deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into av-relnotes

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-11-02 08:47:02 -08:00 committed by GitHub
commit ddc1f0f2d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 1258 additions and 749 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
store-for-business/includes/store-for-business-content-updates.md Normal file
View File

@ -0,0 +1,12 @@
<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->
## Week of October 26, 2020
| Published On |Topic title | Change |
|------|------------|--------|
| 10/27/2020 | [Add unsigned app to code integrity policy (Windows 10)](/microsoft-store/add-unsigned-app-to-code-integrity-policy) | modified |
| 10/27/2020 | [Device Guard signing (Windows 10)](/microsoft-store/device-guard-signing-portal) | modified |
| 10/27/2020 | [Sign code integrity policy with Device Guard signing (Windows 10)](/microsoft-store/sign-code-integrity-policy-with-device-guard-signing) | modified |

1
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -119,6 +119,7 @@ Requirements:
> [!NOTE]
> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later.
> The default behavior for older releases is to revert to **User Credential**.
> **Device Credential** is not supported for enrollment type when you have a ConfigMgr Agent on your device.
When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."

1
windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
View File

@ -86,7 +86,6 @@ ms.date: 10/08/2020
- [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
- [Security/AllowAddProvisioningPackage](policy-csp-security.md#security-allowaddprovisioningpackage)
- [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage)
- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
- [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
- [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
- [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)

52
windows/client-management/mdm/vpnv2-csp.md
View File

@ -2,14 +2,14 @@
title: VPNv2 CSP
description: Learn how the VPNv2 configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
ms.assetid: 51ADA62E-1EE5-4F15-B2AD-52867F5B2AD2
ms.reviewer:
ms.reviewer: pesmith
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 11/01/2017
ms.date: 10/30/2020
---
# VPNv2 CSP
@ -30,8 +30,8 @@ Here are the requirements for this CSP:
The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
- C:\\Windows\\schemas\\EAPHost
- C:\\Windows\\schemas\\EAPMethods
- `C:\\Windows\\schemas\\EAPHost`
- `C:\\Windows\\schemas\\EAPMethods`
The following diagram shows the VPNv2 configuration service provider in tree format.
@ -45,7 +45,8 @@ Unique alpha numeric identifier for the profile. The profile name must not inclu
Supported operations include Get, Add, and Delete.
> **Note**  If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
> [!NOTE]
> If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
<a href="" id="vpnv2-profilename-apptriggerlist"></a>**VPNv2/**<em>ProfileName</em>**/AppTriggerList**
Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect.
@ -138,9 +139,8 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-domainnameinformationlist-dnirowid-webproxyservers"></a>**VPNv2/**<em>ProfileName</em>**/DomainNameInformationList/**<em>dniRowId</em>**/WebProxyServers**
Optional. Web Proxy Server IP address if you are redirecting traffic through your intranet.
> **Note**  Currently only one web proxy server is supported.
> [!NOTE]
> Currently only one web proxy server is supported.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@ -166,9 +166,8 @@ Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-trafficfilterlist"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList**
An optional node that specifies a list of rules. Only traffic that matches these rules can be sent via the VPN Interface.
> **Note**  Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules.
> [!NOTE]
> Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules.
When adding multiple rules, each rule operates based on an OR with the other rules. Within each rule, each property operates based on an AND with each other.
@ -205,18 +204,16 @@ Value type is int. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-localportranges"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/LocalPortRanges**
A list of comma separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`.
> **Note**  Ports are only valid when the protocol is set to TCP=6 or UDP=17.
> [!NOTE]
> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-remoteportranges"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/RemotePortRanges**
A list of comma separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`.
> **Note**  Ports are only valid when the protocol is set to TCP=6 or UDP=17.
> [!NOTE]
> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@ -240,6 +237,16 @@ This is only applicable for App ID based Traffic Filter rules.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-direction"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/Direction**
Added in Windows 10, version 2004. Specifies the traffic direction to apply this policy to. Default is Outbound. The value can be one of the following:
- Outbound - The rule applies to all outbound traffic
- nbound - The rule applies to all inbound traffic
If no inbound filter is provided, then by default all unsolicated inbound traffic will be blocked.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-edpmodeid"></a>**VPNv2/**<em>ProfileName</em>**/EdpModeId**
Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
@ -255,13 +262,14 @@ Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-alwayson"></a>**VPNv2/**<em>ProfileName</em>**/AlwaysOn**
An optional flag to enable Always On mode. This will automatically connect the VPN at sign-in and will stay connected until the user manually disconnects.
> **Note**  Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active.
> [!NOTE]
> Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active.
Preserving user Always On preference
Windows has a feature to preserve a users AlwaysOn preference. In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.
Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference.
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config
Key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config`
Value: AutoTriggerDisabledProfilesList
Type: REG_MULTI_SZ
@ -450,7 +458,8 @@ Required for native profiles. Type of tunneling protocol used. This value can be
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
> **Note** The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable.
> [!NOTE]
> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable.
<a href="" id="vpnv2-profilename-nativeprofile-authentication"></a>**VPNv2/**<em>ProfileName</em>**/NativeProfile/Authentication**
Required node for native profile. It contains authentication information for the native VPN profile.
@ -1308,8 +1317,7 @@ Servers
</Add>
```
## Related topics
## See also
[Configuration service provider reference](configuration-service-provider-reference.md)

229
windows/client-management/mdm/vpnv2-ddf-file.md
View File

@ -2,14 +2,14 @@
title: VPNv2 DDF file
description: This topic shows the OMA DM device description framework (DDF) for the VPNv2 configuration service provider.
ms.assetid: 4E2F36B7-D2EE-4F48-AD1A-6BDE7E72CC94
ms.reviewer:
ms.reviewer: pesmith
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/05/2017
ms.date: 10/30/2020
---
# VPNv2 DDF file
@ -19,7 +19,7 @@ This topic shows the OMA DM device description framework (DDF) for the **VPNv2**
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
The XML below is for Windows 10, version 1709.
The XML below is for Windows 10, version 2004.
```xml
<?xml version="1.0" encoding="UTF-8"?>
@ -32,7 +32,7 @@ The XML below is for Windows 10, version 1709.
<VerDTD>1.2</VerDTD>
<Node>
<NodeName>VPNv2</NodeName>
<Path>./Device/Vendor/MSFT</Path>
<Path>./Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
@ -830,6 +830,33 @@ The XML below is for Windows 10, version 1709.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Direction</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<Description>
Outbound - The traffic filter allows traffic to reach destinations matching this rule. This is the default.
Inbound - The traffic filter allows traffic coming from external locations matching this rule.
</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
<Node>
@ -1625,6 +1652,76 @@ The XML below is for Windows 10, version 1709.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>WebAuth</NodeName>
<DFProperties>
<AccessType>
<Add />
<Get />
</AccessType>
<Description>Nodes under WebAuth can be used to enable WebToken based authentication for 3rd Party Plugin VPN Profiles.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Enabled</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Enables the WebToken based authentication flow.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ClientId</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>The client ID to specify when communicating with the Web Account provider in retrieving the token.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
<Node>
<NodeName>NativeProfile</NodeName>
@ -2225,6 +2322,33 @@ The XML below is for Windows 10, version 1709.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PlumbIKEv2TSAsRoutes</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>
True: Plumb traffic selectors as routes onto VPN interface
False: Do not plumb traffic selectors as routes
</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</Node>
@ -3718,6 +3842,76 @@ The XML below is for Windows 10, version 1709.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>WebAuth</NodeName>
<DFProperties>
<AccessType>
<Add />
<Get />
</AccessType>
<Description>Nodes under WebAuth can be used to enable WebToken based authentication for 3rd Party Plugin VPN Profiles.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Enabled</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Enables the WebToken based authentication flow.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ClientId</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>The client ID to specify when communicating with the Web Account provider in retrieving the token.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
<Node>
<NodeName>NativeProfile</NodeName>
@ -4318,6 +4512,33 @@ The XML below is for Windows 10, version 1709.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PlumbIKEv2TSAsRoutes</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>
True: Plumb traffic selectors as routes onto VPN interface
False: Do not plumb traffic selectors as routes
</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</Node>

