure (VDI) machines + +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configvdi-abovefoldlink) + +## Onboard non-persistent virtual desktop infrastructure (VDI) machines + +Windows Defender ATP supports non-persistent VDI session onboarding. There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario: + + +- Instant early onboarding of a short living session + - A session should be onboarded to Windows Defender ATP prior to the actual provisioning. + +- Machine name persistence + - The machine names are typically reused for new sessions. One may ask to have them as a single machine entry while others may prefer to have multiple entries per machine name. + +You can onboard VDI machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries. + +>[!WARNING] +> For environments where there are low resource configurations, the VDI boot proceedure might slow the Windows Defender ATP sensor onboarding. + +1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): + + a. Click **Endpoint management** > **Clients** on the **Navigation pane**. + + b. Select **VDI onboarding scripts for non-persistent endpoints** then click **Download package** and save the .zip file. + +2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`. + + >[!NOTE] + >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer. + +3. The following step is only applicable if you're implementing a single entry for each machine:
                  + **For single entry for each machine**:
                  + a. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`.
                  + + >[!NOTE] + >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer. + +4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**. + +5. Depending on the method you'd like to implement, follow the appropriate steps:
                  + **For single entry for each machine**:
                  + Select the **PowerShell Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to onboarding PowerShell script `Onboard-NonPersistentMachine.ps1`.

