diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 377215d1a7..6699a32617 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -125,7 +125,7 @@ The following list shows the supported values: - 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard. > [!NOTE] -> This policy setting is no longer supported in the new Microsoft Edge browser. The policy will be deprecated and removed in a future release. +> This policy setting is no longer supported in the new Microsoft Edge browser. The policy will be deprecated and removed in a future release. Webpages that contain mixed content, both enterprise and non-enterprise, may load incorrectly or fail completely if this feature is enabled. ADMX Info: diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md index fcbd35b410..29ef793b14 100644 --- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md +++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md @@ -26,7 +26,7 @@ This walkthrough describes how to configure a PXE server to load Windows PE by ## Prerequisites -- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) installed. +- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) and the Windows PE add-on with ADK installed. - A DHCP server: A DHCP server or DHCP proxy configured to respond to PXE client requests is required. - A PXE server: A server running the TFTP service that can host Windows PE boot files that the client will download. - A file server: A server hosting a network file share. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index 12bf3f543c..792337ed12 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -1,5 +1,5 @@ --- -description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. +description: Use this article to learn more about what Windows 10 version 1809 diagnostic data is gathered at the basic level. title: Windows 10, version 1809 basic diagnostic events and fields (Windows 10) keywords: privacy, telemetry ms.prod: w10 @@ -312,7 +312,6 @@ The following fields are available: - **DatasourceApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_20H1** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_20H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS2** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS3** The count of the number of this particular object type present on this device. @@ -328,7 +327,6 @@ The following fields are available: - **DatasourceDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_20H1** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_20H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. - **DatasourceDevicePnp_RS2** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS3** The count of the number of this particular object type present on this device. @@ -344,7 +342,6 @@ The following fields are available: - **DatasourceDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_20H1** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_20H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. - **DatasourceDriverPackage_RS2** The total DataSourceDriverPackage objects targeting Windows 10, version 1703 on this device. - **DatasourceDriverPackage_RS3** The count of the number of this particular object type present on this device. @@ -360,7 +357,6 @@ The following fields are available: - **DataSourceMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_20H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoBlock_RS2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS3** The count of the number of this particular object type present on this device. @@ -376,7 +372,6 @@ The following fields are available: - **DataSourceMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_20H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS3** The count of the number of this particular object type present on this device. @@ -392,7 +387,6 @@ The following fields are available: - **DataSourceMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_20H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoPostUpgrade_RS2** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. - **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. @@ -408,7 +402,6 @@ The following fields are available: - **DatasourceSystemBios_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_20H1** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_20H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. - **DatasourceSystemBios_RS2** The total DatasourceSystemBios objects targeting Windows 10 version 1703 present on this device. - **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting Windows 10 version 1709 present on this device. @@ -424,7 +417,6 @@ The following fields are available: - **DecisionApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_20H1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS2** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS3** The count of the number of this particular object type present on this device. @@ -440,7 +432,6 @@ The following fields are available: - **DecisionDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_20H1** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. - **DecisionDevicePnp_RS2** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS3** The count of the number of this particular object type present on this device. @@ -456,7 +447,6 @@ The following fields are available: - **DecisionDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_20H1** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. - **DecisionDriverPackage_RS2** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS3** The count of the number of this particular object type present on this device. @@ -472,7 +462,6 @@ The following fields are available: - **DecisionMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. - **DecisionMatchingInfoBlock_RS2** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device. - **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device. @@ -488,7 +477,6 @@ The following fields are available: - **DecisionMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. - **DecisionMatchingInfoPassive_RS2** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1703 on this device. - **DecisionMatchingInfoPassive_RS3** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device. @@ -504,7 +492,6 @@ The following fields are available: - **DecisionMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. - **DecisionMatchingInfoPostUpgrade_RS2** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. - **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. @@ -520,7 +507,6 @@ The following fields are available: - **DecisionMediaCenter_19H1Setup** The total DecisionMediaCenter objects targeting the next release of Windows on this device. - **DecisionMediaCenter_20H1** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. - **DecisionMediaCenter_RS2** The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device. - **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device. @@ -536,7 +522,6 @@ The following fields are available: - **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_20H1** The count of the number of this particular object type present on this device. - **DecisionSystemBios_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionSystemBios_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. - **DecisionSystemBios_RS2** The total DecisionSystemBios objects targeting Windows 10 version 1703 on this device. - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting Windows 10 version 1709 on this device. @@ -549,7 +534,6 @@ The following fields are available: - **DecisionSystemBios_TH2** The count of the number of this particular object type present on this device. - **DecisionSystemProcessor_RS2** The count of the number of this particular object type present on this device. - **DecisionTest_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionTest_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. - **InventoryDeviceContainer** A count of device container objects in cache. @@ -579,7 +563,6 @@ The following fields are available: - **Wmdrm_19H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. - **Wmdrm_20H1** The count of the number of this particular object type present on this device. - **Wmdrm_20H1Setup** The count of the number