2
windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
View File

@ -125,7 +125,7 @@ The following list shows the supported values:
- 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard.
> [!NOTE]
> This policy setting is no longer supported in the new Microsoft Edge browser.
> This policy setting is no longer supported in the new Microsoft Edge browser. The policy will be deprecated and removed in a future release.
<!--ADMXMapped-->
ADMX Info:

4
windows/security/threat-protection/TOC.md
View File

@ -19,7 +19,9 @@
### [Deployment phases](microsoft-defender-atp/deployment-phases.md)
### [Phase 1: Prepare](microsoft-defender-atp/prepare-deployment.md)
### [Phase 2: Set up](microsoft-defender-atp/production-deployment.md)
### [Phase 3: Onboard](microsoft-defender-atp/onboarding.md)
### [Phase 3: Onboard]()
#### [Onboarding overview](microsoft-defender-atp/onboarding.md)
#### [Deployment rings](microsoft-defender-atp/deployment-rings.md)
#### [Onboarding using Microsoft Endpoint Configuration Manager](microsoft-defender-atp/onboarding-endpoint-configuration-manager.md)
#### [Onboarding using Microsoft Endpoint Manager](microsoft-defender-atp/onboarding-endpoint-manager.md)
#### [Onboard supported devices](microsoft-defender-atp/onboard-configure.md)

261
windows/security/threat-protection/fips-140-validation.md
View File

@ -1,15 +1,14 @@
---
title: FIPS 140 Validation
title: Federal Information Processing Standard (FIPS) 140 Validation
description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140.
ms.prod: w10
audience: ITPro
author: dulcemontemayor
author: dansimp
ms.author: dansimp
manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/05/2019
ms.reviewer:
---
@ -28,9 +27,9 @@ Microsoft maintains an active commitment to meeting the requirements of the FIPS
## Using Windows in a FIPS 140-2 approved mode of operation
Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation. This is commonly referred to as “FIPS mode.”  When this mode is enabled, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows cryptographic operations are run. These self-tests are run in accordance with FIPS 140-2 Section 4.9 and are utilized to ensure that the modules are functioning properly. The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by this mode of operation. The FIPS 140-2 approved mode of operation will not prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. For applications or components beyond the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library, FIPS mode is merely advisory.
 
