From 868de51409d91c084bbe4409da9ecb610c15e008 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 15 Mar 2019 17:24:09 -0700 Subject: [PATCH 1/9] update allow block list --- ...ows-defender-advanced-threat-protection.md | 1 - ...ows-defender-advanced-threat-protection.md | 61 +++++++++++++++++++ 2 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md index 938b358427..3e342505d6 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md @@ -15,7 +15,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 11/16/2018 --- # Configure advanced features in Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..bc6a86de66 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -0,0 +1,61 @@ +--- +title: Manage allowed/blocked lists +description: Create lists that control what items are blocked or allowed during an investigation. +keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Manage allowed/blocked lists + +**Applies to:** + + +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) + +Create a rule to define the response action to apply on entities. You can define the duration for when to apply the action as well as the scope of the machine group to apply it to. + + +## Create a rule +1. In the navigation pane, select **Settings** > **Allowed/blocked list**. + +2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities: + - File hash + - IP address + - URLs/Domains + - Certificate + +3. Click **Add indicator**. + +4. For each attribute specify the following details: + - Indicator - Specify the entity details and define the expiration of the indicator. + - Action - Specify the action to be taken and provide a description. + - Scope - Define the scope of the machine group. + +5. Review the details in the Summary tab, then click **Save**. + +## Manage a rule +1. In the navigation pane, select **Settings** > **Allowed/blocked list**. + +2. Select the tab of the entity type you'd like to manage. + +3. Update the details of the rule and click **Save** or click the **Delete** button if you'd like to remove the entity from the rule list. + + +## Related topics +- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) +- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) \ No newline at end of file From 5585ce86e03de1d955ee6a76384edeaf17e7b9e1 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 15 Mar 2019 17:33:27 -0700 Subject: [PATCH 2/9] update toc to add new allow block topic --- windows/security/threat-protection/TOC.md | 1 + .../windows-defender-atp/TOC.md | 1 + ...ows-defender-advanced-threat-protection.md | 23 +++++++++++++++++++ 3 files changed, 25 insertions(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 66995768bb..13216258b8 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -389,6 +389,7 @@ #####Rules ###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md) ###### [Manage automation allowed/blocked](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md) +###### [Manage allowed/blocked](windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md) ###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) ###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 5904aa5d30..9a492e82fb 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -376,6 +376,7 @@ ####Rules ##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md) ##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md) +##### [Manage allowed/blocked](manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md) ##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) ##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md index bc6a86de66..b9d04fab65 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -29,6 +29,25 @@ ms.topic: article Create a rule to define the response action to apply on entities. You can define the duration for when to apply the action as well as the scope of the machine group to apply it to. +It is where you can manage custom indicators for detection, prevention, and even exclusion. + + +Take advantage of the following conveniences: + + +- Unified
+ The same list is used for prevention (blocking), detection (alerts), and AutoIR. + + +- Flexible
+ Single entry, batch import, API or direct block from the file page, all the indicators sourcing options are now available. + + +- Visible
+ Now all the indicators are available in the portal. You can now search, filter, edit and export your lists in one place. + + + ## Create a rule 1. In the navigation pane, select **Settings** > **Allowed/blocked list**. @@ -55,6 +74,10 @@ Create a rule to define the response action to apply on entities. You can define 3. Update the details of the rule and click **Save** or click the **Delete** button if you'd like to remove the entity from the rule list. +## Import entities +You can also choose to upload a CSV file of the entity. + + ## Related topics - [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) From 8cb70f62d534b45487559c1e596611a292464582 Mon Sep 17 00:00:00 2001 From: Oren Levin Date: Tue, 19 Mar 2019 08:08:51 +0000 Subject: [PATCH 3/9] Updated manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md --- ...d-blocked-list-windows-defender-advanced-threat-protection.