of this particular object type present on this device. -- **Wmdrm_21H1Setup** The count of the number of this particular object type present on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS2** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** An ID for the system, calculated by hashing hardware identifiers. diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md index 1623bf2d24..51c8baac0e 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md @@ -1,5 +1,5 @@ --- -description: Use this article to learn more about what required Windows diagnostic data is gathered. +description: Use this article to learn more about what required Windows 10 version 1903 diagnostic data is gathered. title: Windows 10, version 1909 and Windows 10, version 1903 required diagnostic events and fields (Windows 10) keywords: privacy, telemetry ms.prod: w10 @@ -274,8 +274,6 @@ The following fields are available: - **DatasourceApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_20H1** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_20H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_21H1** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS2** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS3** The count of the number of this particular object type present on this device. @@ -287,8 +285,6 @@ The following fields are available: - **DatasourceDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_20H1** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_20H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_21H1** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. - **DatasourceDevicePnp_RS2** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS3** The count of the number of this particular object type present on this device. @@ -303,8 +299,6 @@ The following fields are available: - **DatasourceDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_20H1** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_20H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_21H1** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. - **DatasourceDriverPackage_RS2** The total DataSourceDriverPackage objects targeting Windows 10, version 1703 on this device. - **DatasourceDriverPackage_RS3** The count of the number of this particular object type present on this device. @@ -319,8 +313,6 @@ The following fields are available: - **DataSourceMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_20H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_21H1** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoBlock_RS2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS3** The count of the number of this particular object type present on this device. @@ -332,8 +324,6 @@ The following fields are available: - **DataSourceMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_20H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_21H1** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS3** The count of the number of this particular object type present on this device. @@ -345,8 +335,6 @@ The following fields are available: - **DataSourceMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_20H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_21H1** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoPostUpgrade_RS2** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. - **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. @@ -359,8 +347,6 @@ The following fields are available: - **DatasourceSystemBios_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_20H1** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_20H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_21H1** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. - **DatasourceSystemBios_RS2** The total DatasourceSystemBios objects targeting Windows 10 version 1703 present on this device. - **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting Windows 10 version 1709 present on this device. @@ -375,8 +361,6 @@ The following fields are available: - **DecisionApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_20H1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_21H1** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS2** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS3** The count of the number of this particular object type present on this device. @@ -388,8 +372,6 @@ The following fields are available: - **DecisionDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_20H1** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_21H1** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. - **DecisionDevicePnp_RS2** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS3** The count of the number of this particular object type present on this device. @@ -404,8 +386,6 @@ The following fields are available: - **DecisionDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_20H1** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_21H1** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. - **DecisionDriverPackage_RS2** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS3** The count of the number of this particular object type present on this device. @@ -420,8 +400,6 @@ The following fields are available: - **DecisionMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_21H1** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. - **DecisionMatchingInfoBlock_RS2** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device. - **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device. @@ -433,8 +411,6 @@ The following fields are available: - **DecisionMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_21H1** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. - **DecisionMatchingInfoPassive_RS2** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1703 on this device. - **DecisionMatchingInfoPassive_RS3** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device. @@ -446,8 +422,6 @@ The following fields are available: - **DecisionMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_21H1** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. - **DecisionMatchingInfoPostUpgrade_RS2** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. - **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. @@ -459,8 +433,6 @@ The following fields are available: - **DecisionMediaCenter_19H1Setup** The total DecisionMediaCenter objects targeting the next release of Windows on this device. - **DecisionMediaCenter_20H1** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_21H1** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. - **DecisionMediaCenter_RS2** The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device. - **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device. @@ -473,8 +445,6 @@ The following fields are available: - **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_20H1** The count of the number of this particular object type present on this device. - **DecisionSystemBios_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionSystemBios_21H1** The count of the number of this particular object type present on this device. -- **DecisionSystemBios_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. - **DecisionSystemBios_RS2** The total DecisionSystemBios objects targeting Windows 10 version 1703 on this device. - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting Windows 10 version 1709 on this device. @@ -488,8 +458,6 @@ The following fields are available: - **DecisionSystemProcessor_RS2** The count of the number of this particular object type present on this device. - **DecisionTest_20H1** The count of the number of this particular object type present on this device. - **DecisionTest_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionTest_21H1** The count of the number of this particular object type present on this device. -- **DecisionTest_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. - **InventoryDeviceContainer** A count of device container objects in cache. @@ -518,8 +486,6 @@ The following fields are available: - **Wmdrm_19H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. - **Wmdrm_20H1** The count of the number of this particular object type present on this device. - **Wmdrm_20H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. -- **Wmdrm_21H1** The