While US government regulations continue to mandate that FIPS mode be enabled on government computers running Windows, our recommendation is that it is each customers decision to make when considering enabling FIPS mode. There are many applications and protocols that look to the FIPS mode policy to determine which cryptographic functionality should be utilized in a given solution. We recommend that customers hoping to comply with FIPS 140-2 research the configuration settings of applications and protocols they may be using to ensure their solutions can be configured to utilize the FIPS 140-2 validated cryptography provided by Windows when it is operating in FIPS 140-2 approved mode. 
 
Achieving this FIPS 140-2 approved mode of operation of Windows requires administrators to complete all four steps outlined below.
### Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed
@ -43,7 +42,7 @@ Each of the cryptographic modules has a defined security policy that must be met
### Step 3: Enable the FIPS security policy
Windows provides the security policy setting, “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode. When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode. The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing).
Windows provides the security policy setting, “System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode. When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode. The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing).
### Step 4: Ensure only FIPS validated cryptographic algorithms are used
@ -73,7 +72,7 @@ This caveat identifies required configuration and security rules that must be fo
### What is the relationship between FIPS 140-2 and Common Criteria?
These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria is designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.
These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria are designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.
### How does FIPS 140 relate to Suite B?
@ -89,6 +88,76 @@ The following tables identify the cryptographic modules used in an operating sys
## Modules used by Windows
##### Windows 10 Fall 2018 Update (Version 1809)
Validated Editions: Home, Pro, Enterprise, Education
<table>
<colgroup>
<col style="width: 25%" />
<col style="width: 25%" />
<col style="width: 25%" />
<col style="width: 25%" />
</colgroup>
<tbody>
<tr class="odd">
<td><b>Cryptographic Module</b></td>
<td><b>Version (link to Security Policy)</b></td>
<td><b>FIPS Certificate #</b></td>
<td><b>Algorithms</b></td>
</tr>
<tr class="even">
<td>Cryptographic Primitives Library</td>
<td><a href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197">#3197</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="odd">
<td>Kernel Mode Cryptographic Primitives Library</td>
<td><a href="https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196">#3196</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="even">
<td>Code Integrity</td>
<td><a href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3644.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3644">#3644</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="odd">
<td>Windows OS Loader</td>
<td><a href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3615.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3615">#3615</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="even">
<td>Secure Kernel Code Integrity</td>
<td><a href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3651.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3651">#3651</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="odd">
<td>BitLocker Dump Filter</td>
<td><a href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092">#3092</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="even">
<td>Boot Manager</td>
<td><a href="https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089">#3089</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="odd">
<td>Virtual TPM</td>
<td><a href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3690.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3690">#3690</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
</tbody>
</table>
##### Windows 10 Spring 2018 Update (Version 1803)
Validated Editions: Home, Pro, Enterprise, Education
@ -304,11 +373,11 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
</table>
<sup>\[1\]</sup> Applies only to Home, Pro, Enterprise, Education and S
<sup>\[1\]</sup> Applies only to Home, Pro, Enterprise, Education, and S.
<sup>\[2\]</sup> Applies only to Pro, Enterprise, Education, S, Mobile and Surface Hub
<sup>\[2\]</sup> Applies only to Pro, Enterprise, Education, S, Mobile, and Surface Hub
<sup>\[3\]</sup> Applies only to Pro, Enterprise Education and S
<sup>\[3\]</sup> Applies only to Pro, Enterprise, Education, and S
##### Windows 10 Anniversary Update (Version 1607)
@ -397,11 +466,11 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
</table>
<sup>\[1\]</sup> Applies only to Home, Pro, Enterprise and Enterprise LTSB
<sup>\[1\]</sup> Applies only to Home, Pro, Enterprise, and Enterprise LTSB
<sup>\[2\]</sup> Applies only to Pro, Enterprise, Enterprise LTSB and Mobile
<sup>\[2\]</sup> Applies only to Pro, Enterprise, Enterprise LTSB, and Mobile
<sup>\[3\]</sup> Applies only to Pro, Enterprise and Enterprise LTSB
<sup>\[3\]</sup> Applies only to Pro, Enterprise, and Enterprise LTSB
##### Windows 10 November 2015 Update (Version 1511)
@ -491,13 +560,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
</table>
<sup>\[4\]</sup> Applies only to Home, Pro, Enterprise, Mobile and Surface Hub
<sup>\[4\]</sup> Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
<sup>\[5\]</sup> Applies only to Home, Pro, Enterprise, Mobile and Surface Hub
<sup>\[5\]</sup> Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
<sup>\[6\]</sup> Applies only to Home, Pro and Enterprise
<sup>\[6\]</sup> Applies only to Home, Pro, and Enterprise
<sup>\[7\]</sup> Applies only to Pro, Enterprise, Mobile and Surface Hub
<sup>\[7\]</sup> Applies only to Pro, Enterprise, Mobile, and Surface Hub
<sup>\[8\]</sup> Applies only to Enterprise and Enterprise LTSB
@ -700,7 +769,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
<td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1892">#1892</a></td>
<td><em>FIPS Approved algorithms:</em> AES (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197">#2197</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216">#2216</a>); DRBG (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258">#258</a>); DSA (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#687">#687</a>); ECDSA (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341">#341</a>); HMAC (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345">#1345</a>); KAS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36">#36</a>); KBKDF (Cert. <a href="http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3">#3</a>); PBKDF (vendor affirmed); RSA (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133">#1133</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134">#1134</a>); SHS (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903">#1903</a>); Triple-DES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387">#1387</a>)<br />
