From b78da12d5bda949f1ac347a809b1af9aee02782b Mon Sep 17 00:00:00 2001 From: Jan Pilar Date: Tue, 5 Sep 2017 13:30:18 +0200 Subject: [PATCH 1/8] Update minimum-requirements-windows-defender-advanced-threat-protection.md Secure Productive Enterprise no longer exists and has been replaced (renamed) with Microsoft 365 (M365) subscription. Jan --- ...-requirements-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index 897439c53a..e4bb4d521d 100644 --- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -35,7 +35,7 @@ Windows Defender Advanced Threat Protection requires one of the following Micros - Windows 10 Enterprise E5 - Windows 10 Education E5 -- Secure Productive Enterprise E5 (SPE E5) which includes Windows 10 Enterprise E5 +- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5 For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). From fc552120f62af40320c1c8c9bee232f5eb508cc6 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Mon, 11 Sep 2017 20:51:59 +0000 Subject: [PATCH 2/8] Merged PR 3126: System/LimitEnhancedDiagnosticDataWindowsAnalytics in Policy CSP --- ...ew-in-windows-mdm-enrollment-management.md | 26 +++++++++++ .../policy-configuration-service-provider.md | 3 ++ .../mdm/policy-csp-system.md | 45 +++++++++++++++++++ 3 files changed, 74 insertions(+) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 8d2e232161..f1d59d391c 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1044,6 +1044,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • Education/PreventAddingNewPrinters
  • Education/PrinterNames
  • Security/ClearTPMIfNotReady
    • +
  • System/LimitEnhancedDiagnosticDataWindowsAnalytics
  • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
  • Update/DisableDualScan
  • Update/ScheduledInstallEveryWeek
    • @@ -1335,6 +1336,31 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware ## Change history in MDM documentation +### September 2017 + + ++++ + + + + + + + + + + + +
    New or updated topicDescription
    [Policy CSP](policy-configuration-service-provider.md)

    Added the following new policies for Windows 10, version 1709:

    +
      +
    • Search/AllowCloudSearch
      • +
    • System/LimitEnhancedDiagnosticDataWindowsAnalytics
      • +
    +
    + ### August 2017 diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index a36b8b8b5f..de942d3846 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2646,6 +2646,9 @@ The following diagram shows the Policy configuration service provider in tree fo
    System/DisableSystemRestore
    +
    + System/LimitEnhancedDiagnosticDataWindowsAnalytics +
    System/TelemetryProxy
    diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 53b9ec2f30..d077ea3454 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -554,6 +554,51 @@ ADMX Info: +**System/LimitEnhancedDiagnosticDataWindowsAnalytics** + + +
    + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark3check mark3check mark3check mark3check mark3check mark3
    + + + +

    This policy setting, in combination with the System/AllowTelemetry + policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. + +