count of the number of this particular object type present on this device. -- **Wmdrm_21H1Setup** The count of the number of this particular object type present on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS2** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** An ID for the system, calculated by hashing hardware identifiers. diff --git a/windows/privacy/manage-windows-20H2-endpoints.md b/windows/privacy/manage-windows-20H2-endpoints.md new file mode 100644 index 0000000000..a2c7dbbed9 --- /dev/null +++ b/windows/privacy/manage-windows-20H2-endpoints.md @@ -0,0 +1,158 @@ +--- +title: Connection endpoints for Windows 10 Enterprise, version 20H2 +description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 20H2. +keywords: privacy, manage connections to Microsoft, Windows 10 +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.localizationpriority: high +audience: ITPro +author: gental-giant +ms.author: v-hakima +manager: robsize +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 12/17/2020 +--- +# Manage connection endpoints for Windows 10 Enterprise, version 20H2 + +**Applies to** + +- Windows 10 Enterprise, version 20H2 + +Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include: + +- Connecting to Microsoft Office and Windows sites to download the latest app and security updates. +- Connecting to email servers to send and receive email. +- Connecting to the web for every day web browsing. +- Connecting to the cloud to store and access backups. +- Using your location to show a weather forecast. + +Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). +Where applicable, each endpoint covered in this topic includes a link to the specific details on how to control that traffic. + +The following methodology was used to derive these network endpoints: + +1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. +2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device). +3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. +4. Compile reports on traffic going to public IP addresses. +5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory. +6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here. +7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different. +8. These tests were conducted for one week, but if you capture traffic for longer you may have different results. + +> [!NOTE] +> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. + +## Windows 10 20H2 Enterprise connection endpoints + +|Area|Description|Protocol|Destination| +|----------------|----------|----------|------------| +|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)| +||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com| +||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS/HTTP|cdn.onenote.net| +||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS|evoke-windowsservices-tas.msedge.net +|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to turn off traffic to this endpoint, but it is not recommended because as root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)| +|||TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com| +|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)| +||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2/HTTPS/HTTP|www.bing.com*| +|||TLSv1.2/HTTPS/HTTP|fp.msedge.net| +|||TLSv1.2|I-ring.msedge.net| +|||HTTPS|s-ring.msedge.net| +|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)| +||The following endpoint is used to authenticate a device. If you turn off traffic for this endpoint, the device will not be authenticated.|HTTPS|login.live.com*| +|Device metadata|The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata will not be updated for the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval)| +|||HTTP|dmd.metaservices.microsoft.com| +|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)| +|||TLSv1.2/HTTPS/HTTP|v10.events.data.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com| +|||HTTP|www.microsoft.com| +||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.|TLSv1.2|telecommand.telemetry.microsoft.com| +|||TLS v1.2/HTTPS/HTTP|watson.*.microsoft.com| +|Font Streaming|The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you will not be able to download fonts on demand.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming)| +|||HTTPS|fs.microsoft.com| +|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)| +|||TLSv1.2/HTTPS/HTTP|licensing.mp.microsoft.com| +|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)| +||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|TLSv1.2/HTTPS/HTTP|maps.windows.com| +|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)| +||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |TLSv1.2/HTTPS|login.live.com| +|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)| +||This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com| +||The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won’t be able to check for and apply new edge updates.|TLSv1.2/HTTPS/HTTP|msedge.api.cdp.microsoft.com| +|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTP|go.microsoft.com| +|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)| +||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net| +||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com| +||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2|1storecatalogrevocation.storequality.microsoft.com| +|||HTTPS/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com| +||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com| +||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps cannot be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|displaycatalog.mp.microsoft.com| +|||HTTPS|pti.store.microsoft.com| +|||HTTP|share.microsoft.com| +||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com| +|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)| +||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*| +|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)| +|||HTTPS|www.office.com| +|||HTTPS|blobs.officehome.msocdn.com| +|||HTTPS|officehomeblobs.blob.core.windows.net| +|||HTTPS|self.events.data.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|outlookmobile-office365-tas.msedge.net| +|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)| +|||TLSv1.2/HTTPS/HTTP|g.live.com| +|||TLSv1.2/HTTPS/HTTP|oneclient.sfx.ms| +|||HTTPS| logincdn.msauth.net| +|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)| +|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com| +|||HTTPS|settings.data.microsoft.com| +|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)| +|||HTTPS/HTTP|*.pipe.aria.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com| +|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)| +|||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com| +|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)| +|||HTTPS/TLSv1.2|wdcp.microsoft.com| +||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications will not appear.|HTTPS|*smartscreen-prod.microsoft.com| +|||HTTPS/HTTP|checkappexec.microsoft.com| +|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)| +|||TLSv1.2/HTTPS/HTTP|arc.msn.com| +|||HTTPS|ris.api.iris.microsoft.com| +|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)| +|||TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com| +|||HTTP|emdl.ws.microsoft.com| +||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.|TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com| +|||HTTP|*.windowsupdate.com| +||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|*.update.microsoft.com| +||The following endpoint is used for compatibility database updates for Windows.