<br />
<em>Other algorithms:</em> AES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197">#2197</a>, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert. ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )<br />
<em>Other algorithms:</em> AES (Cert. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197">#2197</a>, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)<br />
<br />
</td>
</tr>
@ -1336,6 +1405,76 @@ Validated Editions: Ultimate Edition
## Modules used by Windows Server
##### Windows Server 2019 (Version 1809)
Validated Editions: Standard, Datacenter
<table>
<colgroup>
<col style="width: 25%" />
<col style="width: 25%" />
<col style="width: 25%" />
<col style="width: 25%" />
</colgroup>
<tbody>
<tr class="odd">
<td><b>Cryptographic Module</b></td>
<td><b>Version (link to Security Policy)</b></td>
<td><b>FIPS Certificate #</b></td>
<td><b>Algorithms</b></td>
</tr>
<tr class="even">
<td>Cryptographic Primitives Library</td>
<td><a href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197">#3197</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="odd">
<td>Kernel Mode Cryptographic Primitives Library</td>
<td><a href="https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196">#3196</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="even">
<td>Code Integrity</td>
<td><a href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3644.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3644">#3644</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="odd">
<td>Windows OS Loader</td>
<td><a href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3615.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3615">#3615</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="even">
<td>Secure Kernel Code Integrity</td>
<td><a href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3651.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3651">#3651</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="odd">
<td>BitLocker Dump Filter</td>
<td><a href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092">#3092</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="even">
<td>Boot Manager</td>
<td><a href="https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089">#3089</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
<tr class="odd">
<td>Virtual TPM</td>
<td><a href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3690.pdf">10.0.17763</a></td>
<td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3690">#3690</a></td>
<td>See Security Policy and Certificate page for algorithm information</td>
</tr>
</tbody>
</table>
##### Windows Server (Version 1803)
Validated Editions: Standard, Datacenter
@ -2165,7 +2304,7 @@ The following tables are organized by cryptographic algorithms with their modes,
<li>Key Lengths: 128, 192, 256 (bits)</li>
</ul></li>
</ul></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4903">#4903</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4903">#4903</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -2484,7 +2623,7 @@ The following tables are organized by cryptographic algorithms with their modes,
</ul></li>
</ul></li>
</ul></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897">#4897</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897">#4897</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -2520,7 +2659,7 @@ The following tables are organized by cryptographic algorithms with their modes,
<li>Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)</li>
</ul>
<p>AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897">Val#4897</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4898">#4898</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4898">#4898</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -2559,7 +2698,7 @@ The following tables are organized by cryptographic algorithms with their modes,
<li>AAD Length: 0-65536</li>
</ul>
<p>AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897">Val#4897</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4894">#4894</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4894">#4894</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -2630,7 +2769,7 @@ The following tables are organized by cryptographic algorithms with their modes,
<p><b>CFB128</b> (e/d; 128, 192, 256);</p>
<p><b>OFB</b> (e/d; 128, 192, 256);</p>
<p><b>CTR</b> (int only; 128, 192, 256)</p></td>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4074">#4074</a></p>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4074">#4074</a></p>
<p>Version 10.0.14393</p></td>
</tr>
<tr class="even">
@ -2759,7 +2898,7 @@ GMAC_Supported</b></p></td>
<tr class="odd">
<td><p><b>CCM (KS: 128, 192, 256</b>) <b>(Assoc. Data Len Range</b>: 0-0, 2^16) <b>(Payload Length Range</b>: 0 - 32 (<b>Nonce Length(s)</b>: 7 8 9 10 11 12 13 <b>(Tag Length(s)</b>: 4 6 8 10 12 14 16)<br />
AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197">Val#2197</a></p>
<p><b>CMAC</b> (Generation/Verification ) <b>(KS: 128;</b> Block Size(s): ; <b>Msg Len(s)</b> Min: 0 Max: 2^16 ; <b>Tag Len(s)</b> Min: 16 Max: 16 ) <b>(KS: 192</b>; Block Size(s): ; <b>Msg Len(s)</b> Min: 0 Max: 2^16 ; <b>Tag Len(s)</b> Min: 16 Max: 16 ) <b>(KS: 256</b>; Block Size(s): ; <b>Msg Len(s)</b> Min: 0 Max: 2^16 ; <b>Tag Len(s)</b> Min: 16 Max: 16 )<br />
<p><b>CMAC</b> (Generation/Verification) <b>(KS: 128;</b> Block Size(s); <b>Msg Len(s)</b> Min: 0 Max: 2^16; <b>Tag Len(s)</b> Min: 16 Max: 16) <b>(KS: 192</b>; Block Size(s); <b>Msg Len(s)</b> Min: 0 Max: 2^16; <b>Tag Len(s)</b> Min: 16 Max: 16) <b>(KS: 256</b>; Block Size(s); <b>Msg Len(s)</b> Min: 0 Max: 2^16; <b>Tag Len(s)</b> Min: 16 Max: 16)<br />
AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197">Val#2197</a></p>
<p><b>GCM(KS: AES_128</b>(e/d) Tag Length(s): 128 120 112 104 96) <b>(KS: AES_192</b>(e/d) Tag Length(s): 128 120 112 104 96)<br />
<b>(KS: AES_256</b>(e/d) Tag Length(s): 128 120 112 104 96)<br />
@ -2891,7 +3030,7 @@ Deterministic Random Bit Generator (DRBG)
</ul></li>
</ul>
<p>Prerequisite: AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4903">#4903</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733">#1733</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733">#1733</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -2930,7 +3069,7 @@ Deterministic Random Bit Generator (DRBG)
</ul></li>
</ul>