                  + **For multiple entries for each machine**:
                  + Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`. + +6. Test your solution: + + a. Create a pool with one machine. + b. Logon to machine. + c. Logoff from machine. + d. Logon to machine with another user. + e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.
                  + **For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal. + +7. Click **Machines list** on the Navigation pane. + +8. Use the search function by entering the machine name and select **Machine** as search type. + +## Related topics +- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) +- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) +- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) +- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) +- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) + + diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md index f0e8bcee5c..3304be3c83 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- -title: Configure Windows Defender ATP endpoints -description: Configure endpoints so that they can send sensor data to the Windows Defender ATP sensor. -keywords: configure endpoints, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints +title: Configure Windows Defender ATP client endpoints +description: Configure client endpoints so that they can send sensor data to the Windows Defender ATP sensor. +keywords: configure client endpoints, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -10,9 +10,10 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- -# Configure Windows Defender ATP endpoints +# Configure Windows Defender ATP client endpoints **Applies to:** @@ -22,6 +23,8 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + Endpoints in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization. Windows Defender ATP supports the following deployment tools and methods: @@ -38,3 +41,7 @@ Topic | Description [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) | You can use either use System Center Configuration Manager (current branch) version 1606 or System Center Configuration Manager(current branch) version 1602 or earlier to deploy the configuration package on endpoints. [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) | Use Mobile Device Managment tools or Microsoft Intune to deploy the configuration package on endpoints. [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) | Learn how to use the local script to deploy the configuration package on endpoints. +[Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) | Learn how to use the configuration package to configure VDI machines. + + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink) \ No newline at end of file diff --git a/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 9710d5a35b..60d72976e0 100644 --- a/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- @@ -23,6 +24,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink) + The Windows Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service. The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service. diff --git a/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..343f4351d5 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md @@ -0,0 +1,89 @@ +--- +title: Configure Windows Defender ATP server endpoints +description: Configure server endpoints so that they can send sensor data to the Windows Defender ATP sensor. +keywords: configure server endpoints, server, server onboarding, endpoint management, configure Windows ATP server endpoints, configure Windows Defender Advanced Threat Protection server endpoints +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +localizationpriority: high +ms.date: 09/05/2017 +--- + +# Configure Windows Defender ATP server endpoints + +**Applies to:** + +- Windows Server 2012 R2 +- Windows Server 2016 +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configserver-abovefoldlink) + +Windows Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Windows Defender Security Center console. + +Windows Defender ATP supports the onboarding of the following servers: +- Windows Server 2012 R2 +- Windows Server 2016 + +## Onboard server endpoints + +To onboard your servers to Windows Defender ATP, you’ll need to: + +- Turn on server monitoring from the Windows Defender Security Center portal. +- If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through [Multi Homing support](https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/). Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below. + + +### Turn on Server monitoring from the Windows Defender Security Center portal + +1. In the navigation pane, select **Endpoint management** > **Server management**. + +2. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent. + + ![Image of server onboarding](images/atp-server-onboarding.png) + + +### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP + +1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603). + +2. Using the Workspace ID and Workspace key provided in the previous procedure, choose any of the following installation methods to install the agent on the server: + - [Manually install the agent using setup](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-setup)
                  + On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**. + - [Install the agent using the command line](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#add-a-workspace-using-a-script). + +3. You'll need to configure proxy settings for the Microsoft Monitoring Agent. For more information, see [Configure proxy settings](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#configure-proxy-settings). + +Once completed, you should see onboarded servers in the portal within an hour. + +### Configure server endpoint proxy and Internet connectivity settings +- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway). +- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service: + +| Agent Resource | Ports | +|------------------------------------|-------------| +| *.oms.opinsights.azure.com | 443 | +| *.blob.core.windows.net | 443 | +| *.azure-automation.net | 443 | +| *.ods.opinsights.azure.com | 443 | +| winatp-gw-cus.microsoft.com | 443 | +| winatp-gw-eus.microsoft.com | 443 | +| winatp-gw-neu.microsoft.com | 443 | +| winatp-gw-weu.microsoft.com | 443 | + + +### Offboard server endpoints +To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Windows Defender ATP. +For more information, see [To disable an agent](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent). + +>[!NOTE] +>Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months. + +## Related topics +- [Configure Windows Defender ATP client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) +- [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) +- [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md index 7b1168f940..a11b5b6701 100644 --- a/windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Pull alerts to your SIEM tools @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) + ## Pull alerts using supported security information and events management (SIEM) tools Windows Defender ATP supports (SIEM) tools to pull alerts. Windows Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull alerts from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment. diff --git a/windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md index f698a6aeb3..60e6cfaceb 100644 --- a/windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Configure Splunk to pull Windows Defender ATP alerts @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresplunk-abovefoldlink) + You'll need to configure Splunk so that it can pull Windows Defender ATP alerts. ## Before you begin diff --git a/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md index 9a12691b2c..5fafa61b0a 100644 --- a/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Create custom alerts using the threat intelligence (TI) application program interface (API) @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) + You can define custom alert definitions and indicators of compromise (IOC) using the threat intelligence API. Creating custom threat intelligence alerts allows you to generate specific alerts that are applicable to your organization. ## Before you begin diff --git a/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md index 6c6ffef9ba..0c3dc01eda 100644 --- a/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md @@ -1,5 +1,5 @@ --- -title: View the Windows Defender Advanced Threat Protection Dashboard +title: Windows Defender Advanced Threat Protection Security operations dashboard description: Use the Dashboard to identify machines at risk, keep track of the status of the service, and see statistics and information about machines and alerts. keywords: dashboard, alerts, new, in progress, resolved, risk, machines at risk, infections, reporting, statistics, charts, graphs, health, active malware detections, threat category, categories, password stealer, ransomware, exploit, threat, low severity, active malware search.product: eADQiWindows 10XVcnh @@ -10,9 +10,10 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- -# View the Windows Defender Advanced Threat Protection Dashboard +# View the Windows Defender Advanced Threat Protection Security operations dashboard **Applies to:** @@ -22,7 +23,11 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -The **Dashboard** displays a snapshot of: +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) + +The **Security operations dashboard** displays a snapshot of: - The latest active alerts on your network - Daily machines reporting @@ -34,7 +39,7 @@ The **Dashboard** displays a snapshot of: You can explore and investigate alerts and machines to quickly determine if, where, and when suspicious activities occurred in your network to help you understand the context they appeared in. -From the **Dashboard** you will see aggregated events to facilitate the identification of significant events or behaviors on a machine. You can also drill down into granular events and low-level indicators. +From the **Security operations dashboard** you will see aggregated events to facilitate the identification of significant events or behaviors on a machine. You can also drill down into granular events and low-level indicators. It also has clickable tiles that give visual cues on the overall health state of your organization. Each tile opens a detailed view of the corresponding overview. @@ -113,6 +118,9 @@ The **Daily machines reporting** tile shows a bar graph that represents the numb ![Image of daily machines reporting tile](images/atp-daily-machines-reporting.png) + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-belowfoldlink) + ## Related topics - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md index 740f5bfac2..6f7eed13ef 100644 --- a/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Windows Defender ATP data storage and privacy @@ -22,6 +23,7 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] This section covers some of the most frequently asked questions regarding privacy and data handling for Windows Defender ATP. > [!NOTE] @@ -71,5 +73,11 @@ Your data will be kept for a period of at least 90 days, during which it will be ## Can Microsoft help us maintain regulatory compliance? -Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Windows Defender ATP services against their own legal and regulatory requirements. Windows Defender ATP has a roadmap for obtaining national, regional and industry-specific certifications, starting with ISO 27001. The service is designed, implemented, and maintained according to the compliance and privacy principles of ISO 27001, as well as Microsoft’s compliance standards. -By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run, including this new Microsoft cloud service. +Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Windows Defender ATP services against their own legal and regulatory requirements. Windows Defender ATP is ISO 27001 certified and has a roadmap for obtaining national, regional and industry-specific certifications. + + +By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run. + +For more information on the Windows Defender ATP ISO certification reports, see [Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/compliance/iso-iec-27001). + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-datastorage-belowfoldlink) diff --git a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md index 4a0d314348..0f7c42f24e 100644 --- a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Windows Defender compatibility @@ -23,6 +24,10 @@ ms.localizationpriority: high - Windows Defender - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-defendercompat-abovefoldlink) + The Windows Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning. If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode. diff --git a/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md index 000296d697..4e98e3b3b4 100644 --- a/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Enable the custom threat intelligence API in Windows Defender ATP @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink) + Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal. 1. In the navigation pane, select **Preference Setup** > **Threat intel API**. diff --git a/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md index 13f4d9520a..b34a43be0e 100644 --- a/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Enable SIEM integration in Windows Defender ATP @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) + Enable security information and event management (SIEM) integration so you can pull alerts from the Windows Defender ATP portal using your SIEM solution or by connecting directly to the alerts REST API. 1. In the navigation pane, select **Preferences setup** > **SIEM integration**. diff --git a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md index 3419078fcb..f23dc99857 100644 --- a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- @@ -24,16 +25,18 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints. -For example, if endpoints are not appearing in the **Machines list** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps. +For example, if endpoints are not appearing in the **Machines list**, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps. > [!NOTE] > It can take several days for endpoints to begin reporting to the Windows Defender ATP service. **Open Event Viewer and find the Windows Defender ATP service event log:** -1. Click **Start**, type **Event Viewer**, and press **Enter**. +1. Click **Start** on the Windows menu, type **Event Viewer**, and press **Enter**. 2. In the log list, under **Log Summary**, scroll until you see **Microsoft-Windows-SENSE/Operational**. Double-click the item to open the log. @@ -331,7 +334,7 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen - +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-eventerrorcodes-belowfoldlink) ## Related topics - [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md index ebd6f01e25..6085998914 100644 --- a/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Experiment with custom threat intelligence (TI) alerts @@ -22,6 +23,9 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-experimentcustomti-abovefoldlink) With the Windows Defender ATP threat intelligence API, you can create custom threat intelligence alerts that can help you keep track of possible attack activities in your organization. diff --git a/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..73a2c6b1c7 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md @@ -0,0 +1,102 @@ +--- +title: Use the Windows Defender Advanced Threat Protection exposed APIs +description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph. +keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Use the Windows Defender ATP exposed APIs + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). + +In general, you’ll need to take the following steps to use the APIs: +- Create an app +- Get an access token +- Run queries on the graph API + +### Before you begin +Before using the APIs, you’ll need to create an app that you’ll use to authenticate against the graph. You’ll need to create a native app to use for the adhoc queries. + +## Create an app + +1. Log on to [Azure](https://portal.azure.com). + +2. Navigate to **Azure Active Directory** > **App registrations** > **New application registration**. + + ![Image of Microsoft Azure and navigation to application registration](images/atp-azure-new-app.png) + +3. In the Create window, enter the following information then click **Create**. + + ![Image of Create application window](images/atp-azure-create.png) + + - **Name:** WinATPGraph + - **Application type:** Native + - **Redirect URI:** `https://localhost` + + +4. Navigate and select the newly created application. + ![Image of new app in Azure](images/atp-azure-atp-app.png) + +5. Click **All settings** > **Required permissions** > **Add**. + + ![Image of All settings, then required permissions](images/atp-azure-required-permissions.png) + +6. Click **Select an API** > **Microsoft Graph**, then click **Select**. + + ![Image of API access and API selection](images/atp-azure-api-access.png) + + +7. Click **Select permissions** and select **Sign in and read user profile** then click **Select**. + + ![Image of select permissions](images/atp-azure-select-permissions.png) + +You can now use the code snippets in the following sections to query the API using the created app ID. + +## Get an access token +1. Get the Client ID from the application you created. + +2. Use the **Client ID**. For example: + ``` + private const string authority = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; + private const string resourceId = "https://graph.microsoft.com"; + private const string clientId = "{YOUR CLIENT ID/APP ID HERE}"; + private const string redirect = "https://localhost"; + HttpClient client = new HttpClient(); + AuthenticationContext auth = new AuthenticationContext(authority); + var token = auth.AcquireTokenAsync(resourceId, clientId, new Uri(redirect), new PlatformParameters(PromptBehavior.Auto)).Result; + client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(token.AccessTokenType, token.AccessToken); + ``` + +## Query the graph +Once the bearer token is retrieved, you can easily invoke the graph APIs. For example: + +``` +client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); +// sample endpoint +string ep = @"https://graph.microsoft.com/{VERSION}/alerts?$top=5"; +HttpResponseMessage response = client.GetAsync(ep).Result; +string resp = response.Content.ReadAsStringAsync().Result; +Console.WriteLine($"response for: {ep} \r\n {resp}"); +``` + + +## Related topics +- [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..cd1e27c74b --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md @@ -0,0 +1,72 @@ +--- +title: Find machine information by interal IP API +description: Use this API to create calls related to finding a machine entry around a specific timestamp by FQDN or interal IP. +keywords: apis, graph api, supported apis, find machine, machine information, IP +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Find machine information by interal IP +Find a machine entity around a specific timestamp by FQDN or internal IP. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/machines/find(timestamp={time},key={IP/FQDN}) +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and machine exists - 200 OK. +If no machine found - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp={time},key={IP/FQDN}) +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", + "value": [ + { + "id": "04c99d46599f078f1c3da3783cf5b95f01ac61bb", + "computerDnsName": "", + "firstSeen": "2017-07-06T01:25:04.9480498Z", + "osPlatform": "Windows10", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md index ec792a86dc..07eef0d4b5 100644 --- a/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Fix unhealthy sensors in Windows Defender ATP description: Fix machine sensors that are reporting as misconfigured or inactive so that the service receives data from the machine. -keywords: misconfigured, inactive, fix sensor, sensor health, no sensor data, sensor data, impaired communication, communication +keywords: misconfigured, inactive, fix sensor, sensor health, no sensor data, sensor data, impaired communications, communication search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Fix unhealthy sensors in Windows Defender ATP @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-fixsensor-abovefoldlink) + Machines that are categorized as misconfigured or inactive can be flagged due to varying causes. This section provides some explanations as to what might have caused a machine to be categorized as inactive or misconfigured. ## Inactive machines @@ -41,13 +46,13 @@ Do you expect a machine to be in ‘Active’ status? [Open a support ticket tic ## Misconfigured machines Misconfigured machines can further be classified to: - - Impaired communication + - Impaired communications - No sensor data -### Impaired communication +### Impaired communications This status indicates that there's limited communication between the machine and the service. -The following suggested actions can help fix issues related to a misconfigured machine with impaired communication: +The following suggested actions can help fix issues related to a misconfigured machine with impaired communications: - [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)
                  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service. diff --git a/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md index 4e1390a814..2a702cecc7 100644 --- a/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Update general Windows Defender ATP settings @@ -21,6 +22,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-gensettings-abovefoldlink) + During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update some settings which you'll be able to do through the **Preferences setup** menu. 1. In the navigation pane, select **Preferences setup** > **General**. @@ -39,3 +44,4 @@ During the onboarding process, a wizard takes you through the general settings o - [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md) - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md) \ No newline at end of file diff --git a/windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..b5745d86a0 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md @@ -0,0 +1,67 @@ +--- +title: Get actor information API +description: Retrieves an actor information report. +keywords: apis, graph api, supported apis, get, actor, information +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get actor information +Retrieves an actor information report. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/actor/{id}/ +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and actor exists - 200 OK. +If actor does not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/actors/zinc +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Actors/$entity", + "id": "zinc", + "linkToReport": "link-to-pdf" +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..d22c9702da --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md @@ -0,0 +1,77 @@ +--- +title: Get actor related alerts API +description: Retrieves all alerts related to a given actor. +keywords: apis, graph api, supported apis, get, actor, related, alerts +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get actor related alerts +Retrieves all alerts related to a given actor. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/actor/{id}/alerts +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and alert exists - 200 OK. +If actor does not exist or no related alerts - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/actors/zinc/alerts +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", + "@odata.count": 3, + "value": [ + { + "id": "636390437845006321_-1646055784", + "severity": "Medium", + "status": "Resolved", + "description": "Malware associated with ZINC has been detected.", + "recommendedAction": "1.\tContact your incident response team.", + "alertCreationTime": "2017-08-23T00:09:43.9057955Z", + "category": "Malware", + "title": "Malware associated with the activity group ZINC was discovered", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..5a3baedc8a --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md @@ -0,0 +1,73 @@ +--- +title: Get alert information by ID API +description: Retrieves an alert by its ID. +keywords: apis, graph api, supported apis, get, alert, information, id +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get alert information by ID +Retrieves an alert by its ID. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/alerts/{id} +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and alert exists - 200 OK. +If alert not found - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/alerts/{id} +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts/$entity", + "id": "636396039176847743_89954699", + "severity": "Informational", + "status": "New", + "description": "Readily available tools, such as commercial spyware, monitoring software, and hacking programs", + "recommendedAction": "Collect artifacts and determine scope.", + "alertCreationTime": "2017-08-29T11:45:17.5754165Z", +… +} + +``` diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..8727105bd0 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md @@ -0,0 +1,69 @@ +--- +title: Get alert related actor information API +description: Retrieves the actor information related to the specific alert. +keywords: apis, graph api, supported apis, get, alert, actor, information, related +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get alert related actor information +Retrieves the actor information related to the specific alert. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/alerts/{id}/actor +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and alert and actor exist - 200 OK. +If alert not found or actor not found - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/actor +Content-type: application/json + +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Actors/$entity", + "id": "zinc", + "linkToReport": "link-to-pdf" +} + +``` diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..d22d6043a1 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md @@ -0,0 +1,71 @@ +--- +title: Get alert related domain information +description: Retrieves all domains related to a specific alert. +keywords: apis, graph api, supported apis, get alert information, alert information, related domain +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get alert related domain information +Retrieves all domains related to a specific alert. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/alerts/{id}/domains +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and alert and domain exist - 200 OK. +If alert not found or domain not found - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/domains +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Domains", + "value": [ + { + "host": "www.example.com" + } + ] +} + +``` diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..7020f3ddb1 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md @@ -0,0 +1,73 @@ +--- +title: Get alert related files information +description: Retrieves all files related to a specific alert. +keywords: apis, graph api, supported apis, get alert information, alert information, related files +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get alert related files information +Retrieves all files related to a specific alert. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/alerts/{id}/files +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and alert and files exist - 200 OK. +If alert not found or files not found - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/files +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Files", + "value": [ + { + "sha1": "121c7060dada38275d7082a4b9dc62641b255c36", + "sha256": "c815e0abb8273ba4ea6ca92d430d9e4d065dbb52877a9ce6a8371e5881bd7a94", + "md5": "776c970dfd92397b3c7d74401c85cd40", + "globalPrevalence": null, + "globalFirstObserved": null, +… +} + +``` diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..83ff265f9a --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md @@ -0,0 +1,73 @@ +--- +title: Get alert related IP information +description: Retrieves all IPs related to a specific alert. +keywords: apis, graph api, supported apis, get alert information, alert information, related ip +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get alert related IP information +Retrieves all IPs related to a specific alert. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/alerts/{id}/ips +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and alert and an IP exist - 200 OK. +If alert not found or IPs not found - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/ips +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Ips", +"value": [ + { + "id": "104.80.104.128" + }, + { + "id": "23.203.232.228 +… +} + +``` diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..1051f8e032 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md @@ -0,0 +1,68 @@ +--- +title: Get alert related machine information +description: Retrieves all machines related to a specific alert. +keywords: apis, graph api, supported apis, get alert information, alert information, related machine +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get alert related machine information +Retrieves all machines related to a specific alert. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/alerts/{id}/machine +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and alert and machine exist - 200 OK. +If alert not found or machine not found - 404 Not Found. + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/machine +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines/$entity", + "id": "207575116e44741d2b22b6a81429b3ca4fd34608", + "computerDnsName": "machine1-corp.contoso.com", + "firstSeen": "2015-12-01T11:31:53.7016691Z", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..008f657eb7 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md @@ -0,0 +1,71 @@ +--- +title: Get alert related user information +description: Retrieves the user associated to a specific alert. +keywords: apis, graph api, supported apis, get, alert, information, related, user +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get alert related user information +Retrieves the user associated to a specific alert. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/alerts/{id}/user +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and alert and a user exists - 200 OK. +If alert not found or user not found - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/user +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users/$entity", + "id": "UserPII_487a7e2aa8b0a24e429b0be88e5cf5e91be1a8f4\\DomainPII_aca88e6ed7dc68a69c35019ca947745f3858c868", + "accountSid": null, + "accountName": "DomainPII_aca88e6ed7dc68a69c35019ca947745f3858c868", + "accountDomainName": "UserPII_487a7e2aa8b0a24e429b0be88e5cf5e91be1a8f4", +… +} + +``` diff --git a/windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..27cbaabe0a --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md @@ -0,0 +1,75 @@ +--- +title: Get alerts API +description: Retrieves top recent alerts. +keywords: apis, graph api, supported apis, get, alerts, recent +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get alerts +Retrieves top recent alerts. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/alerts +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and alerts exists - 200 OK. +If no recent alerts found - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/alerts +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", + "@odata.count": 5000, + "@odata.nextLink": "https://graph.microsoft.com/testwdatppreview/alerts?$skip=5000", + "value": [ + { + "id": "636396039176847743_89954699", + "severity": "Informational", + "status": "New", + "description": "Readily available tools, such as commercial spyware, monitoring software, and hacking programs", + "recommendedAction": "Collect artifacts and determine scope", + "alertCreationTime": "2017-08-29T11:45:17.5754165Z", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..4ade44c5d8 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md @@ -0,0 +1,74 @@ +--- +title: Get domain related alerts API +description: Retrieves a collection of alerts related to a given domain address. +keywords: apis, graph api, supported apis, get, domain, related, alerts +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get domain related alerts +Retrieves a collection of alerts related to a given domain address. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/domains/{id}/alerts +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and domain and alert exists - 200 OK. +If domain or alert does not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/domains/{id}/alerts +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ +"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", + "@odata.count": 9, + "value": [ + { + "id": "636396023170943366_-36088267", + "severity": "Medium", + "status": "New", + "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", + "recommendedAction": "Update AV signatures and run a full scan.", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..630af76023 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md @@ -0,0 +1,72 @@ +--- +title: Get domain related machines API +description: Retrieves a collection of machines related to a given domain address. +keywords: apis, graph api, supported apis, get, domain, related, machines +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get domain related machines +Retrieves a collection of machines related to a given domain address. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/domains/{id}/machines +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and domain and machine exists - 200 OK. +If domain or machines do not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ +"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", + "value": [ + { + "id": "0a3250e0693a109f1affc9217be9459028aa8426", + "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", + "firstSeen": "2017-07-05T08:21:00.0572159Z", + "osPlatform": "Windows10", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..168ba45b95 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md @@ -0,0 +1,69 @@ +--- +title: Get domain statistics API +description: Retrieves the prevalence for the given domain. +keywords: apis, graph api, supported apis, get, domain, domain related machines +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get domain statistics +Retrieves the prevalence for the given domain. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/domains/{id}/stats +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and domain exists - 200 OK. +If domain does not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.graph.InOrgDomainStats", + "host": "example.com", + "orgPrevalence": "4070", + "orgFirstSeen": "2017-07-30T13:23:48Z", + "orgLastSeen": "2017-08-29T13:09:05Z" +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..bf5224ea2c --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md @@ -0,0 +1,70 @@ +--- +title: Get file information API +description: Retrieves a file by identifier Sha1, Sha256, or MD5. +keywords: apis, graph api, supported apis, get, file, information, sha1, sha256, md5 +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get file information +Retrieves a file by identifier Sha1, Sha256, or MD5. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/files/{id}/ +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and file exists - 200 OK. +If file does not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/files/{id} +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Files/$entity", + "sha1": "adae3732709d2178c8895c9be39c445b5e76d587", + "sha256": "34fcb083cd01b1bd89fc467fd3c2cd292de92f915a5cb43a36edaed39ce2689a", + "md5": "d387a06cd4bf5fcc1b50c3882f41a44e", + "globalPrevalence": 40790196, +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..0bc15888fe --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md @@ -0,0 +1,74 @@ +--- +title: Get file related alerts API +description: Retrieves a collection of alerts related to a given file hash. +keywords: apis, graph api, supported apis, get, file, hash +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get file related alerts +Retrieves a collection of alerts related to a given file hash. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/files/{id}/alerts +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and file and alert exists - 200 OK. +If file or alerts do not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/files/{id}/alerts +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ +"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", + "@odata.count": 9, + "value": [ + { + "id": "636396023170943366_-36088267", + "severity": "Medium", + "status": "New", + "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", + "recommendedAction": "Update AV signatures and run a full scan.", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..0dd8cbb37e --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md @@ -0,0 +1,72 @@ +--- +title: Get file related machines API +description: Retrieves a collection of machines related to a given file hash. +keywords: apis, graph api, supported apis, get, machines, hash +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get file related machines +Retrieves a collection of machines related to a given file hash. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/files/{id}/machines +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and file and machines exists - 200 OK. +If file or machines do not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ +"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", + "value": [ + { + "id": "0a3250e0693a109f1affc9217be9459028aa8426", + "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", + "firstSeen": "2017-07-05T08:21:00.0572159Z", + "osPlatform": "Windows10", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..cf4bdfb5bb --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md @@ -0,0 +1,73 @@ +--- +title: Get file statistics API +description: Retrieves the prevalence for the given file. +keywords: apis, graph api, supported apis, get, file, statistics +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get file statistics +Retrieves the prevalence for the given file. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/files/{id}/stats +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and file exists - 200 OK. +If file do not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats", + "sha1": "adae3732709d2178c8895c9be39c445b5e76d587", + "orgPrevalence": "106398", + "orgFirstSeen": "2017-07-30T13:29:50Z", + "orgLastSeen": "2017-08-29T13:29:31Z", + "topFileNames": [ + "chrome.exe", + "old_chrome.exe" + ] +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..cc3eaf628c --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md @@ -0,0 +1,74 @@ +--- +title: Get IP related alerts API +description: Retrieves a collection of alerts related to a given IP address. +keywords: apis, graph api, supported apis, get, ip, related, alerts +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get IP related alerts +Retrieves a collection of alerts related to a given IP address. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/ips/{id}/alerts +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and IP and alert exists - 200 OK. +If IP and alerts do not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/ips/{id}/alerts +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ +"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", + "@odata.count": 9, + "value": [ + { + "id": "636396023170943366_-36088267", + "severity": "Medium", + "status": "New", + "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", + "recommendedAction": "Update AV signatures and run a full scan.", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..5a3164c261 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md @@ -0,0 +1,72 @@ +--- +title: Get IP related machines API +description: Retrieves a collection of machines related to a given IP address. +keywords: apis, graph api, supported apis, get, ip, related, machines +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get IP related machines +Retrieves a collection of alerts related to a given IP address. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/ips/{id}/machines +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and IP and machines exists - 200 OK. +If IP or machines do not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ +"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", + "value": [ + { + "id": "0a3250e0693a109f1affc9217be9459028aa8426", + "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", + "firstSeen": "2017-07-05T08:21:00.0572159Z", + "osPlatform": "Windows10", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..077f8220bb --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md @@ -0,0 +1,69 @@ +--- +title: Get IP statistics API +description: Retrieves the prevalence for the given IP. +keywords: apis, graph api, supported apis, get, ip, statistics, prevalence +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get IP statistics +Retrieves the prevalence for the given IP. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/ips/{id}/stats +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and IP and domain exists - 200 OK. +If domain does not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats", + "ipAddress": "192.168.1.1", + "orgPrevalence": "63515", + "orgFirstSeen": "2017-07-30T13:36:06Z", + "orgLastSeen": "2017-08-29T13:32:59Z" +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..eefe82c97b --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md @@ -0,0 +1,72 @@ +--- +title: Get machine by ID API +description: Retrieves a machine entity by ID. +keywords: apis, graph api, supported apis, get, machines, entity, id +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get machine by ID +Retrieves a machine entity by ID. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/machines/{id} +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and machine exists - 200 OK. +If no machine found - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/machines/{id} +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines/$entity", + "id": "fadd8a46f4cc722a0391fdee82a7503b9591b3b9", + "computerDnsName": "", + "firstSeen": "2015-03-15T00:18:20.6588778Z", + "osPlatform": "Windows10", + "osVersion": "10.0.0.0", +… +} + +``` diff --git a/windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..837fece398 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md @@ -0,0 +1,71 @@ +--- +title: Get machine log on users API +description: Retrieves a collection of logged on users. +keywords: apis, graph api, supported apis, get, machine, log on, users +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get machine log on users +Retrieves a collection of logged on users. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/machines/{id}/logonusers +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and machine and user exist - 200 OK. +If no machine found or no users found - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/machines/{id}/logonusers +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users", + "value": [ + { + "id": "m", + "accountSid": null, + "accountName": "", + "accountDomainName": "northamerica", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..0afb16bf58 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md @@ -0,0 +1,73 @@ +--- +title: Get machine related alerts API +description: Retrieves a collection of alerts related to a given machine ID. +keywords: apis, graph api, supported apis, get, machines, related, alerts +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get machine related alerts +Retrieves a collection of alerts related to a given machine ID. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/machines/{id}/alerts +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and machine and alert exists - 200 OK. +If no machine or no alerts found - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/machines/{id}/alerts +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", + "@odata.count": 1, + "value": [ + { + "id": "636396066728379047_-395412459", + "severity": "Medium", + "status": "New", + "description": "A reverse shell created from PowerShell was detected. A reverse shell allows an attacker to access the compromised machine without authenticating.", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..7674740001 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md @@ -0,0 +1,76 @@ +--- +title: Get machines API +description: Retrieves a collection of recently seen machines. +keywords: apis, graph api, supported apis, get, machines +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get machines +Retrieves a collection of recently seen machines. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/machines +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and machines exists - 200 OK. +If no recent machines - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/machines +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", + "@odata.count": 5000, + "@odata.nextLink": "https://graph.microsoft.com/testwdatppreview/machines?$skip=5000", + "value": [ + { + "id": "fadd8a46f4cc722a0391fdee82a7503b9591b3b9", + "computerDnsName": "", + "firstSeen": "2015-03-15T00:18:20.6588778Z", + "osPlatform": "Windows10", + "osVersion": "10.0.0.0", +… +} + +``` diff --git a/windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..cf588557dc --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md @@ -0,0 +1,70 @@ +--- +title: Get user information API +description: Retrieve a User entity by key such as user name or domain. +keywords: apis, graph api, supported apis, get, user, user information +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get user information +Retrieve a User entity by key (user name or domain\user). + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/users/{id}/ +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and user exists - 200 OK. +If user does not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/users/{id} +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users/$entity", + "id": "", + "accountSid": null, + "accountName": "", + "accountDomainName": "", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..88cc381aaf --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md @@ -0,0 +1,74 @@ +--- +title: Get user related alerts API +description: Retrieves a collection of alerts related to a given user ID. +keywords: apis, graph api, supported apis, get, user, related, alerts +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get user related alerts +Retrieves a collection of alerts related to a given user ID. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/users/{id}/alerts +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and user and alert exists - 200 OK. +If user does not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/users/{id}/alerts +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ +"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", + "@odata.count": 9, + "value": [ + { + "id": "636396023170943366_-36088267", + "severity": "Medium", + "status": "New", + "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", + "recommendedAction": "Update AV signatures and run a full scan.", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..46b715810b --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md @@ -0,0 +1,72 @@ +--- +title: Get user related machines API +description: Retrieves a collection of machines related to a given user ID. +keywords: apis, graph api, supported apis, get, user, user related alerts +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Get user related machines +Retrieves a collection of machines related to a given user ID. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/users/{id}/machines +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and user and machine exists - 200 OK. +If user or machine does not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/users/{id}/machines +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ +"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", + "value": [ + { + "id": "0a3250e0693a109f1affc9217be9459028aa8426", + "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", + "firstSeen": "2017-07-05T08:21:00.0572159Z", + "osPlatform": "Windows10", +… +} +``` diff --git a/windows/threat-protection/windows-defender-atp/images/atp-action-block-file.png b/windows/threat-protection/windows-defender-atp/images/atp-action-block-file.png new file mode 100644 index 0000000000..3c945c3b8d Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-action-block-file.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-action-center-app-restriction.png b/windows/threat-protection/windows-defender-atp/images/atp-action-center-app-restriction.png new file mode 100644 index 0000000000..f195635b73 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-action-center-app-restriction.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-action-center-package-collection.png b/windows/threat-protection/windows-defender-atp/images/atp-action-center-package-collection.png new file mode 100644 index 0000000000..a29e87f278 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-action-center-package-collection.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-action-center-restrict-app.png b/windows/threat-protection/windows-defender-atp/images/atp-action-center-restrict-app.png new file mode 100644 index 0000000000..080b28974c Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-action-center-restrict-app.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png b/windows/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png index ff3c828a38..5f0e1199b6 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png and b/windows/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-action-center.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-action-center.png new file mode 100644 index 0000000000..90e1f30d77 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-action-center.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-collect-investigation-package.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-collect-investigation-package.png new file mode 100644 index 0000000000..ce13835ade Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-collect-investigation-package.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-isolate-machine.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-isolate-machine.png new file mode 100644 index 0000000000..df19e86e74 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-isolate-machine.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-manage-tags.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-manage-tags.png new file mode 100644 index 0000000000..467cb3414e Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-manage-tags.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-release-from-isolation.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-release-from-isolation.png new file mode 100644 index 0000000000..71d61dca5f Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-release-from-isolation.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-release-from-isoloation.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-release-from-isoloation.png new file mode 100644 index 0000000000..5b5116f4dd Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-release-from-isoloation.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-remove-app-restrictions.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-remove-app-restrictions.png new file mode 100644 index 0000000000..88ed4da744 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-remove-app-restrictions.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-restrict-app-execution.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-restrict-app-execution.png new file mode 100644 index 0000000000..70a29f078a Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-restrict-app-execution.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-actions-run-av.png b/windows/threat-protection/windows-defender-atp/images/atp-actions-run-av.png new file mode 100644 index 0000000000..79dfdf7756 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-actions-run-av.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-add-application-name.png b/windows/threat-protection/windows-defender-atp/images/atp-add-application-name.png new file mode 100644 index 0000000000..e46547a2ff Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-add-application-name.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-add-application.png b/windows/threat-protection/windows-defender-atp/images/atp-add-application.png new file mode 100644 index 0000000000..38767341f9 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-add-application.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png index f162f21b1b..9745627e88 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png and b/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-app-restriction.png b/windows/threat-protection/windows-defender-atp/images/atp-app-restriction.png new file mode 100644 index 0000000000..ae493ad999 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-app-restriction.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-application-information.png b/windows/threat-protection/windows-defender-atp/images/atp-application-information.png new file mode 100644 index 0000000000..0fa908d66c Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-application-information.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-av-scan-action-center.png b/windows/threat-protection/windows-defender-atp/images/atp-av-scan-action-center.png new file mode 100644 index 0000000000..d980fc4ed9 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-av-scan-action-center.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-av-scan-notification.png b/windows/threat-protection/windows-defender-atp/images/atp-av-scan-notification.png new file mode 100644 index 0000000000..aed05187d6 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-av-scan-notification.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-api-access.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-api-access.png new file mode 100644 index 0000000000..31a49811ec Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-azure-api-access.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-atp-app.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-atp-app.png new file mode 100644 index 0000000000..2fe20462f2 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-azure-atp-app.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-create.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-create.png new file mode 100644 index 0000000000..a222f09880 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-azure-create.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-new-app.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-new-app.png new file mode 100644 index 0000000000..effefd5424 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-azure-new-app.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-required-permissions.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-required-permissions.png new file mode 100644 index 0000000000..ce3d0672a6 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-azure-required-permissions.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-select-permissions.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-select-permissions.png new file mode 100644 index 0000000000..5aa454b9c8 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-azure-select-permissions.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-block-file-confirm.png b/windows/threat-protection/windows-defender-atp/images/atp-block-file-confirm.png new file mode 100644 index 0000000000..23dcbb397e Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-block-file-confirm.