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md index b9d04fab65..c6dc3a58d3 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -56,7 +56,6 @@ Take advantage of the following conveniences: - File hash - IP address - URLs/Domains - - Certificate 3. Click **Add indicator**. From 9a814c75d05cc28a0b271d078fcd1e5d860648bd Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 22 Mar 2019 14:26:45 -0700 Subject: [PATCH 4/9] update allow block intro and add csv details --- ...ows-defender-advanced-threat-protection.md | 45 +++++++------------ 1 file changed, 17 insertions(+), 28 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md index c6dc3a58d3..58f5ee8b7e 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -20,39 +20,28 @@ ms.topic: article # Manage allowed/blocked lists **Applies to:** - - - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +[!include[Prerelease information](prerelease.md)] >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) -Create a rule to define the response action to apply on entities. You can define the duration for when to apply the action as well as the scope of the machine group to apply it to. - -It is where you can manage custom indicators for detection, prevention, and even exclusion. - - -Take advantage of the following conveniences: - - -- Unified
- The same list is used for prevention (blocking), detection (alerts), and AutoIR. - - -- Flexible
- Single entry, batch import, API or direct block from the file page, all the indicators sourcing options are now available. - - -- Visible
- Now all the indicators are available in the portal. You can now search, filter, edit and export your lists in one place. - +Create rules to define the detection, prevention, and exclusion of entities based on indicators. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to. +On the top navigation you can: +- Import a list +- Add an indicator rule +- Customize columns to add or remove columns +- Export the entire list in CSV format +- Select the items to show per page +- Navigate between pages +- Apply filters ## Create a rule 1. In the navigation pane, select **Settings** > **Allowed/blocked list**. -2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities: +2. Select the tab of the type of entity you'd like to create a rule for. You can choose any of the following entities: - File hash - IP address - URLs/Domains @@ -66,18 +55,18 @@ Take advantage of the following conveniences: 5. Review the details in the Summary tab, then click **Save**. -## Manage a rule +## Manage a rule 1. In the navigation pane, select **Settings** > **Allowed/blocked list**. 2. Select the tab of the entity type you'd like to manage. 3. Update the details of the rule and click **Save** or click the **Delete** button if you'd like to remove the entity from the rule list. -## Import entities -You can also choose to upload a CSV file of the entity. +## Import a rule list +You can also choose to upload a CSV file that defines the attributes of indicators, the action to be taken, and other details. + +Download the sample CSV to know the supported column attributes. + -## Related topics -- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) -- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) \ No newline at end of file From fb17b6a08a962ade1dde76b771151141ce3cc95f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 22 Mar 2019 15:00:46 -0700 Subject: [PATCH 5/9] change to indicators --- ...-windows-defender-advanced-threat-protection.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md index 58f5ee8b7e..282071403b 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -27,21 +27,21 @@ ms.topic: article >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) -Create rules to define the detection, prevention, and exclusion of entities based on indicators. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to. +Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to. On the top navigation you can: - Import a list -- Add an indicator rule +- Add an indicator - Customize columns to add or remove columns - Export the entire list in CSV format - Select the items to show per page - Navigate between pages - Apply filters -## Create a rule +## Create an indicator 1. In the navigation pane, select **Settings** > **Allowed/blocked list**. -2. Select the tab of the type of entity you'd like to create a rule for. You can choose any of the following entities: +2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities: - File hash - IP address - URLs/Domains @@ -55,14 +55,14 @@ On the top navigation you can: 5. Review the details in the Summary tab, then click **Save**. -## Manage a rule +## Manage indicators 1. In the navigation pane, select **Settings** > **Allowed/blocked list**. 2. Select the tab of the entity type you'd like to manage. -3. Update the details of the rule and click **Save** or click the **Delete** button if you'd like to remove the entity from the rule list. +3. Update the details of the indicator and click **Save** or click the **Delete** button if you'd like to remove the entity from the list. -## Import a rule list +## Import a list You can also choose to upload a CSV file that defines the attributes of indicators, the action to be taken, and other details. Download the sample CSV to know the supported column attributes. From 3604c891f6cb8bf8bd0d0bf4b1ee18f5d39da39e Mon Sep 17 00:00:00 2001 From: Eric Avena Date: Mon, 25 Mar 2019 22:34:23 +0000 Subject: [PATCH 6/9] Updated virus-initiative-criteria.md --- .../threat-protection/intelligence/virus-initiative-criteria.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md index 3856c87941..a889665a8c 100644 --- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md @@ -53,4 +53,4 @@ Your organization must meet the following eligibility requirements to qualify fo ### Apply now -If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry). +If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/en-us/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/en-us/wdsi/alliances/collaboration-inquiry). From bdbb4330e538157c817a922c0346dc1f4a0fb089 Mon Sep 17 00:00:00 2001 From: Eric Avena Date: Mon, 25 Mar 2019 22:36:39 +0000 Subject: [PATCH 7/9] Updated virus-information-alliance-criteria.md --- .../intelligence/virus-information-alliance-criteria.