<p>Prerequisite: AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897">#4897</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730">#1730</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730">#1730</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -2965,7 +3104,7 @@ Deterministic Random Bit Generator (DRBG)
</tr>
<tr class="odd">
<td><b>CTR_DRBG:</b>[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4074">Val#4074</a>)]</td>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222">#1222</a></p>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222">#1222</a></p>
<p>Version 10.0.14393</p></td>
</tr>
<tr class="even">
@ -3133,7 +3272,7 @@ Deterministic Random Bit Generator (DRBG)
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a>, DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730">#1730</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1301">#1301</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1301">#1301</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -3445,7 +3584,7 @@ SHS: SHA-1 (BYTE)</p></td>
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a>, DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733">#1733</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1252">#1252</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1252">#1252</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -3615,7 +3754,7 @@ SHS: SHA-1 (BYTE)</p></td>
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a>, DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730">#1730</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1247">#1247</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1247">#1247</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -3649,7 +3788,7 @@ SHS: SHA-1 (BYTE)</p></td>
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a>, DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730">#1730</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1246">#1246</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1246">#1246</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -3712,7 +3851,7 @@ PKG: CURVES</b>( P-256 P-384 TestingCandidates )<br />
<b>SigVer: CURVES</b>(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384))</p>
<p>SHS: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a><br />
DRBG: <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222">Val# 1222</a></p></td>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#920">#920</a></p>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#920">#920</a></p>
<p>Version 10.0.14393</p></td>
</tr>
<tr class="odd">
@ -3886,7 +4025,7 @@ Some of the previously validated components for this validation have been remove
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3270">#3270</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3270">#3270</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -3979,7 +4118,7 @@ Some of the previously validated components for this validation have been remove
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3267">#3267</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3267">#3267</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -4036,7 +4175,7 @@ SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-p
SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p>
<p><b>HMAC-SHA384</b> (Key Size Ranges Tested:  KSBS)<br />
SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p></td>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2661">#2661</a></p>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2661">#2661</a></p>
<p>Version 10.0.14393</p></td>
</tr>
<tr class="even">
@ -4325,7 +4464,7 @@ SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-p
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a>, ECDSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1252">#1252</a>, DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733">#1733</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#149">#149</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#149">#149</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -4778,7 +4917,7 @@ SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-p
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a>, DSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1301">#1301</a>, DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730">#1730</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#146">#146</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#146">#146</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -4841,7 +4980,7 @@ DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-
<td><p><b>ECC:</b>  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration)<br />
<b>SCHEMES  [FullUnified  (No_KC</b>  &amp;lt; KARole(s): Initiator / Responder &amp;gt; &amp;lt; KDF: CONCAT &amp;gt;) (<b>EC:</b>  P-256   SHA256   HMAC) (<b>ED:</b>  P-384   SHA384   HMAC)]</p>
<p>SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a> ECDSA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#920">Val#920</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222">Val#1222</a></p></td>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#93">#93</a></p>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#93">#93</a></p>
<p>Version 10.0.14393</p></td>
</tr>
<tr class="even">
@ -4960,7 +5099,7 @@ SP 800-108 Key-Based Key Derivation Functions (KBKDF)
</ul>
</div>
<p>K prerequisite: DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733">#1733</a>, KAS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#149">#149</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#160">#160</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#160">#160</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -5017,7 +5156,7 @@ SP 800-108 Key-Based Key Derivation Functions (KBKDF)
</ul>
</div>
<p>K prerequisite: KAS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#146">#146</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#157">#157</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#157">#157</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -5042,7 +5181,7 @@ MAC <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-p
<tr class="odd">
<td><p><b>CTR_Mode:</b>  (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))</p>
<p>KAS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#93">Val#93</a> DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222">Val#1222</a> MAC <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2661">Val#2661</a></p></td>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#102">#102</a></p>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#102">#102</a></p>
<p>Version 10.0.14393</p></td>
</tr>
<tr class="even">
@ -5228,7 +5367,7 @@ Random Number Generator (RNG)