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-collect-investigation-package.png b/windows/threat-protection/windows-defender-atp/images/atp-collect-investigation-package.png new file mode 100644 index 0000000000..d90199bb76 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-collect-investigation-package.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-confirm-isolate.png b/windows/threat-protection/windows-defender-atp/images/atp-confirm-isolate.png new file mode 100644 index 0000000000..e56876ff1b Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-confirm-isolate.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-create-dashboard.png b/windows/threat-protection/windows-defender-atp/images/atp-create-dashboard.png new file mode 100644 index 0000000000..5a04cb5fd5 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-create-dashboard.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics.png b/windows/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics.png new file mode 100644 index 0000000000..4f738b77ae Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-download-connector.png b/windows/threat-protection/windows-defender-atp/images/atp-download-connector.png new file mode 100644 index 0000000000..8166caf6ae Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-download-connector.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-improv-ops.png b/windows/threat-protection/windows-defender-atp/images/atp-improv-ops.png new file mode 100644 index 0000000000..3cfe2f682f Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-improv-ops.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-isolate-machine.png b/windows/threat-protection/windows-defender-atp/images/atp-isolate-machine.png index 4905b60304..d416fcb5ad 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-isolate-machine.png and b/windows/threat-protection/windows-defender-atp/images/atp-isolate-machine.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-actions-undo.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-actions-undo.png new file mode 100644 index 0000000000..ad6c46725c Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machine-actions-undo.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-actions.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-actions.png new file mode 100644 index 0000000000..dc88fe76e4 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machine-actions.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-investigation-package.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-investigation-package.png index 2c32d9780d..65eafd21ea 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-investigation-package.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-investigation-package.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-isolation.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-isolation.png index 10b778ae73..cdc1be01f6 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-isolation.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-isolation.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png index c9063c8fa9..0c7f50581f 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png index da80abb64f..c90cef7b32 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-view-ata.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-view-ata.png new file mode 100644 index 0000000000..5e2258d16d Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machine-view-ata.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png b/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png index 746d043732..7c10c6b14f 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png and b/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-manage-tags.png b/windows/threat-protection/windows-defender-atp/images/atp-manage-tags.png new file mode 100644 index 0000000000..fc88a55489 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-manage-tags.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-notification-collect-package.png b/windows/threat-protection/windows-defender-atp/images/atp-notification-collect-package.png new file mode 100644 index 0000000000..3160d850e0 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-notification-collect-package.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-notification-restrict.png b/windows/threat-protection/windows-defender-atp/images/atp-notification-restrict.png new file mode 100644 index 0000000000..5dbd52ce1c Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-notification-restrict.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-observed-in-organization.png b/windows/threat-protection/windows-defender-atp/images/atp-observed-in-organization.png index 508822a2ad..b4865884d3 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-observed-in-organization.png and b/windows/threat-protection/windows-defender-atp/images/atp-observed-in-organization.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-org-score.png b/windows/threat-protection/windows-defender-atp/images/atp-org-score.png new file mode 100644 index 0000000000..e0e05e11be Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-org-score.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-org-sec-score.png b/windows/threat-protection/windows-defender-atp/images/atp-org-sec-score.png new file mode 100644 index 0000000000..65dc93e72c Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-org-sec-score.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-permissions-applications.png b/windows/threat-protection/windows-defender-atp/images/atp-permissions-applications.png new file mode 100644 index 0000000000..c8a1a31e06 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-permissions-applications.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-portal.png b/windows/threat-protection/windows-defender-atp/images/atp-portal.png index 5f39939886..742b8deb22 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-portal.png and b/windows/threat-protection/windows-defender-atp/images/atp-portal.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-powerbi-consent.png b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-consent.png new file mode 100644 index 0000000000..953e4af373 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-consent.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-powerbi-get-data.png b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-get-data.png new file mode 100644 index 0000000000..96200e68ff Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-get-data.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-powerbi-navigator.png b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-navigator.png new file mode 100644 index 0000000000..2061e53383 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-navigator.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-powerbi-options.png b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-options.png new file mode 100644 index 0000000000..be0e101c6e Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-options.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-powerbi-preview.png b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-preview.png new file mode 100644 index 0000000000..92599b5a75 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-preview.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-preview-features.png b/windows/threat-protection/windows-defender-atp/images/atp-preview-features.png new file mode 100644 index 0000000000..aeae7b6a42 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-preview-features.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-region-control-panel.png b/windows/threat-protection/windows-defender-atp/images/atp-region-control-panel.png new file mode 100644 index 0000000000..58d25e0f9d Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-region-control-panel.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-restrict-app.png b/windows/threat-protection/windows-defender-atp/images/atp-restrict-app.png new file mode 100644 index 0000000000..d587e6d40a Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-restrict-app.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-run-av-scan.png b/windows/threat-protection/windows-defender-atp/images/atp-run-av-scan.png new file mode 100644 index 0000000000..ff284e05fc Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-run-av-scan.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-save-tag.png b/windows/threat-protection/windows-defender-atp/images/atp-save-tag.png new file mode 100644 index 0000000000..47cedd37ae Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-save-tag.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-sec-coverage.png b/windows/threat-protection/windows-defender-atp/images/atp-sec-coverage.png new file mode 100644 index 0000000000..fd2d52834b Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-sec-coverage.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-dashboard.png b/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-dashboard.png new file mode 100644 index 0000000000..1b3c80e762 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-dashboard.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines.png b/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines.png new file mode 100644 index 0000000000..e7f8d974bf Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png b/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png new file mode 100644 index 0000000000..627d376ba2 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-security-coverage.png b/windows/threat-protection/windows-defender-atp/images/atp-security-coverage.png new file mode 100644 index 0000000000..2a1d763b3f Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-security-coverage.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-security-improvements.png b/windows/threat-protection/windows-defender-atp/images/atp-security-improvements.png new file mode 100644 index 0000000000..d99b7de547 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-security-improvements.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-server-onboarding.png b/windows/threat-protection/windows-defender-atp/images/atp-server-onboarding.png new file mode 100644 index 0000000000..07fa544f73 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-server-onboarding.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png index 8dcfa06ea0..191941085d 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png and b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine-file.png b/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine-file.png index cb58fad705..1f09d12343 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine-file.png and b/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine-file.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png b/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png new file mode 100644 index 0000000000..e1d37a4f65 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-tag-management.png b/windows/threat-protection/windows-defender-atp/images/atp-tag-management.png new file mode 100644 index 0000000000..6a4b746009 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-tag-management.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-undo-isolation.png b/windows/threat-protection/windows-defender-atp/images/atp-undo-isolation.png index ea42abd060..ce515c1e79 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-undo-isolation.png and b/windows/threat-protection/windows-defender-atp/images/atp-undo-isolation.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-user-details-pane.png b/windows/threat-protection/windows-defender-atp/images/atp-user-details-pane.png index 1d852999b9..b08381baed 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-user-details-pane.png and b/windows/threat-protection/windows-defender-atp/images/atp-user-details-pane.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-user-details-view-tdp.png b/windows/threat-protection/windows-defender-atp/images/atp-user-details-view-tdp.png new file mode 100644 index 0000000000..b0732653d6 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-user-details-view-tdp.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-user-details.png b/windows/threat-protection/windows-defender-atp/images/atp-user-details.png new file mode 100644 index 0000000000..1d852999b9 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-user-details.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-user-view-ata.png b/windows/threat-protection/windows-defender-atp/images/atp-user-view-ata.png new file mode 100644 index 0000000000..2bea8cb48d Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-user-view-ata.png differ diff --git a/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md index 22cb47ce0e..c743b8f2cb 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Investigate Windows Defender Advanced Threat Protection alerts @@ -18,6 +19,10 @@ ms.localizationpriority: high - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatealerts-abovefoldlink) + Investigate alerts that are affecting your network, what they mean, and how to resolve them. Use the alert details view to see various tiles that provide information about alerts. You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them. ![Image of the alert page](images/atp-alert-details.png) @@ -27,7 +32,7 @@ The alert context tile shows the where, who, and when context of the alert. As w For more information about managing alerts, see [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md). -The alert details page also shows the alert process tree, an incident graph, and an alert timeline. +The alert details page also shows the alert process tree, an incident graph, and an artifact timeline. You can click on the machine link from the alert view to navigate to the machine. The alert will be highlighted automatically, and the timeline will display the appearance of the alert and its evidence in the **Machine timeline**. If the alert appeared more than once on the machine, the latest occurrence will be displayed in the **Machine timeline**. @@ -74,15 +79,15 @@ The **Incident Graph** expansion by destination IP Address, shows the organizati You can click the full circles on the incident graph to expand the nodes and view the expansion to other machines where the matching criteria were observed. -## Alert timeline -The **Alert timeline** feature provides an addition view of the evidence that triggered the alert on the machine, and shows the date and time the evidence triggering the alert was observed, as well as the first time it was observed on the machine. This can help in understanding if the evidence was first observed at the time of the alert, or whether it was observed on the machine earlier - without triggering an alert. +## Artifact timeline +The **Artifact timeline** feature provides an addition view of the evidence that triggered the alert on the machine, and shows the date and time the evidence triggering the alert was observed, as well as the first time it was observed on the machine. This can help in understanding if the evidence was first observed at the time of the alert, or whether it was observed on the machine earlier - without triggering an alert. -![Image of alert timeline](images/atp-alert-timeline.png) +![Image of artifact timeline](images/atp-alert-timeline.png) Selecting an alert detail brings up the **Details pane** where you'll be able to see more information about the alert such as file details, detections, instances of it observed worldwide, and in the organization. ## Related topics -- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md index bb040b50a1..e7a73b2f71 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Investigate a domain associated with a Windows Defender ATP alert @@ -21,6 +22,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatedomain-abovefoldlink) + Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain. You can see information from the following sections in the URL view: @@ -45,7 +50,7 @@ The **Communication with URL in organization** section provides a chronological 5. Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events. ## Related topics -- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md index 60f65b2052..e90acdfa3d 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Investigate a file associated with a Windows Defender ATP alert @@ -21,31 +22,38 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatefiles-abovefoldlink) + Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach. You can get information from the following sections in the file view: - File details, Malware detection, Prevalence worldwide -- Deep analysis -- Alerts related to this file -- File in organization -- Most recent observed machines with file - +- Deep analysis +- Alerts related to this file +- File in organization +- Most recent observed machines with file +## File worldwide and Deep analysis The file details, malware detection, and prevalence worldwide sections display various attributes about the file. You’ll see actions you can take on the file. For more information on how to take action on a file, see [Take response action on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md). -You'll also see details such as the file’s MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the file’s prevalence worldwide. You'll also be able to [submit a file for deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis). +You'll see details such as the file’s MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the file’s prevalence worldwide. You'll also be able to [submit a file for deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis). ![Image of file information](images/atp-file-information.png) +## Alerts related to this file The **Alerts related to this file** section provides a list of alerts that are associated with the file. This list is a simplified version of the Alerts queue, and shows the date when the last activity was detected, a short description of the alert, the user associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert. ![Image of alerts related to the file section](images/atp-alerts-related-to-file.png) +## File in organization The **File in organization** section provides details on the prevalence of the file, prevalence in email inboxes and the name observed in the organization. ![Image of file in organization](images/atp-file-in-org.png) +## Most recent observed machinew with the file The **Most recent observed machines with the file** section allows you to specify a date range to see which machines have been observed with the file. ![Image of most recent observed machine with the file](images/atp-observed-machines.png) @@ -53,7 +61,7 @@ The **Most recent observed machines with the file** section allows you to specif This allows for greater accuracy in defining entities to display such as if and when an entity was observed in the organization. For example, if you’re trying to identify the origin of a network communication to a certain IP Address within a 10-minute period on a given date, you can specify that exact time interval, and see only files that communicated with that IP Address at that time, drastically reducing unnecessary scrolling and searching. ## Related topics -- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md index 486af0335d..beae2f18fb 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Investigate an IP address associated with a Windows Defender ATP alert @@ -21,6 +22,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigateip-abovefoldlink) + Examine possible communication between your machines and external internet protocol (IP) addresses. Identifying all machines in the organization that communicated with a suspected or known malicious IP address, such as Command and Control (C2) servers, helps determine the potential scope of breach, associated files, and infected machines. @@ -53,7 +58,7 @@ Use the search filters to define the search criteria. You can also use the timel Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events. ## Related topics -- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 2a4675f3c4..d9ae0d1c13 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Investigate machines in the Windows Defender ATP Machines list -description: Investigate affected machines in your network by reviewing alerts, network connection information, and service health on the Machines list. -keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity +description: Investigate affected machines by reviewing alerts, network connection information, adding machine tags and groups, and checking the service health. +keywords: machines, endpoints, tags, groups, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity, service heatlh search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Investigate machines in the Windows Defender ATP Machines list @@ -18,6 +19,10 @@ ms.localizationpriority: high - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink) + ## Investigate machines Investigate the details of an alert raised on a specific machine to identify other behaviors or events that might be related to the alert or the potential scope of breach. @@ -25,39 +30,92 @@ You can click on affected machines whenever you see them in the portal to open a - The [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - The [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) -- The [Dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- The [Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) - Any individual alert - Any individual file details view - Any IP address or domain details view When you investigate a specific machine, you'll see: -- Machine details, Logged on users, and Machine Reporting +- Machine details, Logged on users, and Machine Reporting - Alerts related to this machine - Machine timeline -![Image of machine details page](images/atp-machine-details-view.png) +![Image of machine view](images/atp-machine-details-view.png) -The machine details, total logged on users and machine reporting sections display various attributes about the machine. You’ll see details such as machine name, health state, actions you can take on the machine, and others. For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md). +The machine details, total logged on users, and machine reporting sections display various attributes about the machine. -You'll also see other information such as domain, operating system (OS) and build, total logged on users and who frequently and less frequently logged on, IP address, and how long it's been reporting sensor data to the Windows Defender ATP service. +The machine details tile provides information such as the domain and OS of the machine. If there's an investigation package available on the machine, you'll see a link that allows you to download the package. + +For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md). Clicking on the number of total logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days: - Interactive and remote interactive logins - Network, batch, and system logins -![Image of user details pane](images/atp-user-details-pane.png) +![Image of user details pane](images/atp-user-details.png) You'll also see details such as logon types for each user account, the user group, and when the account logon occurred. For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md). +## Manage machine group and tags +Machine group and tags support proper mapping of the network, enabling you to attach different tags to machines to capture context and to enable dynamic groups creation as part of an incident. + +Machine related properties are being extended to account for: + +- Group affiliation +- Dynamic context capturing + + + +### Group machines +Machine group affiliation can represent geographic location, specific activity, importance level and others. Grouping machines with similar attributes can be handy when you need to apply contextual action on a specific list of machines. After creating groups, you can apply the Group filter on the Machines list to get a narrowed list of machines. + +Machine group is defined in the following registry key entry of the machine: + +- Registry key: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\` +- Registry key value (string): Group + + +### Set standard tags on machines +Dynamic context capturing is achieved using tags. By tagging machines, you can keep track of individual machines in your organization. After adding tags on machines, you can apply the Tags filter on the Machines list to get a narrowed list of machines with the tag. + +1. Select the machine that you want to manage tags on. You can select or search for a machine from any of the following views: + + - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section. + - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. + - **Machines list** - Select the machine name from the list of machines. + - **Search box** - Select Machine from the drop-down menu and enter the machine name. + + You can also get to the alert page through the file and IP views. + +2. Open the **Actions** menu and select **Manage tags**. + + ![Image of taking action to manage tags on a machine](images/atp-manage-tags.png) + +3. Enter tags on the machine. To add more tags, click the + icon. +4. Click **Save and close**. + + ![Image of adding tags on a machine](images/atp-save-tag.png) + + Tags are added to the machine view and will also be reflected on the **Machines list** view. You can then use the **Tags** or **Groups** filter to see the relevant list of machines. + +### Manage machine tags +You can manage tags from the Actions button or by selecting a machine from the Machines list and opening the machine details panel. + +![Image of adding tags on a machine](images/atp-tag-management.png) + + + +## Alerts related to this machine The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. You can also manage alerts from this section by clicking the circle icons to the left of the alert (or using Ctrl or Shift + click to select multiple alerts). This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert. You'll also see a list of displayed alerts and you'll be able to quickly know the total number of alerts on the machine. You can also choose to highlight an alert from the **Alerts related to this machine** or from the **Machine timeline** section to see the correlation between the alert and its related events on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights the alert and its related events and helps distinguish them from other alerts and events appearing in the timeline. Highlighted events are displayed in all information levels whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**. +## Machine timeline The **Machine timeline** section provides a chronological view of the events and associated alerts that have been observed on the machine. This feature also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. @@ -72,38 +130,29 @@ Use the search bar to look for specific timeline events. Harness the power of us - **Value** - Type in any search keyword to filter the timeline with the attribute you’re searching for. This search supports defined search queries based on type:value pairs.
                  You can use any of the following values:
                  - - Hash: Sha1 or MD5 - - File name - - File extension - - Path - - Command line - - User - - IP - - URL -- **Informational level** – Click the drop-down button to filter by the following levels: - - Detections mode: displays Windows ATP Alerts and detections - - Behaviors mode: displays "detections" and selected events of interest - - Verbose mode: displays all raw events without aggregation or filtering + - Hash: Sha1 or MD5 + - File name + - File extension + - Path + - Command line + - User + - IP + - URL -- **Event type** - Click the drop-down button to filter by the following levels: - - Windows Defender ATP alerts - - Windows Defender AV alerts - - Response actions - - AppGuard related events - - Windows Defender Device Guard events - - Process events - - Network events - - File events - - Registry events - - Load DLL events - - Other events