    To enable this behavior you must complete two steps: +

    + +

    When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594). + +

    Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. + +

    If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. + + + + + **System/TelemetryProxy** From 035a28b92794ca2b16ae02ea653885f5af0f27cd Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 11 Sep 2017 14:04:32 -0700 Subject: [PATCH 3/8] add compliance --- ...e-privacy-windows-defender-advanced-threat-protection.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md index b10e923513..bbc29cc9fb 100644 --- a/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -73,5 +73,9 @@ Your data will be kept for a period of at least 90 days, during which it will be ## Can Microsoft help us maintain regulatory compliance? -Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Windows Defender ATP services against their own legal and regulatory requirements. Windows Defender ATP has a roadmap for obtaining national, regional and industry-specific certifications, starting with ISO 27001. The service is designed, implemented, and maintained according to the compliance and privacy principles of ISO 27001, as well as Microsoft’s compliance standards. +Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Windows Defender ATP services against their own legal and regulatory requirements. Windows Defender ATP is ISO 27001 certified and has a roadmap for obtaining national, regional and industry-specific certifications. + + By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run, including this new Microsoft cloud service. + +For more information on the Windows Defender ATP ISO certification reports, see [Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/compliance/iso-iec-27001). From 45eedd17ffc82e28708251cbc4955f7126715a46 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 11 Sep 2017 14:18:42 -0700 Subject: [PATCH 4/8] edit to add newer version of powerbi --- ...bi-reports-windows-defender-advanced-threat-protection.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md index 1419c95077..4fe1246001 100644 --- a/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md @@ -78,9 +78,12 @@ You can create a custom dashboard in Power BI Desktop to create visualizations t 7. Click **File** > **Options and settings** > **Custom data connectors**. 8. Select **New table and matrix visuals** and **Custom data connectors** and click **OK**. + + >[NOTE] + >If you're using Power BI Desktop July 2017 version (or later), you won't need to select **New table and matrix visuals**. You'll only need to select **Custom data connectors**. ![Power BI options page](images/atp-powerbi-options.png) - + 9. Restart Power BI Desktop. ## Customize the Windows Defender ATP Power BI dashboard From b5e96b7e61c4a93a40a33b17ccdc6359ce00cfd5 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 11 Sep 2017 14:23:35 -0700 Subject: [PATCH 5/8] minor update --- ...orage-privacy-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md index bbc29cc9fb..c482403b20 100644 --- a/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -76,6 +76,6 @@ Your data will be kept for a period of at least 90 days, during which it will be Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Windows Defender ATP services against their own legal and regulatory requirements. Windows Defender ATP is ISO 27001 certified and has a roadmap for obtaining national, regional and industry-specific certifications. -By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run, including this new Microsoft cloud service. +By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run. For more information on the Windows Defender ATP ISO certification reports, see [Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/compliance/iso-iec-27001). From ecc252ddbb63bc8439c693b9e399c330136a7695 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 11 Sep 2017 14:57:24 -0700 Subject: [PATCH 6/8] minor update --- ...werbi-reports-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md index 4fe1246001..afcd9030c3 100644 --- a/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md @@ -80,7 +80,7 @@ You can create a custom dashboard in Power BI Desktop to create visualizations t 8. Select **New table and matrix visuals** and **Custom data connectors** and click **OK**. >[NOTE] - >If you're using Power BI Desktop July 2017 version (or later), you won't need to select **New table and matrix visuals**. You'll only need to select **Custom data connectors**. + >If you are using Power BI Desktop July 2017 version (or later), you won't need to select **New table and matrix visuals**. You'll only need to select **Custom data connectors**. ![Power BI options page](images/atp-powerbi-options.png) From 1cc9476a718de7b4295efa37673c86fc2479da14 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Mon, 11 Sep 2017 22:24:27 +0000 Subject: [PATCH 7/8] Merged PR 3134: Added link to Defender/AttachSurfaceReductionRules policy in Policy CSP --- windows/client-management/mdm/policy-csp-defender.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 81e87eb957..3f35e2d4eb 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -572,7 +572,7 @@ ms.date: 08/30/2017

    Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe".. -Value type is string. +

    Value type is string. @@ -609,7 +609,9 @@ Value type is string.

    Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule. -Value type is string. +

    For more information about ASR rule ID and status ID, see [Enable Attack Surface Reduction](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction). + +

    Value type is string. From 101c1cd5874c931ea588db4b400d404a8553c10b Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 12 Sep 2017 07:29:22 -0700 Subject: [PATCH 8/8] add 1709 to change history for config & client mgt --- .../change-history-for-client-management.md | 5 +++++ .../configuration/change-history-for-configure-windows-10.md | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/windows/client-management/change-history-for-client-management.md b/windows/client-management/change-history-for-client-management.md index 457e51889a..cc7f5fb34a 100644 --- a/windows/client-management/change-history-for-client-management.md +++ b/windows/client-management/change-history-for-client-management.md @@ -16,6 +16,11 @@ ms.date: 06/13/2017 This topic lists new and updated topics in the [Client management](index.md) documentation for Windows 10 and Windows 10 Mobile. +## RELEASE: Windows 10, version 1709 + +The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update). + + ## July 2017 | New or changed topic | Description | diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 76c39cc45d..cee30eb876 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -14,6 +14,10 @@ author: jdeckerms This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile. +## RELEASE: Windows 10, version 1709 + +The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update). + ## August 2017 New or changed topic | Description