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a>, DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733">#1733</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2676">#2676</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2676">#2676</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -5263,7 +5402,7 @@ Random Number Generator (RNG)
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a>, DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730">#1730</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2674">#2674</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2674">#2674</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -5637,7 +5776,7 @@ Random Number Generator (RNG)
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a>, DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730">#1730</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2668">#2668</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2668">#2668</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -5707,7 +5846,7 @@ Random Number Generator (RNG)
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a>, DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730">#1730</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2667">#2667</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2667">#2667</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -5817,7 +5956,7 @@ SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))<br />
<b>[RSASSA-PSS]:</b> Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.<br />
Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))</p>
<p>SHA <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347">Val# 3347</a></p></td>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2206">#2206</a></p>
<td><p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2206">#2206</a></p>
<p>Version 10.0.14393</p></td>
</tr>
<tr class="even">
@ -6209,7 +6348,7 @@ Some of the previously validated components for this validation have been remove
<li>Supports Empty Message</li>
</ul></li>
</ul></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -6495,7 +6634,7 @@ Version 6.3.9600</td>
<li>Keying Option: 1</li>
</ul></li>
</ul></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2556">#2556</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2556">#2556</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -6707,7 +6846,7 @@ Version 6.3.9600</td>
<li>Padding Algorithms: PKCS 1.5</li>
</ul></li>
</ul></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1518">#1518</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1518">#1518</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -6988,7 +7127,7 @@ Version 6.3.9600</td>
</ul></li>
</ul>
<p>Prerequisite: DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730">#1730</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1503">#1503</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1503">#1503</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -6998,7 +7137,7 @@ Version 6.3.9600</td>
<li>Modulus Size: 2048 (bits)</li>
</ul></li>
</ul></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1502">#1502</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1502">#1502</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -7009,7 +7148,7 @@ Version 6.3.9600</td>
<li>Padding Algorithms: PKCS 1.5</li>
</ul></li>
</ul></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1501">#1501</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1501">#1501</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -7022,7 +7161,7 @@ Version 6.3.9600</td>
</ul></li>
</ul>
<p>Prerequisite: DRBG <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730">#1730</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1499">#1499</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1499">#1499</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -7032,7 +7171,7 @@ Version 6.3.9600</td>
<li>Modulus Size: 2048 (bits)</li>
</ul></li>
</ul></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1498">#1498</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1498">#1498</a></p>
<p>Version 10.0.16299</p>
<p> </p></td>
</tr>
@ -7044,7 +7183,7 @@ Version 6.3.9600</td>
<li>Padding Algorithms: PKCS 1.5</li>
</ul></li>
</ul></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1497">#1497</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1497">#1497</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="odd">
@ -7110,7 +7249,7 @@ Version 6.3.9600</td>
</ul></li>
</ul>
<p>Prerequisite: SHS <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009">#4009</a>, HMAC <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3267">#3267</a></p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1496">#1496</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1496">#1496</a></p>
<p>Version 10.0.16299</p></td>
</tr>
<tr class="even">
@ -7123,7 +7262,7 @@ Version 10.0. 15063</p>
Version 10.0. 15063</p>
<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#922">#922</a><br />
Version 10.0.14393</p>
<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#894">#894</a><br />
<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#894">#894</a><br />
Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#666">#666</a><br />
Version 10.0.10586</p>
<p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#288">#288</a><br />
@ -7139,7 +7278,7 @@ Version 10.0.15063</p>
Version 10.0.15063</p>
<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1280">#1280</a><br />
Version 10.0.15063</p>
<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#893">#893</a><br />
<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#893">#893</a><br />
Version 10.0.14393</p>
<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#888">#888</a><br />
Version 10.0.14393</p>
@ -7158,7 +7297,7 @@ Version 6.3.9600</p></td>
Version 10.0.15063</p>
<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1281">#1281</a><br />
Version 10.0.15063</p>
<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#895">#895</a><br />
<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#895">#895</a><br />
Version 10.0.14393</p>
<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#887">#887</a><br />
Version 10.0.14393</p>
@ -7170,7 +7309,7 @@ Version  10.0.10240</p></td>
<tr class="odd">
<td><p>SP800-135</p>
<p>Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS</p></td>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1496">#1496</a></p>
<td><p>Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1496">#1496</a></p>
<p>Version 10.0.16299</p>
<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1278">#1278</a><br />
Version 10.0.15063</p>
@ -7184,7 +7323,7 @@ Version 10.0.14393</p>
Version 10.0.10586</p>
<p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#575">#575</a><br />
Version  10.0.10240</p>
<p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#323">#323</a><br />
<p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#323">#323</a><br />
Version 6.3.9600</p></td>
</tr>
</tbody>