                  - Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed. +- **Informational level** – Click the drop-down button to filter by the following levels: + - Detections mode: displays Windows ATP Alerts and detections + - Behaviors mode: displays "detections" and selected events of interest + - Verbose mode: displays all raw events without aggregation or filtering + +- **Event type** - Click the drop-down button to filter by events such as Windows - Windows Defender ATP alerts, Windows Defender Application Guard events, registry events, file events, and others. + + Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed. - **User account** – Click the drop-down button to filter the machine timeline by the following user associated events: - - Logon users - - System - - Network - - Local service + - Logon users + - System + - Network + - Local service The following example illustrates the use of type:value pair. The events were filtered by searching for the user jonathan.wolcott and network events as the event type: @@ -133,14 +182,16 @@ From the list of events that are displayed in the timeline, you can examine the ![Image of machine timeline details pane](images/atp-machine-timeline-details-panel.png) -You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline) feature to see the correlation between alerts and events on a specific machine. +You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine. Expand an event to view associated processes related to the event. Click on the circle next to any process or IP address in the process tree to investigate additional details of the identified processes. This action brings up the **Details pane** which includes execution context of processes, network communications and a summary of metadata on the file or IP address. The details pane enriches the ‘in-context’ information across investigation and exploration activities, reducing the need to switch between contexts. It lets you focus on the task of tracing associations between attributes without leaving the current context. + + ## Related topics -- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md index 3fad51eada..1b36dc7c3c 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Investigate a user account in Windows Defender ATP @@ -21,6 +22,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatgeuser-abovefoldlink) + ## Investigate user account entities Identify user accounts with the most active alerts (displayed on dashboard as "Users at risk") and investigate cases of potential compromised credentials, or pivot on the associated user account when investigating an alert or machine to identify possible lateral movement between machines with that user account. @@ -36,7 +41,7 @@ When you investigate a user account entity, you'll see: - Alerts related to this user - Observed in organization (machines logged on to) -![Image of the user account entity details page](images/atp-user-details-view.png) +![Image of the user account entity details page](images/atp-user-details-view-tdp.png) The user account entity details and logged on machines section display various attributes about the user account. You'll see details such as when the user was first and last seen and the total number of machines the user logged on to. You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine. @@ -64,7 +69,7 @@ You can filter the results by the following time periods: - 6 months ## Related topics -- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..5d32e4419b --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md @@ -0,0 +1,66 @@ +--- +title: Is domain seen in org API +description: Use this API to create calls related to checking whether a domain was seen in the organization. +keywords: apis, graph api, supported apis, domain, domain seen +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Is domain seen in org +Answers whether a domain was seen in the organization. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/domains/{id}/ +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and domain exists - 200 OK. +If domain does not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/domains/{id} +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Domains/$entity", + "host": "example.com" +} +``` diff --git a/windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..9dfc6cd763 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md @@ -0,0 +1,66 @@ +--- +title: Is IP seen in org API +description: Answers whether an IP was seen in the organization. +keywords: apis, graph api, supported apis, is, ip, seen, org, organization +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Is IP seen in org +Answers whether an IP was seen in the organization. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/ips/{id}/ +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and IP exists - 200 OK. +If IP do not exist - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/ips/{id} +Content-type: application/json +``` + +Response + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Ips/$entity", + "id": "192.168.1.1" +} +``` diff --git a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md index 78c0d14437..0abd76b98d 100644 --- a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # View and organize the Windows Defender ATP Machines list @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-machinesview-abovefoldlink) + The **Machines list** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network. Use the Machines list in these main scenarios: @@ -34,7 +39,7 @@ Use the Machines list in these main scenarios: ## Sort, filter, and download the list of machines from the Machines list You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order. -Filter the **Machines list** by time period, **OS Platform**, **Health**, or **Malware category alerts** to focus on certain sets of machines, according to the desired criteria. +Filter the **Machines list** by **Time**, **OS Platform**, **Health**, **Security state**, **Malware category alerts**, **Groups**, or **Tags** to focus on certain sets of machines, according to the desired criteria. You can also download the entire list in CSV format using the **Export to CSV** feature. @@ -53,21 +58,33 @@ You can use the following filters to limit the list of machines displayed during - Windows 10 - Windows Server 2012 R2 - Windows Server 2016 +- Linux +- Mac OS - Other + **Sensor health state**
                  Filter the list to view specific machines grouped together by the following machine health states: - **Active** – Machines that are actively reporting sensor data to the service. -- **Misconfigured** – Machines that have impaired communication with service or are unable to send sensor data. Misconfigured machines can further be classified to: - - Impaired communication +- **Misconfigured** – Machines that have impaired communications with service or are unable to send sensor data. Misconfigured machines can further be classified to: - No sensor data + - Impaired communications For more information on how to address issues on misconfigured machines see, [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md). - **Inactive** – Machines that have completely stopped sending signals for more than 7 days. -**Malware category**
                  +**Security state**
                  +Filter the list to view specific machines that are well configured or require attention based on the Windows Defender security controls that are enabled in your organization. + + +- **Well configured** - Machines have the Windows Defender security controls well configured. +- **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization. + +For more information, see [View the Security Analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md). + +**Malware category alerts**
                  Filter the list to view specific machines grouped together by the following malware categories: - **Ransomware** – Ransomware use common methods to encrypt files using keys that are known only to attackers. As a result, victims are unable to access the contents of the encrypted files. Most ransomware display or drop a ransom note—an image or an HTML file that contains information about how to obtain the attacker-supplied decryption tool for a fee. - **Credential theft** – Spying tools, whether commercially available or solely used for unauthorized purposes, include general purpose spyware, monitoring software, hacking programs, and password stealers. @@ -77,6 +94,8 @@ Filter the list to view specific machines grouped together by the following malw - **General malware** – Malware are malicious programs that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft. Some malware can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyberattacks. - **PUA** – Unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software. +## Groups and tags +You can filter the list based on the grouping and tagging that you've added to individual machines. For more information, see [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags). ## Export machine list to CSV You can download a full list of all the machines in your organization, in CSV format. Click the **Export to CSV** button to download the entire list as a CSV file. @@ -88,20 +107,18 @@ Exporting the list in CSV format displays the data in an unfiltered manner. The You can sort the **Machines list** by the following columns: - **Machine name** - Name or GUID of the machine -- **Domain** - Domain where the machine is joined in -- **OS Platform** - Indicates the OS of the machine - **Health State** – Indicates if the machine is misconfigured or is not sending sensor data - **Last seen** - Date and time when the machine last reported sensor data - **Internal IP** - Local internal Internet Protocol (IP) address of the machine - **Active Alerts** - Number of alerts reported by the machine by severity -- **Active malware detections** - Number of active malware detections reported by the machine +- **Active malware alerts** - Number of active malware detections reported by the machine > [!NOTE] > The **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) as the active real-time protection antimalware product. ## Related topics -- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md index 82f32619ad..21c56a7475 100644 --- a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Manage Windows Defender Advanced Threat Protection alerts @@ -22,7 +23,11 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -Windows Defender ATP notifies you of possible malicious events, attributes, and contextual information through alerts. A summary of new alerts is displayed in the **Dashboard**, and you can access all alerts in the **Alerts queue** menu. +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-managealerts-abovefoldlink) + +Windows Defender ATP notifies you of possible malicious events, attributes, and contextual information through alerts. A summary of new alerts is displayed in the **Security operations dashboard**, and you can access all alerts in the **Alerts queue** menu. You can manage alerts by selecting an alert in the **Alerts queue** or the **Alerts related to this machine** section of the machine details view. @@ -112,7 +117,7 @@ Create custom rules to control when alerts are suppressed, or resolved. You can You can select rules to open up the **Alert management** pane. From there, you can activate previously disabled rules. ## Related topics -- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index 897439c53a..6f4ca6d581 100644 --- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Minimum requirements for Windows Defender ATP @@ -22,9 +23,11 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + There are some minimum requirements for onboarding your network and endpoints. ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-abovefoldlink1) +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-minreqs-abovefoldlink) ## Minimum requirements You must be on Windows 10, version 1607 at a minimum. @@ -35,7 +38,7 @@ Windows Defender Advanced Threat Protection requires one of the following Micros - Windows 10 Enterprise E5 - Windows 10 Education E5 -- Secure Productive Enterprise E5 (SPE E5) which includes Windows 10 Enterprise E5 +- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5 For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). diff --git a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index b433fffe39..38fd8d20f7 100644 --- a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Onboard and set up Windows Defender Advanced Threat Protection @@ -22,6 +23,8 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + You need to onboard to Windows Defender ATP before you can use the service. For more information, see [Onboard your Windows 10 endpoints to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be). @@ -38,6 +41,9 @@ For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us ## In this section Topic | Description :---|:--- -[Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure endpoints in your enterprise. +[Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure endpoints in your enterprise. +[Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings. [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding. + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) \ No newline at end of file diff --git a/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md index 6105da4bd7..ac5a0f7173 100644 --- a/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: DulceMV ms.localizationpriority: high +ms.date: 09/05/2017 --- # Windows Defender Advanced Threat Protection portal overview @@ -22,12 +23,16 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) + Enterprise security teams can use the Windows Defender ATP portal to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches. You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to: - View, sort, and triage alerts from your endpoints - Search for more information on observed indicators such as files and IP Addresses -- Change Windows Defender ATP settings, including time zone and alert suppression rules +- Change Windows Defender ATP settings, including time zone and review licensing information. ## Windows Defender ATP portal When you open the portal, you’ll see the main areas of the application: @@ -45,15 +50,15 @@ You can navigate through the portal using the menu options available in all sect Area | Description :---|:--- -(1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text.
                  **Feedback** -Access the feedback button to provide comments about the portal.
                  **Settings** - Gives you access to the configuration settings where you can set time zones, alert suppression rules, and license information.
                  **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support. -(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**. -**Dashboard** | Provides clickable tiles that open detailed information on various alerts that have been detected in your organization. -**Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts. +(1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text.
                  **Feedback** -Access the feedback button to provide comments about the portal.
                  **Settings** - Gives you access to the configuration settings where you can set time zones and view license information.
                  **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support. +(2) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**. +**Dashboards** | Enables you to view the Security operations or the Security analytics dashboard. +**Alerts queue** | Enables you to view separate queues of new, in progress, resolved alerts, alerts assigned to you, and suppression rules. **Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts. **Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. -**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features. +**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, enable or turn off advanced features, and build Power BI reports. **Endpoint management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding. -(3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines list. +(3) Main portal| Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list. ## Windows Defender ATP icons The following table provides information on the icons used all throughout the portal: diff --git a/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..705ff8da95 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md @@ -0,0 +1,139 @@ +--- +title: Create and build Power BI reports using Windows Defender ATP data +description: Get security insights by creating and building Power BI dashboards using data from Windows Defender ATP and other data sources. +keywords: preferences setup, power bi, power bi service, power bi desktop, reports, dashboards, connectors , security insights, mashup +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +localizationpriority: high +ms.date: 09/05/2017 +--- +# Create and build Power BI reports using Windows Defender ATP data + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-powerbireports-abovefoldlink) + +Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI. + +Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph. + +Data connectors integrate seamlessly in Power BI, and make it easy for power users to query, shape and combine data to build reports and dashboards that meet the needs of your organization. + +You can easily get started by: +- Creating a dashboard on the Power BI service +- Building a custom dashboard on Power BI Desktop and tweaking it to fit the visual analytics and reporting requirements of your organization + +You can access these options from the Windows Defender ATP portal. Both the Power BI service and Power BI Desktop are supported. + +## Create a Windows Defender ATP dashboard on Power BI service +Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. + +1. In the navigation pane, select **Preferences setup** > **Power BI reports**. + +2. Click **Create dashboard**. This opens up a new tab in your browser and loads the Power BI service with data from your organization. + + ![Preferences setup with create dashboard button](images/atp-create-dashboard.png) + + >[!NOTE] + >Loading your data in the Power BI service can take a few minutes. + +3. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data. + + ![Consent image](images/atp-powerbi-consent.png) + +4. Click **Accept**. Power BI service will start downloading your Windows Defender ATP data from Microsoft Graph. + +When the dashboard is ready, you’ll get a notification within the Power BI website. Use the link in the portal to the Power BI console after creating the dashboard. + +For more information, see [Create a Power BI dashboard from a report](https://powerbi.microsoft.com/en-us/documentation/powerbi-service-create-a-dashboard/). + +## Build a custom Windows Defender ATP dashboard in Power BI Desktop +You can create a custom dashboard in Power BI Desktop to create visualizations that cater to the specific views that your organization requires. + +### Before you begin +1. Make sure you use Power BI Desktop June 2017 and above. [Download the latest version](https://powerbi.microsoft.com/en-us/desktop/). + +2. In the Windows Defender ATP portal navigation pane, select **Preferences setup** > **Power BI reports**. + +3. Click **Download connector** to download the WDATPPowerBI.zip file and extract it. + + ![Preferences setup with download connector button](images/atp-download-connector.png) + +4. Create a new directory `Microsoft Power BI Desktop\Custom Connectors` under the user's Documents folder. + +5. Copy WDATPDataConnector.mez from the zip to the directory you just created. + +6. Open Power BI Desktop. + +7. Click **File** > **Options and settings** > **Custom data connectors**. + +8. Select **New table and matrix visuals** and **Custom data connectors** and click **OK**. + + >[!NOTE] + >If you are using Power BI Desktop July 2017 version (or later), you won't need to select **New table and matrix visuals**. You'll only need to select **Custom data connectors**. + + ![Power BI options page](images/atp-powerbi-options.png) + +9. Restart Power BI Desktop. + +## Customize the Windows Defender ATP Power BI dashboard +After completing the steps in the Before you begin section, you can proceed with building your custom dashboard. + +1. Open WDATPPowerBI.pbit from the zip with Power BI Desktop. + +2. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data. + + ![Consent image](images/atp-powerbi-consent.png) + +3. Click **Accept**. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports. + +## Mashup Windows Defender ATP data with other data sources +You can use Power BI Desktop to analyse data from Windows Defender ATP and mash that data up with other data sources to gain better security perspective in your organization. + +1. In Power BI Desktop, in the Home ribbon, click **Get data** and search for **Windows Defender Advanced Threat Protection**. + + ![Get data in Power BI](images/atp-powerbi-get-data.png) + +2. Click **Connect**. + +3. On the Preview Connector windows, click **Continue**. + + ![Power BI preview connector](images/atp-powerbi-preview.png) + +4. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data. + + ![Consent image](images/atp-powerbi-consent.png) + +5. Click **Accept**. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports. + +6. In the Navigator dialog box, select the Windows Defender ATP feeds you'd like to download and use in your reports and click Load. Data will start to be downloaded from the Microsoft Graph. + + ![Power BI navigator page](images/atp-powerbi-navigator.png) + +7. Load other data sources by clicking **Get data item** in the Home ribbon, and select another data source. + +8. Add visuals and select fields from the available data sources. + +## Related topics +- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md) +- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md) +- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md) +- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md) +- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) +- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) + + + + diff --git a/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md index 68be48aa4f..c1070db950 100644 --- a/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # PowerShell code examples for the custom threat intelligence API @@ -22,6 +23,8 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + This article provides PowerShell code examples for using the custom threat intelligence API. These code examples demonstrate the following tasks: @@ -172,6 +175,9 @@ $ioc = ``` +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-psexample-belowfoldlink) + + ## Related topics - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) - [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md index 66b0319b67..504d423fd0 100644 --- a/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Configure Windows Defender ATP preferences settings @@ -21,6 +22,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink) + Use the **Preferences setup** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature. ## In this section @@ -33,3 +38,4 @@ Topic | Description [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) | Enables you to configure and identify a group of individuals who will immediately be informed of new alerts through email notifications. [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) | Enable security information and event management (SIEM) integration to pull alerts from the Windows Defender ATP portal using your SIEM solution. [Enable Threat intel API](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application. +[Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md) | Get security insights by creating and building Power BI dashboards using data from Windows Defender ATP and other data sources. diff --git a/windows/threat-protection/windows-defender-atp/prerelease.md b/windows/threat-protection/windows-defender-atp/prerelease.md new file mode 100644 index 0000000000..315e4f96d8 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/prerelease.md @@ -0,0 +1,3 @@ +>[!IMPORTANT] + +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. \ No newline at end of file diff --git a/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md index 8a3c2389d9..1c08c4225a 100644 --- a/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Turn on the preview experience in Windows Defender ATP @@ -21,6 +22,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-previewsettings-abovefoldlink) + Turn on the preview experience setting to be among the first to try upcoming features. 1. In the navigation pane, select **Preferences setup** > **Preview experience**. @@ -32,3 +37,4 @@ Turn on the preview experience setting to be among the first to try upcoming fea - [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md) - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index 4347ed4f8c..3dfbb8db03 100644 --- a/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Windows Defender ATP preview features @@ -22,9 +23,12 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities. +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-abovefoldlink) + Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available. @@ -32,7 +36,40 @@ You'll have access to upcoming features which you can provide feedback on to hel Turn on the preview experience setting to be among the first to try upcoming features. 1. In the navigation pane, select **Preferences setup** > **Preview experience**. + + ![Image of Preferences setup and preview experience](images/atp-preview-features.png) + 2. Toggle the setting between **On** and **Off** and select **Save preferences**. ## Preview features -There are currently no preview only features. +The following features are included in the preview release: + +- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
                  +You can now onboard VDI machines to the Windows Defender ATP service. + +- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
                  +Windows Defender ATP supports the onboarding of the following servers: + - Windows Server 2012 R2 + - Windows Server 2016 + +- [View the Windows Defender ATP Security analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
                  +The Security Analytics dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. + +- [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
                  +You can lock down a device and prevent subsequent attempts of potentially malicious programs from running. + +- [Run Windows Defender Antivirus scan on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
                  +As part of the investigation or response process, you can remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised machine. + +- [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
                  +Machine group and tags support proper mapping of the network, enabling you to attach different tags to machines to capture context and to enable dynamic groups creation as part of an incident. + +- [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
                  +Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph. + +- [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
                  + Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities. + + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink) + diff --git a/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md index 38e72858dc..8a7b308e76 100644 --- a/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Pull Windows Defender ATP alerts using REST API @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) + Windows Defender ATP supports the OAuth 2.0 protocol to pull alerts from the portal. In general, the OAuth 2.0 protocol supports four types of flows: diff --git a/windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md index d9602489d5..222900d1ef 100644 --- a/windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Python code examples for the custom threat intelligence API @@ -22,6 +23,7 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] ## Before you begin You must [install](http://docs.python-requests.org/en/master/user/install/#install) the "[requests](http://docs.python-requests.org/en/master/)" python library. @@ -175,6 +177,10 @@ with requests.Session() as session: pprint(json.loads(response.text)) ``` + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-pyexample-belowfoldlink) + + ## Related topics - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) - [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md index 7f69b9369f..5f18a842a7 100644 --- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Take response actions on a file @@ -22,6 +23,9 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-responddile-abovefoldlink) Quickly respond to detected attacks by stopping and quarantining files or blocking a file. After taking action on files, you can check activity details on the Action center. @@ -33,29 +37,29 @@ You can also submit files for deep analysis to run the file in a secure cloud sa ## Stop and quarantine files in your network You can contain an attack in your organization by stopping the malicious process and quarantine the file where it was observed. -The **Stop & Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistency such as registry keys. +The **Stop and Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistency such as registry keys. The action takes effect on machines with the latest Windows 10, version 1703 where the file was observed in the last 30 days. ### Stop and quarantine files 1. Select the file you want to stop and quarantine. You can select a file from any of the following views or use the Search box: - - **Alerts** - click the corresponding links from the Description or Details in the Alert timeline + - **Alerts** - click the corresponding links from the Description or Details in the Artifact timeline - **Search box** - select File from the drop–down menu and enter the file name -2. Open the **Actions menu** and select **Stop & Quarantine File**. +2. Open the **Actions menu** and select **Stop and Quarantine File**. ![Image of stop and quarantine file action](images/atp-stop-quarantine-file.png) -3. Type a comment (optional), and select **Yes** to take action on the file. The comment will be saved in the Action center for reference. +3. Type a comment and select **Yes, stop and quarantine** to take action on the file. + ![Image of stop and quarantine file](images/atp-stop-quarantine.png) The Action center shows the submission information: ![Image of stop and quarantine file action center](images/atp-stopnquarantine-file.png) - - **Submission time** - Shows when the action was submitted.
                  - - **Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon.
                  - - **Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.
                  - - **Success** - Shows the number of machines where the file has been stopped and quarantined.
                  - - **Failed** - Shows the number of machines where the action failed and details about the failure.
                  + - **Submission time** - Shows when the action was submitted. + - **Success** - Shows the number of machines where the file has been stopped and quarantined. + - **Failed** - Shows the number of machines where the action failed and details about the failure. + - **Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network. 4. Select any of the status indicators to view more information about the action. For example, select **Failed** to see where the action failed. @@ -91,11 +95,15 @@ You can roll back and remove a file from quarantine if you’ve determined that > Windows Defender ATP will remove all files that were quarantined on this machine in the last 30 days. ## Block files in your network -You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization. +You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization. >[!NOTE] >This feature is only available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).