|HTTPS|adl.windows.com| +||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com| +|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store)| +|||HTTPS|dlassets-ssl.xboxlive.com| +| + +## Other Windows 10 editions + +To view endpoints for other versions of Windows 10 Enterprise, see: + +- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md) + +To view endpoints for non-Enterprise Windows 10 editions, see: + +- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md) +- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md) +- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md) +- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md) +- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md) +- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md) + +## Related links + +- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/intune-endpoints) diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index b1c3b25c91..2605b80713 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -1,5 +1,5 @@ --- -description: Use this article to learn more about what required Windows diagnostic data is gathered. +description: Use this article to learn more about what required Windows 10 version 2004 and version 20H2 diagnostic data is gathered. title: Windows 10, version 20H2 and Windows 10, version 2004 required diagnostic events and fields (Windows 10) keywords: privacy, telemetry ms.prod: w10 @@ -61,10 +61,6 @@ The following fields are available: - **DatasourceApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_20H1** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_20H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_21H1** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DatasourceApplicationFile_RS2** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS3** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS4** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS5** The count of the number of this particular object type present on this device. @@ -74,8 +70,6 @@ The following fields are available: - **DatasourceDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_20H1** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_20H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_21H1** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. - **DatasourceDevicePnp_RS2** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS3** The count of the number of this particular object type present on this device. @@ -89,8 +83,6 @@ The following fields are available: - **DatasourceDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_20H1** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_20H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_21H1** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. - **DatasourceDriverPackage_RS2** The total DataSourceDriverPackage objects targeting Windows 10, version 1703 on this device. - **DatasourceDriverPackage_RS3** The count of the number of this particular object type present on this device. @@ -104,8 +96,6 @@ The following fields are available: - **DataSourceMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_20H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_21H1** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoBlock_RS2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS3** The count of the number of this particular object type present on this device. @@ -117,8 +107,6 @@ The following fields are available: - **DataSourceMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_20H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_21H1** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS3** The count of the number of this particular object type present on this device. @@ -130,8 +118,6 @@ The following fields are available: - **DataSourceMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_20H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_21H1** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoPostUpgrade_RS2** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. - **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. @@ -143,8 +129,6 @@ The following fields are available: - **DatasourceSystemBios_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_20H1** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_20H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_21H1** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. - **DatasourceSystemBios_RS2** The total DatasourceSystemBios objects targeting Windows 10 version 1703 present on this device. - **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting Windows 10 version 1709 present on this device. @@ -158,8 +142,6 @@ The following fields are available: - **DecisionApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_20H1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_21H1** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS2** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS3** The count of the number of this particular object type present on this device. @@ -171,8 +153,6 @@ The following fields are available: - **DecisionDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_20H1** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_21H1** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. - **DecisionDevicePnp_RS2** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS3** The count of the number of this particular object type present on this device. @@ -186,8 +166,6 @@ The following fields are available: - **DecisionDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_20H1** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_21H1** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. - **DecisionDriverPackage_RS2** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS3** The count of the number of this particular object type present on this device. @@ -201,8 +179,6 @@ The following fields are available: - **DecisionMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_21H1** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. - **DecisionMatchingInfoBlock_RS2** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device. - **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device. @@ -214,8 +190,6 @@ The following fields are available: - **DecisionMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_21H1** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. - **DecisionMatchingInfoPassive_RS2** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1703 on this device. - **DecisionMatchingInfoPassive_RS3** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device. @@ -227,8 +201,6 @@ The following fields are available: - **DecisionMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_21H1** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. - **DecisionMatchingInfoPostUpgrade_RS2** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. - **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. @@ -240,8 +212,6 @@ The following fields are available: - **DecisionMediaCenter_19H1Setup** The total DecisionMediaCenter objects targeting the next release of Windows on this device. - **DecisionMediaCenter_20H1** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_21H1** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. - **DecisionMediaCenter_RS2** The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device. - **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device. @@ -253,8 +223,6 @@ The following fields are available: - **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_20H1** The count of the number of this particular object type present on this device. - **DecisionSystemBios_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionSystemBios_21H1** The count of the number of this particular object type present on this device. -- **DecisionSystemBios_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. - **DecisionSystemBios_RS2** The total DecisionSystemBios objects targeting Windows 10 version 1703 on this device. - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting Windows 10 version 1709 on this device. @@ -265,8 +233,6 @@ The following fields are available: - **DecisionSystemBios_TH1** The count of the number of this particular object type present on this device. - **DecisionSystemBios_TH2** The count of the number of this particular object type present on this device. - **DecisionTest_20H1Setup** The count of the number of this particular object type present on this device. -- **DecisionTest_21H1** The count of the number of this particular object type present on this device. -- **DecisionTest_21H1Setup** The count of the number of this particular object type present on this device. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. - **InventoryLanguagePack** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. @@ -288,8 +254,6 @@ The following fields are available: - **Wmdrm_19H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. - **Wmdrm_20H1** The count of the number of this particular object type present on this device. - **Wmdrm_20H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. -- **Wmdrm_21H1** The count of the number of this particular object type present on this device. -- **Wmdrm_21H1Setup** The count of the number of this particular object type present on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS2** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** An ID for the system, calculated by hashing hardware identifiers. diff --git a/windows/privacy/toc.yml b/windows/privacy/toc.yml index 60bf83c118..52a6ddd6da 100644 --- a/windows/privacy/toc.yml +++ b/windows/privacy/toc.yml @@ -41,6 +41,8 @@ href: manage-connections-from-windows-operating-system-components-to-microsoft-services.md - name: Manage connections from Windows operating system components to Microsoft services using MDM href: manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md + - name: Connection endpoints for Windows 10, version 20H2 + href: manage-windows-20H2-endpoints.md - name: Connection endpoints for Windows 10, version 2004 href: manage-windows-2004-endpoints.md - name: Connection endpoints for Windows 10, version 1909 @@ -53,6 +55,8 @@ href: manage-windows-1803-endpoints.md - name: Connection endpoints for Windows 10, version 1709 href: manage-windows-1709-endpoints.md + - name: Connection endpoints for non-Enterprise editions of Windows 10, version 20H2 + href: windows-endpoints-20H2-non-enterprise-editions.md - name: Connection endpoints for non-Enterprise editions of Windows 10, version 2004 href: windows-endpoints-2004-non-enterprise-editions.md - name: Connection endpoints for non-Enterprise editions of Windows 10, version 1909 diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md new file mode 100644 index 0000000000..6f82f0ddf4 --- /dev/null +++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md @@ -0,0 +1,264 @@ +--- +title: Windows 10, version 20H2, connection endpoints for non-Enterprise editions +description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 20H2. +keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.localizationpriority: high +audience: ITPro +author: gental-giant +ms.author: v-hakima +manager: robsize +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 12/17/2020 +--- +# Windows 10, version 20H2, connection endpoints for non-Enterprise editions + + **Applies to** + +- Windows 10 Home, version 20H2 +- Windows 10 Professional, version 20H2 +- Windows 10 Education, version 20H2 + +In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-2004-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 20H2. + +The following methodology was used to derive the network endpoints: + +1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. +2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device). +3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. +4. Compile reports on traffic going to public IP addresses. +5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory. +6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here. +7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different. +8. These tests were conducted for one week. If you capture traffic for longer you may have different results. + +> [!NOTE] +> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. + +## Windows 10 Family + +| **Area** | **Description** | **Protocol** | **Destination** | +|-----------|--------------- |------------- |-----------------| +| Activity Feed Service |The following endpoints are used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com| +|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com| +||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net| +||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net| +||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com| +|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*| +|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*| +|||HTTPS/HTTP|fp.msedge.net| +|||HTTPS/HTTP|k-ring.msedge.net| +|||TLSv1.2|b-ring.msedge.net| +|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*| +|Device Directory Service|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.|HTTPS/HTTP|cs.dds.microsoft.com| +|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com| +|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.|TLSv1.2/HTTP|v10.events.data.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com| +|||TLSv1.2/HTTP|www.microsoft.com| +||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com| +|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*| +|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com| +|||HTTPS|licensing.mp.microsoft.com/v7.0/licenses/content| +|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net| +|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com| +|||HTTPS/HTTP|*.ssl.ak.dynamic.tiles.virtualearth.net| +|||HTTPS/HTTP|*.ssl.ak.tiles.virtualearth.net| +|||HTTPS/HTTP|dev.virtualearth.net| +|||HTTPS/HTTP|ecn.dev.virtualearth.net| +|||HTTPS/HTTP|ssl.bing.com| +|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com| +|Microsoft Edge|The following endpoints are used for Microsoft Edge Browser Services.|HTTPS/HTTP|edge.activity.windows.com| +|||HTTPS/HTTP|edge.microsoft.com| +||The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com| +|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|HTTP|go.microsoft.com/fwlink/| +|||TLSv1.2/HTTPS/HTTP|go.microsoft.com| +|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net| +||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com| +||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com| +||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com| +|||HTTPS|pti.store.microsoft.com| +|||HTTPS|storesdk.dsx.mp.microsoft.com| +||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com| +||The following endpoints are used get images that are used for Microsoft Store suggestions|TLSv1.2|store-images.s-microsoft.com| +|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*| +|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com| +|||TLSv1.2/HTTPS|office.com| +|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com| +|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net| +|||HTTP/HTTPS|*.blob.core.windows.net| +|||TLSv1.2|self.events.data.microsoft.com| +|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net| +|||HTTP|roaming.officeapps.live.com| +|||HTTPS/HTTP|substrate.office.com| +|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com| +|||TLSv1.2/HTTPS|oneclient.sfx.ms| +|||HTTPS/TLSv1.2|logincdn.msauth.net| +|||HTTPS/HTTP|windows.policies.live.net| +|||HTTPS/HTTP|api.onedrive.com| +|||HTTPS/HTTP|skydrivesync.policies.live.net| +|||HTTPS/HTTP|*storage.live.com| +|||HTTPS/HTTP|*settings.live.net| +|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*| +|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*| +|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com| +|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com| +|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com| +|||HTTPS/HTTP|*smartscreen-prod.microsoft.com| +|||TLSv1.2|definitionupdates.microsoft.com| +||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*smartscreen.microsoft.com| +|||TLSv1.2/HTTP|checkappexec.microsoft.com| +|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*| +|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com| +|||HTTPS|mucp.api.account.microsoft.com| +|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com| +|||TLSv1.2/HTTP|emdl.ws.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com| +||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com| +|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com| +||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com| +||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com| +||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com| +|Xbox Live|The following endpoints are used for Xbox Live.