2
windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
View File

@ -59,7 +59,7 @@ The following image shows an example of an alert that was triggered by behaviora
- **[Feedback-loop blocking](feedback-loop-blocking.md)** (also referred to as rapid protection) Threat detections are observed through behavioral intelligence. Threats are stopped and prevented from running on other endpoints. (Feedback-loop blocking is enabled by default.)
- **[Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md)** Malicious artifacts or behaviors that are observed through post-breach protection are blocked and contained. EDR in block mode works even if Microsoft Defender Antivirus is not the primary antivirus solution. (EDR in block mode, currently in preview, is not enabled by default; you turn it on in the Microsoft Defender Security Center.)
- **[Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md)** Malicious artifacts or behaviors that are observed through post-breach protection are blocked and contained. EDR in block mode works even if Microsoft Defender Antivirus is not the primary antivirus solution. (EDR in block mode is not enabled by default; you turn it on in the Microsoft Defender Security Center.)
Expect more to come in the area of behavioral blocking and containment, as Microsoft continues to improve threat protection features and capabilities. To see what's planned and rolling out now, visit the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap).

2
windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
View File

@ -41,6 +41,8 @@ The deployment guide will guide you through the recommended path in deploying Mi
If you're unfamiliar with the general deployment planning steps, check out the [Plan deployment](deployment-strategy.md) topic to get a high-level overview of the general deployment steps and methods.
## In Scope
The following is in scope for this deployment guide:

121
windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md Normal file
View File

@ -0,0 +1,121 @@
---
title: Deploy Microsoft Defender ATP in rings
description: Learn how to deploy Microsoft Defender ATP in rings
keywords: deploy, rings, evaluate, pilot, insider fast, insider slow, setup, onboard, phase, deployment, deploying, adoption, configuring
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection:
- M365-security-compliance
- m365solution-endpointprotect
- m365solution-overview
ms.topic: article
---
# Deploy Microsoft Defender ATP in rings
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Deploying Microsoft Defender ATP can be done using a ring-based deployment approach.
The deployment rings can be applied in the following scenarios:
- [New deployments](#new-deployments)
- [Existing deployments](#existing-deployments)
## New deployments
![Image of deployment rings](images/deployment-rings.png)
A ring-based approach is a method of identifying a set of endpoints to onboard and verifying that certain criteria is met before proceeding to deploy the service to a larger set of devices. You can define the exit criteria for each ring and ensure that they are satisfied before moving on to the next ring.
Adopting a ring-based deployment helps reduce potential issues that could arise while rolling out the service. By piloting a certain number of devices first, you can identify potential issues and mitigate potential risks that might arise.
Table 1 provides an example of the deployment rings you might use.
**Table 1**
|**Deployment ring**|**Description**|
|:-----|:-----|
Evaluate | Ring 1: Identify 50 systems for pilot testing
Pilot | Ring 2: Identify the next 50-100 endpoints in production environment <br>
Full deployment | Ring 3: Roll out service to the rest of environment in larger increments
### Exit criteria
An example set of exit criteria for these rings can include:
- Devices show up in the device inventory list
- Alerts appear in dashboard
- [Run a detection test](run-detection-test.md)
- [Run a simulated attack on a device](attack-simulations.md)
### Evaluate
Identify a small number of test machines in your environment to onboard to the service. Ideally, these machines would be fewer than 50 endpoints.
### Pilot
Microsoft Defender ATP supports a variety of endpoints that you can onboard to the service. In this ring, identify several devices to onboard and based on the exit criteria you define, decide to proceed to the next deployment ring.
The following table shows the supported endpoints and the corresponding tool you can use to onboard devices to the service.
| Endpoint | Deployment tool |
|--------------|------------------------------------------|
| **Windows** | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> NOTE: If you want to deploy more than 10 devices in a production environment, use the Group Policy method instead or the other supported tools listed below.<br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) |
| **macOS** | [Local script](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md) |
| **Linux Server** | [Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md)|
| **iOS** | [App-based](ios-install.md) |
| **Android** | [Microsoft Endpoint Manager](android-intune.md) |
### Full deployment
At this stage, you can use the [Plan deployment](deployment-strategy.md) material to help you plan your deployment.
Use the following material to select the appropriate Microsoft Defender ATP architecture that best suites your organization.
|**Item**|**Description**|
|:-----|:-----|
|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)<br/> [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf) \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: <ul><li> Cloud-native </li><li> Co-management </li><li> On-premise</li><li>Evaluation and local onboarding</li>
## Existing deployments
### Windows endpoints
For Windows and/or Windows Servers, you select several machines to test ahead of time (before patch Tuesday) by using the **Security Update Validation program (SUVP)**.
For more information, see:
- [What is the Security Update Validation Program](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-is-the-security-update-validation-program/ba-p/275767)
- [Software Update Validation Program and Microsoft Malware Protection Center Establishment - TwC Interactive Timeline Part 4](https://www.microsoft.com/security/blog/2012/03/28/software-update-validation-program-and-microsoft-malware-protection-center-establishment-twc-interactive-timeline-part-4/)
### Non-Windows endpoints
With macOS and Linux, you could take a couple of systems and run in the "InsidersFast" channel.
>[!NOTE]
>Ideally at least one security admin and one developer so that you are able to find compatibility, performance and reliability issues before the build makes it into the "Production" channel.
The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in insiders-fast are the first ones to receive updates and new features, followed later by insiders-slow and lastly by prod.
![Image of insider rings](images/insider-rings.png)
In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either insiders-fast or insiders-slow.
>[!WARNING]
>Switching the channel after the initial installation requires the product to be reinstalled. To switch the product channel: uninstall the existing package, re-configure your device to use the new channel, and follow the steps in this document to install the package from the new location.