                  -This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. The coverage will be extended over time. The action takes effect on machines with the latest Windows 10 Insider Preview build. +This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. This response action is available for machines on Windows 10, version 1703 or later. + +>[!IMPORTANT] +> The PE file needs to be in the machine timeline for you to be able to take this action. + ### Enable the block file feature 1. In the navigation pane, select **Preference Setup** > **Advanced features** > **Block file**. @@ -104,14 +112,15 @@ This feature is designed to prevent suspected malware (or potentially malicious ![Image of preferences setup](images/atp-preferences-setup.png) -3. Type a comment (optional) and select **Yes** to take action on the file. -The Action center shows the submission information: - ![Image of block file](images/atp-blockfile.png) +3. Type a comment and select **Yes, block file** to take action on the file. + + The Action center shows the submission information: + ![Image of block file](images/atp-blockfile.png) - **Submission time** - Shows when the action was submitted.
                  - - **Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon.
                  - - **Status** - Indicates whether the file was added to or removed from the blacklist. + - **Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon.
                  + - **Status** - Indicates whether the file was added to or removed from the blacklist. When the file is blocked, there will be a new event in the machine timeline.
                  @@ -130,9 +139,9 @@ For prevalent files in the organization, a warning is shown before an action is ### Remove file from blocked list 1. Select the file you want to remove from the blocked list. You can select a file from any of the following views or use the Search box: - - **Alerts** - Click the file links from the Description or Details in the Alert timeline
                  - - **Machines list** - Click the file links in the Description or Details columns in the Observed on machine section
                  - - **Search box** - Select File from the drop–down menu and enter the file name + - **Alerts** - Click the file links from the Description or Details in the Artifact timeline
                  + - **Machines list** - Click the file links in the Description or Details columns in the Observed on machine section
                  + - **Search box** - Select File from the drop–down menu and enter the file name 2. Open the **Actions** menu and select **Remove file from blocked list**. @@ -175,7 +184,7 @@ When the sample is collected, Windows Defender ATP runs the file in is a secure **Submit files for deep analysis:** 1. Select the file that you want to submit for deep analysis. You can select or search a file from any of the following views:
                  - - Alerts - click the file links from the **Description** or **Details** in the Alert timeline
                  + - Alerts - click the file links from the **Description** or **Details** in the Artifact timeline
                  - **Machines list** - click the file links from the **Description** or **Details** in the **Machine in organization** section
                  - Search box - select **File** from the drop–down menu and enter the file name
                  2. In the **Deep analysis** section of the file view, click **Submit**. @@ -229,4 +238,4 @@ HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection > If the value *AllowSampleCollection* is not available, the client will allow sample collection by default. ## Related topics -– [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) +- [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md index 3c8baf58e6..0aa55c8947 100644 --- a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Take response actions on a machine in Windows Defender ATP -description: Take response actions on a machine by isolating machines, collecting an investigation package, and checking activity details. -keywords: respond, isolate, isolate machine, collect investigation package, action center +description: Take response actions on a machine such as isolating machines, collecting an investigation package, managing tags, running av scan, and restricting app execution. +keywords: respond, isolate, isolate machine, collect investigation package, action center, restrict, manage tags, av scan, restrict app search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Take response actions on a machine @@ -22,59 +23,17 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-respondmachine-abovefoldlink) Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center. >[!NOTE] > These response actions are only available for machines on Windows 10, version 1703. -## Isolate machines from the network -Depending on the severity of the attack and the sensitivity of the machine, you might want to isolate the machine from the network. This action can help prevent the attacker from controlling the compromised machine and performing further activities such as data exfiltration and lateral movement. -This machine isolation feature disconnects the compromised machine from the network while retaining connectivity to the Windows Defender ATP service, which continues to monitor the machine. - ->[!NOTE] ->You’ll be able to reconnect the machine back to the network at any time. - -1. Select the machine that you want to isolate. You can select or search for a machine from any of the following views: - - - **Dashboard** - Select the machine name from the Top machines with active alerts section. - - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. - - **Machines list** - Select the machine name from the list of machines. - - **Search box** - Select Machine from the drop-down menu and enter the machine name. - -2. Open the **Actions** menu and select **Isolate machine**. - - ![Image of isolate machine](images/atp-isolate-machine.png) - -3. Type a comment (optional) and select **Yes** to take action on the machine. - >[!NOTE] - >The machine will remain connected to the Windows Defender ATP service even if it is isolated from the network. - - The Action center shows the submission information: - ![Image of machine isolation](images/atp-machine-isolation.png) - - - **Submission time** - Shows when the isolation action was submitted. - - **Submitting user** - Shows who submitted the action on the machine. You can view the comments provided by the user by selecting the information icon. - - **Status** - Indicates any pending actions or the results of completed actions. - -When the isolation configuration is applied, there will be a new event in the machine timeline. - -**Notification on machine user**:
                  -When a machine is being isolated, the following notification is displayed to inform the user that the machine is being isolated from the network: - -![Image of no network connection](images/atp-notification-isolate.png) - -## Undo machine isolation -Depending on the severity of the attack and the state of the machine you can choose to release the machine isolation after you have verified that the compromised machine has been remediated. - -1. Select a machine that was previously isolated. - -2. Open the **Actions** menu and select **Undo machine isolation**. - - ![Image of undo isolation](images/atp-undo-isolation.png) - -3. Type a comment (optional) and select **Yes** to take action on the file. The machine will be reconnected to the network. ## Collect investigation package from machines As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker. @@ -83,35 +42,40 @@ You can download the package (Zip file) and investigate the events that occurred The package contains the following folders: -Folder | Description -:---|:--- -Autoruns | Contains a set of files that each represent the content of the registry of a known auto start entry point (ASEP) to help identify attacker’s persistency on the machine.