| +|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com| +|||TLSv1.2/HTTPS|da.xboxservices.com| +|||HTTPS|www.xboxab.com| +| + +## Windows 10 Pro + +| **Area** | **Description** | **Protocol** | **Destination** | +| --- | --- | --- | ---| +| Activity Feed Service |The following endpoints are used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com| +|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com| +||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net| +||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net| +||Used for Spotify Live Tile|HTTPS/HTTP|spclient.wg.spotify.com| +|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*| +|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*| +|Device authentication|The following endpoint is used to authenticate a device.|HTTPS|login.live.com*| +|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com| +|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.|TLSv1.2/HTTP|v10.events.data.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com| +|||TLSv1.2/HTTP|www.microsoft.com| +||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com| +|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*| +|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com| +|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com| +|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com| +|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com| +|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|TLSv1.2/HTTPS/HTTP|go.microsoft.com| +|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net| +||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com| +||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com| +||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com| +|||HTTPS|pti.store.microsoft.com| +|||HTTPS|storesdk.dsx.mp.microsoft.com| +||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com| +|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*| +|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|outlook.office365.com| +|||TLSv1.2/HTTPS|office.com| +|||TLSv1.2/HTTPS|blobs.officehome.msocdn.com| +|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net| +|||HTTP/HTTPS|*.blob.core.windows.net| +|||TLSv1.2|self.events.data.microsoft.com| +|||HTTPS/HTTP|outlookmobile-office365-tas.msedge.net| +|||TLSv1.2/HTTPS/HTTP|officeclient.microsoft.com| +|||HTTPS/HTTP|substrate.office.com| +|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com| +|||TLSv1.2/HTTPS|oneclient.sfx.ms| +|||HTTPS/TLSv1.2|logincdn.msauth.net| +|||HTTPS/HTTP|windows.policies.live.net| +|||HTTPS/HTTP|*storage.live.com| +|||HTTPS/HTTP|*settings.live.net| +|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*| +|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*| +|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com| +|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com| +|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com| +|||HTTPS/HTTP|*smartscreen-prod.microsoft.com| +||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*smartscreen.microsoft.com| +|||TLSv1.2/HTTP|checkappexec.microsoft.com| +|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*| +|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com| +|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com| +|||TLSv1.2/HTTP|emdl.ws.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com| +||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com| +|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com| +||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com| +||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com| +||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com| +|Xbox Live|The following endpoints are used for Xbox Live.| +|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com| +|||TLSv1.2/HTTPS|da.xboxservices.com| +| + +## Windows 10 Education + +| **Area** | **Description** | **Protocol** | **Destination** | +| --- | --- | --- | ---| +| Activity Feed Service |The following endpoints are used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows|TLSv1.2/HTTPS/HTTP|activity.windows.com| +|Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com| +||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net| +||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net| +|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Yammer conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com| +|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*| +|Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*| +|||HTTPS/HTTP|fp.msedge.net| +|||TLSv1.2|odinvzc.azureedge.net| +|||TLSv1.2|b-ring.msedge.net| +|Device metadata|The following endpoint is used to retrieve device metadata.|TLSv1.2/HTTP|dmd.metaservices.microsoft.com| +|Diagnostic data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.|TLSv1.2/HTTP|v10.events.data.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|v20.events.data.microsoft.com| +|||TLSv1.2/HTTP|www.microsoft.com| +||The following endpoints are used by Windows Error Reporting.|TLSv1.2/HTTPS/HTTP|watson.telemetry.microsoft.com| +|Font Streaming|The following endpoints are used to download fonts on demand.|TLSv1.2/HTTPS|fs.microsoft.com*| +|Licensing|The following endpoint is used for online activation and some app licensing.|HTTPS/HTTP|*licensing.mp.microsoft.com| +|Location|The following endpoints are used for location data.|TLSV1.2|inference.location.live.net| +|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTPS/HTTP|maps.windows.com| +|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in|TLSv1.2/HTTPS/HTTP|*login.live.com| +|Microsoft Edge|The following endpoint is used by Microsoft Edge Update service to check for new updates.|HTTPS/HTTP|msedge.api.cdp.microsoft.com| +|Microsoft forward link redirection|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer|TLSv1.2/HTTPS/HTTP|go.microsoft.com| +|Microsoft Store|The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps)|TLSv1.2/HTTPS/HTTP|img-prod-cms-rt-microsoft-com.akamaized.net| +||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com| +||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|1storecatalogrevocation.storequality.microsoft.com| +||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com| +|||HTTPS|pti.store.microsoft.com| +|||HTTPS|storesdk.dsx.mp.microsoft.com| +||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com| +|Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*| +|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS|office.com| +|||HTTPS/HTTP|officehomeblobs.blob.core.windows.net| +|||TLSv1.2|self.events.data.microsoft.com| +|OneDrive|The following endpoints are related to OneDrive.|HTTPS|g.live.com| +|||TLSv1.2/HTTPS|oneclient.sfx.ms| +|||HTTPS/TLSv1.2|logincdn.msauth.net| +|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.|TLSv1.2/HTTPS/HTTP|settings.data.microsoft.com*| +|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com*| +|Skype|The following endpoint is used to retrieve Skype configuration values.|TLSv1.2/HTTPS/HTTP|*.pipe.aria.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com| +|Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com| +|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com| +|||HTTPS/HTTP|*smartscreen-prod.microsoft.com| +||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*smartscreen.microsoft.com| +|||TLSv1.2/HTTP|checkappexec.microsoft.com| +|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*| +|||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com| +|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com| +|||TLSv1.2/HTTP|emdl.ws.microsoft.com| +|||TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com| +||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.|TLSv1.2/HTTP|*.windowsupdate.com| +|||TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com| +||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store to help keep the device secure.|TLSv1.2/HTTPS/HTTP|*.update.microsoft.com| +||The following endpoint is used for compatibility database updates for Windows.|HTTP/HTTPS|adl.windows.com| +||The following endpoint is used for content regulation.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com| +|Xbox Live|The following endpoints are used for Xbox Live.