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md index b7d6bd79e6..85021d7f4e 100644 --- a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md @@ -49,4 +49,4 @@ To be eligible for VIA your organization must: 3. Be willing to sign and adhere to the VIA membership agreement. -If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry). \ No newline at end of file +If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/en-us/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/en-us/wdsi/alliances/collaboration-inquiry). \ No newline at end of file From ed8719c25b173ebb01193368985b81d183eb638d Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 25 Mar 2019 16:24:20 -0700 Subject: [PATCH 8/9] added feedback from readers --- .../create-wip-policy-using-intune-azure.md | 7 +++++-- .../recommended-network-definitions-for-wip.md | 13 ++++++++++--- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 6a27c63800..fc50cfc48c 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 03/15/2019 +ms.date: 03/25/2019 --- # Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune @@ -67,6 +67,9 @@ Before you can create a WIP policy using Intune, you need to configure an MDM or - [Recommended apps](#add-recommended-apps) - [Store apps](#add-store-apps) - [Desktop apps](#add-desktop-apps) + +>[!NOTE] +>An application might return access denied errors after removing it from the list of protected apps. Rather than remove it from the list, uninstall and reinstall the application or exempt it from WIP policy. ### Add recommended apps @@ -397,7 +400,7 @@ To define the network boundaries, click **App policy** > the name of your policy ![Microsoft Intune, Set where your apps can access enterprise data on your network](images/wip-azure-advanced-settings-network.png) -Select the type of network boundary to add from the **Boundary type** box. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the following options, and then click **OK**. +Select the type of network boundary to add from the **Boundary type** box. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the options covered in the following subsections, and then click **OK**. ### Cloud resources diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index 4af9ce947b..46b7344b5f 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/26/2019 +ms.date: 03/25/2019 --- # Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP) @@ -38,8 +38,15 @@ This table includes the recommended URLs to add to your Enterprise Cloud Resourc |Visual Studio Online |contoso.visualstudio.com | |Power BI |contoso.powerbi.com | ->[!NOTE] ->You can add other work-only apps to the Cloud Resource list, or you can create a packaged app rule for the .exe file to protect every file the app creates or modifies. Depending on how the app is accessed, you might want to add both. +You can add other work-only apps to the Cloud Resource list, or you can create a packaged app rule for the .exe file to protect every file the app creates or modifies. Depending on how the app is accessed, you might want to add both. + +For Office 365 endpoints, see [Office 365 URLs and IP address ranges](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges). +Office 365 endpoints are updated monthly. +Allow the domains listed in section number 46 Allow Required and add also add the apps. +Note that apps from officeapps.live.com can also store personal data. + +When multiple files are selected from SharePoint Online or OneDrive, the files are aggregated and the URL can change. In this case, add a entry for a second-level domain and use a wildcard such as .svc.ms. + ## Recommended Neutral Resources We recommended adding these URLs if you use the Neutral Resources network setting with Windows Information Protection (WIP). From 06dba4f29b12c178911f6ffc7fab924b9e63f5c8 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 25 Mar 2019 18:08:44 -0700 Subject: [PATCH 9/9] update description --- ...d-list-windows-defender-advanced-threat-protection.md | 9 +++++++-- ...nlevel-windows-defender-advanced-threat-protection.md | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md index 282071403b..5f648b914c 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Manage allowed/blocked lists -description: Create lists that control what items are blocked or allowed during an investigation. -keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious +description: Create indicators for a file hash, IP address, URLs or domains that define the detection, prevention, and exclusion of entities. +keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -68,5 +68,10 @@ You can also choose to upload a CSV file that defines the attributes of indicato Download the sample CSV to know the supported column attributes. +## Related topics +- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md) + + + diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index 0cb3ee7552..700436d636 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -66,7 +66,7 @@ Review the following details to verify minimum system requirements: - Install either [.NET framework 4.5](https://www.microsoft.com/en-us/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework) - >[NOTE] + >[!NOTE] >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. >Don't install .NET framework 4.0.x, since it will negate the above installation.