                  NOTE: If the registry key is not found, the file will contain the following message: “ERROR: The system was unable to find the specified registry key or value.” -Installed programs | This .CSV file contains the list of installed programs that can help identify what is currently installed on the machine. For more information, see [Win32_Product class](https://go.microsoft.com/fwlink/?linkid=841509). -Network connections | This folder contains a set of data points related to the connectivity information which can help in identifying connectivity to suspicious URLs, attacker’s command and control (C&C) infrastructure, any lateral movement, or remote connections.

                  - ActiveNetworkConnections.txt – Displays protocol statistics and current TCP/IP network connections. Provides the ability to look for suspicious connectivity made by a process.

                  - Arp.txt – Displays the current address resolution protocol (ARP) cache tables for all interfaces.

                  ARP cache can reveal additional hosts on a network that have been compromised or suspicious systems on the network that night have been used to run an internal attack.

                  - Dnscache.txt - Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. This can help in identifying suspicious connections.

                  - Ipconfig.txt – Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections. -Prefetch files | Windows Prefetch files are designed to speed up the application startup process. It can be used to track all the files recently used in the system and find traces for applications that might have been deleted but can still be found in the prefetch file list.

                  - Prefetch folder – Contains a copy of the prefetch files from `%SystemRoot%\Prefetch`. NOTE: It is suggested to download a prefetch file viewer to view the prefetch files.

                  - PrefetchFilesList.txt – Contains the list of all the copied files which can be used to track if there were any copy failures to the prefetch folder. -Processes | Contains a .CSV file listing the running processes which provides the ability to identify current processes running on the machine. This can be useful when identifying a suspicious process and its state. -Scheduled tasks | Contains a .CSV file listing the scheduled tasks which can be used to identify routines performed automatically on a chosen machine to look for suspicious code which was set to run automatically. -Security event log | Contains the security event log which contains records of login or logout activity, or other security-related events specified by the system's audit policy.

                  NOTE: Open the event log file using Event viewer. -Services | Contains the services.txt file which lists services and their states. -Windows Server Message Block (SMB) sessions | Lists shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. This can help identify data exfiltration or lateral movement.

                  Contains files for SMBInboundSessions and SMBOutboundSession.

                  NOTE: If the file contains the following message: “ERROR: The system was unable to find the specified registry key or value.”, it means that there were no SMB sessions of this type (inbound or outbound). -Temp Directories | Contains a set of text files that lists the files located in %Temp% for every user in the system.

                  This can help to track suspicious files that an attacker may have dropped on the system.

                  NOTE: If the file contains the following message: “The system cannot find the path specified”, it means that there is no temp directory for this user, and might be because the user didn’t log in to the system. -Users and Groups | Provides a list of files that each represent a group and its members. -CollectionSummaryReport.xls | This file is a summary of the investigation package collection, it contains the list of data points, the command used to extract the data, the execution status, and the error code in case of failure. You can use this report to track if the package includes all the expected data and identify if there were any errors. +| Folder | Description | +|:--------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Autoruns | Contains a set of files that each represent the content of the registry of a known auto start entry point (ASEP) to help identify attacker’s persistency on the machine.

                  NOTE: If the registry key is not found, the file will contain the following message: “ERROR: The system was unable to find the specified registry key or value.” | +| Installed programs | This .CSV file contains the list of installed programs that can help identify what is currently installed on the machine. For more information, see [Win32_Product class](https://go.microsoft.com/fwlink/?linkid=841509). | +| Network connections | This folder contains a set of data points related to the connectivity information which can help in identifying connectivity to suspicious URLs, attacker’s command and control (C&C) infrastructure, any lateral movement, or remote connections.

                  - ActiveNetworkConnections.txt – Displays protocol statistics and current TCP/IP network connections. Provides the ability to look for suspicious connectivity made by a process.

                  - Arp.txt – Displays the current address resolution protocol (ARP) cache tables for all interfaces.

                  ARP cache can reveal additional hosts on a network that have been compromised or suspicious systems on the network that night have been used to run an internal attack.

                  - Dnscache.txt - Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. This can help in identifying suspicious connections.

                  - Ipconfig.txt – Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections. | +| Prefetch files | Windows Prefetch files are designed to speed up the application startup process. It can be used to track all the files recently used in the system and find traces for applications that might have been deleted but can still be found in the prefetch file list.

                  - Prefetch folder – Contains a copy of the prefetch files from `%SystemRoot%\Prefetch`. NOTE: It is suggested to download a prefetch file viewer to view the prefetch files.

                  - PrefetchFilesList.txt – Contains the list of all the copied files which can be used to track if there were any copy failures to the prefetch folder. | +| Processes | Contains a .CSV file listing the running processes which provides the ability to identify current processes running on the machine. This can be useful when identifying a suspicious process and its state. | +| Scheduled tasks | Contains a .CSV file listing the scheduled tasks which can be used to identify routines performed automatically on a chosen machine to look for suspicious code which was set to run automatically. | +| Security event log | Contains the security event log which contains records of login or logout activity, or other security-related events specified by the system's audit policy.

                  NOTE: Open the event log file using Event viewer. | +| Services | Contains the services.txt file which lists services and their states. | +| Windows Server Message Block (SMB) sessions | Lists shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. This can help identify data exfiltration or lateral movement.

                  Contains files for SMBInboundSessions and SMBOutboundSession.

                  NOTE: If the file contains the following message: “ERROR: The system was unable to find the specified registry key or value.”, it means that there were no SMB sessions of this type (inbound or outbound). | +| Temp Directories | Contains a set of text files that lists the files located in %Temp% for every user in the system.

                  This can help to track suspicious files that an attacker may have dropped on the system.