8
windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
View File

@ -39,7 +39,7 @@ EDR in block mode is also integrated with [threat & vulnerability management](ht
:::image type="content" source="images/edrblockmode-TVMrecommendation.png" alt-text="recommendation to turn on EDR in block mode":::
> [!NOTE]
> EDR in block mode is currently in preview, available to organizations who have opted in to receive **[preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview)**. To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
> To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
## What happens when something is detected?
@ -70,10 +70,10 @@ The following image shows an instance of unwanted software that was detected and
|---------|---------|
|Permissions |Global Administrator or Security Administrator role assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal). See [Basic permissions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/basic-permissions). |
|Operating system |One of the following versions: <br/>- Windows 10 (all releases) <br/>- Windows Server 2016 or later |
|Windows E5 enrollment |Windows E5 is included in the following subscriptions: <br/>- Microsoft 365 E5 <br/>- Microsoft 365 E3 together with the Identity & Threat Protection offering <br/><br/>See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide#components) and [features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). |
|Windows E5 enrollment |Windows E5 is included in the following subscriptions: <br/>- Microsoft 365 E5 <br/>- Microsoft 365 E3 together with the Identity & Threat Protection offering <br/><br/>See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide&preserve-view=true#components) and [features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans). |
|Cloud-delivered protection |Make sure Microsoft Defender Antivirus is configured such that cloud-delivered protection is enabled. <br/><br/>See [Enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus). |
|Microsoft Defender Antivirus antimalware client |Make sure your client is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator. <br/>In the **AMProductVersion** line, you should see **4.18.2001.10** or above. |
|Microsoft Defender Antivirus engine |Make sure your engine is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator. <br/> In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. |
|Microsoft Defender Antivirus antimalware client |Make sure your client is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) cmdlet as an administrator. <br/>In the **AMProductVersion** line, you should see **4.18.2001.10** or above. |
|Microsoft Defender Antivirus engine |Make sure your engine is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) cmdlet as an administrator. <br/> In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. |
> [!IMPORTANT]
> To get the best protection value, make sure your antivirus solution is configured to receive regular updates and essential features, and that your exclusions are defined.

2
windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
View File

@ -100,7 +100,7 @@ Use the following procedure to enable network protection on domain-joined comput
4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following options:
* **Block** - Users can't access malicious IP addresses and domains
* **Disable (Default)** - The Network protection feature won't work. Users won't be blocked from accessing malicious domains
* **Audit Mode** - If a user visits a malicious IP address or domain, an event won't be recorded in the Windows event log. However, the user won't be blocked from visiting the address.
* **Audit Mode** - If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log. However, the user won't be blocked from visiting the address.
> [!IMPORTANT]
> To fully enable network protection, you must set the Group Policy option to **Enabled** and also select **Block** in the options drop-down menu.

3
windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
View File

@ -66,8 +66,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and machines were found - 200 OK with list of the machines in the response body.
If no machine found - 404 Not Found.
If successful - 200 OK with list of the machines in the response body.
If the timestamp is not in the past 30 days - 400 Bad Request.
## Example

BIN
windows/security/threat-protection/microsoft-defender-atp/images/deployment-rings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/insider-rings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

4
windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
View File

@ -43,6 +43,10 @@ ms.topic: conceptual
> 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
> 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
## 101.10.72
- Bug fixes
## 101.09.61
- Added a new managed preference for [disabling the option to send feedback](mac-preferences.md#show--hide-option-to-send-feedback)

2
windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
View File

@ -110,7 +110,7 @@ The package contains the following folders:
| System Information| Contains a SystemInformation.txt file which lists system information such as OS version and network cards. |
| Temp Directories| Contains a set of text files that lists the files located in %Temp% for every user in the system. </br></br> This can help to track suspicious files that an attacker may have dropped on the system. </br></br> <div class="alert"><b>NOTE:</b> If the file contains the following message: “The system cannot find the path specified”, it means that there is no temp directory for this user, and might be because the user didnt log in to the system.</div> |
| Users and Groups| Provides a list of files that each represent a group and its members. |
|WdSupportLogs| Provides the MpCmdRunLog.txt and MPSupportFiles.cab |
|WdSupportLogs| Provides the MpCmdRunLog.txt and MPSupportFiles.cab </br></br> <div class="alert"><b>NOTE:</b> This folder will only be created on Windows 10, version 1709 or later with February 2020 update rollup or more recent installed:</br> Win10 1709 (RS3) Build 16299.1717 : [KB4537816](https://support.microsoft.com/en-us/help/4537816/windows-10-update-kb4537816) </br> Win10 1803 (RS4) Build 17134.1345 : [KB4537795](https://support.microsoft.com/en-us/help/4537795/windows-10-update-kb4537795) </br> Win10 1809 (RS5) Build 17763.1075 : [KB4537818](https://support.microsoft.com/en-us/help/4537818/windows-10-update-kb4537818) </br> Win10 1903/1909 (19h1/19h2) Builds 18362.693 and 18363.693 : [KB4535996](https://support.microsoft.com/en-us/help/4535996/windows-10-update-kb4535996) </div> |
| CollectionSummaryReport.xls| This file is a summary of the investigation package collection, it contains the list of data points, the command used to extract the data, the execution status, and the error code in case of failure. You can use this report to track if the package includes all the expected data and identify if there were any errors. |
## Run Microsoft Defender Antivirus scan on devices

1
windows/security/threat-protection/security-compliance-toolkit-10.md
View File

@ -27,6 +27,7 @@ The SCT enables administrators to effectively manage their enterprises Group
The Security Compliance Toolkit consists of:
- Windows 10 security baselines
- Windows 10 Version 20H2 (October 2020 Update)
- Windows 10 Version 2004 (May 2020 Update)
- Windows 10 Version 1909 (November 2019 Update)
- Windows 10 Version 1903 (May 2019 Update)