| +|||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com| +|||TLSv1.2/HTTPS|da.xboxservices.com| +| \ No newline at end of file diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md index d8f4768540..19a298bef8 100644 --- a/windows/security/identity-protection/vpn/vpn-security-features.md +++ b/windows/security/identity-protection/vpn/vpn-security-features.md @@ -20,23 +20,6 @@ ms.author: dansimp - Windows 10 Mobile -## LockDown VPN - -A VPN profile configured with LockDown secures the device to only allow network traffic over the VPN interface. It has the following features: - -- The system attempts to keep the VPN connected at all times. -- The user cannot disconnect the VPN connection. -- The user cannot delete or modify the VPN profile. -- The VPN LockDown profile uses forced tunnel connection. -- If the VPN connection is not available, outbound network traffic is blocked. -- Only one VPN LockDown profile is allowed on a device. - -> [!NOTE] -> For built-in VPN, LockDown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type. - -Deploy this feature with caution, as the resultant connection will not be able to send or receive any network traffic without the VPN being connected. - - ## Windows Information Protection (WIP) integration with VPN Windows Information Protection provides capabilities allowing the separation and protection of enterprise data against disclosure across both company and personally owned devices, without requiring additional changes to the environments or the apps themselves. Additionally, when used with Rights Management Services (RMS), WIP can help to protect enterprise data locally. @@ -78,6 +61,24 @@ The following image shows the interface to configure traffic rules in a VPN Prof ![Add a traffic rule](images/vpn-traffic-rules.png) + +## LockDown VPN + +A VPN profile configured with LockDown secures the device to only allow network traffic over the VPN interface. It has the following features: + +- The system attempts to keep the VPN connected at all times. +- The user cannot disconnect the VPN connection. +- The user cannot delete or modify the VPN profile. +- The VPN LockDown profile uses forced tunnel connection. +- If the VPN connection is not available, outbound network traffic is blocked. +- Only one VPN LockDown profile is allowed on a device. + +> [!NOTE] +> For built-in VPN, LockDown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type. + +Deploy this feature with caution, as the resultant connection will not be able to send or receive any network traffic without the VPN being connected. + + ## Related topics - [VPN technical guide](vpn-guide.md) diff --git a/windows/security/includes/microsoft-defender.md b/windows/security/includes/microsoft-defender.md index 27394df0ea..ff59512a8b 100644 --- a/windows/security/includes/microsoft-defender.md +++ b/windows/security/includes/microsoft-defender.md @@ -9,6 +9,3 @@ author: dansimp ms.prod: w10 ms.topic: include --- - -> [!IMPORTANT] -> [Learn how Microsoft is helping to protect customers from Solorigate, a recent sophisticated attack](https://aka.ms/solorigate). diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png deleted file mode 100644 index 31e2ed052f..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel.png new file mode 100644 index 0000000000..586519d4c9 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancellation.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancellation.png deleted file mode 100644 index 27b00fdd87..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancellation.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md index 3af172dba7..9bb2ff23bb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md @@ -103,13 +103,15 @@ Navigate to the **Exceptions** tab in the **Remediation** page. You can filter b Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can export. You can also view the related recommendation or cancel the exception. - ![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-view.png) - ## How to cancel an exception -To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. To cancel the exception for all device groups, select the **Cancel exception** button. You can also cancel the exception for a specific device group. +To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. + +To cancel the exception for all device groups or for a global exception, select the **Cancel exception for all device groups** button. You will only be able to cancel exceptions for device groups you have permissions for. + +![The cancel button.](images/tvm-exception-cancel.png) ### Cancel the exception for a specific device group @@ -117,13 +119,6 @@ Select the specific device group to cancel the exception for it. A flyout will a ![Showing how to select a specific device group.](images/tvm-exception-device-group-hover.png) - -### Cancel a global exception - -If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout. - -![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png) - ## View impact after exceptions are applied In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 37f460afea..2c7a81ec77 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -46,7 +46,8 @@ See [Use Intune to remediate vulnerabilities identified by Microsoft Defender fo 2. Select a security recommendation you would like to request remediation for, and then select **Remediation options**. -3. Fill out the form, including what you are requesting remediation for, priority, due date, and optional notes. If you choose the "attention required" remediation option, selecting a due date will not be available since there is no specific action. +3. Fill out the form, including what you are requesting remediation for, applicable device groups, priority, due date, and optional notes. + 1. If you choose the "attention required" remediation option, selecting a due date will not be available since there is no specific action. 4. Select **Submit request**. Submitting a remediation request creates a remediation activity item within threat and vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This will not trigger a remediation or apply any changes to devices. diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 032da734d3..1a7f20a55c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -112,32 +112,17 @@ If there is a large jump in the number of exposed devices, or a sharp increase i ## Request remediation -The threat and vulnerability management capability in Microsoft Defender ATP bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune. +The threat and vulnerability management remediation capability bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** page to Intune. [Learn more about remediation options](tvm-remediation.md) -### Enable Microsoft Intune connection +### How to request remediation -To use this capability, enable your Microsoft Intune connections. In the Microsoft Defender Security Center, navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle **On**. - -See [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details. - -### Remediation request steps - -1. Select a security recommendation you would like to request remediation for, and then select **Remediation options**. - -2. Fill out the form, including what you are requesting remediation for, priority, due date, and optional notes. Select **Submit request**. Submitting a remediation request creates a remediation activity item within threat and vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This will not trigger a remediation or apply any changes to devices. - -3. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment. - -4. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request. - -If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details. - ->[!NOTE] ->If your request involves remediating more than 10,000 devices, we can only send 10,000 devices for remediation to Intune. +Select a security recommendation you would like to request remediation for, and then select **Remediation options**. Fill out the form and select **Submit request**. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request. [Learn more about how to request remediation](tvm-remediation.md#request-remediation) ## File for exception -As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). If your organization has device groups, you will now be able to scope the exception to specific device groups. +As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. [Learn more about exceptions](tvm-exception.md) + +Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group). @@ -147,106 +132,7 @@ Select a security recommendation you would like create an exception for, and the ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png) -Choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. - -### Exception scope - -Exceptions can either be created for selected device groups, or for all device groups past and present. - -#### Exception by device group - -Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups. - -![Showing device group dropdown.](images/tvm-exception-device-group-500.png) - -##### Filtered - -If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options. - -Button to filter by device group on any of the threat and vulnerability management pages: - -![Showing selected device groups filter.](images/tvm-selected-device-groups.png) - -Exception view with filtered device groups: - -![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png) - -##### Large number of device groups - -If your organization has more than 20 device groups, select **Edit** next to the filtered device group option. - -![Showing how to edit large numbers of groups.](images/tvm-exception-edit-groups.png) - -A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all. - -![Showing large device group flyout.](images/tvm-exception-device-group-flyout-400.png) - -#### Global exceptions - -If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from “active” to “full exception.” - -![Showing global exception option.](images/tvm-exception-global.png) - -Some things to keep in mind: - -- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired or been cancelled. After that point, the new device group exceptions will go into effect until they expire. -- If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires. - -### Justification - -Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. - -The following list details the justifications behind the exception options: - -- **Third party control** - A third party product or software already addresses this recommendation - - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced -- **Alternate mitigation** - An internal tool already addresses this recommendation - - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced -- **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive -- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization - -### View all exceptions - -Navigate to the **Exceptions** tab in the **Remediation** page. - -![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png) - -Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception. - -### How to cancel an exception - -To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. - -#### Cancel the exception for a specific device group - -If the exception is per device group, then you will need to select the specific device group to cancel the exception for it. - -![Showing how to select a specific device group.](images/tvm-exception-device-group-hover.png) - -A flyout will appear for the device group, and you can select **Cancel exception**. - -#### Cancel a global exception - -If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout. - -![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png) - -### View impact after exceptions are applied - -In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**. - -![Showing customize columns options.](images/tvm-after-exceptions.png) - -The exposed devices (after exceptions) column shows the remaining devices that are still exposed to vulnerabilities after exceptions are applied. Exception justifications that affect the exposure include ‘third party control’ and ‘alternate mitigation’. Other justifications do not reduce the exposure of a device, and they are still considered exposed. - -The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change. - -![Showing the columns in the table.](images/tvm-after-exceptions-table.png) -If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and Microsoft Secure Score for Devices, then that security recommendation is worth investigating. - -1. Select the recommendation and **Open software page** -2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md) -3. Decide how to address the increase or your organization's exposure, such as submitting a remediation request. +Fill out the form and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. [Learn more about how to create an exception](tvm-exception.md#create-an-exception) ## Report inaccuracy diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index d18b376b49..e927418779 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -96,9 +96,13 @@ You can view software pages a few different ways: A full page will appear with all the details of a specific software and the following information: -- Side panel with vendor information, prevalence of the software in the organization (including number of devices it's installed on, and exposed devices that aren't patched), whether and exploit is available, and impact to your exposure score -- Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs with the number of exposed devices -- Tabs with lists of the corresponding security recommendations for the weaknesses and vulnerabilities identified, the named CVEs of discovered vulnerabilities, the names of the devices that the software is installed on, and the specific versions of the software with the number of devices that have each version installed and number of vulnerabilities. +- Side panel with vendor information, prevalence of the software in the organization (including number of devices it's installed on, and exposed devices that aren't patched), whether and exploit is available, and impact to your exposure score. +- Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs with the number of exposed devices. +- Tabs showing information such as: + - Corresponding security recommendations for the weaknesses and vulnerabilities identified. + - Named CVEs of discovered vulnerabilities. + - Devices that have the software installed (along with device name, domain, OS, and more). + - Software version list (including number of devices the version is installed on, the number of discovered vulnerabilities, and the names of the installed devices). ![Software example page for Visual Studio 2017 with the software details, weaknesses, exposed devices, and more.](images/tvm-software-page-example.png) diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md index e7b8a53f7a..ce384ca8d4 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md @@ -55,7 +55,7 @@ The following video provides an overview of Windows Sandbox. 1. Locate and select **Windows Sandbox** on the Start menu to run it for the first time. ## Usage -1. Copy an executable file (and any other files needed to run the application) from the host into the Windows Sandbox window. +1. Copy an executable file (and any other files needed to run the application) from the host and paste them into the **Windows Sandbox** window. 2. Run the executable file or installer inside the sandbox. 3. When you're finished experimenting, close the sandbox. A dialog box will state that all sandbox content will be discarded and permanently deleted. Select **ok**. 4. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox. diff --git a/windows/whats-new/whats-new-windows-10-version-20H2.md b/windows/whats-new/whats-new-windows-10-version-20H2.md index f1046db593..ec7ffb671e 100644 --- a/windows/whats-new/whats-new-windows-10-version-20H2.md +++ b/windows/whats-new/whats-new-windows-10-version-20H2.md @@ -104,7 +104,7 @@ With specialized hardware and software components available on devices shipping ### Windows Sandbox -New polices for [Windows Sandbox](https://docs.microsoft.com/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview) are available in this release. For more information, see [Policy CSP - WindowsSandbox](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowssandbox). +New policies for [Windows Sandbox](https://docs.microsoft.com/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview) are available in this release. For more information, see [Policy CSP - WindowsSandbox](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowssandbox). ### Windows Virtual Desktop (WVD)