                  NOTE: If the file contains the following message: “The system cannot find the path specified”, it means that there is no temp directory for this user, and might be because the user didn’t log in to the system. | +| Users and Groups | Provides a list of files that each represent a group and its members. | +| CollectionSummaryReport.xls | This file is a summary of the investigation package collection, it contains the list of data points, the command used to extract the data, the execution status, and the error code in case of failure. You can use this report to track if the package includes all the expected data and identify if there were any errors. | 1. Select the machine that you want to investigate. You can select or search for a machine from any of the following views: - - **Dashboard** - Select the machine name from the Top machines with active alerts section. - - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. - - **Machines list** - Select the heading of the machine name from the machines list. - - **Search box** - Select Machine from the drop-down menu and enter the machine name. + - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section. + - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. + - **Machines list** - Select the heading of the machine name from the machines list. + - **Search box** - Select Machine from the drop-down menu and enter the machine name. 2. Open the **Actions** menu and select **Collect investigation package**. + ![Image of collect investigation package action](images/atp-actions-collect-investigation-package.png) + +3. Type a comment and select **Yes, collect package** to take action on the machine. + + ![Image of notification to collect package](images/atp-notification-collect-package.png) + The Action center shows the submission information: - ![Image of investigation package in action center](images/atp-investigation-package-action-center.png) + ![Image of investigation package in action center](images/atp-action-center-package-collection.png) - **Submission time** - Shows when the action was submitted. - - **Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon. - **Status** - Indicates if the package was successfully collected from the network. When the collection is complete, you can download the package. 3. Select **Package available** to download the package.
                  @@ -122,8 +86,152 @@ CollectionSummaryReport.xls | This file is a summary of the investigation packag You can also search for historical packages in the machine timeline. +## Run Windows Defender Antivirus scan on machines +As part of the investigation or response process, you can remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised machine. + +>[!NOTE] +> A Windows Defender Antivirus (Windows Defender AV) scan can run alongside other antivirus solutions, whether Windows Defender AV is the active antivirus solution or not. + +1. Select the machine that you want to run the scan on. You can select or search for a machine from any of the following views: + + - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section. + - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. + - **Machines list** - Select the machine name from the list of machines. + - **Search box** - Select Machine from the drop-down menu and enter the machine name. +2. Open the **Actions** menu and select **Run antivirus scan**. + + ![Image of run antivirus scan](images/atp-actions-run-av.png) + +3. Select the scan type that you'd like to run. You can choose between a quick or a full scan. + + ![Image of notification to select quick scan or full scan and add comment](images/atp-av-scan-notification.png) + + +4. Type a comment and select **Yes, run scan** to start the scan.
                  + + The Action center shows the scan information: + + ![Image of action center with antivirus scan](images/atp-av-scan-action-center.png) + + - **Submission time** - Shows when the action was submitted. + - **Status** - Indicates any pending actions or the results of completed actions. + +The machine timeline will include a new event, reflecting that a scan action was submitted on the machine. Windows Defender AV alerts will reflect any detections that surfaced during the scan. + +## Restrict app execution +In addition to the ability of containing an attack by stopping malicious processes, you can also lock down a device and prevent subsequent attempts of potentially malicious programs from running. + +The action to restrict an application from running applies a code integrity policy that only allows running of files that are signed by a Microsoft issued certificate. This method of restriction can help prevent an attacker from controlling compromised machines and performing further malicious activities. + +>[!NOTE] +>You’ll be able to reverse the restriction of applications from running at any time. + +1. Select the machine where you'd like to restrict an application from running from. You can select or search for a machine from any of the following views: + + - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section. + - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. + - **Machines list** - Select the machine name from the list of machines. + - **Search box** - Select Machine from the drop-down menu and enter the machine name. + +2. Open the **Actions** menu and select **Restrict app execution**. + + ![Image of restrict app execution action](images/atp-actions-restrict-app-execution.png) + +3. Type a comment and select **Yes, restict app execution** to take action on the file. + + ![Image of app restriction notification](images/atp-notification-restrict.png) + + The Action center shows the submission information: + ![Image of action center with app restriction](images/atp-action-center-app-restriction.png) + + + - **Submission time** - Shows when the action was submitted. + - **Status** - Indicates any pending actions or the results of completed actions. + +When the application execution restriction configuration is applied, a new event is reflected in the machine timeline. + + +**Notification on machine user**:
                  +When an app is restricted, the following notification is displayed to inform the user that an app is being restricted from running: + +![Image of app restriction](images/atp-app-restriction.png) + +## Remove app restriction +Depending on the severity of the attack and the state of the machine, you can choose to reverse the restriction of applications policy after you have verified that the compromised machine has been remediated. + +1. Select the machine where you restricted an application from running from. + +2. Open the **Actions** menu and select **Remove app restrictions**. + + ![Image of remove app restrictions](images/atp-actions-remove-app-restrictions.png) + +3. Type a comment and select **Yes, remove restriction** to take action on the application. The machine application restriction will no longer apply on the machine. + + +## Isolate machines from the network +Depending on the severity of the attack and the sensitivity of the machine, you might want to isolate the machine from the network. This action can help prevent the attacker from controlling the compromised machine and performing further activities such as data exfiltration and lateral movement. + +This machine isolation feature disconnects the compromised machine from the network while retaining connectivity to the Windows Defender ATP service, which continues to monitor the machine. + +On Windows 10, version 1710 and above, you'll have additional control over the network isolation level. You can also choose to enable Outlook and Skype for Business connectivity. + +>[!NOTE] +>You’ll be able to reconnect the machine back to the network at any time. + +1. Select the machine that you want to isolate. You can select or search for a machine from any of the following views: + + - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section. + - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. + - **Machines list** - Select the machine name from the list of machines. + - **Search box** - Select Machine from the drop-down menu and enter the machine name. + +2. Open the **Actions** menu and select **Isolate machine**. + + ![Image of isolate machine](images/atp-actions-isolate-machine.png) + +3. Select the check-box if you'd like to enable Outlook and Skype communication while the machine is isolated. + + ![Image of isolation confirmation](images/atp-confirm-isolate.png) + +4. Type a comment and select **Yes, isolate machine** to take action on the machine. + + >[!NOTE] + >The machine will remain connected to the Windows Defender ATP service even if it is isolated from the network. If you've chosen to enable Outlook and Skype for Business communication, then you'll be able to communicate to the user while the machine is isolated. + + The Action center shows the submission information: + ![Image of machine isolation](images/atp-machine-isolation.png) + + - **Submission time** - Shows when the action was submitted. + - **Status** - Indicates any pending actions or the results of completed actions. Additional indications will be provided if you've enabled Outlook and Skype for Business communication. + +When the isolation configuration is applied, a new event is reflected in the machine timeline. + +**Notification on machine user**:
                  +When a machine is being isolated, the following notification is displayed to inform the user that the machine is being isolated from the network: + +![Image of no network connection](images/atp-notification-isolate.png) + +## Release machine from isolation +Depending on the severity of the attack and the state of the machine you can choose to release the machine from isolation after you have verified that the compromised machine has been remediated. + +1. Select a machine that was previously isolated. + +2. Open the **Actions** menu and select **Release from isolation**. + + ![Image of release from isolation](images/atp-actions-release-from-isolation.png) + +3. Type a comment and select **Yes, release machine** to take action on the machine. The machine will be reconnected to the network. + + ## Check activity details in Action center -The **Action center** provides information on actions that were taken on a machine or file. You’ll be able to view if a machine was isolated and if an investigation package is available from a machine. All related details are also shown, for example, submission time, submitting user, and if the action succeeded or failed. +The **Action center** provides information on actions that were taken on a machine or file. You’ll be able to view the following details: + +- Investigation package collection +- Antivirus scan +- App restriction +- Machine isolation + +All other related details are also shown, for example, submission time, submitting user, and if the action succeeded or failed. ![Image of action center with information](images/atp-action-center-with-info.png) diff --git a/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md index eef6296540..095581b550 100644 --- a/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Take response actions in Windows Defender ATP @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-responseactions-abovefoldlink) You can take response actions on machines and files to quickly respond to detected attacks so that you can contain or reduce and prevent further damage caused by malicious attackers in your organization. @@ -35,7 +40,7 @@ Topic | Description [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)| Stop and quarantine files or block a file from your network. ## Related topics -- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..fb13f00579 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md @@ -0,0 +1,126 @@ +--- +title: View the Security Analytics dashboard in Windows Defender ATP +description: Use the Security Analytics dashboard to assess and improve the security state of your organization by analyzing various security control tiles. +keywords: security analytics, dashboard, security recommendations, security control state, security score, score improvement, organizational security score, security coverate, security control, improvement opportunities, edr, antivirus, av, os security updates +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +localizationpriority: high +ms.date: 09/05/2017 +--- + +# View the Windows Defender Advanced Threat Protection Security analytics dashboard + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-abovefoldlink) + + +The Security Analytics dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines. + +The **Security analytics dashboard** displays a snapshot of: +- Organizational security score +- Security coverage +- Improvement opportunities + +![Security analytics dashboard](images/atp-dashboard-security-analytics.png) + +## Organizational security score +The organization security score is reflective of the average score of all the Windows Defender security controls that are configured according to the recommended baseline. You can improve this score by taking the steps in configuring each of the security controls in the optimal settings. + +![Organizational security score](images/atp-org-score.png) + +Each Windows Defender security control from the **Security coverage** tile contributes 100 points to the organizational security score. + +The denominator is reflective of the organizational score potential and calculated by multiplying the number of supported security controls (Security coverage pillars) by the maximum points that each pillar contributes (maximum of 100 points for each pillar). + + +In the example image, the total points from the **Improvement opportunities** tile add up to 279 points for the three pillars from the **Security coverage** tile. + +## Security coverage +The security coverage tile shows a bar graph where each bar represents a Windows Defender security control. Each bar contributes 100 points to the overall organizational security score. It also represents the various Windows 10 security components with an indicator of the total number of machines that are well configured and those that require attention. Hovering on top of the individual bars will show exact numbers for each category. + + +![Security coverage](images/atp-sec-coverage.png) + +## Improvement opportunities +Improve your organizational security score by taking the recommended improvement actions listed on this tile. The goal is to reduce the gap between the perfect score and the current score for each control. + +Click on each control to see the recommended optimizations. + +![Improvement opportunities](images/atp-improv-ops.png) + +The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action. When added together, the total number makes up the numerator in the fraction for each segment in the Improvement opportunities tile. + +Recommendations that do not display a green action are informational only and no action is required. + +Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice. + +The following image shows an example list of machines where the EDR sensor is not turned on. + +![Image of view machines list with a filter applied](images/atp-security-analytics-view-machines2.png) + +### Endpoint detection and response (EDR) optimization +This tile provides a specific list of actions you can take on Windows Defender ATP to improve how endpoints provide sensor data to the Windows Defender ATP service. + +You can take the following actions to increase the overall security score of your organization: +- Turn on sensor +- Fix sensor data collection +- Fix impaired communications + +For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md). + +### Windows Defender Antivirus optimization +This tile provides a list of specific list of actions you can implement on endpoints with Windows Defender Antivirus to improve the security in your organization. Each action shows the exact number of endpoints where you can apply the action on. + +You can take the following actions to increase the overall security score of your organization: + +>[!NOTE] +> For the Windows Defender Antivirus properties to show, you'll need to ensure that the Windows Defender Antivirus Cloud-based protection is properly configured on the endpoint. + +- Fix antivirus reporting + - This recommendation is displayed when the Windows Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md). +- Turn on antivirus +- Update antivirus definitions +- Turn on cloud-based protection +- Turn on real-time protection +- Turn on PUA protection + +For more information, see [Configure Windows Defender Antivirus](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md). + + +### OS security updates optimization +This tile shows you the exact number of machines that require the latest security updates. It also shows machines that are running on the latest Windows Insider preview build and serves as a reminder to ensure that users should run the latest builds. + +You can take the following actions to increase the overall security score of your organization: +- Install the latest security updates + +For more information on, see [Windows Update Troubleshooter](https://support.microsoft.com/en-us/help/4027322/windows-windows-update-troubleshooter). + + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink) + +## Related topics +- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) +- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) +- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) +- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) +- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) +- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md) +- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) +- [Investigate a user account in Windows Defender ATP ](investigate-user-windows-defender-advanced-threat-protection.md) +- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md) +- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md) + diff --git a/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md index edd9a3e180..64db7e6e2b 100644 --- a/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Check the Windows Defender ATP service health description: Check Windows Defender ATP service health, see if the service is experiencing issues and review previous issues that have been resolved. -keywords: dashboard, service, issues, service health, current issues, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time +keywords: dashboard, service, issues, service health, current status, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Check the Windows Defender Advanced Threat Protection service health @@ -22,19 +23,23 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-servicestatus-abovefoldlink) + The **Service health** provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. If there are issues, you'll see details related to the issue such as when the issue was detected, what the preliminary root cause is, and the expected resolution time. You'll also see information on historical issues that have been resolved and details such as the date and time when the issue was resolved. When there are no issues on the service, you'll see a healthy status. -You can view details on the service health by clicking the tile from the **Dashboard** or selecting the **Service health** menu from the navigation pane. +You can view details on the service health by clicking the tile from the **Security operations dashboard** or selecting the **Service health** menu from the navigation pane. The **Service health** details page has the following tabs: -- **Current issues** -- **Status History** +- **Current status** +- **Status history** -## Current issues -The **Current issues** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue: +## Current status +The **Current status** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue: - Date and time for when the issue was detected - A short description of the issue diff --git a/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md index 6dd42769f1..51307867de 100644 --- a/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Windows Defender Advanced Threat Protection settings -description: Use the menu to configure the time zone, suppression rules, and view license information. -keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license, suppression rules +description: Use the menu to configure the time zone and view license information. +keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: DulceMV ms.localizationpriority: high +ms.date: 09/05/2017 --- # Windows Defender Advanced Threat Protection settings @@ -22,7 +23,11 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -Use the **Settings** menu ![Settings icon](images/settings.png) to configure the time zone, suppression rules, and view license information. +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-settings-abovefoldlink) + +Use the **Settings** menu ![Settings icon](images/settings.png) to configure the time zone and view license information. ## Time zone settings The aspect of time is important in the assessment and analysis of perceived and actual cyberattacks. @@ -36,7 +41,7 @@ Your current time zone setting is shown in the Windows Defender ATP menu. You ca ### UTC time zone Windows Defender ATP uses UTC time by default. -Setting the Windows Defender ATP time zone to UTC will display all system timestamps (alerts, events, and others) in UTC for all users. Choosing this setting means that all users will see the same timestamps in Windows Defender ATP, regardless of their regional settings. This can help security analysts working in different locations across the globe to use the same time stamps while investigating events. +Setting the Windows Defender ATP time zone to UTC will display all system timestamps (alerts, events, and others) in UTC for all users. This can help security analysts working in different locations across the globe to use the same time stamps while investigating events. ### Local time zone You can choose to have Windows Defender ATP use local time zone settings. All alerts and events will be displayed using your local time zone. @@ -52,10 +57,36 @@ To set the time zone: 1. Click the **Settings** menu ![Settings icon](images/settings.png). 2. Select the **Timezone UTC** indicator. -3. Select **Timezone Local** or **-8:00**. +3. Select **Timezone UTC** or your local time zone, for example -7:00. -## Suppression rules -The suppression rules control what alerts are suppressed. You can suppress alerts so that certain activities are not flagged as suspicious. For more information see, [Suppress alerts](manage-alerts-windows-defender-advanced-threat-protection.md#suppress-alerts). +### Regional settings +To apply different date formats for Windows Defender ATP, use regional settings for IE and Edge. If you're using another browser such as Google Chrome, follow the required steps to change the time and date settings for that browser. + + +**Internet Explorer (IE) and Microsoft Edge (Edge)** + +IE and Edge use the **Region** settings configured in the **Clocks, Language, and Region** option in the Control panel. + + +#### Known issues with regional formats + +**Date and time formats**
                  +There are some known issues with the time and date formats. + +The following date formats are supported: +- MM/dd/yyyy +- dd/MM/yyyy + +The following date and time formats are currently not supported: +- Date format yyyy-MM-dd +- Date format dd-MMM-yy +- Date format dd/MM/yy +- Date format MM/dd/yy +- Date format with yy. Will only show yyyy. +- Time format HH:mm:ss is not supported (the 12 hour AM/PM format is not supported). Only the 24-hour format is supported. + +**Decimal symbol used in numbers**
                  +Decimal symbol used is always a dot, even if a comma is selected in the **Numbers** format settings in **Region** settings. For example, 15,5K is displayed as 15.5K. ## License Click the license link in the **Settings** menu to view the license agreement information for Windows Defender ATP. diff --git a/windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..04e81e2885 --- /dev/null +++ b/windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md @@ -0,0 +1,41 @@ +--- +title: Supported Windows Defender Advanced Threat Protection APIs +description: Learn about the specific supported Windows Defender Advanced Threat Protection entities where you can create API calls to. +keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 09/05/2017 +--- + +# Supported Windows Defender ATP APIs + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supportedapis-abovefoldlink) + +Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. + +## In this section +Topic | Description +:---|:--- +Actor | Run API calls such as get actor information and get actor related alerts. +Alerts | Run API calls such as get alerts, alert information by ID, alert related actor information, alert related IP information, and alert related machine information. +Domain |Run API calls such as get domain related machines, domain related machines, statistics, and check if a domain is seen in your organization. +File | Run API calls such as get file information, file related alerts, file related machines, and file statistics. +IP | Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization. +Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID. +User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines. + diff --git a/windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md index c5cc1addec..1a8543fe50 100644 --- a/windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Understand threat intelligence concepts @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-threatindicator-abovefoldlink) + Advanced cybersecurity attacks comprise of multiple complex malicious events, attributes, and contextual information. Identifying and deciding which of these activities qualify as suspicious can be a challenging task. Your knowledge of known attributes and abnormal activities specific to your industry is fundamental in knowing when to call an observed behavior as suspicious. With Windows Defender ATP, you can create custom threat alerts that can help you keep track of possible attack activities in your organization. You can flag suspicious events to piece together clues and possibly stop an attack chain. These custom threat alerts will only appear in your organization and will flag events that you set it to track. diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md index 1d8d5a0b52..109ede1a84 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Troubleshoot custom threat intelligence issues @@ -22,6 +23,7 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] You might need to troubleshoot issues while using the custom threat intelligence feature. @@ -46,6 +48,9 @@ If your client secret expires or if you've misplaced the copy provided when you 7. Copy the value and save it in a safe place. +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootcustomti-belowfoldlink) + + ## Related topics - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) - [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 8575f7b937..9fbbf9f078 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Troubleshoot Windows Defender Advanced Threat Protection onboarding issues @@ -22,6 +23,8 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues. This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the endpoints. @@ -271,6 +274,9 @@ Windows Defender Advanced Threat Protection requires one of the following Micros For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootonboarding-belowfoldlink) + + ## Related topics - [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) - [Configure endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md index 0a66cc942d..b8da894820 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Troubleshoot SIEM tool integration issues @@ -22,6 +23,9 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + + You might need to troubleshoot issues while pulling alerts in your SIEM tools. This page provides detailed steps to troubleshoot issues you might encounter. @@ -45,6 +49,9 @@ If your client secret expires or if you've misplaced the copy provided when you 7. Copy the value and save it in a safe place. +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootsiem-belowfoldlink) + + ## Related topics - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) - [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md index 5bb2935a52..c0885c2510 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md @@ -10,7 +10,9 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- + # Troubleshoot Windows Defender Advanced Threat Protection **Applies to:** @@ -21,6 +23,8 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + This section addresses issues that might arise as you use the Windows Defender Advanced Threat service. ### Server error - Access is denied due to invalid credentials @@ -46,6 +50,26 @@ If onboarding endpoints successfully completes but Windows Defender ATP does not For more information, see [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy). +#### Known issues with regional formats + +**Date and time formats**
                  +There are some known issues with the time and date formats. + +The following date formats are supported: +- MM/dd/yyyy +- dd/MM/yyyy + +The following date and time formats are currently not supported: +- Date format yyyy/MM/dd +- Date format dd/MM/yy +- Date format with yy. Will only show yyyy. +- Time format HH:mm:ss is not supported (the 12 hour AM/PM format is not supported). Only the 24-hour format is supported. + +**Use of comma to indicate thousand**
                  +Support of use of comma as a separator in numbers are not supported. Regions where a number is separated with a comma to indicate a thousand, will only see the use of a dot as a separator. For example, 15,5K is displayed as 15.5K. + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshoot-belowfoldlink) + ### Related topic - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md index d4e2d80927..ae473cd899 100644 --- a/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Use the threat intelligence API to create custom alerts @@ -22,6 +23,10 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) + Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization. You can use the code examples to guide you in creating calls to the custom threat intelligence API. diff --git a/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md index 3c7f06e779..a0f9d4ce21 100644 --- a/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Use the Windows Defender Advanced Threat Protection portal @@ -22,9 +23,13 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink) + A typical security breach investigation requires a member of a security operations team to: -1. View an alert on the **Dashboard** or **Alerts queue** +1. View an alert on the **Security operations dashboard** or **Alerts queue** 2. Review the indicators of compromise (IOC) or indications of attack (IOAs) 3. Review a timeline of alerts, behaviors, and events from the machine 4. Manage alerts, understand the threat or potential breach, collect information to support taking action, and resolve the alert @@ -33,13 +38,14 @@ A typical security breach investigation requires a member of a security operatio Security operation teams can use Windows Defender ATP portal to carry out this end-to-end process without having to leave the portal. -Teams can monitor the overall status of enterprise endpoints from the **Dashboard**, gain insight on the various alerts, their category, when they were observed, and how long they’ve been in the network at a glance. +Teams can monitor the overall status of enterprise endpoints from the **Security operations dashboard**, gain insight on the various alerts, their category, when they were observed, and how long they’ve been in the network at a glance. ### In this section Topic | Description :---|:--- -[View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP **Dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the endpoints on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines. +[View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the endpoints on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines. +[View the Windows Defender Advanced Threat Protection Security analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Security Analytics dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) | You can sort and filter alerts across your network, and drill down on individual alert queues such as new, in progress, or resolved queues. [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)| Investigate alerts in Windows Defender ATP which might indicate possible security breaches on endpoints in your organization. [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) | Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach. diff --git a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 512dd52132..17124a8070 100644 --- a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high +ms.date: 09/05/2017 --- # Windows Defender Advanced Threat Protection @@ -22,7 +23,9 @@ ms.localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-abovefoldlink1) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-main-abovefoldlink) > >For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy). @@ -95,9 +98,10 @@ Topic | Description [Use the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) | Learn about the capabilities of Windows Defender ATP to help you investigate alerts that might be indicators of possible breaches in your enterprise. [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) | Learn about pulling alerts from the Windows Defender ATP portal using supported security information and events management (SIEM) tools. [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) | Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization. +[Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) | Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI. [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service. [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature. -[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings, suppression rules, and view license information. +[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings and view license information. [Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md) | Verify that the service health is running properly or if there are current issues. [Troubleshoot Windows Defender Advanced Threat Protection](troubleshoot-windows-defender-advanced-threat-protection.md) | This topic contains information to help IT Pros find workarounds for the known issues and troubleshoot issues in Windows Defender ATP. [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)| Review events and errors associated with event IDs to determine if further troubleshooting steps are required. diff --git a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md index 00470f7842..804c2d9152 100644 --- a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -1,6 +1,6 @@ --- title: Windows Defender Security Center -description: The Windows Defender Security Center brings together common Windows security features into one place +description: The Windows Defender Security Center app brings together common Windows security features into one place keywords: wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -22,17 +22,17 @@ ms.date: 08/25/2017 **Applies to** -- Windows 10, version 1703 +- Windows 10, version 1709 -In Windows 10, version 1703 we introduced the new Windows Defender Security Center, which brings together common Windows security features into one, easy-to-use app. +In Windows 10, version 1703 we introduced the new Windows Defender Security Center app, which brings together common Windows security features into one easy-to-use app. -![Screen shot of the Windows Defender Security Center showing that the device is protected and five icons for each of the features](images/security-center-home.png) +![Screen shot of the Windows Defender Security Center app showing that the device is protected and five icons for each of the features](images/security-center-home.png) @@ -41,60 +41,71 @@ Many settings that were previously part of the individual features and main Wind The app includes the settings and status for the following security features: -- Virus & threat protection, including settings for Windows Defender Antivirus +- Virus & threat protection, including settings for Windows Defender Antivirus and Controlled folder access - Device performance & health, which includes information about drivers, storage space, and general Windows Update issues - Firewall & network protection, including Windows Firewall -- App & browser control, covering Windows Defender SmartScreen settings +- App & browser control, covering Windows Defender SmartScreen settings and Exploit protection mitigations - Family options, which include a number of parental controls along with tips and information for keeping kids safe online -The Windows Defender Security Center uses the [Windows Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on 3rd party antivirus and firewall products that are installed on the device. +The Windows Defender Security Center app uses the [Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on third-party antivirus and firewall products that are installed on the device. -> [!IMPORTANT] -> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date. + +>[!IMPORTANT] +>Windows Defender AV and the Windows Defender Security Center app use similarly named services for specific purposes. +> +>The Windows Defender Security Center app uses the Windows Defender Security Center Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Firewall, and other security protection. +> +>These services do not affect the state of Windows Defender AV. Disabling or modifying these services will not disable Windows Defender AV, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product. +> +>Windows Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). +> +>Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). > [!WARNING] -> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. ->It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed. ->This will significantly lower the protection of your device and could lead to malware infection. +> If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. +> +>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. +> +>This will significantly lower the protection of your device and could lead to malware infection. -## Open the Windows Defender Security Center + + +## Open the Windows Defender Security Center app - Right-click the icon in the notification area on the taskbar and click **Open**. - ![Screen shot of the Shield icon for the Windows Defender Security Center in the bottom Windows task bar](images/security-center-taskbar.png) + ![Screen shot of the icon for the Windows Defender Security Center app on the Windows task bar](images/security-center-taskbar.png) - Search the Start menu for **Windows Defender Security Center**. - ![Screen shot of the Start menu showing the results of a search for Windows Defender Security Center, the first option with a large shield symbol is selected](images/security-center-start-menu.png) + ![Screen shot of the Start menu showing the results of a search for the Windows Defender Security Center app, the first option with a large shield symbol is selected](images/security-center-start-menu.png) > [!NOTE] > Settings configured with management tools, such as Group Policy, Microsoft Intune, or System Center Configuration Manager, will generally take precedence over the settings in the Windows Defender Security Center. Review the settings for each feature in its appropriate library. Links for both home user and enterprise or commercial audiences are listed below. -## How the Windows Defender Security Center works with Windows security features +## How the Windows Defender Security Center app works with Windows security features - - -The Windows Defender Security Center operates as a separate app or process from each of the individual features, and will display notifications through the Action Center. +The Windows Defender Security Center app operates as a separate app or process from each of the individual features, and will display notifications through the Action Center. It acts as a collector or single place to see the status and perform some configuration for each of the features. -Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center. The Windows Defender Security Center itself will still run and show status for the other security features. +Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center app. The Windows Defender Security Center app itself will still run and show status for the other security features. > [!IMPORTANT] -> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center itself. +> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center app. -For example, [using a 3rd party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall. +For example, [using a third-party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall. -The presence of the 3rd party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center. +The presence of the third-party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center app. ## More information -See the following links for more information on the features in the Windows Defender Security Center: +See the following links for more information on the features in the Windows Defender Security Center app: - Windows Defender Antivirus - IT administrators and IT pros can get configuration guidance from the [Windows Defender Antivirus in the Windows Defender Security Center topic](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) and the [Windows Defender Antivirus documentation library](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) - Home users can learn more at the [Virus & threat protection in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4012987/windows-10-virus-threat-protection-windows-defender-security-center) diff --git a/windows/threat-protection/windows-information-protection/app-behavior-with-wip.md b/windows/threat-protection/windows-information-protection/app-behavior-with-wip.md index 5e1df99718..853ef9a50d 100644 --- a/windows/threat-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/threat-protection/windows-information-protection/app-behavior-with-wip.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.pagetype: security ms.sitesec: library author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) diff --git a/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md index 2b6985d243..922db68920 100644 --- a/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md +++ b/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md @@ -6,7 +6,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # How to collect Windows Information Protection (WIP) audit event logs diff --git a/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md index 50bf85a578..cee2d5b687 100644 --- a/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md +++ b/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate diff --git a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index e4edc3e586..163ef51a0f 100644 --- a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune diff --git a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md index 7b54968b51..83010d82bf 100644 --- a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md @@ -8,7 +8,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Associate and deploy a VPN policy for Windows Information Protection (WIP) using the classic console for Microsoft Intune diff --git a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 6f9d99a876..48b2f0abd2 100644 --- a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -6,7 +6,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune diff --git a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md index 2f74bae405..b40ee0a441 100644 --- a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune diff --git a/windows/threat-protection/windows-information-protection/create-wip-policy-using-sccm.md b/windows/threat-protection/windows-information-protection/create-wip-policy-using-sccm.md index 25be0c5cdc..af978f2b5a 100644 --- a/windows/threat-protection/windows-information-protection/create-wip-policy-using-sccm.md +++ b/windows/threat-protection/windows-information-protection/create-wip-policy-using-sccm.md @@ -8,7 +8,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager diff --git a/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md index b953181936..1324eed5be 100644 --- a/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md +++ b/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune diff --git a/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md index 1cdad28951..8dd0fcf76f 100644 --- a/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md @@ -8,7 +8,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Deploy your Windows Information Protection (WIP) policy using the classic console for Microsoft Intune diff --git a/windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 3694e13ba8..f3ef168e1c 100644 --- a/windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -8,7 +8,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # List of enlightened Microsoft apps for use with Windows Information Protection (WIP) diff --git a/windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip.md index 73eddd870d..08e74a6265 100644 --- a/windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip.md +++ b/windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip.md @@ -8,7 +8,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # General guidance and best practices for Windows Information Protection (WIP) diff --git a/windows/threat-protection/windows-information-protection/limitations-with-wip.md b/windows/threat-protection/windows-information-protection/limitations-with-wip.md index 67b6897a16..9c61e080b5 100644 --- a/windows/threat-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/threat-protection/windows-information-protection/limitations-with-wip.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Limitations while using Windows Information Protection (WIP) diff --git a/windows/threat-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/threat-protection/windows-information-protection/mandatory-settings-for-wip.md index d810066027..34070f6316 100644 --- a/windows/threat-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/threat-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Mandatory tasks and settings required to turn on Windows Information Protection (WIP) diff --git a/windows/threat-protection/windows-information-protection/overview-create-wip-policy.md b/windows/threat-protection/windows-information-protection/overview-create-wip-policy.md index 428c25c20d..6dcd047747 100644 --- a/windows/threat-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/threat-protection/windows-information-protection/overview-create-wip-policy.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Create a Windows Information Protection (WIP) policy diff --git a/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 934aa9ae7c..d374d95478 100644 --- a/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -8,7 +8,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Protect your enterprise data using Windows Information Protection (WIP) diff --git a/windows/threat-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/threat-protection/windows-information-protection/recommended-network-definitions-for-wip.md index 418c24c0ef..5bd3eccc1f 100644 --- a/windows/threat-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/threat-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP) diff --git a/windows/threat-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/threat-protection/windows-information-protection/testing-scenarios-for-wip.md index 0c5aff23c1..88f14510a5 100644 --- a/windows/threat-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/threat-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -8,7 +8,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Testing scenarios for Windows Information Protection (WIP) diff --git a/windows/threat-protection/windows-information-protection/using-owa-with-wip.md b/windows/threat-protection/windows-information-protection/using-owa-with-wip.md index e2aacd97c4..dbba82c416 100644 --- a/windows/threat-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/threat-protection/windows-information-protection/using-owa-with-wip.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Using Outlook on the web with Windows Information Protection (WIP) diff --git a/windows/threat-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/threat-protection/windows-information-protection/wip-app-enterprise-context.md index fbf77802f5..bc89db2205 100644 --- a/windows/threat-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/threat-protection/windows-information-protection/wip-app-enterprise-context.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.localizationpriority: high +ms.localizationpriority: medium --- # Determine the Enterprise Context of an app running in Windows Information Protection (WIP) diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 982900b337..20c9142eb6 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -15,8 +15,9 @@ Below is a list of some of the new and updated features in Windows 10, version 1 >[!NOTE] >For release dates and servicing options for each version, see [Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info). -  -  + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897). +   ## Deployment ### Windows Imaging and Configuration Designer (ICD) diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index f9ecc8bc12..ce0429a0bf 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -18,6 +18,8 @@ For more general info about Windows 10 features, see [Features available only on >[!NOTE] >Windows 10, version 1703 contains all fixes included in previous cumulative updates to Windows 10, version 1607. For info about each version, see [Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info). For a list of removed features, see [Features that are removed or deprecated in Windows 10 Creators Update](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update). + +Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub:?tabid=2&contextid=897).   ## Configuration